dolibarr  9.0.0
api_contacts.class.php
1 <?php
2 /* Copyright (C) 2015 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <http://www.gnu.org/licenses/>.
16  */
17 
19 
20 //require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
21 //require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
22 
23 
30 class Contacts extends DolibarrApi
31 {
36  static $FIELDS = array(
37  'lastname',
38  );
39 
43  public $contact;
44 
48  function __construct()
49  {
50  global $db, $conf;
51  $this->db = $db;
52 
53  require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
54  require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
55 
56  $this->contact = new Contact($this->db);
57  }
58 
69  function get($id)
70  {
71  if (!DolibarrApiAccess::$user->rights->societe->contact->lire)
72  {
73  throw new RestException(401, 'No permission to read contacts');
74  }
75 
76  $result = $this->contact->fetch($id);
77  if (!$result)
78  {
79  throw new RestException(404, 'Contact not found');
80  }
81 
82  if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id, 'socpeople&societe'))
83  {
84  throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
85  }
86 
87  return $this->_cleanObjectDatas($this->contact);
88  }
89 
105  function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '')
106  {
107  global $db, $conf;
108 
109  $obj_ret = array();
110 
111  if (!DolibarrApiAccess::$user->rights->societe->contact->lire)
112  {
113  throw new RestException(401, 'No permission to read contacts');
114  }
115 
116  // case of external user, $thirdparty_ids param is ignored and replaced by user's socid
117  $socids = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $thirdparty_ids;
118 
119  // If the internal user must only see his customers, force searching by him
120  $search_sale = 0;
121  if (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids)
122  $search_sale = DolibarrApiAccess::$user->id;
123 
124  $sql = "SELECT t.rowid";
125  $sql.= " FROM " . MAIN_DB_PREFIX . "socpeople as t";
126  $sql.= " LEFT JOIN ".MAIN_DB_PREFIX . "socpeople_extrafields as te ON te.fk_object = t.rowid";
127  if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) {
128  // We need this table joined to the select in order to filter by sale
129  $sql.= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc";
130  }
131  $sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "societe as s ON t.fk_soc = s.rowid";
132  $sql.= ' WHERE t.entity IN (' . getEntity('socpeople') . ')';
133  if ($socids) $sql.= " AND t.fk_soc IN (" . $socids . ")";
134 
135  if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0)
136  $sql.= " AND t.fk_soc = sc.fk_soc";
137  if ($search_sale > 0)
138  $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
139  // Insert sale filter
140  if ($search_sale > 0)
141  {
142  $sql .= " AND sc.fk_user = " . $search_sale;
143  }
144  // Add sql filters
145  if ($sqlfilters)
146  {
147  if (! DolibarrApi::_checkFilters($sqlfilters))
148  {
149  throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
150  }
151  $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
152  $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
153  }
154 
155  $sql.= $db->order($sortfield, $sortorder);
156 
157  if ($limit)
158  {
159  if ($page < 0)
160  {
161  $page = 0;
162  }
163  $offset = $limit * $page;
164 
165  $sql.= $db->plimit($limit + 1, $offset);
166  }
167  $result = $db->query($sql);
168  if ($result)
169  {
170  $num = $db->num_rows($result);
171  $min = min($num, ($limit <= 0 ? $num : $limit));
172  while ($i < $min)
173  {
174  $obj = $db->fetch_object($result);
175  $contact_static = new Contact($db);
176  if ($contact_static->fetch($obj->rowid))
177  {
178  $obj_ret[] = $this->_cleanObjectDatas($contact_static);
179  }
180  $i++;
181  }
182  }
183  else {
184  throw new RestException(503, 'Error when retrieve contacts : ' . $sql);
185  }
186  if (!count($obj_ret))
187  {
188  throw new RestException(404, 'Contacts not found');
189  }
190  return $obj_ret;
191  }
192 
199  function post($request_data = null)
200  {
201  if (!DolibarrApiAccess::$user->rights->societe->contact->creer)
202  {
203  throw new RestException(401, 'No permission to create/update contacts');
204  }
205  // Check mandatory fields
206  $result = $this->_validate($request_data);
207 
208  foreach ($request_data as $field => $value)
209  {
210  $this->contact->$field = $value;
211  }
212  if ($this->contact->create(DolibarrApiAccess::$user) < 0) {
213  throw new RestException(500, "Error creating contact", array_merge(array($this->contact->error), $this->contact->errors));
214  }
215  return $this->contact->id;
216  }
217 
225  function put($id, $request_data = null)
226  {
227  if (!DolibarrApiAccess::$user->rights->societe->contact->creer)
228  {
229  throw new RestException(401, 'No permission to create/update contacts');
