mahdahar/gdc_cmod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gdc_cmod/app/Controllers/RequestsController.php
mahdahar 3cf4cc7f3f feat: Implement audit trail system for dual-level validation workflow 
This commit adds comprehensive audit logging for specimen requests and sample collection activities across all roles.
Changes Summary:
New Features:
- Added AUDIT_EVENTS table schema for tracking validation and sample collection events
- Created ApiRequestsAuditController with /api/requests/(:any)/audit endpoint to retrieve audit history
- Added dialog_audit.php view component for displaying audit trails in UI
- Integrated audit logging into validation workflow (VAL1, VAL2, UNVAL events)
Database:
- Created AUDIT_EVENTS table with columns: ACCESSNUMBER, EVENT_TYPE, USERID, EVENT_AT, REASON
- Supports tracking validation events and sample collection actions
Controllers:
- RequestsController: Now inserts audit records for all validation operations
- ApiRequestsAuditController: New API controller returning validation and sample collection history
Routes:
- Added GET /api/requests/(:any)/audit endpoint for retrieving audit trail
- Removed DELETE /api/samples/collect/(:any) endpoint (uncollect functionality)
Views Refactoring:
- Consolidated dashboard layouts into shared components:
  - layout.php (from layout_dashboard.php)
  - script_requests.php (from script_dashboard.php)
  - script_validation.php (from script_validate.php)
  - content_requests.php (from dashboard_table.php)
  - content_validation.php (from dashboard_validate.php)
- Added content_validation_new.php for enhanced validation interface
2026-01-23 16:41:12 +07:00

136 lines
5.1 KiB
PHP
Raw Blame History

<?php
namespace App\Controllers;
use CodeIgniter\API\ResponseTrait;
use App\Controllers\BaseController;
class RequestsController extends BaseController
{
use ResponseTrait;
public function index()
{
$db = \Config\Database::connect();
$date1 = $this->request->getGet('date1');
$date2 = $this->request->getGet('date2');
$userroleid = session()->get('userroleid');
// Only allow Lab role (role 2)
if ($userroleid == 2) {
$sql = "SELECT * from GDC_CMOD.dbo.V_DASHBOARD_DEV where
COLLECTIONDATE between '$date1 00:00' and '$date2 23:59'
and ODR_DDATE between '$date1 00:00' and '$date2 23:59'
and (TESTS IS NOT NULL AND TESTS like '%[A-Za-z]%')";
} else {
$sql = "SELECT * from GDC_CMOD.dbo.V_DASHBOARD_DEV where
COLLECTIONDATE between '$date1 00:00' and '$date2 23:59'
and ODR_DDATE between '$date1 00:00' and '$date2 23:59'";
}
$rows = $db->query($sql)->getResultArray();
foreach ($rows as &$row) {
$row['COLLECTIONDATE'] = date('Y-m-d H:i', strtotime($row['COLLECTIONDATE']));
$row['ODR_DDATE'] = date('Y-m-d H:i', strtotime($row['ODR_DDATE']));
$row['REQDATE'] = date('Y-m-d H:i', strtotime($row['REQDATE']));
}
$data['data'] = $rows;
return $this->response->setJSON($data);
}
public function show($accessnumber)
{
$db = \Config\Database::connect();
$data['accessnumber'] = $accessnumber;
$sql = "SELECT d.STATS, r.* FROM GDC_CMOD.dbo.V_DASHBOARD_DEV d
left join GDC_CMOD.dbo.CM_REQUESTS r ON r.ACCESSNUMBER=d.SP_ACCESSNUMBER
WHERE d.SP_ACCESSNUMBER='$accessnumber'";
