pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
development
assetmgt/order.php
“VeLiTi” f7a91737bc Implement RBAC migration and role management enhancements 
- Added AJAX functionality to fetch role permissions for copying.
- Introduced system role management with permission checks for updates.
- Implemented role deletion with confirmation modal and backend handling.
- Enhanced user role assignment migration scripts to transition from legacy profiles to RBAC.
- Created SQL migration scripts for user roles and permissions mapping.
- Updated user interface to support new role management features including copy permissions and system role indicators.
2026-01-27 15:10:21 +01:00

381 lines
14 KiB
PHP
Raw Permalink Blame History

<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings_redirector.php';
//SET ORIGIN FOR NAVIGATION
$prev_page = $_SESSION['prev_origin'] ?? '';
$page = 'order';
//create backbutton to prev_origin
$back_btn_orgin = ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">←</a>':'';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION
$pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1;
//PAGE Security
$page_manage = 'order_manage';
$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
//GET Details from URL
$_GET['list'] = 'order';
$GET_VALUES = urlGETdetails($_GET) ?? '';
//CALL TO API
$api_url = '/v2/transactions/'.$GET_VALUES;
$order = ioServer($api_url,'');
//Decode Payload
if (!empty($order)){$order = json_decode($order,true);}else{$order = null;}
//HANDLE STATUS CHANGE
if ($update_allowed === 1){
if (isset($_POST['payment_status'])) {
//GET ALL POST DATA
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/transactions', $data);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=order&id='.$_POST['id'].'&success_msg=2');
exit;
}
}
}
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = $message_order_1 ?? 'Created';
}
if ($_GET['success_msg'] == 2) {
$success_msg = $message_order_2 ?? 'Updated';
}
if ($_GET['success_msg'] == 3) {
$success_msg = $message_order_3 ?? 'Deleted' ;
}
}
template_header('order', 'order', 'view');
$view = '
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.$order['header']['id'].' - '.$order['header']['txn_id'].'</h2>
<a href="index.php?page='.$_SESSION['origin'].'&p='.$_SESSION['p'].'" class="btn alt mar-right-2">←</a>
<a href="index.php?page=factuur&txn_id=' . $order['header']['txn_id'] . '&show_invoice=1" target="_blank" class="btn"><i class="fa-solid fa-file-pdf"></i></a>
';
//------------------------------------
//
//------------------------------------
if ($update_allowed_edit === 1){
$view .= '<a href="index.php?page=order_manage&id='.$order['header']['id'].'" class="btn">✏️</a>';
}
$view .= '</div>';
if (isset($success_msg)){
$view .= ' <div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
$view .= '<div class="content-block-wrapper">';
$view .='
<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-cart-shopping fa-sm"></i>Order Details
</div>
<div class="order-detail">
<h3>Order ID</h3>
<p>' . $order['header']['id'] . '</p>
</div>
<div class="order-detail">
<h3>Transaction ID</h3>
<p>' . $order['header']['txn_id'] . '</p>
</div>';
if ($order['header']['shipping_method']) {
$view .='
<div class="order-detail">
<h3>Shipping Method</h3>
<p>' . htmlspecialchars($order['header']['shipping_method'], ENT_QUOTES) . '</p>
</div>';
}
//Translate status INT to STR
$payment_status = 'payment_status_'.$order['header']['payment_status'];
$payment_method = 'payment_method_'.$order['header']['payment_method'];
$view .='
<div class="order-detail">
<h3>Payment Method</h3>
<p>' . (${$payment_method} ?? $order['header']['payment_method'] ). '</p>
</div>';
//STATUS CHANGE FORM
if ($update_allowed === 1){
$view .='
<div class="order-detail">
<h3>Payment Status</h3>
<form action="" method="post" style="margin: 0;">
<p><select id="payment_status" name="payment_status" onchange="this.form.submit();" style="border: none; background: transparent; padding: 0; cursor: pointer;">
<option value="0" '.($order['header']['payment_status']==0?' selected':'').'>'.$payment_status_0.'</option>
<option value="1" '.($order['header']['payment_status']==1?' selected':'').'>'.$payment_status_1.'</option>
<option value="101" '.($order['header']['payment_status']==101?' selected':'').'>'.$payment_status_101.'</option>
<option value="102" '.($order['header']['payment_status']==102?' selected':'').'>'.$payment_status_102.'</option>
<option value="103" '.($order['header']['payment_status']==103?' selected':'').'>'.$payment_status_103.'</option>
<option value="999" '.($order['header']['payment_status']==999?' selected':'').'>'.$payment_status_999.'</option>
</select></p>
<input type="hidden" name="id" value="'.$order['header']['id'].'">
</form>
</div>';
} else {
$view .='
<div class="order-detail">
<h3>Payment Status</h3>
<p>' . (${$payment_status} ?? $order['header']['payment_status'] ). '</p>
</div>';
}
$view .='
<div class="order-detail">
<h3>Date</h3>
<p>'.getRelativeTime($order['header']['created']). '</p>
</div>';
if ($order['header']['discount_code']) {
$view .='
<div class="order-detail">
<h3>Discount Code</h3>
<p>' . htmlspecialchars($order['header']['discount_code'], ENT_QUOTES) . '</p>
</div>';
}
$view .=' </div>';
// Account Details Block
$view .='
