CMXX - Categories and filters

2025-02-03 11:28:05 +01:00
parent 754359f6b6
commit 59c23bf46c
15 changed files with 688 additions and 9 deletions
--- a/api/v1/post/products.php
+++ b/api/v1/post/products.php
@@ -53,12 +53,30 @@ elseif ($command == 'insert'){
    $post_content['created'] = $date;
    $post_content['createdby'] = $username;
    $post_content['accounthierarchy'] = $partner_product;
+
 }
 else {
    //do nothing
 }

-//CREAT NEW ARRAY AND MAP TO CLAUSE
+//CHECK IF CATEGORIES ARE SEND AND UPDATE 
+if (isset($post_content['categories'])){
+
+    if ($command != 'insert'){
+        //CHANGE OR DELETE SO PRODUCT_ID IS AVAILABLE IN CALL
+        $api_url = '/v2/products_categories/';
+        $data = json_encode(array("categories" => $post_content['categories'], "product_id" => $id), JSON_UNESCAPED_UNICODE);
+        $responses = ioApiv2($api_url,$data,$clientsecret);
+    } else {
+        //INSERT Product ROWID NOT AVAILABLE YET. store $post_content['categories'] in different variable.
+        $categories = $post_content['categories'];
+    }
+
+    //REMOVE CATERGORIES FROM POST_CONTENT ARRAY
+    unset($post_content['categories']);
+}
+
+//CREATe NEW ARRAY AND MAP TO CLAUSE
 if(isset($post_content) && $post_content!=''){   
    foreach ($post_content as $key => $var){
        if ($key == 'submit' || $key == 'rowID'){
@@ -90,6 +108,11 @@ elseif ($command == 'insert' && isAllowed('products',$profile,$permission,'C') =
    $sql = 'INSERT INTO products ('.$clause_insert.') VALUES ('.$input_insert.')';
    $stmt = $pdo->prepare($sql);
    $stmt->execute($execute_input);
+
+    $api_url = '/v2/products_categories/';
+    $data = json_encode(array("categories" => $categories, "product_id" => $id), JSON_UNESCAPED_UNICODE);
+    $responses = ioApiv2($api_url,$data,$clientsecret);
+
 }
 elseif ($command == 'delete' && isAllowed('products',$profile,$permission,'D') === 1){
    $stmt = $pdo->prepare('DELETE FROM products WHERE rowID = ? '.$whereclause.'');
--- a/api/v2/get/categories.php
+++ b/api/v2/get/categories.php
@@ -48,8 +48,12 @@ if(isset($get_content) && $get_content!=''){
        //build up search
        $clause .= ' AND name like :'.$v[0]; 
        }
+        elseif ($v[0] == 'rowid_exclude') {
+            //build up search
+            $clause .= ' AND rowID != :'.$v[0]; 
+        }
        else {//create clause
-        $clause .= ' AND '.$v[0].' = :'.$v[0];
+            $clause .= ' AND '.$v[0].' = :'.$v[0];
        }
    }
    if ($whereclause == '' && $clause !=''){
@@ -66,6 +70,7 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){
 else {
    //SQL for Paging 
    $sql = 'SELECT * FROM categories '.$whereclause.' LIMIT :page,:num_products';
+
 }

 $stmt = $pdo->prepare($sql);
--- a/api/v2/get/products_categories.php
+++ b/api/v2/get/products_categories.php
@@ -0,0 +1,123 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Products catagories
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//NEW ARRAY
+$criterias = [];   
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){    
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);     
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1]; 
+    
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        } 
+        elseif ($v[0] == 'search') {
+        //build up search
+        $clause .= ' AND c.name like :'.$v[0]; 
+        }
+        else {//create clause
+        $clause .= ' AND pc.'.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+}
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals'] ==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM products_categories '.$whereclause.'';
+} 
+else {
+    //SQL for Paging 
+    $sql = 'SELECT c.name, c.rowID FROM products_categories pc JOIN categories c ON c.rowID = pc.category_id '.$whereclause.'';
+}
+
+$stmt = $pdo->prepare($sql);
+
+//Bind to query
+if (str_contains($whereclause, ':condition')){
+    $stmt->bindValue('condition', $condition, PDO::PARAM_STR);
+}
+
+if (!empty($criterias)){
+    foreach ($criterias as $key => $value){
+        $key_condition = ':'.$key;
+        if (str_contains($whereclause, $key_condition)){
+            if ($key == 'search'){
+                $search_value = '%'.$value.'%';
+                $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
+            }
+            else {
+                $stmt->bindValue($key, $value, PDO::PARAM_STR);
+            }
+        }
+    }
+}
+
+//Add paging details
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+}
+elseif(isset($criterias['list']) && $criterias['list']==''){
+    //Excute Query
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+else {
+    //$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    //$stmt->bindValue('page', ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
+    //$stmt->bindValue('num_products', $page_rows_products, PDO::PARAM_INT);
+
+    //Excute Query
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>
--- a/api/v2/post/categories.php
+++ b/api/v2/post/categories.php
@@ -0,0 +1,98 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Categories
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND c.accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//BUILD UP PARTNERHIERARCHY FROM USER
+$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
+
+$id = $post_content['rowID'] ?? ''; //check for rowID
+$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+if ($command == 'update'){
+    $post_content['updatedby'] = $username;
+}
+if ($command == 'insert'){
+    $post_content['createdby'] = $username;
+    $post_content['accounthierarchy'] = $partner_product;
+}
+
+//CREAT NEW ARRAY AND MAP TO CLAUSE
+if(isset($post_content) && $post_content!=''){   
+    foreach ($post_content as $key => $var){
+        if ($key == 'submit' || $key == 'rowID'){
+            //do nothing
+        }
+        else {
+            $criterias[$key] = $var;
+            $clause .= ' , '.$key.' = ?';
+            $clause_insert .= ' , '.$key.'';
+            $input_insert .= ', ?'; // ? for each insert item
+            $execute_input[]= $var; // Build array for input
+        }
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 2); //Clean clause - remove first comma
+$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
+$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('categories',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE categories SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+} 
+elseif ($command == 'insert' && isAllowed('categories',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO categories ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('categories',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE c, pc FROM categories c LEFT JOIN products_categories pc ON pc.category_id = c.rowID WHERE c.rowID = ? '.$whereclause.'');
+    $stmt->execute([ $id ]); 
+
+    //Add deletion to changelog
+    changelog($dbname,'categories',$id,'Delete','Delete',$username);
+} else
+{
+    //do nothing
+}
+
+
+?>
--- a/api/v2/post/products.php
+++ b/api/v2/post/products.php
@@ -58,6 +58,23 @@ else {
    //do nothing
 }

