From 6fba6ef32c54a7a0fcdbf8cda3f809ad58dcd318 Mon Sep 17 00:00:00 2001
From: Isaac Machakata <isaac@caasi.co.zw>
Date: Sun, 7 Apr 2024 03:15:14 +0200
Subject: [PATCH] refactor: allow specific user to perfom known and accepted
 activities on requisitions

---
 app/Controllers/Requisition.php            | 26 +++++++++++++++++++++-
 app/Views/forms/authorize-requisitions.php |  7 ++++--
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/app/Controllers/Requisition.php b/app/Controllers/Requisition.php
index c1a5a2e..e52f990 100644
--- a/app/Controllers/Requisition.php
+++ b/app/Controllers/Requisition.php
@@ -186,6 +186,10 @@ public function viewUserReportsIndex()
 
     public function authorizeRequisitionsIndex()
     {
+        self::$VIEW_PARAMS['statuses'] = [
+            'Approve' => $this->account->Department == 'Supervisor' ? 'Supervisor_Approved' : 'Finance_Disbursed',
+            'CanReject' => $this->account->Department == 'Supervisor'
+        ];
         self::$VIEW_PARAMS['requisitions'] = $this->requisitions
             ->select('requisitions.ID AS ReqID, requisitions.UpdatedAt, requisitions.Amount, requisitions.Reason, CONCAT(Name, " ", Surname) AS Names')
             ->where('Status', 'Submitted')
@@ -197,10 +201,29 @@ public function authorizeRequisitionsIndex()
 
     public function authorizeRequisitions()
     {
+        $isSupervisor = $this->account->Department == 'Supervisor';
+        self::$VIEW_PARAMS['statuses'] = [
+            'CanReject' => $isSupervisor
+        ];
+
+        // this prevents the user from rejecting requisitions without the required rights
+        if ($isSupervisor) {
+            $allowedApprovals = 'Supervisor_Approved,Reject';
+            self::$VIEW_PARAMS['statuses'] = [
+                'Approve' => 'Supervisor_Approved',
+                'CanReject' => $this->account->Department == 'Supervisor'
+            ];
+        } else {
+            $allowedApprovals = 'Finance_Disbursed';
+        }
+
+        // validate form
         $formIsValid = $this->validate([
             'ID' => 'required|is_not_unique[requisitions.ID]',
-            'Status' => 'required|in_list[Supervisor_Approved,Rejected]'
+            'Status' => sprintf('required|in_list[%s]', $allowedApprovals)
         ]);
+
+        // show errors
         if (!$formIsValid) {
             self::$VIEW_PARAMS['error'] = $this->validator->getErrors();
             self::$VIEW_PARAMS['requisitions'] = $this->requisitions
@@ -217,6 +240,7 @@ public function authorizeRequisitions()
         $requisition->Status = $submittedData['Status'];
         $this->requisitions->update($submittedData, $requisition);
 
+        // get updated requisitions
         self::$VIEW_PARAMS['requisitions'] = $this->requisitions
             ->select('requisitions.ID AS ReqID, requisitions.UpdatedAt, requisitions.Amount, requisitions.Reason, CONCAT(Name, " ", Surname) AS Names')
             ->where('Status', 'Submitted')
diff --git a/app/Views/forms/authorize-requisitions.php b/app/Views/forms/authorize-requisitions.php
index 2c7732b..01a0f50 100644
--- a/app/Views/forms/authorize-requisitions.php
+++ b/app/Views/forms/authorize-requisitions.php
@@ -17,6 +17,7 @@
                         <h1 class="text-body h2 fw-bold">Recent Requisitions</h1>
                         <div class="text-body mb-4">
                             Here's a list of the recent requisitions requiring your attention.
+                            <?= !$requisitions ? '<br> No new requisitions were found.' : '' ?>
                         </div>
                         <div class="row">
                             <?php foreach ($requisitions as $requisition) : ?>
@@ -91,10 +92,12 @@
                                         <div class="btn-group mb-4" role="group" aria-label="Vertical radio toggle button group">
                                             <input type="radio" class="btn-check" name="Status" id="StatusSubmitted" value="" autocomplete="off" disabled checked>
                                             <label class="btn btn-outline-primary" for="StatusSubmitted">Submitted</label>
-                                            <input type="radio" class="btn-check" name="Status" value="Supervisor_Approved" id="StatusApprove" autocomplete="off">
+                                            <input type="radio" class="btn-check" name="Status" value="<?= $statuses['Approve'] ?>" id="StatusApprove" autocomplete="off">
                                             <label class="btn btn-outline-primary" for="StatusApprove">Approve Requisition</label>
-                                            <input type="radio" class="btn-check" name="Status" id="StatusDismiss" value="Rejected" autocomplete="off">
+                                            <?php if($statuses['CanReject']):?>
+                                            <input type="radio" class="btn-check" name="Status" id="StatusDismiss" value="<?= $statuses['Reject'] ?>" autocomplete="off">
                                             <label class="btn btn-outline-primary" for="StatusDismiss">Cancel Requisition</label>
+                                            <?php endif;?>
                                         </div>
                                     </div>
                                     <div class="mb-2 col-12">