示例#1
0
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'remove') {
    check_authz_json('booking');
    $id = intval($_GET['id']);
    $db->query("DELETE FROM " . $ecs->table('booking_goods') . " WHERE rec_id='{$id}'");
    $url = 'goods_booking.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
    ecs_header("Location: {$url}\n");
    exit;
}
/*------------------------------------------------------ */
//-- 显示详情
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'detail') {
    $id = intval($_REQUEST['id']);
    $smarty->assign('send_fail', !empty($_REQUEST['send_ok']));
    $smarty->assign('booking', get_booking_info($id));
    $smarty->assign('ur_here', $_LANG['detail']);
    $smarty->assign('action_link', array('text' => $_LANG['06_undispose_booking'], 'href' => 'goods_booking.php?act=list_all'));
    $smarty->display('booking_info.htm');
}
/*------------------------------------------------------ */
//-- 处理提交数据
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'update') {
    /* 权限判断 */
    admin_priv('booking');
    $dispose_note = !empty($_POST['dispose_note']) ? trim($_POST['dispose_note']) : '';
    $sql = "UPDATE  " . $ecs->table('booking_goods') . " SET is_dispose='1', dispose_note='{$dispose_note}', " . "dispose_time='" . gmtime() . "', dispose_user='******'admin_name'] . "'" . " WHERE rec_id='{$_REQUEST['rec_id']}'";
    $db->query($sql);
    /* 邮件通知处理流程 */
    if (!empty($_POST['send_email_notice']) or isset($_POST['remail'])) {
示例#2
0
}
// If they're not an admin and multi-day bookings are not allowed, then
// set the end date to the start date
if (!$is_admin && $auth['only_admin_can_book_multiday']) {
    $end_day = $start_day;
    $end_month = $start_month;
    $end_year = $start_year;
}
// If this is an Ajax request and we're being asked to commit the booking, then
// we'll only have been supplied with parameters that need to be changed.  Fill in
// the rest from the existing boking information.
// Note: we assume that
// (1) this is not a series (we can't cope with them yet)
// (2) we always get passed start_seconds and end_seconds in the Ajax data
if ($ajax && $commit) {
    $old_booking = get_booking_info($id, FALSE);
    foreach ($formvars as $var => $var_type) {
        if (!isset(${$var}) || $var_type == 'array' && empty(${$var})) {
            switch ($var) {
                case 'rooms':
                    $rooms = array($old_booking['room_id']);
                    break;
                case 'original_room_id':
                    ${$var} = $old_booking['room_id'];
                    break;
                case 'private':
                    ${$var} = $old_booking['status'] & STATUS_PRIVATE;
                    break;
                case 'confirmed':
                    ${$var} = !($old_booking['status'] & STATUS_TENTATIVE);
                    break;
示例#3
0
// Check the user is authorised for this page
//checkAuthorised();
if (empty($returl)) {
    switch ($default_view) {
        case "month":
            $returl = "month.php";
            break;
        case "week":
            $returl = "week.php";
            break;
        default:
            $returl = "test.php";
    }
    $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}";
}
if ($info = get_booking_info($id, FALSE, TRUE)) {
    //$user = getUserName();
    // check that the user is allowed to delete this entry
    /*  if (isset($action) && ($action="reject"))
      {
        $authorised = auth_book_admin($user, $info['room_id']);
      }
      else
      {
        $authorised = getWritable($info['create_by'], $user, $info['room_id']);
      }*/
    $authorised = 1;
    if ($authorised) {
        $day = strftime("%d", $info["start_time"]);
        $month = strftime("%m", $info["start_time"]);
        $year = strftime("%Y", $info["start_time"]);
     $is_new_entry = TRUE;
     // Treat it as a new entry unless told otherwise
 }
 // If we have to approve or reject a booking, check that we have rights to do so
 // for this room
 if (($action == "approve" || $action == "reject") && !auth_book_admin($user, $room_id)) {
     showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
     exit;
 }
 switch ($action) {
     // ACTION = "APPROVE"
     case 'approve':
         if ($need_to_send_mail) {
             $is_new_entry = FALSE;
             // Get the current booking data, before we change anything, for use in emails
             $mail_previous = get_booking_info($id, $series);
         }
         $start_times = mrbsApproveEntry($id, $series);
         $result = $start_times !== FALSE;
         if ($result === FALSE) {
             $returl .= "&error=approve_failed";
         }
         break;
         // ACTION = "MORE_INFO"
     // ACTION = "MORE_INFO"
     case 'more_info':
         // update the last reminded time (the ball is back in the
         // originator's court, so the clock gets reset)
         update_last_reminded($id, $series);
         // update the more info fields
         update_more_info($id, $series, $user, $note);
示例#5
0
// If $series is TRUE, it means that the $id is the id of an
// entry in the repeat table.  Otherwise it's from the entry table.
$id = get_form_var('id', 'int');
$series = get_form_var('series', 'int');
$action = get_form_var('action', 'string');
$returl = get_form_var('returl', 'string');
$error = get_form_var('error', 'string');
// Check the user is authorised for this page
checkAuthorised();
// Also need to know whether they have admin rights
$user = getUserName();
$is_admin = authGetUserLevel($user) >= 2;
// You're only allowed to make repeat bookings if you're an admin
// or else if $auth['only_admin_can_book_repeat'] is not set
$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);
$row = get_booking_info($id, $series);
$room = $row['room_id'];
$area = $row['area_id'];
// Get the area settings for the entry's area.   In particular we want
// to know how to display private/public bookings in this area.
get_area_settings($row['area_id']);
// Work out whether the room or area is disabled
$room_disabled = $row['room_disabled'] || $row['area_disabled'];
// Get the status
$status = $row['status'];
// Get the creator
$create_by = $row['create_by'];
// Work out whether this event should be kept private
$private = $row['status'] & STATUS_PRIVATE;
$writeable = getWritable($row['create_by'], $user, $row['room_id']);
$keep_private = is_private_event($private) && !$writeable;
示例#6
0
     $authorised = auth_book_admin($user, $info['room_id']);
 } else {
     $authorised = getWritable($info['create_by'], $user, $info['room_id']);
 }
 if ($authorised) {
     $day = strftime("%d", $info["start_time"]);
     $month = strftime("%m", $info["start_time"]);
     $year = strftime("%Y", $info["start_time"]);
     $area = mrbsGetRoomArea($info["room_id"]);
     // Get the settings for this area (they will be needed for policy checking)
     get_area_settings($area);
     $notify_by_email = $mail_settings['on_delete'] && $need_to_send_mail;
     if ($notify_by_email) {
         require_once "functions_mail.inc";
         // Gather all fields values for use in emails.
         $mail_previous = get_booking_info($id, FALSE);
         // If this is an individual entry of a series then force the entry_type
         // to be a changed entry, so that when we create the iCalendar object we know that
         // we only want to delete the individual entry
         if (!$series && $mail_previous['rep_type'] != REP_NONE) {
             $mail_previous['entry_type'] = ENTRY_RPT_CHANGED;
         }
     }
     sql_begin();
     $start_times = mrbsDelEntry(getUserName(), $id, $series, 1);
     sql_commit();
     // [At the moment MRBS does not inform the user if it was not able to delete
     // an entry, or, for a series, some entries in a series.  This could happen for
     // example if a booking policy is in force that prevents the deletion of entries
     // in the past.   It would be better to inform the user that the operation has
     // been unsuccessful or only partially successful]