$notebook = '';
$all_accessible_notebooks = '';
if ($action == 'create') {
if (!isset($_REQUEST['user_id']) || !is_numeric($_REQUEST['user_id'])) {
util_redirectToAppPage('app_code/notebook.php?action=list', 'failure', util_lang('no_user_specified'));
}
// $notebook = new Notebook(['user_id' => $USER->user_id, 'name'=>util_lang('new_notebook_title').' '.util_currentDateTimeString(),'DB'=>$DB]);
$notebook = Notebook::createNewNotebookForUser($USER->user_id, $DB);
} elseif ($action == 'list') {
$all_accessible_notebooks = $USER->getAccessibleNotebooks($ACTIONS['view']);
// $listable_notebooks = $USER->getAccessibleNotebooks($ACTIONS['list']);
// exit;
if (count($all_accessible_notebooks) < 1) {
$notebook = new Notebook(['DB' => $DB]);
if (!$USER->canActOnTarget($ACTIONS['create'], $notebook)) {
util_redirectToAppHome('failure', util_lang('no_notebooks_found'));
}
} else {
$notebook = $all_accessible_notebooks[0];
}
} else {
// if ((! isset($_REQUEST['notebook_id'])) || (! is_numeric($_REQUEST['notebook_id']))) {
//// util_redirectToAppHome('failure',util_lang('no_notebook_specified'));
// util_redirectToAppPage('app_code/notebook.php?action=list','failure',util_lang('no_notebook_specified'));
// }
if ($_REQUEST['notebook_id'] == 'NEW') {
$notebook = Notebook::createNewNotebookForUser($USER->user_id, $DB);
} else {
$notebook = Notebook::getOneFromDb(['notebook_id' => $_REQUEST['notebook_id']], $DB);
if (!$notebook->matchesDb) {
// util_redirectToAppHome('failure',util_lang('no_notebook_found'));
function util_redirectToAppHomeWithPrejudice()
{
util_wipeSession();
util_redirectToAppHome();
}
}
$ap = Authoritative_Plant::createNewAuthoritativePlant($DB);
}
}
if ($action == 'create' || $action == 'update') {
if (!$ap) {
$action = 'list';
}
} elseif (!$ap || !$ap->matchesDb) {
$action = 'list';
}
# 3. confirm that the user is allowed to take that action on that object (if not, redirect them to the home page with an appropriate warning)
if ($action == 'list' && !$USER->canActOnTarget($ACTIONS[$action], $ap)) {
// util_prePrintR($USER);
// exit;
util_redirectToAppHome('failure', util_lang('no_permission'));
} elseif ($action != 'list' && !$USER->canActOnTarget($ACTIONS[$action], $ap)) {
if ($action == 'view') {
util_redirectToAppPage('app_code/authoritative_plant.php?action=list', 'failure', util_lang('no_permission'));
}
util_redirectToAppPage('app_code/authoritative_plant.php?action=view&authoritative_plant_id=' . $_REQUEST['authoritative_plant_id'], 'failure', util_lang('no_permission'));
}
if ($action != 'delete') {
require_once '../app_head.php';
}
# 4. branch behavior based on the action
# update - update the object with the data coming in, then show the object (w/ 'saved' message)
# verify/publish - set the appropriate flag (true or false, depending on data coming in), then show the object (w/ 'saved' message)
# *list* - not a standard action; show a list (tree) of all metadata to which the user has view access
# view - show the object
# create/edit - show a form with the object's current values ($action is 'update' on form submit)
// // SECTION: must be signed in to view pages; otherwise, redirect to index splash page
// if (!strpos(APP_FOLDER . "/index.php", $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])) {
// // TODO: add logging?
// util_redirectToAppHome('info', 'msg_do_sign_in');
// }
// }
} else {
// SECTION: authenticated
if ($_SESSION['fingerprint'] != $FINGERPRINT) {
// TODO: add logging?
util_redirectToAppHomeWithPrejudice();
}
if (isset($_REQUEST['submit_signout'])) {
// SECTION: wants to log out
util_wipeSession();
util_redirectToAppHome();
// NOTE: the above is the same as util_redirectToAppHomeWithPrejudice, but this code is easier to follow/read when the two parts are shown here
}
}
$IS_AUTHENTICATED = util_checkAuthentication();
if ($IS_AUTHENTICATED) {
// SECTION: is signed in
// now create user object
$USER = new User(['username' => $_SESSION['userdata']['username'], 'DB' => $DB]);
//echo "<pre>"; print_r($USER); echo "</pre>";
// now check if user data differs from session data, and if so, update the users db record (this might be a part of the User construct method)
$USER->refreshFromDb();
//echo "<pre>"; print_r($USER); echo "</pre>";
//print_r($_SESSION['userdata']);
$USER->updateDbFromAuth($_SESSION['userdata']);
//echo "<pre>"; print_r($USER); echo "</pre>";
