blob: 428079c8a0ef4353873231810979dc04aa777e9c [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
2require_once("core.php");
3security::checkType(security::WORKER, security::METHOD_NOTFOUND);
4security::checkWorkerUIEnabled();
5
6$isAdmin = security::isAdminView();
7$defaultUrl = ($isAdmin ? "incidents.php" : "userincidents.php?id=".$_SESSION["id"]);
8
9if (!security::checkParams("POST", [
10 ["id", security::PARAM_ISINT],
11 ["type", security::PARAM_ISINT],
12 ["day", security::PARAM_ISDATE]
13])) {
14 security::go(visual::getContinueUrl($url, "unexpected", "POST"));
15}
16
17$id = (int)$_POST["id"];
18$type = (int)$_POST["type"];
19$day = $_POST["day"];
20
21$incident = incidents::get($id, true);
22if ($incident === false) security::go(visual::getContinueUrl($url, "unexpected", "POST"));
23
24$istatus = incidents::getStatus($incident);
25
26if (($isAdmin && in_array($istatus, incidents::$cannotEditStates)) || (!$isAdmin && !in_array($istatus, incidents::$workerCanEditStates))) security::notFound();
27if (!$isAdmin) incidents::checkIncidentIsFromPerson($incident["id"]);
28
29if (isset($_POST["allday"]) && $_POST["allday"] == 1) {
30 $begins = 0;
31 $ends = incidents::ENDOFDAY;
32} else {
33 if (!security::checkParams("POST", [
34 ["begins", security::PARAM_ISTIME],
35 ["ends", security::PARAM_ISTIME]
36 ])) {
37 security::go(visual::getContinueUrl($url, "empty", "POST"));
38 }
39
40 $begins = schedules::time2sec($_POST["begins"]);
41 $ends = schedules::time2sec($_POST["ends"]);
42}
43
44$status = incidents::edit($id, $type, $day, $begins, $ends);
45
46switch ($status) {
47 case 0:
48 security::go(visual::getContinueUrl($url, "modified", "POST"));
49 break;
50
51 case 2:
52 security::go(visual::getContinueUrl($url, "overlap", "POST"));
53 break;
54
55 case 3:
56 security::go(visual::getContinueUrl($url, "order", "POST"));
57 break;
58
59 default:
60 security::go(visual::getContinueUrl($url, "unexpected", "POST"));
61}