diff --git a/api/v2/get/products_media.php b/api/v2/get/products_media.php new file mode 100644 index 0000000..9c74052 --- /dev/null +++ b/api/v2/get/products_media.php @@ -0,0 +1,125 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +//NEW ARRAY +$criterias = []; +$clause = ''; + +//Check for $_GET variables and build up clause +if(isset($get_content) && $get_content!=''){ + //GET VARIABLES FROM URL + $requests = explode("&", $get_content); + //Check for keys and values + foreach ($requests as $y){ + $v = explode("=", $y); + //INCLUDE VARIABLES IN ARRAY + $criterias[$v[0]] = $v[1]; + + if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){ + //do nothing + } + else {//create clause + $clause .= ' AND '.$v[0].' = :'.$v[0]; + } + } + if ($whereclause == '' && $clause !=''){ + $whereclause = 'WHERE '.substr($clause, 4); + } else { + $whereclause .= $clause; + } +} + +//ENSURE PRODUCTROWID IS SEND +if (isset($criterias['product_id']) && $criterias['product_id'] != ''){ + + //CHECK IF ALLOWED TO CRUD VERSIONS + $sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'"; + $stmt = $pdo->prepare($sql); + $stmt->execute([$criterias['product_id']]); + $product_data = $stmt->fetch(); + $product_owner = ($product_data['rowID'])? 1 : 0; + + //IF PRODUCT IS OWNED THEN CRUD is ALLOWED + if ($product_owner === 1 ){ + + //Define Query + if(isset($criterias['totals']) && $criterias['totals'] ==''){ + //Request for total rows + $sql = 'SELECT count(*) as count FROM products_media '.$whereclause.''; + } + elseif (isset($criterias['list']) && $criterias['list'] =='') { + //SQL for Paging + $sql = 'SELECT * FROM products_media '.$whereclause.''; + } + else { + //SQL for Paging + $sql = 'SELECT p_m.*, m.full_path FROM products_media p_m LEFT JOIN media m ON p_m.media_id = m.rowID '.$whereclause.''; + } + + $stmt = $pdo->prepare($sql); + + //Bind to query + if (str_contains($whereclause, ':condition')){ + $stmt->bindValue('condition', $condition, PDO::PARAM_STR); + } + + if (!empty($criterias)){ + foreach ($criterias as $key => $value){ + $key_condition = ':'.$key; + if (str_contains($whereclause, $key_condition)){ + if ($key == 'search'){ + $search_value = '%'.$value.'%'; + $stmt->bindValue($key, $search_value, PDO::PARAM_STR); + } + else { + $stmt->bindValue($key, $value, PDO::PARAM_STR); + } + } + } + } + + //Add paging details + if(isset($criterias['totals']) && $criterias['totals']==''){ + $stmt->execute(); + $messages = $stmt->fetch(); + $messages = $messages[0]; + } + elseif(isset($criterias['list']) && $criterias['list']==''){ + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); + } + else { + //$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; + //$stmt->bindValue('page', ($current_page - 1) * $page_rows_products, PDO::PARAM_INT); + //$stmt->bindValue('num_products', $page_rows_products, PDO::PARAM_INT); + + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); + } + //------------------------------------------ + //JSON_ENCODE + //------------------------------------------ + $messages = json_encode($messages, JSON_UNESCAPED_UNICODE); + + //Send results + echo $messages; + } +} +?> \ No newline at end of file diff --git a/api/v2/post/products_media.php b/api/v2/post/products_media.php new file mode 100644 index 0000000..caed1d3 --- /dev/null +++ b/api/v2/post/products_media.php @@ -0,0 +1,93 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +//ENSURE PRODUCTROWID IS SEND +if (isset($post_content['product_id']) && $post_content['product_id'] != ''){ + + //CHECK IF ALLOWED TO CRUD VERSIONS + $sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'"; + $stmt = $pdo->prepare($sql); + $stmt->execute([$post_content['product_id']]); + $product_data = $stmt->fetch(); + $product_owner = ($product_data['rowID'])? 1 : 0; + + //IF PRODUCT IS OWNED THEN CRUD is ALLOWED + if ($product_owner === 1 ){ + //SET PARAMETERS FOR QUERY + $id = $post_content['rowID'] ?? ''; //check for rowID + $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT + if (isset($post_content['delete'])){$command = 'delete';} //change command to delete + + //CREATE EMPTY STRINGS + $clause = ''; + $clause_insert =''; + $input_insert = ''; + + if ($command == 'insert'){ + $post_content['createdby'] = $username; + } + if ($command == 'update'){ + $post_content['updatedby'] = $username; + } + + //CREATE NEW ARRAY AND MAP TO CLAUSE + if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'rowID'){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } + } + + //CLEAN UP INPUT + $clause = substr($clause, 2); //Clean clause - remove first comma + $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma + $input_insert = substr($input_insert, 1); //Clean clause - remove first comma + + //QUERY AND VERIFY ALLOWED + if ($command == 'update' && isAllowed('products_media',$profile,$permission,'U') === 1){ + $sql = 'UPDATE products_media SET '.$clause.' WHERE rowID = ? '.$whereclause.''; + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + } + elseif ($command == 'insert' && isAllowed('products_media',$profile,$permission,'C') === 1){ + $sql = 'INSERT INTO products_media ('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + } + elseif ($command == 'delete' && isAllowed('products_media',$profile,$permission,'D') === 1){ + $stmt = $pdo->prepare('DELETE FROM products_media WHERE rowID = ? '.$whereclause.''); + $stmt->execute([ $id ]); + + //Add deletion to changelog + changelog($dbname,'products_media',$id,'Delete','Delete',$username); + } else + { + //do nothing + } + } +} +?> \ No newline at end of file diff --git a/product.php b/product.php index 1b111c4..d9ba9df 100644 --- a/product.php +++ b/product.php @@ -31,6 +31,7 @@ $update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'], $update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U'); $delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D'); $create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C'); +$media_update = isAllowed('products_media' ,$_SESSION['profile'],$_SESSION['permission'],'U'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; @@ -74,6 +75,58 @@ $product['categories'] = ioServer($api_url,''); //Decode Payload if (!empty($product['categories'] )){$product['categories'] = json_decode($product['categories'] ,true);}else{$product['categories'] = null;} +//GET RELATED MEDIA +$api_url = '/v2/products_media/product_id='.$_GET['rowID']; +$products_media = ioServer($api_url,''); +//Decode Payload +if (!empty($products_media)){$products_media = json_decode($products_media ,true);}else{$products_media = null;} + +if ($media_update == 1){ + //GET ALL MEDIA + $api_url = '/v2/media/'; + $media_responses_all = ioServer($api_url,''); + + //Decode Payload + if (!empty($media_responses_all)){$media_responses_all = json_decode($media_responses_all,true);}else{$media_responses_all = null;} +} + +if ($media_update == 1 && (isset($_POST['media']) || isset($_POST['delete']))){ + + //CHECK IF MEDIA IS AN ARRAY + if (isset($_POST['media']) && is_array($_POST['media'])){ + foreach($_POST['media'] as $p_media){ + //GET ALL POST DATA + $payload = json_encode(array("product_id" => $_POST['product_id'], "media_id" => $p_media), JSON_UNESCAPED_UNICODE); + //API call + $responses = ioServer('/v2/products_media', $payload); + } + + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=product&success_msg=2&rowID='.$_GET['rowID'].''); + exit; + } + + } + + if (isset($_POST['delete'])){ + //GET ALL POST DATA + $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //API call + $responses = ioServer('/v2/products_media', $payload); + // Redirect and delete product + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=product&success_msg=2&rowID='.$_GET['rowID'].''); + exit; + } + } + + +} + //------------------------------ // Variables //------------------------------ @@ -352,6 +405,111 @@ $view .= '
'; + +$view .= ' +
+

