dolibarr  9.0.0
api.class.php
1 <?php
2 /* Copyright (C) 2015 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  */
18 
23 
24 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
25 
30 {
31 
35  static protected $db;
36 
40  var $r;
41 
49  function __construct($db, $cachedir='', $refreshCache=false)
50  {
51  global $conf, $dolibarr_main_url_root;
52 
53  if (empty($cachedir)) $cachedir = $conf->api->dir_temp;
54  Defaults::$cacheDirectory = $cachedir;
55 
56  $this->db = $db;
57  $production_mode = ( empty($conf->global->API_PRODUCTION_MODE) ? false : true );
58  $this->r = new Restler($production_mode, $refreshCache);
59 
60  $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
61  $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
62 
63  $urlwithouturlrootautodetect=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim(DOL_MAIN_URL_ROOT));
64  $urlwithrootautodetect=$urlwithouturlroot.DOL_URL_ROOT; // This is to use local domain autodetected by dolibarr from url
65 
66  $this->r->setBaseUrls($urlwithouturlroot, $urlwithouturlrootautodetect);
67  $this->r->setAPIVersion(1);
68  //$this->r->setSupportedFormats('json');
69  //$this->r->setSupportedFormats('jsonFormat');
70  }
71 
79  /* Disabled, most APIs does not share same signature for method index
80  function index()
81  {
82  return array(
83  'success' => array(
84  'code' => 200,
85  'message' => __class__.' is up and running!'
86  )
87  );
88  }*/
89 
90 
97  function _cleanObjectDatas($object)
98  {
99 
100  // Remove $db object property for object
101  unset($object->db);
102  unset($object->isextrafieldmanaged);
103  unset($object->ismultientitymanaged);
104  unset($object->restrictiononfksoc);
105 
106  // Remove linkedObjects. We should already have linkedObjectIds that avoid huge responses
107  unset($object->linkedObjects);
108 
109  unset($object->lignes); // we don't want lignes, we want only ->lines
110 
111  unset($object->fields);
112  unset($object->oldline);
113 
114  unset($object->error);
115  unset($object->errors);
116 
117  unset($object->ref_previous);
118  unset($object->ref_next);
119  unset($object->ref_int);
120 
121  unset($object->projet); // Should be fk_project
122  unset($object->project); // Should be fk_project
123  unset($object->author); // Should be fk_user_author
124  unset($object->timespent_old_duration);
125  unset($object->timespent_id);
126  unset($object->timespent_duration);
127  unset($object->timespent_date);
128  unset($object->timespent_datehour);
129  unset($object->timespent_withhour);
130  unset($object->timespent_fk_user);
131  unset($object->timespent_note);
132 
133  unset($object->statuts);
134  unset($object->statuts_short);
135  unset($object->statuts_logo);
136  unset($object->statuts_long);
137  unset($object->labelstatut);
138  unset($object->labelstatut_short);
139 
140  unset($object->element);
141  unset($object->fk_element);
142  unset($object->table_element);
143  unset($object->table_element_line);
144  unset($object->class_element_line);
145  unset($object->picto);
146 
147  unset($object->fieldsforcombobox);
148  unset($object->comments);
149 
150  unset($object->skip_update_total);
151  unset($object->context);
152 
153  // Remove the $oldcopy property because it is not supported by the JSON
154  // encoder. The following error is generated when trying to serialize
155  // it: "Error encoding/decoding JSON: Type is not supported"
156  // Note: Event if this property was correctly handled by the JSON
157  // encoder, it should be ignored because keeping it would let the API
158  // have a very strange behavior: calling PUT and then GET on the same
159  // resource would give different results:
160  // PUT /objects/{id} -> returns object with oldcopy = previous version of the object
161  // GET /objects/{id} -> returns object with oldcopy empty
162  unset($object->oldcopy);
163 
164  // If object has lines, remove $db property
165  if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) {
166  $nboflines = count($object->lines);
167  for ($i=0; $i < $nboflines; $i++)
168  {
169  $this->_cleanObjectDatas($object->lines[$i]);
