mirror of
https://github.com/itflow-org/itflow
synced 2026-05-29 14:18:19 +00:00
API: Add some missing end points
This commit is contained in:
johnnyq
30
api/v1/products/create.php
Normal file
30
api/v1/products/create.php
Normal file
@@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Products require All Clients scope
|
||||
$insert_id = false;
|
||||
|
||||
if ($client_id == 0) {
|
||||
|
||||
$product_row = false; // Creation, not an update
|
||||
require_once 'product_model.php';
|
||||
|
||||
if (!empty($name)) {
|
||||
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = $price, product_cost = $cost, product_taxable = $taxable, product_type = '$type', product_identifier = '$identifier', product_notes = '$notes'");
|
||||
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Product", "Create", "Created product $name via API ($api_key_name)", 0, $insert_id);
|
||||
logAction("API", "Success", "Created product $name via API ($api_key_name)", 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../create_output.php';
|
||||
29
api/v1/products/delete.php
Normal file
29
api/v1/products/delete.php
Normal file
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$product_id = intval($_POST['product_id']);
|
||||
|
||||
// Default
|
||||
$delete_count = false;
|
||||
|
||||
// Products require All Clients scope
|
||||
if (!empty($product_id) && $client_id == 0) {
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = $product_id LIMIT 1"));
|
||||
$product_name = $row['product_name'];
|
||||
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id LIMIT 1");
|
||||
|
||||
if ($delete_sql && !empty($product_name)) {
|
||||
$delete_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Product", "Delete", "$product_name via API ($api_key_name)", 0);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../delete_output.php';
|
||||
68
api/v1/products/product_model.php
Normal file
68
api/v1/products/product_model.php
Normal file
@@ -0,0 +1,68 @@
|
||||
<?php
|
||||
|
||||
// Variable assignment from POST (or: blank/from DB is updating)
|
||||
// Note: products are not scoped to a client_id
|
||||
|
||||
if (isset($_POST['product_name'])) {
|
||||
$name = sanitizeInput($_POST['product_name']);
|
||||
} elseif ($product_row) {
|
||||
$name = mysqli_real_escape_string($mysqli, $product_row['product_name']);
|
||||
} else {
|
||||
$name = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['product_description'])) {
|
||||
$description = sanitizeInput($_POST['product_description']);
|
||||
} elseif ($product_row) {
|
||||
$description = mysqli_real_escape_string($mysqli, $product_row['product_description']);
|
||||
} else {
|
||||
$description = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['product_price'])) {
|
||||
$price = floatval($_POST['product_price']);
|
||||
} elseif ($product_row) {
|
||||
$price = $product_row['product_price'];
|
||||
} else {
|
||||
$price = 0;
|
||||
}
|
||||
|
||||
if (isset($_POST['product_cost'])) {
|
||||
$cost = floatval($_POST['product_cost']);
|
||||
} elseif ($product_row) {
|
||||
$cost = $product_row['product_cost'];
|
||||
} else {
|
||||
$cost = 0;
|
||||
}
|
||||
|
||||
if (isset($_POST['product_taxable'])) {
|
||||
$taxable = intval($_POST['product_taxable']);
|
||||
} elseif ($product_row) {
|
||||
$taxable = $product_row['product_taxable'];
|
||||
} else {
|
||||
$taxable = 0;
|
||||
}
|
||||
|
||||
if (isset($_POST['product_type'])) {
|
||||
$type = sanitizeInput($_POST['product_type']);
|
||||
} elseif ($product_row) {
|
||||
$type = mysqli_real_escape_string($mysqli, $product_row['product_type']);
|
||||
} else {
|
||||
$type = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['product_identifier'])) {
|
||||
$identifier = sanitizeInput($_POST['product_identifier']);
|
||||
} elseif ($product_row) {
|
||||
$identifier = mysqli_real_escape_string($mysqli, $product_row['product_identifier']);
|
||||
} else {
|
||||
$identifier = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['product_notes'])) {
|
||||
$notes = sanitizeInput($_POST['product_notes']);
|
||||
} elseif ($product_row) {
|
||||
$notes = mysqli_real_escape_string($mysqli, $product_row['product_notes']);
|
||||
} else {
|
||||
$notes = '';
|
||||
}
|
||||
32
api/v1/products/update.php
Normal file
32
api/v1/products/update.php
Normal file
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$product_id = intval($_POST['product_id']);
|
||||
|
||||
// Default
|
||||
$update_count = false;
|
||||
|
||||
// Products require All Clients scope
|
||||
if (!empty($product_id) && $client_id == 0) {
|
||||
|
||||
$product_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$product_id' LIMIT 1"));
|
||||
|
||||
require_once 'product_model.php';
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE products SET product_name = '$name', product_description = '$description', product_price = $price, product_cost = $cost, product_taxable = $taxable, product_type = '$type', product_identifier = '$identifier', product_notes = '$notes' WHERE product_id = $product_id LIMIT 1");
|
||||
|
||||
if ($update_sql) {
|
||||
$update_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Product", "Edit", "$name via API ($api_key_name)", 0);
|
||||
logAction("API", "Success", "Edited product $name via API ($api_key_name)", 0);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../update_output.php';
|
||||
Reference in New Issue
Block a user