'.($products_media_header ?? 'Product media').'

+
'; + if(!empty($products_media)){ + foreach ($products_media as $prod_media){ + + $view .= ' +
+ +
+ + + + +
+
'; + } + } +$view .='
+
+ +
+
+
+
+ + + +

'.(isset($image_select) ? ${$image_select} : 'Select Images').'

+
'; + if ($media_update == 1){ + foreach ($media_responses_all as $media_response){ + $view .= ' + + '; + } + } + $view .= ' +
+
+ + + + + +'; + + + $view .= '
'.$tab3.' diff --git a/products_configurations.php b/products_configurations.php index 09b4b94..77c5de9 100644 --- a/products_configurations.php +++ b/products_configurations.php @@ -161,7 +161,7 @@ $view .= '
'; diff --git a/settings/settingsprofiles.php b/settings/settingsprofiles.php index 3b74a6b..6b0e684 100644 --- a/settings/settingsprofiles.php +++ b/settings/settingsprofiles.php @@ -6,7 +6,7 @@ define('superuser_profile','dashboard,profile,assets,equipments,equipment,equipm /*Admin*/ define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application'); /*AdminPlus*/ -define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart'); +define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart'); /*Build*/ define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application'); /*Distribution*/ diff --git a/settings/settingsviews.php b/settings/settingsviews.php index 00154ec..128e106 100644 --- a/settings/settingsviews.php +++ b/settings/settingsviews.php @@ -43,6 +43,7 @@ $all_views = [ "products_attributes_manage", "products_configurations", "products_categories", + "products_media", "product", "product_manage", "pricelists",