CMXX - Improved whereclause

2025-02-20 13:35:59 +01:00
parent 3aaa6c6680
commit 4c6ed0d203
83 changed files with 897 additions and 1274 deletions
--- a/api/v2/get/accounts.php
+++ b/api/v2/get/accounts.php
@@ -12,20 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/cartests.php
+++ b/api/v2/get/cartests.php
@@ -12,24 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-} 

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/categories.php
+++ b/api/v2/get/categories.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/discounts.php
+++ b/api/v2/get/discounts.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE d.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("discounts",$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/equipment_data.php
+++ b/api/v2/get/equipment_data.php
@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v2/get/equipment_healthindex.php
+++ b/api/v2/get/equipment_healthindex.php
@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v2/get/equipments.php
+++ b/api/v2/get/equipments.php
@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v2/get/invoice.php
+++ b/api/v2/get/invoice.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE inv.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("invoice",$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
@@ -62,7 +49,8 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){
 } 
 elseif (isset($criterias['list']) && $criterias['list'] =='invoice'){
    //SQL for Paging 
-    $sql = 'SELECT tx.*, txi.*, p.productname, inv.id as invoice, inv.created as invoice_created FROM transactions tx 
+    $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created 
+            FROM transactions tx 
            left join invoice inv ON tx.id = inv.txn_id
            left join transactions_items txi ON tx.id = txi.txn_id
            left join products p ON p.rowID = txi.item_id '.$whereclause;
--- a/api/v2/get/media.php
+++ b/api/v2/get/media.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/pricelists.php
+++ b/api/v2/get/pricelists.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE pls.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('pricelist',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/pricelists_items.php
+++ b/api/v2/get/pricelists_items.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products.php
+++ b/api/v2/get/products.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_attributes.php
+++ b/api/v2/get/products_attributes.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_attributes_items.php
+++ b/api/v2/get/products_attributes_items.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE pat.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("attributes",$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_categories.php
+++ b/api/v2/get/products_categories.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_configurations.php
+++ b/api/v2/get/products_configurations.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE pc.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("config",$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_software.php
+++ b/api/v2/get/products_software.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE p.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("software",$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_versions.php
+++ b/api/v2/get/products_versions.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/rma.php
+++ b/api/v2/get/rma.php
@@ -11,24 +11,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-} 

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/rma_history.php
+++ b/api/v2/get/rma_history.php
@@ -11,24 +11,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-} 

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/shipping.php
+++ b/api/v2/get/shipping.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/taxes.php
+++ b/api/v2/get/taxes.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/transactions.php
+++ b/api/v2/get/transactions.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE tx.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("transactions",$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
@@ -62,8 +49,16 @@ if(isset($get_content) && $get_content!=''){
 //Define Query
 if(isset($criterias['totals']) && $criterias['totals'] ==''){
 //Request for total rows
-    $sql = 'SELECT count(*) as count FROM transactions '.$whereclause.'';
+    $sql = 'SELECT count(*) as count FROM transactions tx '.$whereclause.'';
 } 
+elseif (isset($criterias['list']) && $criterias['list'] =='order'){
+    //SQL for Paging 
+    $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created 
+            FROM transactions tx 
+            left join invoice inv ON tx.id = inv.txn_id
+            left join transactions_items txi ON tx.id = txi.txn_id
+            left join products p ON p.rowID = txi.item_id '.$whereclause;
+}
 else {
    //SQL for Paging 
    $sql = 'SELECT * FROM transactions tx '.$whereclause.' LIMIT :page,:num_products';
@@ -95,6 +90,12 @@ if(isset($criterias['totals']) && $criterias['totals']==''){
    $stmt->execute();
    $messages = $stmt->fetch();
    $messages = $messages[0];
+}
+elseif (isset($criterias['list']) && $criterias['list']=='order'){
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    $messages = transformOrderData($messages);
 } 
 else {
    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
--- a/api/v2/get/transactions_items.php
+++ b/api/v2/get/transactions_items.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/translations.php
+++ b/api/v2/get/translations.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/translations_details.php
+++ b/api/v2/get/translations_details.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/users.php
+++ b/api/v2/get/users.php
@@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-} 
 //NEW ARRAY
 $criterias = [];   
 $clause = '';
--- a/api/v2/post/accounts.php
+++ b/api/v2/post/accounts.php
@@ -13,21 +13,8 @@ $post_content = json_decode($input,true);
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

