delete messages using async ajax and replace link to toggle admin rou…

…ndmail by checkbox
bratkartoffel · Feb 25, 2023 · 45d0d58 · 45d0d58
1 parent 7afc2c5
commit 45d0d58
Show file tree

Hide file tree

Showing 8 changed files with 102 additions and 43 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-- no changes yet
+### Changed
+
+- (nachrichten_liste) delete messages using async ajax
+    - this should make it easier to delete many messages at once, e.g. when using a mobile
+- (nachrichten_schreiben) replace link to toggle admin roundmail by checkbox
 
 ## [1.11.7] - 2023-02-25
 

diff --git a/actions/ajax.php b/actions/ajax.php
@@ -0,0 +1,42 @@
+<?php
+/*
+ * MIT Licence
+ * Copyright (c) 2023 Simon Frankenberger
+ *
+ * Please see LICENCE.md for complete licence text.
+ */
+require_once __DIR__ . '/../include/functions.inc.php';
+require_once __DIR__ . '/../include/database.class.php';
+
+ob_start();
+
+$db = Database::getInstance();
+switch (getOrDefault($_POST, 'a', 0)) {
+    // delete message
+    case 1:
+        requireLogin();
+        restrictSitter('Nachrichten');
+        requireXsrfToken('/?p=nachrichten_liste');
+        $id = getOrDefault($_POST, 'id', 0);
+        $data = $db->getMessageByIdAndAnOrVonEquals($id, $_SESSION['blm_user']);
+
+        // verify that the message exists
+        if ($data === null || (is_array($data) && count($data) == 0)) {
+            http_response_code(404);
+            die();
+        }
+
+        // only allow deletion of outgoing messages if the receiver hasn't read the message yet
+        if ($data['Von'] == $_SESSION['blm_user'] && $data['Gelesen'] == 1) {
+            http_response_code(401);
+        }
+
+        // delete the message
+        $db->begin();
+        if ($db->deleteTableEntry(Database::TABLE_MESSAGES, $id) === null) {
+            $db->rollBack();
+            http_response_code(500);
+        }
+        $db->commit();
+        break;
+}
diff --git a/include/functions.inc.php b/include/functions.inc.php
@@ -1702,7 +1702,7 @@ function getCspNonce(): string
 
 function sendCspHeader(): void
 {
-    header(sprintf("Content-Security-Policy: default-src 'none'; script-src 'nonce-%s'; img-src 'self' data:; style-src 'nonce-%s'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'self'; require-trusted-types-for 'script';", getCspNonce(), getCspNonce()));
+    header(sprintf("Content-Security-Policy: default-src 'none'; script-src 'nonce-%s'; connect-src 'self'; img-src 'self' data:; style-src 'nonce-%s'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'self'; require-trusted-types-for 'script';", getCspNonce(), getCspNonce()));
 }
 
 function printHeaderCss(array $styles): void

diff --git a/js/functions.js b/js/functions.js
@@ -154,23 +154,6 @@ function ChangeBankDepositWithdraw() {
     }
 }
 
-// used in nachrichten_schreiben.inc.php
-function toggleRundmail() {
-    let f = document.getElementById('receiver');
-    let b = document.getElementById('broadcast');
-    if (b.value === '0') {
-        f.value = 'RUNDMAIL';
-        f.disabled = 'disabled';
-        b.value = '1';
-    } else {
-        f.value = '';
-        f.disabled = '';
-        f.enabled = 'enabled';
-        b.value = '0';
-    }
-    return false;
-}
-
 // used in einstellungen.inc.php
 function enableSitterOptions(enabled) {
     Array.prototype.forEach.call(document.getElementById('sitterSettings').getElementsByTagName('input'), (field) => {
@@ -472,16 +455,6 @@ setupCharsLeft('beschreibung');
 setupCharsLeft('notizblock');
 setupCharsLeft('message');
 
-// used for nachrichten_schreiben.inc.php
-function setupNachrichtSchreiben() {
-    let rundmailElement = document.getElementById('toggle_rundmail');
-    if (rundmailElement !== null) {
-        rundmailElement.onclick = () => toggleRundmail();
-    }
-}
-
-setupNachrichtSchreiben();
-
 // used for chefbox.php
 function setupChefbox() {
     if (document.getElementById('Chefbox') !== null) {
@@ -499,3 +472,40 @@ function setupChefbox() {
 }
 
