18469fe958
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency. - Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions. - Adjusted session variable references to align with the new permissions structure across various modules.
143 lines
5.0 KiB
PHP
143 lines
5.0 KiB
PHP
<?php
|
|
defined(page_security_key) or exit;
|
|
|
|
$page = 'category';
|
|
//Check if allowed
|
|
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
|
|
header('location: index.php');
|
|
exit;
|
|
}
|
|
//PAGE Security
|
|
$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
|
|
$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
|
|
$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
|
|
|
|
$category = [
|
|
'rowID' => '',
|
|
'name' => '',
|
|
'parent_id' => 0,
|
|
'status' => 1,
|
|
'filter' => 0,
|
|
'accounthierarchy' => ''
|
|
];
|
|
|
|
$category_exclude = (isset($_GET['rowID'])) ? 'rowID_exclude='.$_GET['rowID'] : '';
|
|
|
|
//GET ALL CATEGORIES
|
|
$api_url = '/v2/categories/'.$category_exclude;
|
|
$categories = ioServer($api_url,'');
|
|
|
|
//Decode Payload
|
|
if (!empty($categories)){$categories = json_decode($categories,true);}else{$categories = null;}
|
|
|
|
if (isset($_GET['rowID'])) {
|
|
|
|
//CALL TO API
|
|
$api_url = '/v2/categories/rowID='.$_GET['rowID'];
|
|
$category = ioServer($api_url,'');
|
|
|
|
//Decode Payload
|
|
if (!empty($category)){$category = json_decode($category,true);}else{$category = null;}
|
|
$category = $category[0];
|
|
|
|
// ID param exists, edit an existing category
|
|
$page = 'Edit';
|
|
if (isset($_POST['submit'])) {
|
|
//Update the category
|
|
|
|
//GET ALL POST DATA
|
|
$payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
|
|
//API call
|
|
$responses = ioServer('/v2/categories', $payload);
|
|
if ($responses === 'NOK'){
|
|
|
|
} else {
|
|
header('Location: index.php?page=categories&success_msg=2');
|
|
exit;
|
|
}
|
|
}
|
|
if (isset($_POST['delete'])) {
|
|
//GET ALL POST DATA
|
|
$payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
|
|
var_dump($payload);
|
|
//API call
|
|
$responses = ioServer('/v2/categories', $payload);
|
|
if ($responses === 'NOK'){
|
|
|
|
} else {
|
|
//Redirect and delete product
|
|
header('Location: index.php?page=categories&success_msg=3');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
// Create a new category
|
|
$page = 'Create';
|
|
if (isset($_POST['submit'])) {
|
|
//GET ALL POST DATA
|
|
$payload = json_encode($_POST , JSON_UNESCAPED_UNICODE);
|
|
|
|
//API call
|
|
$responses = ioServer('/v2/categories', $payload);
|
|
if ($responses === 'NOK'){
|
|
// DO nothing
|
|
}
|
|
else {
|
|
header('Location: index.php?page=categories&success_msg=1');
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
|
|
template_header('Category', 'categories', 'manage');
|
|
|
|
$view ='
|
|
<form action="" method="post" enctype="multipart/form-data">
|
|
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
|
|
<h2 class="responsive-width-100">'.($categories_h2 ?? 'Categories').'</h2>
|
|
<a href="index.php?page=categories" class="btn alt mar-right-2">←</a>
|
|
';
|
|
|
|
if ($delete_allowed === 1){
|
|
$view .= '<input type="submit" name="delete" value="X" class="btn red mar-right-2" onclick="return confirm(\'Are you sure you want to delete this category?\')">';
|
|
}
|
|
if ($update_allowed === 1){
|
|
$view .= '<input type="submit" name="submit" value="💾" class="btn">';
|
|
}
|
|
|
|
$view .= '</div>';
|
|
|
|
$view .= '<div class="content-block tab-content active">
|
|
<div class="content-block">
|
|
<div class="form responsive-width-100">
|
|
<label for="name"><i class="required">*</i>'.($categories_name ?? 'Name').'</label>
|
|
<input id="name" type="text" name="name" placeholder="Name" value="'.$category['name'].'" required>
|
|
<label for="parent_id">'.($categories_parent ?? 'Parent').'</label>
|
|
<select id="parent_id" name="parent_id">
|
|
<option value="0">(none)</option>';
|
|
|
|
foreach ($categories as $c){
|
|
$view .= '<option value="'.$c['rowID'].'" '.(($c['rowID']==$category['parent_id']) ? ' selected':'').'>'.$c['name'].'</option>';
|
|
}
|
|
$view .= ' </select>
|
|
<label for="status">'.($categories_status ?? 'Status').'</label>
|
|
<select name="status">
|
|
<option value="1" '.($category['status']==1?' selected':'').'>'.$general_status_1.'</option>
|
|
<option value="0" '.($category['status']==0?' selected':'').'>'.$general_status_0.'</option>
|
|
</select>
|
|
<label for="status">'.($categories_filter ?? 'Filter criteria').'</label>
|
|
<select name="filter">
|
|
<option value="1" '.($category['filter']==1?' selected':'').'>'.$general_yes.'</option>
|
|
<option value="0" '.($category['filter']==0?' selected':'').'>'.$general_no.'</option>
|
|
</select>
|
|
<input type="hidden" name="rowID" value="'.$category['rowID'].'">
|
|
</div>
|
|
</div>
|
|
</form>';
|
|
|
|
//Output
|
|
echo $view;
|
|
template_footer()
|
|
?>
|