refactor: allow specific user to perfom known and accepted activities…

… on requisitions
im-machakata · Apr 7, 2024 · 6fba6ef · 6fba6ef
1 parent 0f0e484
commit 6fba6ef
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/app/Controllers/Requisition.php b/app/Controllers/Requisition.php
@@ -186,6 +186,10 @@ public function viewUserReportsIndex()
 
  public function authorizeRequisitionsIndex()
  {
+ self::$VIEW_PARAMS['statuses'] = [
+ 'Approve' => $this->account->Department == 'Supervisor' ? 'Supervisor_Approved' : 'Finance_Disbursed',
+ 'CanReject' => $this->account->Department == 'Supervisor'
+ ];
  self::$VIEW_PARAMS['requisitions'] = $this->requisitions
  ->select('requisitions.ID AS ReqID, requisitions.UpdatedAt, requisitions.Amount, requisitions.Reason, CONCAT(Name, " ", Surname) AS Names')
  ->where('Status', 'Submitted')
@@ -197,10 +201,29 @@ public function authorizeRequisitionsIndex()
 
  public function authorizeRequisitions()
  {
+ $isSupervisor = $this->account->Department == 'Supervisor';
+ self::$VIEW_PARAMS['statuses'] = [
+ 'CanReject' => $isSupervisor
+ ];
+
+ // this prevents the user from rejecting requisitions without the required rights
+ if ($isSupervisor) {
+ $allowedApprovals = 'Supervisor_Approved,Reject';
+ self::$VIEW_PARAMS['statuses'] = [
+ 'Approve' => 'Supervisor_Approved',
+ 'CanReject' => $this->account->Department == 'Supervisor'
+ ];
+ } else {
+ $allowedApprovals = 'Finance_Disbursed';
+ }
+
+ // validate form
  $formIsValid = $this->validate([
  'ID' => 'required|is_not_unique[requisitions.ID]',
- 'Status' => 'required|in_list[Supervisor_Approved,Rejected]'
+ 'Status' => sprintf('required|in_list[%s]', $allowedApprovals)
  ]);
+
+ // show errors
  if (!$formIsValid) {
  self::$VIEW_PARAMS['error'] = $this->validator->getErrors();
  self::$VIEW_PARAMS['requisitions'] = $this->requisitions
@@ -217,6 +240,7 @@ public function authorizeRequisitions()
  $requisition->Status = $submittedData['Status'];
  $this->requisitions->update($submittedData, $requisition);
 
+ // get updated requisitions
  self::$VIEW_PARAMS['requisitions'] = $this->requisitions
  ->select('requisitions.ID AS ReqID, requisitions.UpdatedAt, requisitions.Amount, requisitions.Reason, CONCAT(Name, " ", Surname) AS Names')
  ->where('Status', 'Submitted')

diff --git a/app/Views/forms/authorize-requisitions.php b/app/Views/forms/authorize-requisitions.php
@@ -17,6 +17,7 @@
  <h1 class="text-body h2 fw-bold">Recent Requisitions</h1>
  <div class="text-body mb-4">
  Here's a list of the recent requisitions requiring your attention.
+ <?= !$requisitions ? '<br> No new requisitions were found.' : '' ?>
  </div>
  <div class="row">
  <?php foreach ($requisitions as $requisition) : ?>
@@ -91,10 +92,12 @@
  <div class="btn-group mb-4" role="group" aria-label="Vertical radio toggle button group">
  <input type="radio" class="btn-check" name="Status" id="StatusSubmitted" value="" autocomplete="off" disabled checked>
  <label class="btn btn-outline-primary" for="StatusSubmitted">Submitted</label>
- <input type="radio" class="btn-check" name="Status" value="Supervisor_Approved" id="StatusApprove" autocomplete="off">
+ <input type="radio" class="btn-check" name="Status" value="<?= $statuses['Approve'] ?>" id="StatusApprove" autocomplete="off">
  <label class="btn btn-outline-primary" for="StatusApprove">Approve Requisition</label>
- <input type="radio" class="btn-check" name="Status" id="StatusDismiss" value="Rejected" autocomplete="off">
+ <?php if($statuses['CanReject']):?>
+ <input type="radio" class="btn-check" name="Status" id="StatusDismiss" value="<?= $statuses['Reject'] ?>" autocomplete="off">
  <label class="btn btn-outline-primary" for="StatusDismiss">Cancel Requisition</label>
+ <?php endif;?>
  </div>
  </div>
  <div class="mb-2 col-12">