198 lines
9.6 KiB
PHP
198 lines
9.6 KiB
PHP
<?php
|
|
// API: returns JSON events for FullCalendar
|
|
session_start();
|
|
require_once(__DIR__ . '/../inc/config.inc.php');
|
|
require_once(__DIR__ . '/../inc/functions.inc.php');
|
|
|
|
// Enable full error reporting for API debugging
|
|
ini_set('display_errors', '1');
|
|
ini_set('display_startup_errors', '1');
|
|
error_reporting(E_ALL);
|
|
|
|
$user = check_user();
|
|
$isAdmin = is_admin_user();
|
|
|
|
$start = $_GET['start'] ?? null; // expected ISO date
|
|
$end = $_GET['end'] ?? null;
|
|
$onlyApproved = isset($_GET['only_approved']) && ($_GET['only_approved'] == '1' || $_GET['only_approved'] === 'true');
|
|
// public allows non-admin users to request all *approved* vacations (team view)
|
|
$public = isset($_GET['public']) && ($_GET['public'] == '1' || $_GET['public'] === 'true');
|
|
// include_rejected if set to 1 will return rejected entries; default behavior: do not return rejected for regular users
|
|
$includeRejected = isset($_GET['include_rejected']) && ($_GET['include_rejected'] == '1' || $_GET['include_rejected'] === 'true');
|
|
// only_personal forces the API to return only the current user's vacations (useful even if the user is admin)
|
|
$onlyPersonal = isset($_GET['only_personal']) && ($_GET['only_personal'] == '1' || $_GET['only_personal'] === 'true');
|
|
// public_all when used with public=1 returns all non-rejected team vacations (approved + beantragt)
|
|
$publicAll = isset($_GET['public_all']) && ($_GET['public_all'] == '1' || $_GET['public_all'] === 'true');
|
|
|
|
if (!$start || !$end) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'start and end required']);
|
|
exit;
|
|
}
|
|
|
|
$events = [];
|
|
try {
|
|
$branch = 'unknown';
|
|
$debugMode = isset($_GET['debug']) && ($_GET['debug'] == '1' || $_GET['debug'] === 'true');
|
|
|
|
// Vacations: support a personal-only mode, admin mode, and public/team mode
|
|
if ($onlyPersonal) {
|
|
$branch = 'onlyPersonal';
|
|
if ($onlyApproved) {
|
|
$branch = 'onlyPersonal_onlyApproved';
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.user_id = ? AND v.start_date <= ? AND v.end_date >= ? AND LOWER(TRIM(v.status)) = 'genehmigt' ORDER BY v.start_date");
|
|
$stmt->execute([$_SESSION['userid'], $end, $start]);
|
|
} else {
|
|
if ($includeRejected) {
|
|
$branch = 'onlyPersonal_includeRejected';
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.user_id = ? AND v.start_date <= ? AND v.end_date >= ? ORDER BY v.start_date");
|
|
$stmt->execute([$_SESSION['userid'], $end, $start]);
|
|
} else {
|
|
$branch = 'onlyPersonal_excludeRejected';
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.user_id = ? AND v.start_date <= ? AND v.end_date >= ? AND (v.status IS NULL OR LOWER(TRIM(v.status)) != 'abgelehnt') ORDER BY v.start_date");
|
|
$stmt->execute([$_SESSION['userid'], $end, $start]);
|
|
}
|
|
}
|
|
} elseif ($isAdmin) {
|
|
$branch = 'admin';
|
|
if ($onlyApproved) {
|
|
$branch = 'admin_onlyApproved';
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.start_date <= ? AND v.end_date >= ? AND LOWER(TRIM(v.status)) = 'genehmigt' ORDER BY v.start_date");
|
|
$stmt->execute([$end, $start]);
|
|
} else {
|
|
// By default admins see genehmigt + beantragt; include_rejected=1 can override
|
|
if ($includeRejected) {
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.start_date <= ? AND v.end_date >= ? ORDER BY v.start_date");
|
|
$stmt->execute([$end, $start]);
|
|
} else {
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.start_date <= ? AND v.end_date >= ? AND (v.status IS NULL OR LOWER(TRIM(v.status)) IN ('genehmigt','beantragt')) ORDER BY v.start_date");
|
|
$stmt->execute([$end, $start]);
|
|
}
|
|
}
|
|
} else {
|
|
$branch = 'public_or_regular';
|
|
if ($public && $onlyApproved) {
|
|
$branch = 'public_onlyApproved';
|
|
// public team view: show all approved vacations (read-only)
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.start_date <= ? AND v.end_date >= ? AND LOWER(TRIM(v.status)) = 'genehmigt' ORDER BY v.start_date");
|
|
$stmt->execute([$end, $start]);
|
|
} elseif ($public && $publicAll) {
|
|
$branch = 'public_publicAll';
|
|
// public team view: explicitly show only approved (genehmigt) and pending (beantragt) vacations
