Collections functions
Encryption functions
General functions
Theme permission functions
Resource functions

save_request()

Description

Handle the posted request form, when saving a request in the admin area.

Parameters

ColumnTypeDefaultDescription
$request integer The request record ID

Return

boolean Was this successful?

Location

include/request_functions.php lines 45 to 212

Definition

 
function save_request($request)
    {
    
# Use the posted form to update the request
    
global $applicationname,$baseurl,$lang,$request_senduserupdates,$admin_resource_access_notifications,$userref;
        
    
$status=getvalescaped("status","",true);
    
$expires=getvalescaped("expires","");
    
$currentrequest=get_request($request);
    
$oldstatus=$currentrequest["status"];
    
$assigned_to=getvalescaped("assigned_to","");
    
$reason=getvalescaped("reason","");
    
$reasonapproved=getvalescaped("reasonapproved","");

    
$approved_declined=false;
    
    
# --------------------- User Assignment ------------------------
    # Process an assignment change if this user can assign requests to other users
    
if ($currentrequest["assigned_to"]!=$assigned_to && checkperm("Ra"))
        {
        if (
$assigned_to==0)
            {
            
# Cancel assignment
            
sql_query("update request set assigned_to=null where ref='$request'");
            }
        else
            {
            
# Update and notify user
            
sql_query("update request set assigned_to='$assigned_to' where ref='$request'");
            
$message=$lang["requestassignedtoyoumail"] . "\n\n$baseurl/?q=" $request "\n";
            
            
get_config_option($assigned_to,'user_pref_resource_access_notifications'$send_messagetrue);       
            if(
$send_message)
                {
                
get_config_option($assigned_to,'email_user_notifications'$send_email);
                
$assigned_to_user=get_user($assigned_to);
                if(
$send_email && filter_var($assigned_to_user["email"], FILTER_VALIDATE_EMAIL))
                    {               
                    
send_mail($assigned_to_user["email"],$applicationname ": " $lang["requestassignedtoyou"],$message);
                    }
                else
                    {
                    
message_add($assigned_to,$message,$baseurl "/?q=" $request);
                    }
                }
            
            
get_config_option($currentrequest["user"],'user_pref_resource_access_notifications'$send_message$admin_resource_access_notifications);        
            if(
$send_message)
                {
                
$userconfirmmessage=str_replace("%",$assigned_to_user["fullname"] . " (" $assigned_to_user["email"] . ")" ,$lang["requestassignedtouser"]);
                if (
$request_senduserupdates)
                    {
                    
get_config_option($currentrequest["user"],'email_user_notifications'$send_email);
                    if(
$send_email && filter_var($currentrequest["email"], FILTER_VALIDATE_EMAIL))
                        {    
                        
send_mail($currentrequest["email"],$applicationname ": " $lang["requestupdated"] . " - $request",$userconfirmmessage);
                        }
                    else
                        {
                        
message_add($currentrequest["user"],$lang["requestupdated"] . " - " $request "<br />" $userconfirmmessage,$baseurl "/?c=" $currentrequest["collection"]);
                        }
                        
                    }
                }
            }
        }
    
    
    
# Has either the status or the expiry date changed?
    
if (($oldstatus!=$status || $expires!=$currentrequest["expires"]) && $status==1)
        {
        
# --------------- APPROVED -------------
        # Send approval e-mail
        // $reasonapproved=str_replace(array("\\r","\\n"),"\n",$reasonapproved);$reasonapproved=str_replace("\n\n","\n",$reasonapproved); # Fix line breaks.
        
$approved_declined true;
        
$reasonapproved unescape($reasonapproved);
        
$message=$lang["requestapprovedmail"] . "\n\n" $lang["approvalreason"]. ": " $reasonapproved "\n\n" ;
        
$message.="$baseurl/?c=" $currentrequest["collection"] . "\n";
        if (
$expires!="")
            {
            
# Add expiry time to message.
            
$message.=$lang["requestapprovedexpires"] . " " nicedate($expires) . "\n\n";
            }
                   
        
get_config_option($currentrequest["user"],'email_user_notifications'$send_email);
        if(
$send_email && filter_var($currentrequest["email"], FILTER_VALIDATE_EMAIL))
            {
            
$templatevars['url'] = $baseurl."/?c=" $currentrequest["collection"]; 
            
send_mail($currentrequest["email"],$applicationname ": " $lang["requestcollection"] . " - " $lang["resourcerequeststatus1"],$message);
            }
        else
            {
            
message_add($currentrequest["user"],$message,$baseurl "/?c=" $currentrequest["collection"]);
            }
               
        
        
# Mark resources as full access for this user
        
foreach (get_collection_resources($currentrequest["collection"]) as $resource)
            {
            
open_access_to_user($currentrequest["user"],$resource,$expires);
            }
            
        
# Clear any outstanding notifications about this request that may have been sent to other admins
        
message_remove_related(MANAGED_REQUEST,$request);
        }

    if (
$oldstatus!=$status && $status==2)  
        {
        
# --------------- DECLINED -------------
        # Send declined e-mail
        
$approved_declined true;
        
$reason unescape($reason);
        
$message=$lang["requestdeclinedmail"] . "\n\n" $lang["declinereason"] . ": "$reason "\n\n$baseurl/?c=" $currentrequest["collection"] . "\n";
               
        
get_config_option($currentrequest["user"],'email_user_notifications'$send_email);
        if(
$send_email && filter_var($currentrequest["email"], FILTER_VALIDATE_EMAIL))
            {
            
send_mail($currentrequest["email"],$applicationname ": " $lang["requestcollection"] . " - " $lang["resourcerequeststatus2"],$message);
            }
        else
            {
            
message_add($currentrequest["user"],$message,$baseurl "/?c=" $currentrequest["collection"]);
            }

        
# Remove access that my have been granted by an inadvertant 'approved' command.
        
foreach (get_collection_resources($currentrequest["collection"]) as $resource)
            {
            
remove_access_to_user($currentrequest["user"],$resource);
            }
            
        
# Clear any outstanding notifications about this request that may have been sent to other admins
        
message_remove_related(MANAGED_REQUEST,$request);
        }

    if (
$oldstatus!=$status && $status==0)
        {
        
# --------------- PENDING -------------
        # Moved back to pending. Delete any permissions set by a previous 'approve'.
        
foreach (get_collection_resources($currentrequest["collection"]) as $resource)
            {
            
remove_access_to_user($currentrequest["user"],$resource);
            }
        }

        
// Escape again because we had to unescape it before adding it to the e-mail body
        
$reasonapproved escape_check($reasonapproved);
        
$reason escape_check($reason);

    
# Save status
    
sql_query("update request set status='$status',expires=" . ($expires==""?"null":"'$expires'") . ",reason='$reason',reasonapproved='$reasonapproved' where ref='$request'");

    
# Set user that approved or declined the request
    
if ($approved_declined)
        {
        
sql_query("update request set approved_declined_by='" escape_check($userref) . "' where ref='" escape_check($request) . "'");
        }

    if (
getval("delete","")!="")
        {
        
# Delete the request - this is done AFTER any e-mails have been sent out so this can be used on approval.
        
sql_query("delete from request where ref='$request'");
        
        
# Clear any outstanding notifications about this request that may have been sent to other admins
        
message_remove_related(MANAGED_REQUEST,$request);
        
        return 
true;        
        }

    }

This article was last updated 12th July 2020 06:05 Europe/London time based on the source file dated 26th June 2020 11:03 Europe/London time.