CMXX - Upgrade products_software
This commit is contained in:
“VeLiTi”
@@ -28,7 +28,7 @@ if (isset($criterias['productcode']) && $criterias['productcode'] != '' && isset
|
||||
$pdo = dbConnect($dbname);
|
||||
|
||||
//SQL for Paging
|
||||
$sql = 'SELECT * FROM products_versions pv JOIN products p ON pv.productrowid = p.rowID WHERE p.productcode = ? AND pv.version = ? AND pv.status = "1"';
|
||||
$sql = 'SELECT * FROM products_software pv JOIN products p ON pv.productrowid = p.rowID WHERE p.productcode = ? AND pv.version = ? AND pv.status = "1"';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
//Excute Query
|
||||
$stmt->execute([$criterias['productcode'],$criterias['version']]);
|
||||
|
||||
105
api/v2/post/products_software.php
Normal file
105
api/v2/post/products_software.php
Normal file
@@ -0,0 +1,105 @@
|
||||
<?php
|
||||
defined($security_key) or exit;
|
||||
|
||||
//------------------------------------------
|
||||
// Products
|
||||
//------------------------------------------
|
||||
//Connect to DB
|
||||
$pdo = dbConnect($dbname);
|
||||
|
||||
//CONTENT FROM API (POST)
|
||||
$post_content = json_decode($input,true);
|
||||
|
||||
//SoldTo is empty
|
||||
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
|
||||
|
||||
//default whereclause
|
||||
$whereclause = '';
|
||||
|
||||
switch ($permission) {
|
||||
case '4':
|
||||
$whereclause = '';
|
||||
break;
|
||||
case '3':
|
||||
$whereclause = '';
|
||||
break;
|
||||
default:
|
||||
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
|
||||
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
|
||||
break;
|
||||
}
|
||||
|
||||
//ENSURE PRODUCTROWID IS SEND
|
||||
if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
|
||||
|
||||
//CHECK IF ALLOWED TO CRUD VERSIONS
|
||||
$sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$post_content['productrowid']]);
|
||||
$product_data = $stmt->fetch();
|
||||
$product_owner = ($product_data['rowID'])? 1 : 0;
|
||||
|
||||
//IF PRODUCT IS OWNED THEN CRUD is ALLOWED
|
||||
if ($product_owner === 1 ){
|
||||
//SET PARAMETERS FOR QUERY
|
||||
$id = $post_content['rowID'] ?? ''; //check for rowID
|
||||
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
|
||||
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
|
||||
$date = date('Y-m-d H:i:s');
|
||||
|
||||
//CREATE EMPTY STRINGS
|
||||
$clause = '';
|
||||
$clause_insert ='';
|
||||
$input_insert = '';
|
||||
|
||||
if ($command == 'insert'){
|
||||
$post_content['created'] = $date;
|
||||
$post_content['createdby'] = $username;
|
||||
}
|
||||
|
||||
//CREAT NEW ARRAY AND MAP TO CLAUSE
|
||||
if(isset($post_content) && $post_content!=''){
|
||||
foreach ($post_content as $key => $var){
|
||||
if ($key == 'submit' || $key == 'rowID'){
|
||||
//do nothing
|
||||
}
|
||||
else {
|
||||
$criterias[$key] = $var;
|
||||
$clause .= ' , '.$key.' = ?';
|
||||
$clause_insert .= ' , '.$key.'';
|
||||
$input_insert .= ', ?'; // ? for each insert item
|
||||
$execute_input[]= $var; // Build array for input
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//CLEAN UP INPUT
|
||||
$clause = substr($clause, 2); //Clean clause - remove first comma
|
||||
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
||||
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && isAllowed('products_software',$profile,$permission,'U') === 1){
|
||||
$sql = 'UPDATE products_software SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('products_software',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO products_software ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'delete' && isAllowed('products_software',$profile,$permission,'D') === 1){
|
||||
$stmt = $pdo->prepare('DELETE FROM products_software WHERE rowID = ? '.$whereclause.'');
|
||||
$stmt->execute([ $id ]);
|
||||
|
||||
//Add deletion to changelog
|
||||
changelog($dbname,'products_',$id,'Delete','Delete',$username);
|
||||
} else
|
||||
{
|
||||
//do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user