diff --git a/api/v2/get/pricelists.php b/api/v2/get/pricelists.php new file mode 100644 index 0000000..6379912 --- /dev/null +++ b/api/v2/get/pricelists.php @@ -0,0 +1,118 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; + break; +} + +//NEW ARRAY +$criterias = []; +$clause = ''; + +//Check for $_GET variables and build up clause +if(isset($get_content) && $get_content!=''){ + //GET VARIABLES FROM URL + $requests = explode("&", $get_content); + //Check for keys and values + foreach ($requests as $y){ + $v = explode("=", $y); + //INCLUDE VARIABLES IN ARRAY + $criterias[$v[0]] = $v[1]; + + if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){ + //do nothing + } + elseif ($v[0] == 'name') { + //build up search + $clause .= ' AND name like :'.$v[0]; + } + else {//create clause + $clause .= ' AND '.$v[0].' = :'.$v[0]; + } + } + if ($whereclause == '' && $clause !=''){ + $whereclause = 'WHERE '.substr($clause, 4); + } else { + $whereclause .= $clause; + } +} +//Define Query +if(isset($criterias['totals']) && $criterias['totals'] ==''){ +//Request for total rows + $sql = 'SELECT count(*) as count FROM pricelists '.$whereclause.''; +} +else { + //SQL for Paging + $sql = 'SELECT * FROM pricelists '.$whereclause.' LIMIT :page,:num_products'; +} + +$stmt = $pdo->prepare($sql); + +//Bind to query +if (str_contains($whereclause, ':condition')){ + $stmt->bindValue('condition', $condition, PDO::PARAM_STR); +} + +if (!empty($criterias)){ + foreach ($criterias as $key => $value){ + $key_condition = ':'.$key; + if (str_contains($whereclause, $key_condition)){ + if ($key == 'search'){ + $search_value = '%'.$value.'%'; + $stmt->bindValue($key, $search_value, PDO::PARAM_STR); + } + else { + $stmt->bindValue($key, $value, PDO::PARAM_STR); + } + } + } +} + +//Add paging details +if(isset($criterias['totals']) && $criterias['totals']==''){ + $stmt->execute(); + $messages = $stmt->fetch(); + $messages = $messages[0]; +} +else { + $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; + $stmt->bindValue('page', ($current_page - 1) * $page_rows_pricelists, PDO::PARAM_INT); + $stmt->bindValue('num_products', $page_rows_pricelists, PDO::PARAM_INT); + + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); +} + +//------------------------------------------ +//JSON_ENCODE +//------------------------------------------ +$messages = json_encode($messages, JSON_UNESCAPED_UNICODE); + +//Send results +echo $messages; + +?> \ No newline at end of file diff --git a/api/v2/get/pricelists_items.php b/api/v2/get/pricelists_items.php new file mode 100644 index 0000000..e150f39 --- /dev/null +++ b/api/v2/get/pricelists_items.php @@ -0,0 +1,118 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; + break; +} + +//NEW ARRAY +$criterias = []; +$clause = ''; + +//Check for $_GET variables and build up clause +if(isset($get_content) && $get_content!=''){ + //GET VARIABLES FROM URL + $requests = explode("&", $get_content); + //Check for keys and values + foreach ($requests as $y){ + $v = explode("=", $y); + //INCLUDE VARIABLES IN ARRAY + $criterias[$v[0]] = $v[1]; + + if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){ + //do nothing + } + elseif ($v[0] == 'search') { + //build up search + $clause .= ' AND product_ID like :'.$v[0]; + } + else {//create clause + $clause .= ' AND '.$v[0].' = :'.$v[0]; + } + } + if ($whereclause == '' && $clause !=''){ + $whereclause = 'WHERE '.substr($clause, 4); + } else { + $whereclause .= $clause; + } +} +//Define Query +if(isset($criterias['totals']) && $criterias['totals'] ==''){ +//Request for total rows + $sql = 'SELECT count(*) as count FROM pricelists_items '.$whereclause.''; +} +else { + //SQL for Paging + $sql = 'SELECT * FROM pricelists_items '.$whereclause.' LIMIT :page,:num_products'; +} + +$stmt = $pdo->prepare($sql); + +//Bind to query +if (str_contains($whereclause, ':condition')){ + $stmt->bindValue('condition', $condition, PDO::PARAM_STR); +} + +if (!empty($criterias)){ + foreach ($criterias as $key => $value){ + $key_condition = ':'.$key; + if (str_contains($whereclause, $key_condition)){ + if ($key == 'search'){ + $search_value = '%'.$value.'%'; + $stmt->bindValue($key, $search_value, PDO::PARAM_STR); + } + else { + $stmt->bindValue($key, $value, PDO::PARAM_STR); + } + } + } +} + +//Add paging details +if(isset($criterias['totals']) && $criterias['totals']==''){ + $stmt->execute(); + $messages = $stmt->fetch(); + $messages = $messages[0]; +} +else { + $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; + $stmt->bindValue('page', ($current_page - 1) * $page_rows_pricelists, PDO::PARAM_INT); + $stmt->bindValue('num_products', $page_rows_pricelists, PDO::PARAM_INT); + + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); +} + +//------------------------------------------ +//JSON_ENCODE +//------------------------------------------ +$messages = json_encode($messages, JSON_UNESCAPED_UNICODE); + +//Send results +echo $messages; + +?