pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Manage Products - Initial

Browse Source
This commit is contained in:
“VeLiTi”
2024-09-18 12:07:03 +02:00
parent 0532f93bd9
commit e139b91c30
19 changed files with 1625 additions and 554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
api/v1/get/products_versions.php Normal file
View File

@@ -0,0 +1,140 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND productcode like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//ENSURE PRODUCTROWID IS SEND
if (isset($criterias['productrowid']) && $criterias['productrowid'] != ''){
//CHECK IF ALLOWED TO CRUD VERSIONS
$sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'";
$stmt = $pdo->prepare($sql);
$stmt->execute([$criterias['productrowid']]);
$product_data = $stmt->fetch();
$product_owner = ($product_data['rowID'])? 1 : 0;
//IF PRODUCT IS OWNED THEN CRUD is ALLOWED
if ($product_owner === 1 ){
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM products_versions '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for Paging
$sql = 'SELECT * FROM products_versions '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM products_versions '.$whereclause.'';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
//$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
//$stmt->bindValue('page', ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
//$stmt->bindValue('num_products', $page_rows_products, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
}
}
?>

31
api/v1/post/equipments.php
View File

@@ -62,8 +62,8 @@ if ($id != ''){
$owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0);
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
@@ -71,7 +71,18 @@ if ($id != ''){
"location"=>$location_new,
"section"=>$section_new
);
} else {
}
elseif ($permission == 3) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$equipment_old->salesid,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new,
"section"=>$section_new
);
}
else {
$account = array(
"salesid"=>$equipment_old->salesid,
"soldto"=>$equipment_old->soldto,
@@ -83,7 +94,7 @@ if ($id != ''){
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 3 || $permission == 4){
if ($permission == 4){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
@@ -92,7 +103,17 @@ else {
"section"=>$post_content['section']
);
} else {
}
elseif ($permission == 3){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location'],
"section"=>$post_content['section']
);
}else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,

105
api/v1/post/products_versions.php Normal file
View File

@@ -0,0 +1,105 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//ENSURE PRODUCTROWID IS SEND
if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
//CHECK IF ALLOWED TO CRUD VERSIONS
$sql = 'SELECT * FROM products WHERE rowID = ? '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$post_content['productrowid']]);
$product_data = $stmt->fetch();
$product_owner = ($product_data['rowID'])? 1 : 0;
//IF PRODUCT IS OWNED THEN CRUD is ALLOWED
if ($product_owner === 1 ){
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
if ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('products_versions',$profile,$permission,'U') === 1){
$sql = 'UPDATE products_versions SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('products_versions',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO products_versions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('products_versions',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM products_versions WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'products_versions',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
}
}
?>

31
api/v1/post/users.php
View File

@@ -64,15 +64,24 @@ $soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != ''
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location);
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
} else {
}elseif ($permission == 3) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
@@ -82,15 +91,25 @@ if ($permission == 3 || $permission == 4){
}
} elseif ($command == 'insert') {
//ID is empty => INSERT / NEW RECORD
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
} else {
}
elseif ($permission == 3){
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,