<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-user fa-sm"></i>Account Details
</div>';
if ($order['customer']['email']) {
$view .='
<div class="order-detail">
<h3>Email</h3>
<p><a href="index.php?page=account&id=' . $order['header']['id'] . '" target="_blank" class="link1" style="margin:0">' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '</a></p>
</div>
<div class="order-detail">
<h3>Name</h3>
<p>' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . '</p>
</div>
<div class="order-detail">
<h3>Address</h3>
<p style="text-align:right;">' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['city'], ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['state'], ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['zip'], ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['country'], ENT_QUOTES) . '</p>
</div>
<div class="order-detail">
<h3>Contact</h3>
<p style="text-align:right;">' . htmlspecialchars($order['customer']['phone'] ?? '-', ENT_QUOTES) . '</p>
</div>';
} else {
$view .=' <p>The order is not associated with an account.</p>';
}
$view .=' </div>';
// Customer Details Block
$view .='
<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-user fa-sm"></i>Customer Details
</div>
<div class="order-detail">
<h3>Email</h3>
<p>' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '</p>
</div>
<div class="order-detail">
<h3>Name</h3>
<p>' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . ' </p>
</div>
<div class="order-detail">
<h3>Address</h3>
<p style="text-align:right;">' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['city'] ?? '-', ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['state'] ?? '-', ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['zip'] ?? '-', ENT_QUOTES) . '<br>
' . htmlspecialchars($order['customer']['country'] ?? '-', ENT_QUOTES) . '</p>
</div>
<div class="order-detail">
<h3>Contact</h3>
<p style="text-align:right;">' . htmlspecialchars($order['customer']['phone'] ?? '-', ENT_QUOTES) . '</p>
</div>
</div>
</div>';
// Order Items Table
$view .='
<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>Order
</div>
<div class="table order-table">
<table>
<thead>
<tr>
<td>Product</td>
<td>Options</td>
<td>Qty</td>
<td class="responsive-hidden">Price</td>
<td style="text-align:right;">Total</td>
</tr>
</thead>
<tbody>';
if (empty($order)) {
$view .='
<tr>
<td colspan="5" style="text-align:center;">There are no order items</td>
</tr>';
} else {
foreach ($order['products'] as $item) {
$view .='
<tr>
<td>' . ($item['product_name'] ? htmlspecialchars(${$item['product_name']} ?? $item['product_name'] , ENT_QUOTES) : '(Product ' . $item['item_id'] . ')') . '</td>
<td>' . ($item['options'] ? htmlspecialchars(implode(", ", $item['options']), ENT_QUOTES) : '--') . '</td>
<td>' . $item['quantity'] . '</td>
<td class="responsive-hidden">' . number_format($item['price'], 2) . '</td>
<td style="text-align:right;">' . number_format($item['line_total'], 2) . '</td>
</tr>';
}
}
$view .='
<tr>
<td colspan="5" class="item-list-end"></td>
</tr>
<tr>
<td colspan="4" class="subtotal">Subtotal</td>
<td class="num">' . number_format($order['pricing']['subtotal'], 2) . '</td>
</tr>
<tr>
<td colspan="4" class="shipping">Shipping</td>
<td class="num">' . number_format($order['pricing']['shipping_total'], 2) . '</td>
</tr>
<tr>
<td colspan="4" class="shipping">Discount</td>
<td class="num">' . number_format($order['pricing']['discount_total'], 2) . '</td>
</tr>
<tr>
<td colspan="4" class="shipping">VAT</td>
<td class="num" style="border-bottom: 1px solid #f0f1f2;">' . number_format($order['pricing']['tax_total'], 2) . '</td>
</tr>
<tr>
<td colspan="4" class="total">Total</td>
<td class="num"><b>' . number_format($order['pricing']['payment_amount'], 2) . '</b></td>
</tr>
</tbody>
</table>
</div>
</div>';
// Giftcards Block
$view .='
<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>Giftcards
</div>
<div class="table order-table">
<a href="index.php?page=order&id=' . $order['header']['id'] . '&add_giftcard" class="btn">Relate giftcards</a>
<table>
<thead>
<tr>
<td>Giftcard</td>
<td>Valid</td>
<td>Value</td>
</tr>
</thead>
<tbody>';
if (empty($giftcards)) {
$view .='
<tr>
<td colspan="5" style="text-align:center;">There are no order items</td>
</tr>';
} else {
foreach ($giftcards as $giftcard) {
$view .='
<tr>
<td>' . $giftcard['discount_code'] . '</td>
<td>' . ($current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No') . '</td>
<td>' . number_format($giftcard['discount_value'], 2) . '</td>
</tr>';
}
}
$view .='
<tr>
<td colspan="5" class="item-list-end"></td>
</tr>
</tbody>
</table>
</div>
</div>';
// Invoice Block
$view .='
<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>Invoice
</div>
<div class="table order-table">
<table>
<tr>
<td style="width: 157px;">
<form action="index.php?page=factuur" method="post">
<input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
<input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm(\'Send invoice to customer?\');">
</form>
</td>
<td>
<form action="index.php?page=factuur" method="post">
<input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
<input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm(\'Send invoice to admin?\');">
</form>
</td>
</tr>
</table>
</div>';
$view .='</div>';
//OUTPUT
echo $view;
template_footer()
?>
Reference in New Issue View Git Blame Copy Permalink