pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CM89 - contract changes

Browse Source
This commit is contained in:
“VeLiTi”
2024-09-20 14:57:11 +02:00
parent e139b91c30
commit 78cfe93dce
19 changed files with 1780 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
api/v1/get/application.php
View File

@@ -67,7 +67,33 @@ if(isset($get_content) && $get_content!=''){
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='history' || $v[0] =='target' || $v[0] =='success_msg'){
//do nothing
}
}
elseif ($v[0] == 'serialnumber') {
//build up serialnumber
//check if multiple serialnumbers are provided
if (str_contains($v[1], ',')){
$inputs = explode(",",$v[1]);
$new_querystring = ''; //empty querystring
$x=0;
foreach($inputs as $input){
//create key
$new_key = $v[0].'_'.$x;
//inject new key/value to array
$criterias[$new_key] = $input;
$new_querystring .= ':'.$new_key.',';
$x++;
}
//remove obsolete last character from new_querystring
$new_querystring = substr($new_querystring,0, -1);
//add new_querystring to clause
$clause .= ' AND e.serialnumber IN ('.$new_querystring.')';
//remove original key/value from array
unset($criterias[$v[0]]);
}
else {
$clause .= ' AND e.serialnumber IN (:'.$v[0].')';
}
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
@@ -155,6 +181,10 @@ switch ($action) {
$sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)';
break;
case 'contract_usage_servicereports':
$sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)';
break;
case 'report_usage_firmware':
$sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)';
break;

24
api/v1/get/contracts.php
View File

@@ -8,11 +8,33 @@ defined($security_key) or exit;
//Connect to DB
$pdo = dbConnect($dbname);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like :condition ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE accounthierarchy like :condition ';
break;
}
//NEW ARRAY
$whereclause ='';
$criterias = [];
$clause = '';

1
api/v1/get/user_credentials.php
View File

@@ -23,6 +23,7 @@ if ($stmt->rowCount() == 1) {
$servicekey = $user_data['service'];
$language = $user_data['language'];
$partner = json_decode($partnerhierarchy);
$clientsecret = $user_data['userkey'];
//Update Lastlogin
$logindate = date('Y-m-d H:i:s');

170
api/v1/post/contracts.php
View File

@@ -13,9 +13,26 @@ $post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
@@ -27,17 +44,161 @@ $clause = '';
$clause_insert ='';
$input_insert = '';
//remove blanks from array
if (isset($post_content['servicetool'])){
$post_content['servicetool'] = array_map('trim', $post_content['servicetool']);
$post_content['servicetool'] = array_filter($post_content['servicetool'], 'strlen');
}
if (isset($post_content['assigned_users'])){
$post_content['assigned_users'] = array_map('trim', $post_content['assigned_users']);
$post_content['assigned_users'] = array_filter($post_content['assigned_users'], 'strlen');
}
if ($id != ''){
//DEFINE ACCOUNTHIERARCHY
$stmt = $pdo->prepare('SELECT * FROM contracts WHERE rowID = ?');
$stmt->execute([$id]);
$contract_data = $stmt->fetch();
$contract_old = json_decode($contract_data['accounthierarchy']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $contract_old->salesid)? $post_content['salesid'] : $contract_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $contract_old->soldto)? $post_content['soldto'] : $contract_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location);
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
elseif ($permission == 3) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$contract_old->salesid,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
else {
$account = array(
"salesid"=>$contract_old->salesid,
"soldto"=>$contract_old->soldto,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
//CHECK FOR CHANGES IN ASSIGNED_USERS
if (isset($post_content['assigned_users'])){
$assigned_users_current = json_decode($contract_data['assigned_users'],true);
$assigned_users_new = $post_content['assigned_users'];
// Find deleted items (items in current but not in new)
$deletedItems = array_diff($assigned_users_current, $assigned_users_new);
// Find added items (items in new but not in current)
$addedItems = array_diff($assigned_users_new, $assigned_users_current);
//When deleted items are found
if (!empty($deletedItems)){
foreach ($deletedItems as $item){
//CALL TO API FOR General information
$api_url = '/v2/users/username='.$item;
$responses = ioApi($api_url,'',$clientsecret);
if (!empty($responses)){
$response = json_decode($responses,true);
//If response is not null update the service flag of the user
if (count($response) != 0){
$id_removed_user = $response[0]['id'];
//Remove serviceflag from user
$sql = 'UPDATE users SET service = "" WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$id_removed_user]);
}
}
}
}
}
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
}
// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY
$post_content['accounthierarchy'] = json_encode($account, JSON_UNESCAPED_UNICODE);
if ($command == 'insert' && !isset($post_content['delete'])){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
//remove blanks from array
if (isset($post_content['servicetool'])){
$post_content['servicetool'] = json_encode($post_content['servicetool'], JSON_UNESCAPED_UNICODE);
}
if (isset($post_content['assigned_users'])){
//Check for all users in array if exist then update service or create
foreach ($post_content['assigned_users'] as $user_assigned){
//CALL TO API FOR General information
$responses = ioApi('/v2/users/username='.$user_assigned,'',$clientsecret);
if (!empty($responses)){
$response = json_decode($responses,true);
//If response is not null update the service flag of the user
if (count($response) != 0){
$id_exist_user = $response[0]['id'];
$generate_service = bin2hex(random_bytes(25));
//Remove serviceflag from user
$sql = 'UPDATE users SET service = ? WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$generate_service,$id_exist_user]);
} else {
//Decode the account structure of the contract and create user
$ah_array = json_decode($post_content['accounthierarchy'],true);
$data = json_encode(array("username" => $user_assigned, "email"=> $user_assigned,"view" => 2 ,"settings"=>"service","service"=> 1,"userkey"=> 1, "salesid" => $ah_array['salesid'], "soldto" => $ah_array['soldto'],"shipto" => $ah_array['shipto'],"location" => $ah_array['location']), JSON_UNESCAPED_UNICODE);
//call the API to create user
ioApi('/v2/users',$data,$clientsecret);
}
}
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
// UPDATE TO JSON
$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
}
//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
//do nothing
}
else {
@@ -61,6 +222,7 @@ if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contra
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')';

13
api/v1/post/users.php
View File

@@ -14,7 +14,7 @@ $owner_user = 0;
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user
//default whereclause to check if data is owned by user
$whereclause = '';
switch ($permission) {
@@ -35,7 +35,7 @@ switch ($permission) {
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
if (isset($post_content['reset'])){$command = 'reset';} //change command to reset
@@ -143,14 +143,15 @@ $accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
//Create resetkey & tokens
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
$post_content['service'] = ($post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
$post_content['userkey'] = ($post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';
$post_content['service'] = (isset($post_content['service']) && $post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
$post_content['userkey'] = (isset($post_content['userkey']) && $post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['partnerhierarchy'] = $accounthierarchy;
}
elseif ($command == 'insert'){
$post_content['resetkey'] = $resetkey = generate_jwt($headers, $payload);
$post_content['password'] = generate_jwt($headers, $payload);
$post_content['partnerhierarchy'] = $accounthierarchy;
$post_content['salesID'] = $partner->salesid;
@@ -249,10 +250,6 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//STEP 1- create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 2- Send to user
include_once './assets/mail/email_template_new.php';
send_mail($post_content['email'],$subject,$message,'','');