> \ No newline at end of file diff --git a/api/v2/get/translations_details.php b/api/v2/get/translations_details.php index 914e784..6abd3ec 100644 --- a/api/v2/get/translations_details.php +++ b/api/v2/get/translations_details.php @@ -98,7 +98,7 @@ if(isset($criterias['totals']) && $criterias['totals']==''){ } else { $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; - $stmt->bindValue('page', ($current_page - 1) * $page_rows_products, PDO::PARAM_INT); + $stmt->bindValue('page', ($current_page - 1) * $page_rows_translations, PDO::PARAM_INT); $stmt->bindValue('num_products', $page_rows_translations, PDO::PARAM_INT); //Excute Query diff --git a/api/v2/post/pricelists.php b/api/v2/post/pricelists.php new file mode 100644 index 0000000..93cf997 --- /dev/null +++ b/api/v2/post/pricelists.php @@ -0,0 +1,105 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; +} + +//SET PARAMETERS FOR QUERY +$id = $post_content['rowID'] ?? ''; //check for rowID +$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT +if (isset($post_content['delete'])){$command = 'delete';} //change command to delete +$date = date('Y-m-d H:i:s'); + +//CREATE EMPTY STRINGS +$clause = ''; +$clause_insert =''; +$input_insert = ''; + +//BUILD UP PARTNERHIERARCHY FROM USER +$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE); + +//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE +if ($command == 'update'){ + $post_content['updatedby'] = $username ; + +} +elseif ($command == 'insert'){ + $post_content['createdby'] = $username; + $post_content['accounthierarchy'] = $partner_product; +} +else { + //do nothing +} + +//CREAT NEW ARRAY AND MAP TO CLAUSE +if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'rowID'){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } +} + +//CLEAN UP INPUT +$clause = substr($clause, 2); //Clean clause - remove first comma +$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma +$input_insert = substr($input_insert, 1); //Clean clause - remove first comma + +//QUERY AND VERIFY ALLOWED +if ($command == 'update' && isAllowed('pricelists_manage',$profile,$permission,'U') === 1){ + $sql = 'UPDATE pricelists SET '.$clause.' WHERE rowID = ? '.$whereclause.''; + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); +} +elseif ($command == 'insert' && isAllowed('pricelists_manage',$profile,$permission,'C') === 1){ + $sql = 'INSERT INTO pricelists('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + // Return ID + echo json_encode(array('rowID'=> $pdo->lastInsertId())); +} +elseif ($command == 'delete' && isAllowed('pricelists_manage',$profile,$permission,'D') === 1){ + $stmt = $pdo->prepare('DELETE FROM pricelists WHERE rowID = ? '.$whereclause.''); + $stmt->execute([ $id ]); + + //Add deletion to changelog + changelog($dbname,'pricelists',$id,'Delete','Delete',$username); +} else +{ + //do nothing +} + +?> \ No newline at end of file diff --git a/api/v2/post/pricelists_items.php b/api/v2/post/pricelists_items.php new file mode 100644 index 0000000..08a84ca --- /dev/null +++ b/api/v2/post/pricelists_items.php @@ -0,0 +1,103 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; +} + +//SET PARAMETERS FOR QUERY +$id = $post_content['rowID'] ?? ''; //check for rowID +$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT +if (isset($post_content['delete'])){$command = 'delete';} //change command to delete +$date = date('Y-m-d H:i:s'); + +//CREATE EMPTY STRINGS +$clause = ''; +$clause_insert =''; +$input_insert = ''; + +//BUILD UP PARTNERHIERARCHY FROM USER +$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE); + +//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE +if ($command == 'update'){ + $post_content['updatedby'] = $username ; + +} +elseif ($command == 'insert'){ + $post_content['createdby'] = $username; + $post_content['accounthierarchy'] = $partner_product; +} +else { + //do nothing +} + +//CREAT NEW ARRAY AND MAP TO CLAUSE +if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'update' || $key == 'add' ||$key == 'rowID'){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } +} + +//CLEAN UP INPUT +$clause = substr($clause, 2); //Clean clause - remove first comma +$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma +$input_insert = substr($input_insert, 1); //Clean clause - remove first comma + +//QUERY AND VERIFY ALLOWED +if ($command == 'update' && isAllowed('pricelists_manage',$profile,$permission,'U') === 1){ + $sql = 'UPDATE pricelists_items SET '.$clause.' WHERE rowID = ? '.$whereclause.''; + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); +} +elseif ($command == 'insert' && isAllowed('pricelists_manage',$profile,$permission,'C') === 1){ + $sql = 'INSERT INTO pricelists_items ('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); +} +elseif ($command == 'delete' && isAllowed('pricelists_manage',$profile,$permission,'D') === 1){ + $stmt = $pdo->prepare('DELETE FROM pricelists_items WHERE rowID = ? '.$whereclause.''); + $stmt->execute([ $id ]); + + //Add deletion to changelog + changelog($dbname,'pricelists_items',$id,'Delete','Delete',$username); +} else +{ + //do nothing +} + +?> \ No newline at end of file diff --git a/pricelists.php b/pricelists.php new file mode 100644 index 0000000..efe6b1c --- /dev/null +++ b/pricelists.php @@ -0,0 +1,154 @@ + +
+ +
+

