Skip to content

ROOM_BOOKING_VALIDATION.md

Latest commit

 

History

History
136 lines (106 loc) · 4.99 KB

ROOM_BOOKING_VALIDATION.md

File metadata and controls

136 lines (106 loc) · 4.99 KB

Room Booking Slot Validation - Implementation Summary

Overview

Strict room booking slot visibility and validation logic has been implemented to ensure proper slot management based on booking status.

Implementation Details

Core Functions (room_booking_functions.php)

1. rb_get_slot_statuses($conn, $room_id, $booking_date)

  • Returns array of all slot statuses for a room and date
  • Format: ['time_slot' => 'status'] where status is 'Approved', 'Pending', 'Rejected', or null

2. rb_get_slot_status($conn, $room_id, $booking_date, $time_slot)

  • Returns the status of a specific slot
  • Returns: 'Approved', 'Pending', 'Rejected', or null if available

3. rb_can_book_slot($conn, $room_id, $booking_date, $time_slot, $is_focal_person = false)

  • STRICT validation function that determines if a slot can be booked
  • Returns array with:
    • can_book (bool): Whether booking is allowed
    • reason (string): Display label ('Already Booked', 'Pending Approval', 'Rejected', 'Available')
    • status (string|null): Current status

Rules:

  • Approved: CANNOT book → can_book = false, reason = 'Already Booked'
  • Pending: CANNOT book → can_book = false, reason = 'Pending Approval'
  • Rejected: CAN book → can_book = true, reason = 'Rejected'
  • No record: CAN book → can_book = true, reason = 'Available'

4. rb_validate_booking_request($conn, $room_id, $booking_date, $time_slot, $is_focal_person = false)

  • BACKEND VALIDATION - Must be called before creating any booking
  • Prevents UI bypass attempts
  • Returns: ['valid' => bool, 'error' => string|null]
  • Validates:
    • Room ID is valid
    • Date format is correct (Y-m-d)
    • Time slot is provided
    • Slot status allows booking (blocks Approved/Pending)

5. rb_create_booking($conn, $faculty_id, $department_id, $room_id, $booking_date, $time_slot, $event_title, $num_persons, $is_focal_person = false)

  • UPDATED to use strict validation
  • Calls rb_validate_booking_request() internally
  • Double-checks slot status before insertion
  • Blocks Approved and Pending slots even if validation is bypassed

UI Implementation (faculty_dashboard.php)

Slot Display Rules:

  1. Approved Slots:

    • Label: "Already Booked"
    • Color: Red (#ef4444)
    • Status: DISABLED
    • Radio button: Disabled

  2. Pending Slots:

    • Label: "Pending Approval"
    • Color: Yellow (#eab308)
    • Status: DISABLED
    • Radio button: Disabled

  3. Rejected Slots:

    • Label: "Rejected"
    • Color: Orange (#f97316)
    • Status: ENABLED
    • Radio button: Enabled
    • Focal person can re-book

  4. Available Slots (No record):

    • Label: "Available"
    • Color: Green (#22c55e)
    • Status: ENABLED
    • Radio button: Enabled

Backend Validation in Form Handler:

// STRICT backend validation before creating booking
$validation = rb_validate_booking_request($conn, $room_id, $booking_date, $time_slot, $is_focal_person);

if (!$validation['valid']) {
    // Redirect with error message
    header("Location: ...&msg=slot_blocked&error=" . urlencode($validation['error']));
    exit();
}

// Create booking with validation
$booking_id = rb_create_booking($conn, $faculty_id, $department_id, $room_id, $booking_date, $time_slot, $event_title, $num_persons, $is_focal_person);

Security Features

  1. Double Validation:

    • UI validation (visual display)
    • Backend validation (server-side check)

  2. Bypass Prevention:

    • rb_validate_booking_request() must be called before booking creation
    • rb_create_booking() performs additional status check
    • Even if UI is bypassed, backend blocks invalid bookings

  3. Status-Based Blocking:

    • Approved slots: Hard-blocked (cannot be booked)
    • Pending slots: Hard-blocked (cannot be booked)
    • Rejected slots: Allowed (can create new request)
    • Available slots: Allowed (can create new request)

Testing Checklist

  • Approved slot shows as "Already Booked" and is disabled
  • Pending slot shows as "Pending Approval" and is disabled
  • Rejected slot shows as "Rejected" and is enabled
  • Available slot shows as "Available" and is enabled
  • Cannot book Approved slot (backend blocks)
  • Cannot book Pending slot (backend blocks)
  • Can book Rejected slot (backend allows)
  • Can book Available slot (backend allows)
  • UI correctly reflects slot status
  • Error messages display correctly when booking is blocked

Files Modified

  1. room_booking_functions.php - Core validation functions
  2. faculty_dashboard.php - UI implementation and form handler

Backward Compatibility

  • rb_get_booked_slots() maintained for backward compatibility
  • Returns slots marked as "booked" (Approved or Pending only)

Notes

  • All validation is case-sensitive for status values ('Approved', 'Pending', 'Rejected')
  • Focal person flag is passed but currently all users can book rejected slots
  • Date format must be Y-m-d (e.g., '2024-01-15')
  • All database queries use prepared statements for security