admin/36573-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36573-vm/update_status.php
Flatlogic Bot be7c0d84bd V1.001 expanded requirements
2025-12-04 02:32:25 +00:00

106 lines
4.0 KiB
PHP
Raw Permalink Blame History

<?php
session_start();
require_once 'includes/auth_helpers.php';
require_once 'db/config.php';
redirect_if_not_authenticated();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
exit('Method Not Allowed');
}
$application_id = $_POST['application_id'] ?? null;
$new_status = $_POST['status'] ?? null;
$comments = $_POST['comments'] ?? '';
if (!$application_id || !in_array($new_status, ['approved', 'rejected', 'reverted'])) {
$_SESSION['message'] = 'Invalid request.';
$_SESSION['message_type'] = 'danger';
header('Location: index.php');
exit();
}
$pdo = db();
try {
// Get current application details
$stmt_app = $pdo->prepare("SELECT approval_level, current_approver_role_id FROM customer_applications WHERE id = ?");
$stmt_app->execute([$application_id]);
$application = $stmt_app->fetch(PDO::FETCH_ASSOC);
if (!$application) {
$_SESSION['message'] = 'Application not found.';
$_SESSION['message_type'] = 'danger';
header('Location: index.php');
exit();
}
$current_level = $application['approval_level'];
$current_approver_role_id = $application['current_approver_role_id'];
$user_role_id = $_SESSION['user']['role_id'];
// Check if the user has permission to approve at this level
if ($user_role_id != $current_approver_role_id) {
$_SESSION['message'] = 'You do not have permission to approve this application at the current level.';
$_SESSION['message_type'] = 'danger';
header('Location: view_application.php?id=' . $application_id);
exit();
}
$pdo->beginTransaction();
// Insert into application_approvals
$stmt_approval = $pdo->prepare(
'INSERT INTO application_approvals (application_id, approver_id, approval_level, status, comments) VALUES (?, ?, ?, ?, ?)'
);
$stmt_approval->execute([$application_id, $_SESSION['user']['id'], $current_level, $new_status, $comments]);
if ($new_status === 'approved') {
$next_level = $current_level + 1;
if ($next_level <= 7) {
// Get the role ID for the next approval level
$stmt_role = $pdo->prepare("SELECT id FROM roles WHERE name = ?");
$stmt_role->execute(['Approver Level ' . $next_level]);
$next_approver_role = $stmt_role->fetch(PDO::FETCH_ASSOC);
$next_approver_role_id = $next_approver_role ? $next_approver_role['id'] : null;
$stmt_update = $pdo->prepare(
'UPDATE customer_applications SET approval_level = ?, current_approver_role_id = ? WHERE id = ?'
);
$stmt_update->execute([$next_level, $next_approver_role_id, $application_id]);
$_SESSION['message'] = "Application approved and moved to the next level.";
} else {
$stmt_update = $pdo->prepare(
"UPDATE customer_applications SET status = 'APPROVED', approval_level = 7, current_approver_role_id = NULL WHERE id = ?"
);
$stmt_update->execute([$application_id]);
$_SESSION['message'] = "Application approved.";
}
} elseif ($new_status === 'reverted') { // Reverted
$stmt_update = $pdo->prepare(
"UPDATE customer_applications SET status = 'REVERTED' WHERE id = ?"
);
$stmt_update->execute([$application_id]);
$_SESSION['message'] = "Application reverted to the applicant for amendments.";
} else { // Rejected
$stmt_update = $pdo->prepare(
"UPDATE customer_applications SET status = 'REJECTED', current_approver_role_id = NULL WHERE id = ?"
);
$stmt_update->execute([$application_id]);
$_SESSION['message'] = "Application rejected.";
}
$pdo->commit();
$_SESSION['message_type'] = 'success';
} catch (PDOException $e) {
$pdo->rollBack();
$_SESSION['message'] = 'Database error: ' . $e->getMessage();
$_SESSION['message_type'] = 'danger';
}
header('Location: view_application.php?id=' . $application_id);
exit();
Reference in New Issue View Git Blame Copy Permalink