clemens/praxis-creutzburg-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c9b0026f5239465b2ca272fd5fb18966ee1767d8
praxis-creutzburg-web/zeiterfassung/approveVacation.php
T
clemens 211ce11e06 Abgleich mit Live-Daten
2026-03-24 14:45:06 +01:00

106 lines
4.2 KiB
PHP
Raw Blame History

<?php
session_start();
require_once("inc/config.inc.php");
require_once("inc/functions.inc.php");
$user = check_user();
if (!is_admin_user()) {
die('Zugriff verweigert. Nur Chefs dürfen Anträge genehmigen.');
}
// Handle approve/reject actions
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['id']) && isset($_POST['action'])) {
$id = (int)$_POST['id'];
$action = $_POST['action'];
if ($action === 'approve') {
$stmt = $pdo->prepare("UPDATE vacations SET status = 'genehmigt', approved_by = ?, approved_at = NOW() WHERE id = ?");
$stmt->execute([$_SESSION['userid'], $id]);
} elseif ($action === 'reject') {
$stmt = $pdo->prepare("UPDATE vacations SET status = 'abgelehnt', approved_by = ?, approved_at = NOW() WHERE id = ?");
$stmt->execute([$_SESSION['userid'], $id]);
} elseif ($action === 'delete' && is_admin_user()) {
$del = $pdo->prepare("DELETE FROM vacations WHERE id = ?");
$del->execute([$id]);
}
header('Location: approveVacation.php');
exit();
}
include 'header.php';
// List pending and recent requests
$stmt = $pdo->prepare("SELECT v.*, u.vorname, u.nachname, u.email FROM vacations v JOIN users u ON v.user_id = u.id ORDER BY v.created_at DESC");
$stmt->execute();
$requests = $stmt->fetchAll();
?>
<div class="container">
<h2>Urlaubsanträge - Genehmigung</h2>
<table class="table table-bordered">
<thead>
<tr>
<th>Mitarbeiter</th>
<th>Von</th>
<th>Bis</th>
<th>Tage</th>
<th>Kommentar</th>
<th>Status</th>
<th>Aktion</th>
</tr>
</thead>
<tbody>
<?php foreach ($requests as $r): ?>
<tr>
<td><?php echo htmlspecialchars($r['vorname'] . ' ' . $r['nachname']); ?></td>
<td><?php echo $r['start_date']; ?></td>
<td><?php echo $r['end_date']; ?></td>
<td><?php echo $r['days']; ?></td>
<td><?php echo htmlspecialchars($r['comment_user']); ?></td>
<td>
<?php
if ($r['status'] === 'beantragt' || $r['status'] === null) {
echo '<span class="badge badge-warning">Beantragt</span>';
} elseif ($r['status'] === 'genehmigt') {
echo '<span class="badge badge-success">Genehmigt</span>';
} else {
echo '<span class="badge badge-danger">Abgelehnt</span>';
}
?>
</td>
<td>
<?php if ($r['status'] !== 'genehmigt'): ?>
<form method="post" style="display:inline-block; margin-right:6px;">
<input type="hidden" name="id" value="<?php echo $r['id']; ?>">
<input type="hidden" name="action" value="approve">
<button class="btn btn-sm btn-success" type="submit">Genehmigen</button>
</form>
<?php endif; ?>
<?php if ($r['status'] !== 'abgelehnt'): ?>
<form method="post" style="display:inline-block;">
<input type="hidden" name="id" value="<?php echo $r['id']; ?>">
<input type="hidden" name="action" value="reject">
<button class="btn btn-sm btn-danger" type="submit">Ablehnen</button>
</form>
<?php endif; ?>
<form method="post" style="display:inline-block; margin-left:6px;" onsubmit="return confirm('Wirklich löschen?');">
<input type="hidden" name="id" value="<?php echo $r['id']; ?>">
<input type="hidden" name="action" value="delete">
<button class="btn btn-sm btn-outline-danger" type="submit">Löschen</button>
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php include 'footer.php';
?>
Reference in New Issue View Git Blame Copy Permalink