<?php
defined($security_key) or exit;

//------------------------------------------
// Products_configurations
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

//CONTENT FROM API (POST)
$post_content = json_decode($input,true);

//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');


//ENSURE PRODUCTROWID IS SEND
if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){

    //CHECK IF ALLOWED TO CRUD VERSIONS
    $sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'";
    $stmt = $pdo->prepare($sql);
    $stmt->execute([$post_content['productrowid']]);
    $product_data = $stmt->fetch();
    $product_owner = ($product_data['rowID'])? 1 : 0;

    //IF PRODUCT IS OWNED THEN CRUD is ALLOWED
    if ($product_owner === 1 ){
        //SET PARAMETERS FOR QUERY
        $id = $post_content['rowID'] ?? ''; //check for rowID
        $command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
        if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
        $date = date('Y-m-d H:i:s');

        //CREATE EMPTY STRINGS
        $clause = '';
        $clause_insert ='';
        $input_insert = '';

        if ($command == 'insert'){
            $post_content['createdby'] = $username;
        }
        if ($command == 'update'){
            $post_content['updatedby'] = $username;
        }

        //CREAT NEW ARRAY AND MAP TO CLAUSE
        if(isset($post_content) && $post_content!=''){   
            foreach ($post_content as $key => $var){
                if ($key == 'submit' || $key == 'rowID'){
                    //do nothing
                }
                else {
                    $criterias[$key] = $var;
                    $clause .= ' , '.$key.' = ?';
                    $clause_insert .= ' , '.$key.'';
                    $input_insert .= ', ?'; // ? for each insert item
                    $execute_input[]= $var; // Build array for input
                }
            }
        }

        //CLEAN UP INPUT
        $clause = substr($clause, 2); //Clean clause - remove first comma
        $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
        $input_insert = substr($input_insert, 1); //Clean clause - remove first comma

        //QUERY AND VERIFY ALLOWED
        if ($command == 'update' && isAllowed('products_configurations',$profile,$permission,'U') === 1){
            $sql = 'UPDATE products_configurations SET '.$clause.' WHERE rowID = ? ';
            $execute_input[] = $id;
            $stmt = $pdo->prepare($sql);
            $stmt->execute($execute_input);
        } 
        elseif ($command == 'insert' && isAllowed('products_configurations',$profile,$permission,'C') === 1){
            $sql = 'INSERT INTO products_configurations ('.$clause_insert.') VALUES ('.$input_insert.')';
            $stmt = $pdo->prepare($sql);
            $stmt->execute($execute_input);
        }
        elseif ($command == 'delete' && isAllowed('products_configurations',$profile,$permission,'D') === 1){
            $stmt = $pdo->prepare('DELETE FROM products_configurations WHERE rowID = ? ');
            $stmt->execute([ $id ]); 

            //Add deletion to changelog
            changelog($dbname,'products_configurations',$id,'Delete','Delete',$username);
        } else
        {
            //do nothing
        }
    }
}
?>