-//default whereclause to check if data is owned buy user
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+//default whereclause
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/categories.php
+++ b/api/v2/post/categories.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("categories",$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND c.accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
--- a/api/v2/post/contracts.php
+++ b/api/v2/post/contracts.php
@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/discounts.php
+++ b/api/v2/post/discounts.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
--- a/api/v2/post/equipments.php
+++ b/api/v2/post/equipments.php
@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/invoice.php
+++ b/api/v2/post/invoice.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['id'] ?? ''; //check for rowID
--- a/api/v2/post/media.php
+++ b/api/v2/post/media.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/placeorder.php
+++ b/api/v2/post/placeorder.php
@@ -110,6 +110,11 @@ if (isset($post_content['cart']) && isset($post_content['checkout_input']) && is
        $stmt->execute([$transaction_id, $product['id'], $product['options_price'], $product['quantity'], $options]);
    }

+    //CHECK IF GIFTCARD IS USED AND THEN DISABLE IT
+    if ($checkout_input['discount_code'] !=''){
+        useGiftCart($pdo,$checkout_input['discount_code'],$partner_product);
+    }
+
    //Return to checkout page
    $messages = [
        "id" => $transaction_id,
--- a/api/v2/post/pricelists.php
+++ b/api/v2/post/pricelists.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/pricelists_items.php
+++ b/api/v2/post/pricelists_items.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products.php
+++ b/api/v2/post/products.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products_attributes.php
+++ b/api/v2/post/products_attributes.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products_attributes_items.php
+++ b/api/v2/post/products_attributes_items.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products_categories.php
+++ b/api/v2/post/products_categories.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 //CHECK IF PRODUCT ID IS SEND
 if (isset($post_content['product_id']) && $post_content['product_id'] != ''){

--- a/api/v2/post/products_configurations.php
+++ b/api/v2/post/products_configurations.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v2/post/products_software.php
+++ b/api/v2/post/products_software.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v2/post/products_versions.php
+++ b/api/v2/post/products_versions.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v2/post/shipping.php
+++ b/api/v2/post/shipping.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
--- a/api/v2/post/transactions.php
+++ b/api/v2/post/transactions.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //WEBSHOP UPDATE CAN SEND TXN_ID ONLY
 if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){
@@ -65,6 +53,20 @@ $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$par
 //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
 if ($command == 'update'){

+    //CHECK IF PAYMENT STATUS is PAID (1)
+    if(isset($post_content['payment_status']) && $post_content['payment_status'] == 1){
+
+        //check if GIFTCARD ID IS PROVIDED AND NOT EMPTY
+        if(isset($post_content['giftcard_categoryID']) && $post_content['giftcard_categoryID'] != ''){
+
+            //CHECK FOR GIFTCARDS IN ORDER AND CREATE WHEN AVAILABLE AND NOT CREATED YET
+            createGiftCart($pdo, $post_content['id'], $post_content['giftcard_categoryID'],$partner_product);
+
+            //remove giftcard_categoryID from $post_content array
+            unset($post_content['giftcard_categoryID']);
+        }
+    }
+
 }
 elseif ($command == 'insert'){
    $post_content['accounthierarchy'] = $partner_product;
--- a/api/v2/post/translations.php
+++ b/api/v2/post/translations.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/translations_details.php
+++ b/api/v2/post/translations_details.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);

-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/users.php
+++ b/api/v2/post/users.php
@@ -14,25 +14,9 @@ $owner_user = 0;
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

-//default whereclause to check if data is owned by user
-$whereclause = '';
+//default whereclause
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);

-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
-        break;
-} 

 //SET PARAMETERS FOR QUERY
 $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID