<?php
defined($security_key) or exit;

//------------------------------------------
// RMA
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

//CONTENT FROM API (POST)
$post_content = json_decode($input,true);

//default whereclause
$whereclause = '';

//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete

//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';

//INCLUDE ACCOUNTHIERARCHY
$account = array(
    "salesid"=>$partner->salesid,
    "soldto"=>$partner->soldto,
    "shipto"=>$partner->shipto,
    "location"=>$partner->location
);

// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
// add to post_content
$post_content['accounthierarchy'] = $accounthierarchy;

//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
$post_content['updatedby'] = $username;

if ($command == 'insert'){
    $post_content['createdby'] = $username;
}

//ENCODE HEADER AND QUESTIONS
if (isset($post_content['header'])){$post_content['header'] = json_encode($post_content['header'], JSON_UNESCAPED_UNICODE);}
if (isset($post_content['questions'])){$post_content['questions'] = json_encode($post_content['questions'], JSON_UNESCAPED_UNICODE);}

//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){   
    foreach ($post_content as $key => $var){
        if ($key == 'save' ||$key == 'submit' || $key == 'delete' || $key == 'rowID'){
            //do nothing
        }
        else {
            $criterias[$key] = $var;
            $clause .= ' , '.$key.' = ?';
            $clause_insert .= ' , '.$key.'';
            $input_insert .= ', ?'; // ? for each insert item
            $execute_input[]= $var; // Build array for input
        }
    }
}

//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma

//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('rma',$profile,$permission,'U') === 1){
    $sql = 'UPDATE rma SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
    $execute_input[] = $id;
    $stmt = $pdo->prepare($sql);
    $stmt->execute($execute_input);
} 
elseif ($command == 'insert' && isAllowed('rma',$profile,$permission,'C') === 1){
    $sql = 'INSERT INTO rma ('.$clause_insert.') VALUES ('.$input_insert.')';
    $stmt = $pdo->prepare($sql);
    $stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('rma',$profile,$permission,'D') === 1){
    $stmt = $pdo->prepare('DELETE FROM rma WHERE rowID = ? '.$whereclause.'');
    $stmt->execute([ $id ]); 

    //Add deletion to changelog
    changelog($dbname,'rma',$id,'Delete','Delete',$username);
} else
{
    //do nothing
}

?>