+//CHECK IF CATEGORIES ARE SEND AND UPDATE 
+if (isset($post_content['categories'])){
+
+    if ($command != 'insert'){
+        //CHANGE OR DELETE SO PRODUCT_ID IS AVAILABLE IN CALL
+        $api_url = '/v2/products_categories/';
+        $data = json_encode(array("categories" => $post_content['categories'], "product_id" => $id), JSON_UNESCAPED_UNICODE);
+        $responses = ioApiv2($api_url,$data,$clientsecret);
+    } else {
+        //INSERT Product ROWID NOT AVAILABLE YET. store $post_content['categories'] in different variable.
+        $categories = $post_content['categories'];
+    }
+
+    //REMOVE CATERGORIES FROM POST_CONTENT ARRAY
+    unset($post_content['categories']);
+}
+
 //CREAT NEW ARRAY AND MAP TO CLAUSE
 if(isset($post_content) && $post_content!=''){   
    foreach ($post_content as $key => $var){
@@ -90,6 +107,10 @@ elseif ($command == 'insert' && isAllowed('products',$profile,$permission,'C') =
    $sql = 'INSERT INTO products ('.$clause_insert.') VALUES ('.$input_insert.')';
    $stmt = $pdo->prepare($sql);
    $stmt->execute($execute_input);
+
+    $api_url = '/v2/products_categories/';
+    $data = json_encode(array("categories" => $categories, "product_id" => $id), JSON_UNESCAPED_UNICODE);
+    $responses = ioApiv2($api_url,$data,$clientsecret);
 }
 elseif ($command == 'delete' && isAllowed('products',$profile,$permission,'D') === 1){
    $stmt = $pdo->prepare('DELETE FROM products WHERE rowID = ? '.$whereclause.'');
--- a/api/v2/post/products_categories.php
+++ b/api/v2/post/products_categories.php
@@ -0,0 +1,66 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Categories
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
+        break;
+} 
+//CHECK IF PRODUCT ID IS SEND
+if (isset($post_content['product_id']) && $post_content['product_id'] != ''){
+
+//CHECK IF ALLOWED TO CRUD CATEGORIES
+    $sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'";
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([isset($post_content['product_id'])]);
+    $product_data = $stmt->fetch();
+    $product_owner = ($product_data['rowID'])? 1 : 0;
+
+    //IF PRODUCT IS OWNED THEN CRUD is ALLOWED
+    if ($product_owner === 1 ){
+
+        if(isAllowed('products_categories',$profile,$permission,'U') === 1 || isAllowed('products_categories',$profile,$permission,'C') === 1) {
+            
+            if (isset($post_content['categories']) && is_array($post_content['categories']) && count($post_content['categories']) > 0) {
+                    $in  = str_repeat('?,', count($post_content['categories']) - 1) . '?';
+                    $stmt = $pdo->prepare('DELETE FROM products_categories WHERE product_id = ? AND category_id NOT IN (' . $in . ')');
+                    $stmt->execute(array_merge([$post_content['product_id'] ], $post_content['categories']));
+                    
+                    foreach ($post_content['categories'] as $cat) {
+                        $stmt = $pdo->prepare('INSERT IGNORE INTO products_categories (product_id,category_id) VALUES (?,?)');
+                        $stmt->execute([$post_content['product_id'], $cat ]);
+                    }
+            }
+        } else {
+            if(isAllowed('products_categories',$profile,$permission,'D') === 1){
+                
+            $stmt = $pdo->prepare('DELETE FROM products_categories WHERE product_id = ?');
+            $stmt->execute([$post_content['product_id']]);
+
+            changelog($dbname,'products_categories',$id,'Delete','Delete',$username);
+            }
+        }
+    }
+}