$result = $db
->query($sql)
->getResultArray();
$data['val1'] = $result[0]['ISVAL1'];
$data['val1user'] = $result[0]['VAL1USER'];
$data['val2'] = $result[0]['ISVAL2'];
$data['val2user'] = $result[0]['VAL2USER'];
return view('admin/modal_request', $data);
}
public function showUnval($accessnumber)
{
$data['accessnumber'] = $accessnumber;
return view('admin/modal_unvalidate', $data);
}
public function unval($accessnumber)
{
$input = $this->request->getJSON(true);
$userid = session('userid');
$comment = $input['comment'];
$db = \Config\Database::connect();
$sql = "update GDC_CMOD.dbo.CM_REQUESTS set ISVAL1=null, VAL1USER=null, VAL1DATE=null, ISVAL2=null, VAL2USER=null, VAL2DATE=null,
ISPENDING=1, PENDINGTEXT='$comment', PENDINGUSER='$userid', PENDINGDATE=GETDATE() where ACCESSNUMBER='$accessnumber'";
$db->query($sql);
$logAudit = "INSERT INTO GDC_CMOD.dbo.AUDIT_EVENTS (ACCESSNUMBER, EVENT_TYPE, USERID, EVENT_AT, REASON)
VALUES (?, 'UNVAL', ?, GETDATE(), ?)";
$db->query($logAudit, [$accessnumber, $userid, $comment]);
$data = ['status' => 'success', 'message' => 'Data updated successfully', 'data' => "$accessnumber"];
return $this->response->setJSON($data);
}
public function val($accessnumber)
{
$input = $this->request->getJSON(true);
// Securely get userid from session
$userid = session('userid');
$db = \Config\Database::connect();
$sql = "select * from GDC_CMOD.dbo.CM_REQUESTS where ACCESSNUMBER='$accessnumber'";
$result = $db->query($sql)->getResultArray();
if (!isset($result[0])) {
$sql = "insert into GDC_CMOD.dbo.CM_REQUESTS(ACCESSNUMBER, ISVAL1, VAL1USER, VAL1DATE) VALUES ('$accessnumber', 1, '$userid', GETDATE())";
$db->query($sql);
$logAudit = "INSERT INTO GDC_CMOD.dbo.AUDIT_EVENTS (ACCESSNUMBER, EVENT_TYPE, USERID, EVENT_AT) VALUES (?, 'VAL1', ?, GETDATE())";
$db->query($logAudit, [$accessnumber, $userid]);
$data['val'] = 1;
$data['userid'] = $userid;
} else {
$row = $result[0];
$isval1 = $row['ISVAL1'];
$isval2 = $row['ISVAL2'];
$val1user = $row['VAL1USER'];
if ($isval1 == 1) {
if ($isval2 == 1) {
return $this->response->setJSON(['message' => 'validation done, not updating anything']);
} else {
if ($val1user != $userid) {
$sql = "update GDC_CMOD.dbo.CM_REQUESTS set ISVAL2=1, VAL2USER='$userid', VAL2DATE=GETDATE() where ACCESSNUMBER='$accessnumber'";
$logAudit = "INSERT INTO GDC_CMOD.dbo.AUDIT_EVENTS (ACCESSNUMBER, EVENT_TYPE, USERID, EVENT_AT) VALUES (?, 'VAL2', ?, GETDATE())";
$db->query($logAudit, [$accessnumber, $userid]);
$data['val'] = 2;
$data['userid'] = $userid;
} else {
$this->response->setStatusCode(500);
return $this->response->setJSON(['message' => 'user already validate this request']);
}
}
} else {
$sql = "update GDC_CMOD.dbo.CM_REQUESTS set ISVAL1=1, VAL1USER='$userid', VAL1DATE=GETDATE() where ACCESSNUMBER='$accessnumber'";
$logAudit = "INSERT INTO GDC_CMOD.dbo.AUDIT_EVENTS (ACCESSNUMBER, EVENT_TYPE, USERID, EVENT_AT) VALUES (?, 'VAL1', ?, GETDATE())";
$db->query($logAudit, [$accessnumber, $userid]);
$data['val'] = 1;
$data['userid'] = $userid;
}
$db->query($sql);
}
return $this->response->setJSON($data);
}
}
Reference in New Issue View Git Blame Copy Permalink