<?php
require_once './Includes/auth.php';
require_once './Includes/rbac.php';
redirect_if_not_logged_in();
if (!can_view_all_requests()) {
die('<div class="alert alert-error">Access Denied</div>');
}
$filter_id = $_GET['filter_id'] ?? '';
$filter_workflow = $_GET['filter_workflow'] ?? '';
$filter_submitted_by = $_GET['filter_submitted_by'] ?? '';
$filter_date = $_GET['filter_date'] ?? '';
$sort = $_GET['sort'] ?? 'r.dateInserted';
$order = strtoupper($_GET['order'] ?? 'DESC');
$order = ($order === 'ASC') ? 'ASC' : 'DESC'; // sanitize
$allowed_sorts = [
'r.pk_request', 'w.title', 'submitted_by', 'r.dateInserted'
];
if (!in_array($sort, $allowed_sorts)) $sort = 'r.dateInserted';
// --- build WHERE clause ---
$where = []; // empty array to store filter conditions
// add ID filter condition if provided
if ($filter_id !== '') {
// safely convert to integer to prevent SQL injection
$where[] = "r.pk_request = " . intval($filter_id);
}
// add Workflow filter condition if provided by the user
if ($filter_workflow !== '') {
// escape user input and perform partial match search
$where[] = "w.title LIKE '%" . mysqli_real_escape_string($conn, $filter_workflow) . "%'";
}
// add Submitted By filter condition if provided by the user
if ($filter_submitted_by !== '') {
// escape user input and search in concatenated name field
$where[] = "CONCAT(u.firstName, ' ', u.lastName) LIKE '%" .
mysqli_real_escape_string($conn, $filter_submitted_by) . "%'";
}
// add Date filter condition if provided by the user
if ($filter_date !== '') {
// escape user input and match exact date (ignoring time)
$where[] = "DATE(r.dateInserted) = '" .
mysqli_real_escape_string($conn, $filter_date) . "'";
}
// combine conditions into SQL WHERE clause
/*
EXAMPLE:
ID: (blank)
Workflow: Leave
Submitted By: Alice
Date: 2025-06-20
$where = [
"w.title LIKE '%Leave%'",
"CONCAT(u.firstName, ' ', u.lastName) LIKE '%Alice%'",
"DATE(r.dateInserted) = '2025-06-20'"
];
then
$where_sql = "WHERE w.title LIKE '%Leave%' AND CONCAT(u.firstName, ' ', u.lastName) LIKE '%Alice%' AND DATE(r.dateInserted) = '2025-06-20'";
*/
$where_sql = $where ? 'WHERE ' . implode(' AND ', $where) : '';
$sql = "SELECT r.pk_request, w.title AS workflow_title,
CONCAT(u.firstName, ' ', u.lastName) AS submitted_by,
r.dateInserted
FROM workflowManager_Request r
INNER JOIN workflowManager_Workflow w ON r.fk_Workflow_triggers = w.pk_workflow
INNER JOIN workflowManager_User u ON r.fk_User_submittedBy = u.pk_user
$where_sql
ORDER BY $sort $order";
$result = mysqli_query($conn, $sql);
// --- Helper for HTML escaping ---
// for keeping the filter values in the form
// ENT_QUOTES: convert both double and single quotes to their HTML entities (" and ')
function h($v) { return htmlspecialchars($v, ENT_QUOTES); }
?>
<h2>All Requests</h2>
<!-- Filter Form -->
<form method="get" class="filter-form" action="index.php">
<input type="hidden" name="page" value="all_requests">
<div class="filter-row">
<input type="text" name="filter_id" placeholder="ID" value="<?= h($filter_id) ?>">
<input type="text" name="filter_workflow" placeholder="Workflow" value="<?= h($filter_workflow) ?>">
<input type="text" name="filter_submitted_by" placeholder="Submitted By" value="<?= h($filter_submitted_by) ?>">
<input type="date" name="filter_date" value="<?= h($filter_date) ?>">
<button type="submit" class="btn">Filter</button>
<a href="index.php?page=all_requests" class="btn btn-clear">Clear</a>
</div>
</form>
<div class="table-scroll">
<table class="data-table">
<tr>
<?php
// table headers: database column => display label
$headers = [
'r.pk_request' => 'ID', // request ID column
'w.title' => 'Workflow', // workflow title column
'submitted_by' => 'Submitted By', // user who submitted request
'r.dateInserted' => 'Date' // request submission date
];
// generate sortable headers for each column
foreach ($headers as $col => $label) {
// determine sort direction for this column:
// - if already sorting by this column, toggle direction
// - otherwise default to ascending
$new_order = ($sort === $col && $order === 'ASC') ? 'DESC' : 'ASC';
$arrow = ($sort === $col) ? ($order === 'ASC' ? ' ▲' : ' ▼') : '';
// keep filters in header sort links
$query = http_build_query(array_merge($_GET, ['sort' => $col, 'order' => $new_order]));
echo "<th><a href=\"index.php?$query\">$label$arrow</a></th>";
}
?>
</tr>
<?php while ($row = mysqli_fetch_assoc($result)): ?>
<tr>
<td><?= $row['pk_request'] ?></td>
<td><?= h($row['workflow_title']) ?></td>
<td><?= h($row['submitted_by']) ?></td>
<td><?= h($row['dateInserted']) ?></td>
</tr>
<?php endwhile; ?>
</table>
</div>
<p style="font-size:0.9em;color:#888;">Click a column header to sort. Use the form above to filter.</p>