<?php
defined($security_key) or exit;

//------------------------------------------
// contracts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);

//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

//default whereclause
$whereclause = '';

list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');

//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');

//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';

//remove blanks from array
if (isset($post_content['servicetool'])){
    $post_content['servicetool'] = array_map('trim', $post_content['servicetool']);
    $post_content['servicetool'] = array_filter($post_content['servicetool'], 'strlen');
}
if (isset($post_content['assigned_users'])){
    $post_content['assigned_users'] = array_map('trim', $post_content['assigned_users']);
    $post_content['assigned_users'] = array_filter($post_content['assigned_users'], 'strlen');
}
if (isset($post_content['ignore_list'])){
    $post_content['ignore_list'] = array_map('trim', $post_content['ignore_list']);
    $post_content['ignore_list'] = array_filter($post_content['ignore_list'], 'strlen');
}

$post_content['updatedby'] = $username;

if ($id != ''){
    
    //DEFINE ACCOUNTHIERARCHY
    $stmt = $pdo->prepare('SELECT * FROM contracts WHERE rowID = ?');
    $stmt->execute([$id]);
    $contract_data = $stmt->fetch();
     
    $contract_old = json_decode($contract_data['accounthierarchy']);
    $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $contract_old->salesid)? $post_content['salesid'] : $contract_old->salesid);
    $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $contract_old->soldto)? $post_content['soldto'] : $contract_old->soldto);
    $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto);
    $location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location);
    
    if (getHierarchyLevel($partner) == 0){
        //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
        $account = array(
        "salesid"=>$salesid_new,
        "soldto"=>$soldto_new,
        "shipto"=>$shipto_new,
        "location"=>$location_new
    );
    } 
    elseif (getHierarchyLevel($partner) == 1) {
        //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
        $account = array(
            "salesid"=>$contract_old->salesid,
            "soldto"=>$soldto_new,
            "shipto"=>$shipto_new,
            "location"=>$location_new
        );
    }
    else {
        $account = array(
            "salesid"=>$contract_old->salesid,
            "soldto"=>$contract_old->soldto,
            "shipto"=>$shipto_new,
            "location"=>$location_new
        );
    }

    //CHECK FOR CHANGES IN ASSIGNED_USERS
    if (isset($post_content['assigned_users'])){
        $assigned_users_current = json_decode($contract_data['assigned_users'],true);
        $assigned_users_new = $post_content['assigned_users'];

        // Find deleted items (items in current but not in new)
        $deletedItems = array_diff($assigned_users_current, $assigned_users_new);
        // Find added items (items in new but not in current)
        $addedItems = array_diff($assigned_users_new, $assigned_users_current);
        
        //When deleted items are found
        if (!empty($deletedItems)){            
            foreach ($deletedItems as $item){
            //CALL TO API FOR General information
            $api_url = '/v2/users/username='.$item;
            $responses = ioApi($api_url,'',$clientsecret);
                if (!empty($responses)){
                    $response = json_decode($responses,true);
                    
                    //If response is not null update the service flag of the user
                    if (count($response) != 0){
                        $id_removed_user = $response[0]['id'];
                        //Remove serviceflag from user
                        $sql = 'UPDATE users SET service = "", updatedby = ? WHERE id = ? ';
                        $stmt = $pdo->prepare($sql);
                        $stmt->execute([$username,$id_removed_user]); 
                    } 
                }
            }
        }
        
    }
}    
else {
    //ID is empty => INSERT / NEW RECORD
    if (getHierarchyLevel($partner) == 0){
        $account = array(
            "salesid"=>$post_content['salesid'],
            "soldto"=>$post_content['soldto'],
            "shipto"=>$post_content['shipto'],
            "location"=>$post_content['location']
        );
    } 
    elseif (getHierarchyLevel($partner) == 1){
        $account = array(
            "salesid"=>$partner->salesid,
            "soldto"=>$post_content['soldto'],
            "shipto"=>$post_content['shipto'],
            "location"=>$post_content['location']
        );
    }else {
        $account = array(
            "salesid"=>$partner->salesid,
            "soldto"=>$partner->soldto,
            "shipto"=>$post_content['shipto'],
            "location"=>$post_content['location']
        );
    }
}

// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY
$post_content['accounthierarchy'] = json_encode($account, JSON_UNESCAPED_UNICODE);

if ($command == 'insert' && !isset($post_content['delete'])){
    $post_content['created'] = $date;
    $post_content['createdby'] = $username;
}

//remove blanks from array
if (isset($post_content['servicetool'])){
    $post_content['servicetool'] = json_encode($post_content['servicetool'], JSON_UNESCAPED_UNICODE);
}
if (isset($post_content['ignore_list'])){
    $post_content['ignore_list'] = json_encode($post_content['ignore_list'], JSON_UNESCAPED_UNICODE);
    //ONLY ADMINS ARE ALLOWED TO UPDATE IGNORE LIST 
    if (getHierarchyLevel($partner) != 1 && getHierarchyLevel($partner) != 0){
        unset($post_content['ignore_list']);
    }
}
if (isset($post_content['assigned_users'])){
    //Check for all users in array if exist then update service or create
    foreach ($post_content['assigned_users'] as $user_assigned){
        //CALL TO API FOR General information
        $responses = ioApi('/v2/users/username='.$user_assigned,'',$clientsecret);
            if (!empty($responses)){
                $response = json_decode($responses,true);
                
                //If response is not null update the service flag of the user
                if (count($response) != 0){
                    $id_exist_user = $response[0]['id'];
                    $generate_service = bin2hex(random_bytes(25));
                    $sql = 'UPDATE users SET service = ? , updatedby = ? WHERE id = ? ';
                    $stmt = $pdo->prepare($sql);
                    if (isset($post_content['status']) && $post_content['status'] != 2){
                        //Add serviceflag from user
                        $stmt->execute([$generate_service,$username,$id_exist_user]);
                    }
                    else {
                        //Remove serviceflag from user when status is Closed
                        $stmt->execute(['',$id_exist_user]);
                    }
                } else {
                    //Decode the account structure of the contract and create user
                    $ah_array = json_decode($post_content['accounthierarchy'],true);
                    $data = json_encode(array("username" => $user_assigned, "email"=> $user_assigned,"view" => 2 ,"settings"=>"service","service"=> 1,"userkey"=> 1, "salesid" => $ah_array['salesid'], "soldto" => $ah_array['soldto'],"shipto" => $ah_array['shipto'],"location" => $ah_array['location']), JSON_UNESCAPED_UNICODE);
                    //call the API to create user
                    ioApi('/v2/users',$data,$clientsecret);
                }
            }
        }

    // UPDATE TO JSON
    $post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
}

//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){   
    foreach ($post_content as $key => $var){
        if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
            //do nothing
        }
        else {
            $criterias[$key] = $var;
            $clause .= ' , '.$key.' = ?';
            $clause_insert .= ' , '.$key.'';
            $input_insert .= ', ?'; // ? for each insert item
            $execute_input[]= $var; // Build array for input
        }
    }
}

//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma

//QUERY AND VERIFY ALLOWED
if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'U') === 1){
    $sql = 'UPDATE contracts SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
    $execute_input[] = $id;
    $stmt = $pdo->prepare($sql);
    $stmt->execute($execute_input);  

} 
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){    
        $sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')';
        $stmt = $pdo->prepare($sql);
        $stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('contract',$profile,$permission,'D') === 1){
    $stmt = $pdo->prepare('DELETE FROM contracts WHERE rowID = ? '.$whereclause.'');
    $stmt->execute([ $id ]); 

    //Add deletion to changelog
    changelog($dbname,'contracts',$id,'Delete','Delete',$username);
} else
{
    //do nothing
}

?>