CM89 - contract changes

2024-09-20 14:57:11 +02:00
parent e139b91c30
commit 78cfe93dce
19 changed files with 1780 additions and 211 deletions
--- a/api/v1/post/contracts.php
+++ b/api/v1/post/contracts.php
@@ -13,9 +13,26 @@ $post_content = json_decode(decode_payload($input),true);
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

-//default whereclause to check if data is owned buy user
+//default whereclause
 $whereclause = '';

+switch ($permission) {    
+    case '4': 
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;
+    case '2':
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
+        break;
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
+        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
 $command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
@@ -27,17 +44,161 @@ $clause = '';
 $clause_insert ='';
 $input_insert = '';

+//remove blanks from array
+if (isset($post_content['servicetool'])){
+    $post_content['servicetool'] = array_map('trim', $post_content['servicetool']);
+    $post_content['servicetool'] = array_filter($post_content['servicetool'], 'strlen');
+}
+if (isset($post_content['assigned_users'])){
+    $post_content['assigned_users'] = array_map('trim', $post_content['assigned_users']);
+    $post_content['assigned_users'] = array_filter($post_content['assigned_users'], 'strlen');
+}
+if ($id != ''){
+    
+    //DEFINE ACCOUNTHIERARCHY
+    $stmt = $pdo->prepare('SELECT * FROM contracts WHERE rowID = ?');
+    $stmt->execute([$id]);
+    $contract_data = $stmt->fetch();
+     
+    $contract_old = json_decode($contract_data['accounthierarchy']);
+    $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $contract_old->salesid)? $post_content['salesid'] : $contract_old->salesid);
+    $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $contract_old->soldto)? $post_content['soldto'] : $contract_old->soldto);
+    $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto);
+    $location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location);
+    
+    if ($permission == 4){
+        //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
+        $account = array(
+        "salesid"=>$salesid_new,
+        "soldto"=>$soldto_new,
+        "shipto"=>$shipto_new,
+        "location"=>$location_new
+    );
+    } 
+    elseif ($permission == 3) {
+        //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
+        $account = array(
+            "salesid"=>$contract_old->salesid,
+            "soldto"=>$soldto_new,
+            "shipto"=>$shipto_new,
+            "location"=>$location_new
+        );
+    }
+    else {
+        $account = array(
+            "salesid"=>$contract_old->salesid,
+            "soldto"=>$contract_old->soldto,
+            "shipto"=>$shipto_new,
+            "location"=>$location_new
+        );
+    }
+
+    //CHECK FOR CHANGES IN ASSIGNED_USERS
+    if (isset($post_content['assigned_users'])){
+        $assigned_users_current = json_decode($contract_data['assigned_users'],true);
+        $assigned_users_new = $post_content['assigned_users'];
+
+        // Find deleted items (items in current but not in new)
+        $deletedItems = array_diff($assigned_users_current, $assigned_users_new);
+        // Find added items (items in new but not in current)
+        $addedItems = array_diff($assigned_users_new, $assigned_users_current);
+        
+        //When deleted items are found
+        if (!empty($deletedItems)){            
+            foreach ($deletedItems as $item){
+            //CALL TO API FOR General information
+            $api_url = '/v2/users/username='.$item;
+            $responses = ioApi($api_url,'',$clientsecret);
+                if (!empty($responses)){
+                    $response = json_decode($responses,true);
+                    
+                    //If response is not null update the service flag of the user
+                    if (count($response) != 0){
+                        $id_removed_user = $response[0]['id'];
+                        //Remove serviceflag from user
+                        $sql = 'UPDATE users SET service = "" WHERE id = ? ';
+                        $stmt = $pdo->prepare($sql);
+                        $stmt->execute([$id_removed_user]); 
+                    } 
+                }
+            }
+        }
+        
+    }
+}    
+else {
+    //ID is empty => INSERT / NEW RECORD
+    if ($permission == 4){
+        $account = array(
+            "salesid"=>$post_content['salesid'],
+            "soldto"=>$post_content['soldto'],
+            "shipto"=>$post_content['shipto'],
+            "location"=>$post_content['location']
+        );
+    } 
+    elseif ($permission == 3){
+        $account = array(
+            "salesid"=>$partner->salesid,
+            "soldto"=>$post_content['soldto'],
+            "shipto"=>$post_content['shipto'],
+            "location"=>$post_content['location']
+        );
+    }else {
+        $account = array(
+            "salesid"=>$partner->salesid,
+            "soldto"=>$partner->soldto,
+            "shipto"=>$post_content['shipto'],
+            "location"=>$post_content['location']
+        );
+    }
+}
+
+// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY
+$post_content['accounthierarchy'] = json_encode($account, JSON_UNESCAPED_UNICODE);
+
 if ($command == 'insert' && !isset($post_content['delete'])){
    $post_content['created'] = $date;
    $post_content['createdby'] = $username;
 }