'.($pricelists_h2 ?? '').' ('.$query_total.')

+

'.($pricelists_p ?? '').'

+
+
+'; + +if (isset($success_msg)){ +$view .= '
+ +

'.$success_msg.'

+ +
'; +} +$view .= ' +
+ '.($button_create_pricelist ?? '').' +
+ +
+ +
+
+
+'; + +$view .= ' +
+
+ + + + + th>'.($pricelists_status ?? 'status').' + + + + + + + '; + + if (empty($responses)){ + + $view .= ' + + + '; + } + else { + foreach ($responses as $response){ + $view .= ' + + + + + + + '; + + + } + } +$view .= ' + +
'.($pricelists_rowID ?? 'rowID').''.($pricelists_name ?? 'name').''.$general_created.''.$general_actions.'
'.($message_no_pricelists ?? '').'
'.$response['rowID'].''.${'general_status_'.$response['status']}.''.$response['name'].''.getRelativeTime($response['created']).''.$general_view .'
+
+
+'; + +$view.=''; +//OUTPUT +echo $view; + +template_footer(); +?> \ No newline at end of file diff --git a/pricelists_manage.php b/pricelists_manage.php new file mode 100644 index 0000000..10e7043 --- /dev/null +++ b/pricelists_manage.php @@ -0,0 +1,280 @@ + '', + 'variable' => '', + 'created' => '', + 'createdby' => '', + 'updated' => '', + 'updatedby' => '', + 'accounthierarchy' => '' +]; + +if (isset($_GET['rowID'])) { + //CALL TO API + $api_url = '/v2/pricelists/rowID='.$_GET['rowID']; + $responses = ioServer($api_url,''); + //Decode Payload + if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;} + + $pricelists = json_decode(json_encode($responses[0]), true); + + //CALL TO API FOR RELATED pricelists + $api_url = '/v2/pricelists_items/pricelist_ID='.$_GET['rowID']; + $pricelists_items = ioServer($api_url,''); + //Decode Payload + if (!empty($pricelists_items)){$pricelists_items = json_decode($pricelists_items,true);}else{$pricelists_items = null;} + + if ($update_allowed === 1){ + if (isset($_POST['submit'])) { + + //GET ALL POST DATA + $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //API call + $responses = ioServer('/v2/pricelists', $payload); + + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=pricelists&success_msg=2'); + exit; + } + } + + if (isset($_POST['add'])) { + + //GET ALL POST DATA + $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //API call + $responses = ioServer('/v2/pricelists_items', $payload); + + if ($responses === 'NOK'){ + + } else { + generateLanguageFile($_POST['language_key'],$_SESSION['userkey']); + header('Location: index.php?page=pricelists_manage&rowID='.$_GET['rowID'].''); + exit; + } + + } + if (isset($_POST['update']) && isset($_POST['item'])) { + //Indicator if update has errors + $NOK_error = 0; + + //RUN through all POST items + foreach ($_POST['item'] as $attr){ + + //GET ALL POST DATA + $payload = json_encode($attr, JSON_UNESCAPED_UNICODE); + + //API call + $responses = ioServer('/v2/pricelists_items', $payload); + + if ($responses === 'NOK'){ + //NOT correct exit procedure + $NOK_error++; + exit; + } else { + $attr_language = $attr['language_key']; + } + } + + if ($NOK_error == 0){ + //NO errors generatelanguagefile + generateLanguageFile($attr_language,$_SESSION['userkey']); + } + + header('Location: index.php?page=pricelists_manage&rowID='.$_GET['rowID'].''); + exit; + } + } + + if ($delete_allowed === 1){ + if (isset($_POST['delete'])) { + //GET ALL POST DATA + $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //API call + $responses = ioServer('/v2/pricelists', $payload); + // Redirect and delete product + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=pricelists&success_msg=3'); + exit; + } + } + } + +} else { + // Create a new variable + if (isset($_POST['submit']) && $create_allowed === 1) { + //GET ALL POST DATA + $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //API call + $responses = ioServer('/v2/pricelists', $payload); + + if ($responses === 'NOK'){ + + } else { + //GET ROWID OF CREATED ITEM + $variable_rowID = json_decode($responses,true); + header('Location: index.php?page=pricelists_manage&rowID='.$variable_rowID['rowID'].''); + exit; + } + } +} +//EMPTY VIEW +$view = ''; + +// Handle success messages +if (isset($_GET['success_msg'])) { + if ($_GET['success_msg'] == 0) { + $success_msg = $error_msg_0; + } +} + +template_header('Pricelists', 'pricelists', 'manage'); + +if (isset($success_msg)){ + $view .= '
+ +