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.start_date <= ? AND v.end_date >= ? AND (v.status IS NULL OR LOWER(TRIM(v.status)) IN ('genehmigt','beantragt')) ORDER BY v.start_date");
|
|
$stmt->execute([$end, $start]);
|
|
} else {
|
|
if ($onlyApproved) {
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.user_id = ? AND v.start_date <= ? AND v.end_date >= ? AND LOWER(TRIM(v.status)) = 'genehmigt' ORDER BY v.start_date");
|
|
$stmt->execute([$_SESSION['userid'], $end, $start]);
|
|
} else {
|
|
// By default exclude rejected ('abgelehnt') for regular users; include if include_rejected=1
|
|
if ($includeRejected) {
|
|
$branch = 'regular_includeRejected';
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.user_id = ? AND v.start_date <= ? AND v.end_date >= ? ORDER BY v.start_date");
|
|
$stmt->execute([$_SESSION['userid'], $end, $start]);
|
|
} else {
|
|
$branch = 'regular_excludeRejected';
|
|
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname FROM vacations v JOIN users u ON v.user_id = u.id WHERE v.user_id = ? AND v.start_date <= ? AND v.end_date >= ? AND (v.status IS NULL OR LOWER(TRIM(v.status)) != 'abgelehnt') ORDER BY v.start_date");
|
|
$stmt->execute([$_SESSION['userid'], $end, $start]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
try {
|
|
$vacations = $stmt->fetchAll();
|
|
|
|
// If debug mode is enabled, prepare meta information
|
|
if ($debugMode) {
|
|
$rawStatuses = array_map(function($r){ return $r['status'] ?? null; }, $vacations);
|
|
$meta = [
|
|
'branch' => $branch,
|
|
'count' => count($vacations),
|
|
'raw_statuses' => $rawStatuses
|
|
];
|
|
}
|
|
|
|
foreach ($vacations as $v) {
|
|
// Normalize status: collapse whitespace (including NBSP), trim, lowercase
|
|
if (isset($v['status'])) {
|
|
$normalized = preg_replace('/\s+/u', ' ', $v['status']);
|
|
$status = mb_strtolower(trim($normalized));
|
|
} else {
|
|
$status = '';
|
|
}
|
|
// Defensive filter: do not expose rejected ('abgelehnt') entries to non-admins
|
|
if (!$isAdmin && !$includeRejected && mb_stripos($status, 'abgelehnt') !== false) {
|
|
continue;
|
|
}
|
|
$isApproved = (mb_stripos($status, 'genehmigt') !== false);
|
|
if ($isAdmin) {
|
|
$title = $v['vorname'] . ' ' . $v['nachname'] . ' (' . ($v['status'] ?? 'beantragt') . ')';
|
|
} else {
|
|
$title = $isApproved ? 'Urlaub' : 'Urlaubsantrag';
|
|
}
|
|
// Safely compute end date; fallback to start_date if invalid
|
|
try {
|
|
$endInclusive = (new DateTime($v['end_date']))->modify('+1 day')->format('Y-m-d');
|
|
} catch (Exception $e) {
|
|
$endInclusive = $v['start_date'];
|
|
}
|
|
$events[] = [
|
|
'id' => 'vac_' . $v['id'],
|
|
'title' => $title,
|
|
'start' => $v['start_date'],
|
|
'end' => $endInclusive,
|
|
'allDay' => true,
|
|
'color' => ($isApproved) ? '#28a745' : '#ffc107',
|
|
'extendedProps' => [
|
|
'type' => 'user',
|
|
'user_id' => $v['user_id'],
|
|
'status' => $v['status'],
|
|
'comment' => $v['comment_user'] ?? ''
|
|
]
|
|
];
|
|
}
|
|
} catch (Exception $ex) {
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
$payload = ['error' => $ex->getMessage(), 'branch' => $branch, 'trace' => $ex->getTraceAsString()];
|
|
echo json_encode($payload);
|
|
exit;
|
|
}
|
|
|
|
} catch (Exception $ex) {
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
$payload = ['error' => $ex->getMessage(), 'branch' => $branch, 'trace' => $ex->getTraceAsString()];
|
|
echo json_encode($payload);
|
|
exit;
|
|
}
|
|
|
|
// Company holidays (visible to all)
|
|
$stmt = $pdo->prepare("SELECT * FROM company_holidays WHERE start_date <= ? AND end_date >= ? ORDER BY start_date");
|
|
$stmt->execute([$end, $start]);
|
|
$holidays = $stmt->fetchAll();
|
|
|
|
foreach ($holidays as $h) {
|
|
$endInclusive = (new DateTime($h['end_date']))->modify('+1 day')->format('Y-m-d');
|
|
$events[] = [
|
|
'id' => 'com_' . $h['id'],
|
|
'title' => $h['description'] ?: 'Betriebsurlaub',
|
|
'start' => $h['start_date'],
|
|
'end' => $endInclusive,
|
|
'allDay' => true,
|
|
'color' => '#007bff',
|
|
'extendedProps' => [
|
|
'type' => 'company',
|
|
'description' => $h['description']
|
|
]
|
|
];
|
|
}
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
if ($debugMode) {
|
|
echo json_encode(['events' => $events, 'meta' => $meta]);
|
|
} else {
|
|
echo json_encode($events);
|
|
}
|
|
|
|
?>
|