/** * Performs the fetch of the work request * * @param $params * Associative array of parameters * - $params->wr: Work Request ID or array of * - $params->user: User ID making the request * @return * - The request object on success * - Error message if access is denied, or wr was not filled. */ function run($params) { $access = access::getInstance(); if ($params['GET']['wr'] == null) { error_logging('WARNING', "No work request number (wr) provided."); return new error('No work request number (wr) provided.'); } if (!preg_match('/^(\\d+)(,\\d+)*$/', $params['GET']['wr'])) { error_logging('WARNING', 'Provided work request (wr) of; "' . $params['GET']['wr'] . '" argument does not match required format.'); return new error('Bad work request (wr) argument. Argument must be in the format of one or more integers seperated by commas.'); } $response = new response('Success'); $sql = 'SELECT * FROM request WHERE request_id IN (' . $params['GET']['wr'] . ')'; $result = db_query($sql); while ($row = db_fetch_object($result)) { if ($access->permitted('wr/view', $row->request_id)) { $object = new WrmsWorkRequest(); $object->populate($row); $object->populateChildren(); $response->data[] = $object; } else { $response->data[] = new error('You cannot access this work request.', 403); # EKM TODO add id not allowed option } } return $response; }
function run($params) { /* * I know this seems backwards, but we check access as one of the last steps * We really need the full WR so we can check if the person has enough access, * so we will build the WR first then check permissions, then write it to the DB */ // WR number - If present, this is an edit, if not it's a create $wr = $params['GET']['wr']; $brief = $params['GET']['brief']; $org = $params['GET']['org']; $person = $params['GET']['person']; $sys = $params['GET']['sys']; $type = $params['GET']['type']; $urgency = $params['GET']['urgency']; $importance = $params['GET']['importance']; $requested_by = $params['GET']['requested_by']; $agreed_due = $params['GET']['agreed_due']; $invoice_to = $params['GET']['invoice_to']; $details = $params['GET']['details']; /* * Other things you can do to a WR that will need implementing * Add files * Add Quotes * Link WRs * Subscribe people * Allocate to people * Assign a tag * Add a QA action * Add a Note - (preserve HTML) * Change the status * Select Quiet update */ if (isset($wr) && is_numeric($wr)) { // We are editing a WR } else { $wr = new WrmsWorkRequest(); //$urgency, $importance, $type, $person, $brief, $details, $sys) return $wr->create($urgency, $importance, $type, $person, $brief, $details, $sys); } $access = access::getInstance(); if ($access->permitted('wr/create', $wr)) { return new response('Access granted'); } else { return new error('You cannot add a WR for this system.', '403'); } }