/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'remove') {
check_authz_json('booking');
$id = intval($_GET['id']);
$db->query("DELETE FROM " . $ecs->table('booking_goods') . " WHERE rec_id='{$id}'");
$url = 'goods_booking.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
}
/*------------------------------------------------------ */
//-- 显示详情
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'detail') {
$id = intval($_REQUEST['id']);
$smarty->assign('send_fail', !empty($_REQUEST['send_ok']));
$smarty->assign('booking', get_booking_info($id));
$smarty->assign('ur_here', $_LANG['detail']);
$smarty->assign('action_link', array('text' => $_LANG['06_undispose_booking'], 'href' => 'goods_booking.php?act=list_all'));
$smarty->display('booking_info.htm');
}
/*------------------------------------------------------ */
//-- 处理提交数据
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'update') {
/* 权限判断 */
admin_priv('booking');
$dispose_note = !empty($_POST['dispose_note']) ? trim($_POST['dispose_note']) : '';
$sql = "UPDATE " . $ecs->table('booking_goods') . " SET is_dispose='1', dispose_note='{$dispose_note}', " . "dispose_time='" . gmtime() . "', dispose_user='******'admin_name'] . "'" . " WHERE rec_id='{$_REQUEST['rec_id']}'";
$db->query($sql);
/* 邮件通知处理流程 */
if (!empty($_POST['send_email_notice']) or isset($_POST['remail'])) {
}
// If they're not an admin and multi-day bookings are not allowed, then
// set the end date to the start date
if (!$is_admin && $auth['only_admin_can_book_multiday']) {
$end_day = $start_day;
$end_month = $start_month;
$end_year = $start_year;
}
// If this is an Ajax request and we're being asked to commit the booking, then
// we'll only have been supplied with parameters that need to be changed. Fill in
// the rest from the existing boking information.
// Note: we assume that
// (1) this is not a series (we can't cope with them yet)
// (2) we always get passed start_seconds and end_seconds in the Ajax data
if ($ajax && $commit) {
$old_booking = get_booking_info($id, FALSE);
foreach ($formvars as $var => $var_type) {
if (!isset(${$var}) || $var_type == 'array' && empty(${$var})) {
switch ($var) {
case 'rooms':
$rooms = array($old_booking['room_id']);
break;
case 'original_room_id':
${$var} = $old_booking['room_id'];
break;
case 'private':
${$var} = $old_booking['status'] & STATUS_PRIVATE;
break;
case 'confirmed':
${$var} = !($old_booking['status'] & STATUS_TENTATIVE);
break;
// Check the user is authorised for this page
//checkAuthorised();
if (empty($returl)) {
switch ($default_view) {
case "month":
$returl = "month.php";
break;
case "week":
$returl = "week.php";
break;
default:
$returl = "test.php";
}
$returl .= "?year={$year}&month={$month}&day={$day}&area={$area}";
}
if ($info = get_booking_info($id, FALSE, TRUE)) {
//$user = getUserName();
// check that the user is allowed to delete this entry
/* if (isset($action) && ($action="reject"))
{
$authorised = auth_book_admin($user, $info['room_id']);
}
else
{
$authorised = getWritable($info['create_by'], $user, $info['room_id']);
}*/
$authorised = 1;
if ($authorised) {
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$is_new_entry = TRUE;
// Treat it as a new entry unless told otherwise
}
// If we have to approve or reject a booking, check that we have rights to do so
// for this room
if (($action == "approve" || $action == "reject") && !auth_book_admin($user, $room_id)) {
showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
exit;
}
switch ($action) {
// ACTION = "APPROVE"
case 'approve':
if ($need_to_send_mail) {
$is_new_entry = FALSE;
// Get the current booking data, before we change anything, for use in emails
$mail_previous = get_booking_info($id, $series);
}
$start_times = mrbsApproveEntry($id, $series);
$result = $start_times !== FALSE;
if ($result === FALSE) {
$returl .= "&error=approve_failed";
}
break;
// ACTION = "MORE_INFO"
// ACTION = "MORE_INFO"
case 'more_info':
// update the last reminded time (the ball is back in the
// originator's court, so the clock gets reset)
update_last_reminded($id, $series);
// update the more info fields
update_more_info($id, $series, $user, $note);
// If $series is TRUE, it means that the $id is the id of an
// entry in the repeat table. Otherwise it's from the entry table.
$id = get_form_var('id', 'int');
$series = get_form_var('series', 'int');
$action = get_form_var('action', 'string');
$returl = get_form_var('returl', 'string');
$error = get_form_var('error', 'string');
// Check the user is authorised for this page
checkAuthorised();
// Also need to know whether they have admin rights
$user = getUserName();
$is_admin = authGetUserLevel($user) >= 2;
// You're only allowed to make repeat bookings if you're an admin
// or else if $auth['only_admin_can_book_repeat'] is not set
$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);
$row = get_booking_info($id, $series);
$room = $row['room_id'];
$area = $row['area_id'];
// Get the area settings for the entry's area. In particular we want
// to know how to display private/public bookings in this area.
get_area_settings($row['area_id']);
// Work out whether the room or area is disabled
$room_disabled = $row['room_disabled'] || $row['area_disabled'];
// Get the status
$status = $row['status'];
// Get the creator
$create_by = $row['create_by'];
// Work out whether this event should be kept private
$private = $row['status'] & STATUS_PRIVATE;
$writeable = getWritable($row['create_by'], $user, $row['room_id']);
$keep_private = is_private_event($private) && !$writeable;
$authorised = auth_book_admin($user, $info['room_id']);
} else {
$authorised = getWritable($info['create_by'], $user, $info['room_id']);
}
if ($authorised) {
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$area = mrbsGetRoomArea($info["room_id"]);
// Get the settings for this area (they will be needed for policy checking)
get_area_settings($area);
$notify_by_email = $mail_settings['on_delete'] && $need_to_send_mail;
if ($notify_by_email) {
require_once "functions_mail.inc";
// Gather all fields values for use in emails.
$mail_previous = get_booking_info($id, FALSE);
// If this is an individual entry of a series then force the entry_type
// to be a changed entry, so that when we create the iCalendar object we know that
// we only want to delete the individual entry
if (!$series && $mail_previous['rep_type'] != REP_NONE) {
$mail_previous['entry_type'] = ENTRY_RPT_CHANGED;
}
}
sql_begin();
$start_times = mrbsDelEntry(getUserName(), $id, $series, 1);
sql_commit();
// [At the moment MRBS does not inform the user if it was not able to delete
// an entry, or, for a series, some entries in a series. This could happen for
// example if a booking policy is in force that prevents the deletion of entries
// in the past. It would be better to inform the user that the operation has
// been unsuccessful or only partially successful]