-$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
+//remove blanks from array
+if (isset($post_content['servicetool'])){
+    $post_content['servicetool'] = json_encode($post_content['servicetool'], JSON_UNESCAPED_UNICODE);
+}
+if (isset($post_content['assigned_users'])){
+    //Check for all users in array if exist then update service or create
+    foreach ($post_content['assigned_users'] as $user_assigned){
+        //CALL TO API FOR General information
+        $responses = ioApi('/v2/users/username='.$user_assigned,'',$clientsecret);
+            if (!empty($responses)){
+                $response = json_decode($responses,true);
+                
+                //If response is not null update the service flag of the user
+                if (count($response) != 0){
+                    $id_exist_user = $response[0]['id'];
+                    $generate_service = bin2hex(random_bytes(25));
+                    //Remove serviceflag from user
+                    $sql = 'UPDATE users SET service = ? WHERE id = ? ';
+                    $stmt = $pdo->prepare($sql);
+                    $stmt->execute([$generate_service,$id_exist_user]); 
+                } else {
+                    //Decode the account structure of the contract and create user
+                    $ah_array = json_decode($post_content['accounthierarchy'],true);
+                    $data = json_encode(array("username" => $user_assigned, "email"=> $user_assigned,"view" => 2 ,"settings"=>"service","service"=> 1,"userkey"=> 1, "salesid" => $ah_array['salesid'], "soldto" => $ah_array['soldto'],"shipto" => $ah_array['shipto'],"location" => $ah_array['location']), JSON_UNESCAPED_UNICODE);
+                    //call the API to create user
+                    ioApi('/v2/users',$data,$clientsecret);
+                }
+            }
+        }

-//CREAT NEW ARRAY AND MAP TO CLAUSE
+    // UPDATE TO JSON
+    $post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
+}
+
+//CREATE NEW ARRAY AND MAP TO CLAUSE
 if(isset($post_content) && $post_content!=''){   
    foreach ($post_content as $key => $var){
-        if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'){
+        if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
            //do nothing
        }
        else {
@@ -61,6 +222,7 @@ if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contra
    $execute_input[] = $id;
    $stmt = $pdo->prepare($sql);
    $stmt->execute($execute_input);  
+
 } 
 elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){    
        $sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')';
--- a/api/v1/post/users.php
+++ b/api/v1/post/users.php
@@ -14,7 +14,7 @@ $owner_user = 0;
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

-//default whereclause to check if data is owned buy user
+//default whereclause to check if data is owned by user
 $whereclause = '';

 switch ($permission) {    
@@ -35,7 +35,7 @@ switch ($permission) {
 } 

 //SET PARAMETERS FOR QUERY
-$id = $post_content['id'] ?? ''; //check for rowID
+$id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
 $command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
 if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
 if (isset($post_content['reset'])){$command = 'reset';} //change command to reset
@@ -143,14 +143,15 @@ $accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
 //Create resetkey & tokens
 $headers = array('alg'=>'HS256','typ'=>'JWT');
 $payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
-$post_content['service'] = ($post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
-$post_content['userkey'] = ($post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';
+$post_content['service'] = (isset($post_content['service']) && $post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
+$post_content['userkey'] = (isset($post_content['userkey']) && $post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';

 //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
 if ($command == 'update'){ 
    $post_content['partnerhierarchy'] = $accounthierarchy;
 }
 elseif ($command == 'insert'){
+    $post_content['resetkey'] = $resetkey = generate_jwt($headers, $payload);
    $post_content['password'] = generate_jwt($headers, $payload);
    $post_content['partnerhierarchy'] = $accounthierarchy;
    $post_content['salesID'] = $partner->salesid;
@@ -249,10 +250,6 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
        $stmt = $pdo->prepare($sql);
        $stmt->execute($execute_input);

-        //STEP 1- create resetkey
-        $headers = array('alg'=>'HS256','typ'=>'JWT');
-        $payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
-        $resetkey = generate_jwt($headers, $payload);
        //STEP 2- Send to user
        include_once './assets/mail/email_template_new.php';
        send_mail($post_content['email'],$subject,$message,'','');