35 lines
827 B
PHP
35 lines
827 B
PHP
<?php
|
|
session_start();
|
|
require_once('inc/config.inc.php');
|
|
require_once('inc/functions.inc.php');
|
|
|
|
$user = check_user();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['id'])) {
|
|
http_response_code(400);
|
|
die('Bad request');
|
|
}
|
|
|
|
$id = (int)$_POST['id'];
|
|
$referer = $_POST['referer'] ?? 'urlaubsantrag.php';
|
|
|
|
$stmt = $pdo->prepare("SELECT user_id, status FROM vacations WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$vac = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$vac) {
|
|
die('Urlaubseintrag nicht gefunden.');
|
|
}
|
|
|
|
$canManageTeamVacations = can_manage_team_vacations();
|
|
if (!$canManageTeamVacations && (int)$vac['user_id'] !== (int)$_SESSION['userid']) {
|
|
die('Zugriff verweigert.');
|
|
}
|
|
|
|
$del = $pdo->prepare("DELETE FROM vacations WHERE id = ?");
|
|
$del->execute([$id]);
|
|
|
|
header('Location: ' . $referer);
|
|
exit();
|
|
?>
|