59 lines
1.6 KiB
PHP
59 lines
1.6 KiB
PHP
<?php
|
|
require_once(__DIR__ . '/../auth_check.php');
|
|
require_once(__DIR__ . '/../../class/db-functions.php');
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$trainingId = (int)($_GET['training_id'] ?? 0);
|
|
if ($trainingId <= 0) {
|
|
echo json_encode(['success' => false, 'message' => 'ID formazione non valido.']);
|
|
exit;
|
|
}
|
|
|
|
$pdo = DBHandlerSelect::getInstance()->getConnection();
|
|
|
|
/* Access: HR or owner */
|
|
$ownerStmt = $pdo->prepare("
|
|
SELECT e.auth_user_id
|
|
FROM employee_trainings t
|
|
JOIN employees e ON e.id = t.employee_id
|
|
WHERE t.id = :id LIMIT 1
|
|
");
|
|
$ownerStmt->execute(['id' => $trainingId]);
|
|
$ownerAuthUserId = $ownerStmt->fetchColumn();
|
|
if ($ownerAuthUserId === false) {
|
|
echo json_encode(['success' => false, 'message' => 'Formazione non trovata.']);
|
|
exit;
|
|
}
|
|
|
|
$roleStmt = $pdo->prepare("
|
|
SELECT r.name FROM auth_users u
|
|
LEFT JOIN auth_roles r ON r.id = u.role_id
|
|
WHERE u.id = :id LIMIT 1
|
|
");
|
|
$roleStmt->execute(['id' => $currentUserId]);
|
|
$role = (string)$roleStmt->fetchColumn();
|
|
$hrRoles = ['Admin', 'Superuser', 'employee-hr', 'manager'];
|
|
$isHr = in_array($role, $hrRoles, true);
|
|
|
|
if (!$isHr && (int)$ownerAuthUserId !== $currentUserId) {
|
|
http_response_code(403);
|
|
echo json_encode(['success' => false, 'message' => 'Accesso negato.']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = $pdo->prepare("
|
|
SELECT id, original_name, mime_type, size, created_at
|
|
FROM employee_training_attachments
|
|
WHERE training_id = :tid
|
|
ORDER BY created_at DESC
|
|
");
|
|
$stmt->execute(['tid' => $trainingId]);
|
|
$attachments = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'attachments' => $attachments,
|
|
'can_edit' => $isHr,
|
|
]);
|