58 lines
1.8 KiB
PHP
58 lines
1.8 KiB
PHP
<?php
|
|
require_once(__DIR__ . '/../auth_check.php');
|
|
require_once(__DIR__ . '/../../class/db-functions.php');
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$trainingId = (int)($_GET['training_id'] ?? 0);
|
|
if ($trainingId <= 0) {
|
|
echo json_encode(['success' => false, 'message' => 'ID formazione non valido.']);
|
|
exit;
|
|
}
|
|
|
|
$pdo = DBHandlerSelect::getInstance()->getConnection();
|
|
|
|
/* Access: HR or owner */
|
|
$ownerStmt = $pdo->prepare("
|
|
SELECT e.auth_user_id
|
|
FROM employee_trainings t
|
|
JOIN employees e ON e.id = t.employee_id
|
|
WHERE t.id = :id LIMIT 1
|
|
");
|
|
$ownerStmt->execute(['id' => $trainingId]);
|
|
$ownerAuthUserId = $ownerStmt->fetchColumn();
|
|
if ($ownerAuthUserId === false) {
|
|
echo json_encode(['success' => false, 'message' => 'Formazione non trovata.']);
|
|
exit;
|
|
}
|
|
|
|
$roleStmt = $pdo->prepare("
|
|
SELECT r.name FROM auth_users u
|
|
LEFT JOIN auth_roles r ON r.id = u.role_id
|
|
WHERE u.id = :id LIMIT 1
|
|
");
|
|
$roleStmt->execute(['id' => $currentUserId]);
|
|
$role = (string)$roleStmt->fetchColumn();
|
|
$hrRoles = ['Admin', 'Superuser', 'employee-hr', 'manager'];
|
|
$isHr = in_array($role, $hrRoles, true);
|
|
|
|
if (!$isHr && (int)$ownerAuthUserId !== $currentUserId) {
|
|
http_response_code(403);
|
|
echo json_encode(['success' => false, 'message' => 'Accesso negato.']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = $pdo->prepare("
|
|
SELECT l.id, l.action, l.field, l.old_value, l.new_value, l.changed_at,
|
|
TRIM(CONCAT(COALESCE(u.first_name,''),' ',COALESCE(u.last_name,''))) AS changed_by_name,
|
|
u.email AS changed_by_email
|
|
FROM employee_training_log l
|
|
LEFT JOIN auth_users u ON u.id = l.changed_by
|
|
WHERE l.training_id = :tid
|
|
ORDER BY l.changed_at DESC, l.id DESC
|
|
");
|
|
$stmt->execute(['tid' => $trainingId]);
|
|
$entries = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
echo json_encode(['success' => true, 'entries' => $entries]);
|