require_once "utils.php";
require_once "security.php";
require_once "page_blocks.php";
require_once "not_a_power_user.php";
require_once "no_access_to_project.php";
if (!IsPower()) {
die(GetNotAPowerUserPage());
}
StartAccessToDB();
if (array_key_exists("Id", $_GET)) {
$itemId = $_GET["Id"];
} else {
$itemId = "";
}
if (is_numeric($itemId)) {
$itemInfos = GetSubmittedItemInfos($_GET["Id"]);
if (is_string($itemInfos)) {
echo $itemInfos;
exit;
}
$unitInfos = GetUnitInfos($itemInfos["UnitId"]);
$originalItemId = $itemInfos["ItemId"];
} else {
echo "Error, the Id of the item MUST be indicated.";
exit;
}
$projectId = GetProjectIdForUnit($unitInfos["Id"]);
if (!LoggedUserHasAccessToProject($projectId)) {
die(GetNoAccessToProjectPage($projectId));
}
$tpl = new HTML_Template_IT("./");
if ($msg != "") {
$msg .= "<br>";
}
// delete the accepted item only if there were no errors
if ($msg == "") {
$msg .= DeleteSubmittedItem($_POST["item_id"]);
}
if ($msg == "") {
$msg = "Item accepted successfuly";
} else {
$msg = "Error while accepting item: " . $msg;
}
} elseif ($action == "reject") {
if (array_key_exists("items", $_POST) && is_array($_POST["items"])) {
foreach ($_POST["items"] as $item) {
$subItemInfos = GetSubmittedItemInfos($item);
$projectId = GetProjectIdForUnit($subItemInfos["UnitId"]);
if (!LoggedUserHasAccessToProject($projectId)) {
$projectInfos = GetProjectInfos($projectId);
$error = "You do not have access to project '" . $projectInfos["Name"] . "'";
} else {
$error = DeleteSubmittedItem($item);
}
if ($error != "") {
if ($msg != "") {
$msg .= "<br>";
}
$msg .= $error;
}
}
if ($msg == "") {