170 
171  unset($object->lines[$i]->contact);
172  unset($object->lines[$i]->contact_id);
173  unset($object->lines[$i]->country);
174  unset($object->lines[$i]->country_id);
175  unset($object->lines[$i]->country_code);
176  unset($object->lines[$i]->mode_reglement_id);
177  unset($object->lines[$i]->mode_reglement_code);
178  unset($object->lines[$i]->mode_reglement);
179  unset($object->lines[$i]->cond_reglement_id);
180  unset($object->lines[$i]->cond_reglement_code);
181  unset($object->lines[$i]->cond_reglement);
182  unset($object->lines[$i]->fk_delivery_address);
183  unset($object->lines[$i]->fk_projet);
184  unset($object->lines[$i]->thirdparty);
185  unset($object->lines[$i]->user);
186  unset($object->lines[$i]->model_pdf);
187  unset($object->lines[$i]->modelpdf);
188  unset($object->lines[$i]->note_public);
189  unset($object->lines[$i]->note_private);
190  unset($object->lines[$i]->fk_incoterms);
191  unset($object->lines[$i]->libelle_incoterms);
192  unset($object->lines[$i]->location_incoterms);
193  unset($object->lines[$i]->name);
194  unset($object->lines[$i]->lastname);
195  unset($object->lines[$i]->firstname);
196  unset($object->lines[$i]->civility_id);
197  unset($object->lines[$i]->fk_multicurrency);
198  unset($object->lines[$i]->multicurrency_code);
199  unset($object->lines[$i]->shipping_method_id);
200  }
201  }
202 
203  if (! empty($object->thirdparty) && is_object($object->thirdparty))
204  {
205  $this->_cleanObjectDatas($object->thirdparty);
206  }
207 
208  return $object;
209  }
210 
225  static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
226  {
227 
228  // Features/modules to check
229  $featuresarray = array($resource);
230  if (preg_match('/&/', $resource)) {
231  $featuresarray = explode("&", $resource);
232  }
233  else if (preg_match('/\|/', $resource)) {
234  $featuresarray = explode("|", $resource);
235  }
236 
237  // More subfeatures to check
238  if (! empty($feature2)) {
239  $feature2 = explode("|", $feature2);
240  }
241 
242  return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray, $resource_id, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
243  }
244 
251  function _checkFilters($sqlfilters)
252  {
253  //$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
254  //$tmp=preg_replace_all('/'.$regexstring.'/', '', $sqlfilters);
255  $tmp=$sqlfilters;
256  $ok=0;
257  $i=0; $nb=strlen($tmp);
258  $counter=0;
259  while ($i < $nb)
260  {
261  if ($tmp[$i]=='(') $counter++;
262  if ($tmp[$i]==')') $counter--;
263  if ($counter < 0)
264  {
265  $error="Bad sqlfilters=".$sqlfilters;
266  dol_syslog($error, LOG_WARNING);
267  return false;
268  }
269  $i++;
270  }
271  return true;
272  }
273 
274  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.NotCamelCaps
281  static function _forge_criteria_callback($matches)
282  {
283  // phpcs:enable
284  global $db;
285 
286  //dol_syslog("Convert matches ".$matches[1]);
287  if (empty($matches[1])) return '';
288  $tmp=explode(':',$matches[1]);
289  if (count($tmp) < 3) return '';
290 
291  $tmpescaped=$tmp[2];
292  if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis))
293  {
294  $tmpescaped = "'".$db->escape($regbis[1])."'";
295  }
296  else
297  {
298  $tmpescaped = $db->escape($tmpescaped);
299  }
300  return $db->escape($tmp[0]).' '.strtoupper($db->escape($tmp[1]))." ".$tmpescaped;
301  }
302 }
checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid')
Check access by user to object.
_cleanObjectDatas($object)
Executed method when API is called without parameter.
Definition: api.class.php:97
_checkFilters($sqlfilters)
Return if a $sqlfilters parameter is valid.
Definition: api.class.php:251
Class for API REST v1.
Definition: api.class.php:29
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
__construct($db, $cachedir='', $refreshCache=false)
Constructor.
Definition: api.class.php:49
static _forge_criteria_callback($matches)
Function to forge a SQL criteria.
Definition: api.class.php:281
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check user access to a resource.
Definition: api.class.php:225