230  }
231 
232  $result = $this->contact->fetch($id);
233  if (!$result)
234  {
235  throw new RestException(404, 'Contact not found');
236  }
237 
238  if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id, 'socpeople&societe'))
239  {
240  throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
241  }
242 
243  foreach ($request_data as $field => $value)
244  {
245  if ($field == 'id') continue;
246  $this->contact->$field = $value;
247  }
248 
249  if ($this->contact->update($id, DolibarrApiAccess::$user, 1, '', '', 'update'))
250  return $this->get($id);
251 
252  return false;
253  }
254 
261  function delete($id)
262  {
263  if (!DolibarrApiAccess::$user->rights->societe->contact->supprimer)
264  {
265  throw new RestException(401, 'No permission to delete contacts');
266  }
267  $result = $this->contact->fetch($id);
268  if (!$result)
269  {
270  throw new RestException(404, 'Contact not found');
271  }
272 
273  if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id, 'socpeople&societe'))
274  {
275  throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
276  }
277 
278  return $this->contact->delete($id);
279  }
280 
290  function createUser($id, $request_data = null)
291  {
292  //if (!DolibarrApiAccess::$user->rights->user->user->creer) {
293  //throw new RestException(401);
294  //}
295 
296  if (!isset($request_data["login"]))
297  throw new RestException(400, "login field missing");
298  if (!isset($request_data["password"]))
299  throw new RestException(400, "password field missing");
300 
301  if (!DolibarrApiAccess::$user->rights->societe->contact->lire) {
302  throw new RestException(401, 'No permission to read contacts');
303  }
304  if (!DolibarrApiAccess::$user->rights->user->user->creer) {
305  throw new RestException(401, 'No permission to create user');
306  }
307 
308  $contact = new Contact($this->db);
309  $contact->fetch($id);
310  if ($contact->id <= 0) {
311  throw new RestException(404, 'Contact not found');
312  }
313 
314  if (!DolibarrApi::_checkAccessToResource('contact', $contact->id, 'socpeople&societe')) {
315  throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
316  }
317 
318  // Check mandatory fields
319  $login = $request_data["login"];
320  $password = $request_data["password"];
321  $useraccount = new User($this->db);
322  $result = $useraccount->create_from_contact($contact,$login,$password);
323  if ($result <= 0) {
324  throw new RestException(500, "User not created");
325  }
326  // password parameter not used in create_from_contact
327  $useraccount->setPassword($useraccount,$password);
328 
329  return $result;
330  }
331 
345  function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
346  {
347  if (! DolibarrApiAccess::$user->rights->categorie->lire) {
348  throw new RestException(401);
349  }
350 
351  $categories = new Categorie($this->db);
352 
353  $result = $categories->getListForItem($id, 'contact', $sortfield, $sortorder, $limit, $page);
354 
355  if (empty($result)) {
356  throw new RestException(404, 'No category found');
357  }
358 
359  if ($result < 0) {
360  throw new RestException(503, 'Error when retrieve category list : '.$categories->error);
361  }
362 
363  return $result;
364  }
365 
366 
373  function _cleanObjectDatas($object)
374  {
375 
376  $object = parent::_cleanObjectDatas($object);
377 
378  unset($object->total_ht);
379  unset($object->total_tva);
380  unset($object->total_localtax1);
381  unset($object->total_localtax2);
382  unset($object->total_ttc);
383 
384  unset($object->note);
385  unset($object->lines);
386  unset($object->thirdparty);
387 
388  return $object;
389  }
390 
398  function _validate($data)
399  {
400  $contact = array();
401  foreach (Contacts::$FIELDS as $field)
402  {
403  if (!isset($data[$field]))
404  throw new RestException(400, "$field field missing");
405  $contact[$field] = $data[$field];
406  }
407 
408  return $contact;
409  }
410 }
_cleanObjectDatas($object)
Clean sensible object datas.
Class to manage contact/addresses.
Class to manage Dolibarr users.
Definition: user.class.php:41
getCategories($id, $sortfield="s.rowid", $sortorder='ASC', $limit=0, $page=0)
Get categories for a contact.
_validate($data)
Validate fields before create or update object.
_checkFilters($sqlfilters)
Return if a $sqlfilters parameter is valid.
Definition: api.class.php:251
Class for API REST v1.
Definition: api.class.php:29
post($request_data=null)
Create contact object.
getEntity($element, $shared=1, $currentobject=null)
Get list of entity id to use.
Class to manage categories.
put($id, $request_data=null)
Update contact.
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check user access to a resource.
Definition: api.class.php:225
__construct()
Constructor.
createUser($id, $request_data=null)
Create an user account object from contact (external user)