From 40c400240f5943822476c4045d59bf4c425b8b01 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Sat, 7 Sep 2024 11:21:36 +0100
Subject: [PATCH] Add ability to choose whether document is visible in client
 portal

---
 client_document_details.php        | 21 +++++++++++++++
 document_edit_visibility_modal.php | 42 ++++++++++++++++++++++++++++++
 portal/document.php                |  7 ++++-
 portal/documents.php               |  2 +-
 post/document.php                  | 17 ++++++++++++
 5 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 document_edit_visibility_modal.php

diff --git a/client_document_details.php b/client_document_details.php
index 9f011a5b5..b4c7433e3 100644
--- a/client_document_details.php
+++ b/client_document_details.php
@@ -35,6 +35,7 @@
 $document_archived_at = nullable_htmlentities($row['document_archived_at']);
 $document_folder_id = intval($row['document_folder_id']);
 $document_parent = intval($row['document_parent']);
+$document_client_visible = intval($row['document_client_visible']);
 
 ?>
 
@@ -292,6 +293,24 @@
             ?>
         </div>
 
+        <?php if ($config_client_portal_enable) { ?>
+            <div class="card card-body bg-light">
+                <h6><i class="fas fa-handshake mr-2"></i>Portal Collaboration</h6>
+                <div class="mt-1">
+                    <i class="fa fa-fw fa-eye<?php if (!$document_client_visible) { echo '-slash'; } ?> text-secondary mr-2"></i>Document is
+                    <a href="#" data-toggle="modal" data-target="#editDocumentClientVisibileModal">
+                        <?php
+                        if ($document_client_visible) {
+                            echo "<span class='text-bold text-dark'>visible</span>";
+                        } else {
+                            echo "<span class='text-muted'>not visible</span>";
+                        }
+                        ?>
+                    </a>
+                </div>
+            </div>
+        <?php } ?>
+
         <div class="card card-body bg-light">
             <h6><i class="fas fa-history mr-2"></i>Revisions</h6>
             <?php
@@ -345,6 +364,8 @@
 
 require_once "client_document_link_vendor_modal.php";
 
+require_once "document_edit_visibility_modal.php";
+
 require_once "share_modal.php";
 
 require_once "footer.php";
diff --git a/document_edit_visibility_modal.php b/document_edit_visibility_modal.php
new file mode 100644
index 000000000..a06e0cccf
--- /dev/null
+++ b/document_edit_visibility_modal.php
@@ -0,0 +1,42 @@
+<div class="modal" id="editDocumentClientVisibileModal" tabindex="-1">
+    <div class="modal-dialog">
+        <div class="modal-content bg-dark">
+            <div class="modal-header">
+                <h5 class="modal-title">
+                    <i class="fa fa-fw fa-handshake mr-2"></i>
+                    Edit Visibility Status for <strong><?php echo "$document_name"; ?></strong>
+                </h5>
+                <button type="button" class="close text-white" data-dismiss="modal">
+                    <span>&times;</span>
+                </button>
+            </div>
+            <form action="post.php" method="post" autocomplete="off">
+                <div class="modal-body bg-white">
+                    <input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
+                    <div class="form-group">
+                        <label>Visibility</label>
+                        <p>Should this document be visible in the portal to client contacts with the 'Technical' role?</p>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+                            </div>
+                            <select class="form-control" name="document_visible">
+                                <option <?php if ($document_client_visible == 1) { echo "selected"; } ?> value="1">Yes</option>
+                                <option <?php if ($document_client_visible == 0) { echo "selected"; } ?> value="0">No</option>
+                            </select>
+                        </div>
+
+                    </div>
+
+                </div>
+
+                <div class="modal-footer bg-white">
+                    <button type="submit" name="edit_document_visible" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+                    <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+                </div>
+
+            </form>
+
+        </div>
+    </div>
+</div>
diff --git a/portal/document.php b/portal/document.php
index 16b39ac06..8b2fdf935 100644
--- a/portal/document.php
+++ b/portal/document.php
@@ -27,7 +27,12 @@
 }
 
 $document_id = intval($_GET['id']);
-$sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, document_content FROM documents WHERE document_id = $document_id AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL LIMIT 1");
+$sql_document = mysqli_query($mysqli,
+        "SELECT document_id, document_name, document_content
+        FROM documents
+        WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL
+        LIMIT 1"
+);
 
 $row = mysqli_fetch_array($sql_document);
 
diff --git a/portal/documents.php b/portal/documents.php
index 095525fe2..b19b402a8 100644
--- a/portal/documents.php
+++ b/portal/documents.php
@@ -13,7 +13,7 @@
     exit();
 }
 
-$documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC");
+$documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC");
 ?>
 
 <h3>Documents</h3>
diff --git a/post/document.php b/post/document.php
index 728b290ce..2cf3f4f27 100644
--- a/post/document.php
+++ b/post/document.php
@@ -438,6 +438,23 @@
 
 }
 
+if (isset($_POST['document_visible'])) {
+    validateTechRole();
+
+    $document_id = intval($_POST['document_id']);
+    $document_visible = intval($_POST['document_visible']);
+
+    mysqli_query($mysqli,"UPDATE documents SET document_client_visible = $document_visible WHERE document_id = $document_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document', log_action = 'Modify', log_description = '$session_name modified document visibility', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $document_id");
+
+    $_SESSION['alert_message'] = "Document visibility updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
 if (isset($_GET['archive_document'])) {
 
     validateTechRole();