 setupChefbox();
+
+// used for nachrichten_liste.inc.php
+function setupMessageDeleteAjax() {
+    let deleteLinks = document.getElementsByClassName('delete-message');
+    for (let link of deleteLinks) {
+        let id = link.getAttribute('data-id');
+        let token = link.getAttribute('data-token');
+        link.onclick = function () {
+            const req = new XMLHttpRequest();
+            req.open('post', '/actions/ajax.php', true);
+            req.onreadystatechange = function () {
+                if (this.readyState !== 4) return;
+                if (this.status === 200 || this.status === 404) {
+                    let row = document.getElementById('message_' + id);
+                    if (row.parentElement.getElementsByTagName('tr').length === 2) {
+                        window.location.reload();
+                    } else {
+                        row.remove();
+                    }
+                } else {
+                    console.log("could not delete #" + id);
+                }
+            };
+            req.onerror = () => {
+                console.log("could not delete #" + id);
+            }
+            let body = new FormData();
+            body.set('a', '1');
+            body.set('id', id);
+            body.set('token', token);
+            req.send(body);
+            return false;
+        };
+    }
+}
+
+setupMessageDeleteAjax();
diff --git a/js/functions.js.map b/js/functions.js.map
diff --git a/js/functions.min.js b/js/functions.min.js
diff --git a/pages/nachrichten_liste.inc.php b/pages/nachrichten_liste.inc.php
@@ -39,7 +39,8 @@
     $nr = $messageCountIn - $offset_in * Config::getInt(Config::SECTION_BASE, 'messages_page_size');
     foreach ($entries as $row) {
         ?>
-        <tr class="<?= ($row['Gelesen'] == 0 ? 'Ungelesen' : 'Gelesen'); ?>" data-id="<?= $row['ID']; ?>">
+        <tr class="<?= ($row['Gelesen'] == 0 ? 'Ungelesen' : 'Gelesen'); ?>" data-id="<?= $row['ID']; ?>"
+            id="message_<?= $row['ID']; ?>">
             <td><?= $nr--; ?></td>
             <td><?= formatDateTime(strtotime($row['Zeit'])); ?></td>
             <td><?= createProfileLink($row['VonID'], $row['VonName']); ?></td>
@@ -48,9 +49,10 @@
                    id="read_<?= $row['ID']; ?>"><?= escapeForOutput($row['Betreff']); ?></a>
             </td>
             <td><?= getYesOrNo($row['Gelesen']); ?></td>
-            <td id="action_<?=$row['ID'];?>">
+            <td id="action_<?= $row['ID']; ?>">
                 <a href="/actions/nachrichten.php?a=2&amp;id=<?= $row['ID']; ?>&amp;o_in=<?= $offset_in; ?>&amp;token=<?= $_SESSION['blm_xsrf_token']; ?>"
-                   id="delete_<?= $row['ID']; ?>">Löschen</a>
+                   id="delete_<?= $row['ID']; ?>" class="delete-message"
+                   data-id="<?= $row['ID']; ?>" data-token="<?= $_SESSION['blm_xsrf_token']; ?>">Löschen</a>
             </td>
         </tr>
         <?php
@@ -92,7 +94,7 @@
     $nr = $messageCountOut - $offset_out * Config::getInt(Config::SECTION_BASE, 'messages_page_size');
     foreach ($entries as $row) {
         ?>
-        <tr data-id="<?= $row['ID']; ?>">
+        <tr data-id="<?= $row['ID']; ?>" id="message_<?= $row['ID']; ?>">
             <td><?= $nr--; ?></td>
             <td><?= formatDateTime(strtotime($row['Zeit'])); ?></td>
             <td><?= createProfileLink($row['AnID'], $row['AnName']); ?></td>
@@ -101,12 +103,13 @@
                    id="read_<?= $row['ID']; ?>"><?= escapeForOutput($row['Betreff']); ?></a>
             </td>
             <td><?= getYesOrNo($row['Gelesen']); ?></td>
-            <td id="action_<?=$row['ID'];?>">
+            <td id="action_<?= $row['ID']; ?>">
                 <?php
                 if ($row['Gelesen'] == 0 || $row['AnID'] === null) {
                     ?>
                     <a href="/actions/nachrichten.php?a=2&amp;id=<?= $row['ID']; ?>&amp;o_out=<?= $offset_out; ?>&amp;token=<?= $_SESSION['blm_xsrf_token']; ?>"
-                       id="delete_<?= $row['ID']; ?>">Löschen</a>
+                       id="delete_<?= $row['ID']; ?>" class="delete-message"
+                       data-id="<?= $row['ID']; ?>" data-token="<?= $_SESSION['blm_xsrf_token']; ?>">Löschen</a>
                     <?php
                 }
                 ?>

diff --git a/pages/nachrichten_schreiben.inc.php b/pages/nachrichten_schreiben.inc.php
@@ -35,12 +35,11 @@
 
 <div class="form NachrichtSchreiben">
     <form action="/actions/nachrichten.php?a=1" method="post">
-        <input type="hidden" name="broadcast" id="broadcast" value="0"/>
         <header>Nachricht</header>
         <div>
             <label for="receiver">Empfänger</label>
             <input type="text" name="receiver" id="receiver" value="<?= escapeForOutput($receiver); ?>"/>
-            <?= (isAdmin() ? '<a href="#" id="toggle_rundmail">Admin Rundmail</a>' : ''); ?>
+            <?= (isAdmin() ? '<input type="checkbox" name="broadcast" id="broadcast" value="1"> <label for="broadcast">Admin Rundmail</label>' : ''); ?>
         </div>
         <div>
             <label for="subject">Betreff</label>