CMXX - Categories and filters

2025-02-03 11:28:05 +01:00
parent 754359f6b6
commit 59c23bf46c
15 changed files with 688 additions and 9 deletions
--- a/api/v2/post/categories.php
+++ b/api/v2/post/categories.php
@@ -0,0 +1,98 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Categories
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND c.accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//BUILD UP PARTNERHIERARCHY FROM USER
+$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
+
+$id = $post_content['rowID'] ?? ''; //check for rowID
+$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+if ($command == 'update'){
+    $post_content['updatedby'] = $username;
+}
+if ($command == 'insert'){
+    $post_content['createdby'] = $username;
+    $post_content['accounthierarchy'] = $partner_product;
+}
+
+//CREAT NEW ARRAY AND MAP TO CLAUSE
+if(isset($post_content) && $post_content!=''){   
+    foreach ($post_content as $key => $var){
+        if ($key == 'submit' || $key == 'rowID'){
+            //do nothing
+        }
+        else {
+            $criterias[$key] = $var;
+            $clause .= ' , '.$key.' = ?';
+            $clause_insert .= ' , '.$key.'';
+            $input_insert .= ', ?'; // ? for each insert item
+            $execute_input[]= $var; // Build array for input
+        }
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 2); //Clean clause - remove first comma
+$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
+$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('categories',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE categories SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+} 
+elseif ($command == 'insert' && isAllowed('categories',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO categories ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('categories',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE c, pc FROM categories c LEFT JOIN products_categories pc ON pc.category_id = c.rowID WHERE c.rowID = ? '.$whereclause.'');
+    $stmt->execute([ $id ]); 
+
+    //Add deletion to changelog
+    changelog($dbname,'categories',$id,'Delete','Delete',$username);
+} else
+{
+    //do nothing
+}
+
+
+?>
--- a/api/v2/post/products.php
+++ b/api/v2/post/products.php
@@ -58,6 +58,23 @@ else {
    //do nothing
 }

+//CHECK IF CATEGORIES ARE SEND AND UPDATE 
+if (isset($post_content['categories'])){
+
+    if ($command != 'insert'){
+        //CHANGE OR DELETE SO PRODUCT_ID IS AVAILABLE IN CALL
+        $api_url = '/v2/products_categories/';
+        $data = json_encode(array("categories" => $post_content['categories'], "product_id" => $id), JSON_UNESCAPED_UNICODE);
+        $responses = ioApiv2($api_url,$data,$clientsecret);
+    } else {
+        //INSERT Product ROWID NOT AVAILABLE YET. store $post_content['categories'] in different variable.
+        $categories = $post_content['categories'];
+    }
+
+    //REMOVE CATERGORIES FROM POST_CONTENT ARRAY
+    unset($post_content['categories']);
+}
+
 //CREAT NEW ARRAY AND MAP TO CLAUSE
 if(isset($post_content) && $post_content!=''){   
    foreach ($post_content as $key => $var){
@@ -90,6 +107,10 @@ elseif ($command == 'insert' && isAllowed('products',$profile,$permission,'C') =
    $sql = 'INSERT INTO products ('.$clause_insert.') VALUES ('.$input_insert.')';
    $stmt = $pdo->prepare($sql);
    $stmt->execute($execute_input);
+
+    $api_url = '/v2/products_categories/';
+    $data = json_encode(array("categories" => $categories, "product_id" => $id), JSON_UNESCAPED_UNICODE);
+    $responses = ioApiv2($api_url,$data,$clientsecret);
 }
 elseif ($command == 'delete' && isAllowed('products',$profile,$permission,'D') === 1){
    $stmt = $pdo->prepare('DELETE FROM products WHERE rowID = ? '.$whereclause.'');
--- a/api/v2/post/products_categories.php
+++ b/api/v2/post/products_categories.php
@@ -0,0 +1,66 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Categories
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
+        break;
+} 
+//CHECK IF PRODUCT ID IS SEND
+if (isset($post_content['product_id']) && $post_content['product_id'] != ''){
+
+//CHECK IF ALLOWED TO CRUD CATEGORIES
+    $sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'";
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([isset($post_content['product_id'])]);
+    $product_data = $stmt->fetch();
+    $product_owner = ($product_data['rowID'])? 1 : 0;
+
+    //IF PRODUCT IS OWNED THEN CRUD is ALLOWED
+    if ($product_owner === 1 ){
+
+        if(isAllowed('products_categories',$profile,$permission,'U') === 1 || isAllowed('products_categories',$profile,$permission,'C') === 1) {
+            
+            if (isset($post_content['categories']) && is_array($post_content['categories']) && count($post_content['categories']) > 0) {
+                    $in  = str_repeat('?,', count($post_content['categories']) - 1) . '?';
+                    $stmt = $pdo->prepare('DELETE FROM products_categories WHERE product_id = ? AND category_id NOT IN (' . $in . ')');
+                    $stmt->execute(array_merge([$post_content['product_id'] ], $post_content['categories']));
+                    
+                    foreach ($post_content['categories'] as $cat) {
+                        $stmt = $pdo->prepare('INSERT IGNORE INTO products_categories (product_id,category_id) VALUES (?,?)');
+                        $stmt->execute([$post_content['product_id'], $cat ]);
+                    }
+            }
+        } else {
+            if(isAllowed('products_categories',$profile,$permission,'D') === 1){
+                
+            $stmt = $pdo->prepare('DELETE FROM products_categories WHERE product_id = ?');
+            $stmt->execute([$post_content['product_id']]);
+
+            changelog($dbname,'products_categories',$id,'Delete','Delete',$username);
+            }
+        }
+    }
+}