training/presence visibility by coach

2019-07-28 15:45:19 +02:00
parent 13bf590aa0
commit ec3256b3cc
4 changed files with 204 additions and 155 deletions
--- a/_class/class_training.php
+++ b/_class/class_training.php
@@ -135,6 +135,11 @@ class training {
        return !empty($this->tr_coaches);
    }

+    public static function has_any_coach($training_id) {
+        global $sql;
+        return $sql->num_of_rows("SELECT * FROM training_coach WHERE trc_training_tr_id = " . $training_id);
+    }
+
    public function is_helper() {
        //megadja, hogy van-e beállítva segédedző az edzéshez
        //TRUE HA IGEN, FALSE EGYÉBKÉNT
--- a/_class/class_user.php
+++ b/_class/class_user.php
@@ -165,6 +165,11 @@ class user {
        return $this->authorities;
    }

+    public static function user_can_edit_training($user_id, $training_id) {
+        global $sql;
+        return $sql->num_of_rows("SELECT * FROM training_coach WHERE trc_coach_uc_id = " . $user_id ." AND trc_training_tr_id = " . $training_id);
+    }
+
    public static function create_user($_name, $_password, $_authorities = array()) {
        global $sql;
        $new_user_id = $sql->insert_into('user_coach', array(
--- a/_include/include_presence.php
+++ b/_include/include_presence.php
@@ -11,7 +11,10 @@ if ($this->is_id()) {
    //alg.: lekérjük, hogy az elmúlt 4 hétben, ezen a napon, ezzel az edzés típussal milyen edzés ID-k vannak
    //presence-ből countoljuk az user_kid ID-kat

-
+    if (!$user->has_authority_by_name('admin') && !user::user_can_edit_training($user->get_ua_id(), $this->get_id()) && training::has_any_coach($this->get_id())) {
+        $smarty->display('access_denied.tpl');
+    }
+    else {
        $presence_query = "SELECT * FROM user_kid ORDER BY uk_name;";
        $presence_assoc_array = $sql->assoc_array($presence_query);
        //végig kell menni rajta h legeneráljuk az usereket
@@ -140,11 +143,29 @@ if ($this->is_id()) {
        $smarty->assign('tr_id', $this->get_id());

        $smarty->display("presence.tpl");
+    }
+
+

 }

 else {
+    if ($user->has_authority_by_name('admin')) {
        $traning_list_query = "SELECT * FROM training WHERE tr_deleted = 0 ORDER BY tr_date DESC;";
+    }
+    else {
+        $traning_list_query = "
+            SELECT DISTINCT
+                tr_id
+            FROM
+                training
+                    LEFT JOIN
+                training_coach ON trc_training_tr_id = tr_id
+            WHERE
+                tr_deleted = 0 AND (trc_coach_uc_id = ". $user->get_ua_id() ." OR trc_coach_uc_id IS NULL)
+            ORDER BY tr_date DESC;
+        ";
+    }
    $training_list_assoc_array = $sql->assoc_array($traning_list_query);

    $training_array = array();
--- a/_include/include_trainings.php
+++ b/_include/include_trainings.php
@@ -5,6 +5,10 @@

 if ($this->is_id()) {

+    if (!$user->has_authority_by_name('admin') && !user::user_can_edit_training($user->get_ua_id(), $this->get_id()) && training::has_any_coach($this->get_id())) {
+        $smarty->display('access_denied.tpl');
+    }
+    else {
        # ADOTT EDZÉS ADATAINAK MEGJELENÍTÉSE
        //training adatok
        $training_data_query = "SELECT * FROM training WHERE tr_id = " . $this->get_id();
@@ -40,12 +44,26 @@ if ($this->is_id()) {


        $smarty->display('training_data_'.$tpl.'.tpl');
-
+    }
 }

 else {
-
+    if ($user->has_authority_by_name('admin')) {
        $traning_list_query = "SELECT * FROM training WHERE tr_deleted = 0 ORDER BY tr_date DESC;";
+    }
+    else {
+        $traning_list_query = "
+            SELECT DISTINCT
+                tr_id
+            FROM
+                training
+                    LEFT JOIN
+                training_coach ON trc_training_tr_id = tr_id
+            WHERE
+                tr_deleted = 0 AND (trc_coach_uc_id = ". $user->get_ua_id() ." OR trc_coach_uc_id IS NULL)
+            ORDER BY tr_date DESC;
+        ";
+    }
    $training_list_assoc_array = $sql->assoc_array($traning_list_query);

    $training_array = array();