'.$success_msg.'

+ +
'; +} + +$view .=' +
+
+

'.($text_variables_h2 ?? '').'

+ '.$button_cancel.' +'; + +if ($delete_allowed === 1){ + $view .= ''; +} +if ($update_allowed === 1){ + $view .= ''; +} + +$view .= '
'; + +$view .= '
+ '.$tab1 .' + '.$tab3.' +
+ '; + +//Define Service and User enabled +$view .= '
+
+ + + + '; + +$view .= '
+
'; + +$view .= '
+
+ + + + + + + + +
+
'; +$view .= '
'; + + +$view .= ' +
+ +
+
+ +
+ + + + + + + + + + + '; + + if (empty($pricelists_items)){ + $view .= ' + + + + '; + } + else { + foreach ($pricelists_items as $pricelists_item){ + $view .= ' + + + + + + + + + '; + } + } +$view .= ' + +
'.($text_variable_translation_languagekey ?? '').''.($text_variable_translation_translation ?? '').''.$general_created.''.$general_actions.'
'.($message_no_text_variables ?? '').'
'.getRelativeTime($pricelists_item['created']).'
+ + +
+
+'; + + + +//Output +echo $view; +template_footer() +?> \ No newline at end of file diff --git a/settings/settingsmenu.php b/settings/settingsmenu.php index b10c8bf..f3857e1 100644 --- a/settings/settingsmenu.php +++ b/settings/settingsmenu.php @@ -13,7 +13,7 @@ $main_menu = array ('dashboard','sales','buildtool','cartests','marketing','equi //Sub menus $equipments_sub = array('equipments','servicereports','rmas','histories','firmwaretool','equipments_mass_update'); $sales_sub = array('accounts','contracts'); -$products_sub = array('products','products_attributes'); +$products_sub = array('products','products_attributes','pricelists'); $admin_sub = array('users','communications','partners','media'); $reporting_sub = array('report_build','report_contracts_billing','report_healthindex','report_usage'); $settings_sub = array('config','translations','logfile','maintenance','profiles'); @@ -74,6 +74,12 @@ $urls = array( "icon" => "fas fa-box-open", "name" => "menu_products_attributes" ), + "pricelists" => array( + "url" => "pricelists", + "selected" => "pricelists", + "icon" => "fa-solid fa-coins", + "name" => "menu_pricelists" + ), "sales" => array( "url" => "contracts", "selected" => "contracts", @@ -233,6 +239,7 @@ $page_rows_rma = 25; // list RMA $page_rows_translations = 50; //list translation variables $page_rows_products_attributes = 50; //list product attributes $page_rows_media = 25; // list media +$page_rows_pricelists = 50;//pricelists //------------------------------------------ // Languages supported diff --git a/settings/settingsviews.php b/settings/settingsviews.php index be32c85..74686b5 100644 --- a/settings/settingsviews.php +++ b/settings/settingsviews.php @@ -43,6 +43,8 @@ $all_views = [ "products_attributes_manage", "product", "product_manage", + "pricelists_manage", + "product_manage", "servicereports", "servicereport", "admin",