soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause list($whereclause,$condition) = getWhereclauselvl2("",$permission,$partner,''); //BUILD UP PARTNERHIERARCHY FROM USER $partner_hierarchy = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE); $id = $post_content['id'] ?? ''; //check for rowID $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT if (isset($post_content['delete'])){$command = 'delete';} //change command to delete $date = date('Y-m-d H:i:s'); //CREATE EMPTY STRINGS $clause = ''; $clause_insert =''; $input_insert = ''; if ($command == 'update'){ $post_content['updatedby'] = $username; $post_content['updated'] = $date; } if ($command == 'insert'){ $post_content['createdby'] = $username; $post_content['accounthierarchy'] = $partner_hierarchy; } //CREATE NEW ARRAY AND MAP TO CLAUSE if(isset($post_content) && $post_content!=''){ foreach ($post_content as $key => $var){ if ($key == 'submit' || $key == 'id' || $key == 'delete'){ //do nothing } else { // Handle empty parent_id as NULL for foreign key constraint if ($key == 'parent_id' && $var === '') { $var = null; } $criterias[$key] = $var; $clause .= ' , '.$key.' = ?'; $clause_insert .= ' , '.$key.''; $input_insert .= ', ?'; // ? for each insert item $execute_input[]= $var; // Build array for input } } } //CLEAN UP INPUT $clause = substr($clause, 2); //Clean clause - remove first comma $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma $input_insert = substr($input_insert, 1); //Clean clause - remove first comma //QUERY AND VERIFY ALLOWED if ($command == 'update' && isAllowed('marketing',$profile,$permission,'U') === 1){ $sql = 'UPDATE marketing_folders SET '.$clause.' WHERE id = ? '.$whereclause.''; $execute_input[] = $id; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); echo json_encode(['success' => true, 'message' => 'Folder updated successfully']); } elseif ($command == 'insert' && isAllowed('marketing',$profile,$permission,'C') === 1){ $sql = 'INSERT INTO marketing_folders ('.$clause_insert.') VALUES ('.$input_insert.')'; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); $folder_id = $pdo->lastInsertId(); echo json_encode(['success' => true, 'rowID' => $folder_id, 'message' => 'Folder created successfully']); } elseif ($command == 'delete' && isAllowed('marketing',$profile,$permission,'D') === 1){ // Check if folder has subfolders $subfolder_sql = 'SELECT COUNT(*) as count FROM marketing_folders WHERE parent_id = ? AND accounthierarchy LIKE ?'; $stmt = $pdo->prepare($subfolder_sql); $stmt->execute([$id, '%' . $partner->soldto . '%']); $subfolder_count = $stmt->fetch()['count']; // Check if folder has files $files_sql = 'SELECT COUNT(*) as count FROM marketing_files WHERE folder_id = ? AND accounthierarchy LIKE ?'; $stmt = $pdo->prepare($files_sql); $stmt->execute([$id, '%' . $partner->soldto . '%']); $files_count = $stmt->fetch()['count']; if ($subfolder_count > 0 || $files_count > 0) { echo json_encode(['error' => 'Cannot delete folder that contains subfolders or files']); } else { $stmt = $pdo->prepare('DELETE FROM marketing_folders WHERE id = ? '.$whereclause.''); $stmt->execute([ $id ]); echo json_encode(['success' => true, 'message' => 'Folder deleted successfully']); } } else { echo json_encode(['error' => 'Insufficient permissions or invalid operation']); } ?>