dolibarr  9.0.0
api_documents.class.php
1 <?php
2 /* Copyright (C) 2016 Xebax Christy <xebax@wanadoo.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  * Copyright (C) 2016 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
5  *
6  * This program is free software you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
22 
23 
24 require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
25 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
26 
33 class Documents extends DolibarrApi
34 {
35 
39  static $DOCUMENT_FIELDS = array(
40  'modulepart'
41  );
42 
46  function __construct()
47  {
48  global $db;
49  $this->db = $db;
50  }
51 
52 
70  public function index($module_part, $original_file='')
71  {
72  global $conf, $langs;
73 
74  if (empty($module_part)) {
75  throw new RestException(400, 'bad value for parameter modulepart');
76  }
77  if (empty($original_file)) {
78  throw new RestException(400, 'bad value for parameter original_file');
79  }
80 
81  //--- Finds and returns the document
82  $entity=$conf->entity;
83 
84  $check_access = dol_check_secure_access_document($module_part, $original_file, $entity, DolibarrApiAccess::$user, '', 'read');
85  $accessallowed = $check_access['accessallowed'];
86  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
87  $original_file = $check_access['original_file'];
88 
89  if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
90  {
91  throw new RestException(401);
92  }
93  if (!$accessallowed) {
94  throw new RestException(401);
95  }
96 
97  $filename = basename($original_file);
98  $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
99 
100  if (! file_exists($original_file_osencoded))
101  {
102  throw new RestException(404, 'File not found');
103  }
104 
105  $file_content=file_get_contents($original_file_osencoded);
106  return array('filename'=>$filename, 'content-type' => dol_mimetype($filename), 'filesize'=>filesize($original_file), 'content'=>base64_encode($file_content), 'encoding'=>'base64' );
107  }
108 
109 
130  public function builddoc($module_part, $original_file='', $doctemplate='', $langcode='')
131  {
132  global $conf, $langs;
133 
134  if (empty($module_part)) {
135  throw new RestException(400, 'bad value for parameter modulepart');
136  }
137  if (empty($original_file)) {
138  throw new RestException(400, 'bad value for parameter original_file');
139  }
140 
141  $outputlangs = $langs;
142  if ($langcode && $langs->defaultlang != $langcode)
143  {
144  $outputlangs=new Translate('', $conf);
145  $outputlangs->setDefaultLang($langcode);
146  }
147 
148  //--- Finds and returns the document
149  $entity=$conf->entity;
150 
151  $check_access = dol_check_secure_access_document($module_part, $original_file, $entity, DolibarrApiAccess::$user, '', 'write');
152  $accessallowed = $check_access['accessallowed'];
153  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
154  $original_file = $check_access['original_file'];
155 
156  if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file)) {
157  throw new RestException(401);
158  }
159  if (!$accessallowed) {
160  throw new RestException(401);
161  }
162 
163  // --- Generates the document
164  $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
165  $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
166  $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
167 
168  $templateused='';
169 
170  if ($module_part == 'facture' || $module_part == 'invoice')
171  {
172  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
173  $this->invoice = new Facture($this->db);
174  $result = $this->invoice->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
175  if( ! $result ) {
176  throw new RestException(404, 'Invoice not found');
177  }
178 
179  $templateused = $doctemplate?$doctemplate:$this->invoice->modelpdf;
180  $result = $this->invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
181  if( $result <= 0 ) {
182  throw new RestException(500, 'Error generating document');
183  }
184  }
185  elseif ($module_part == 'commande' || $module_part == 'order')
186  {
187  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
188  $this->order = new Commande($this->db);
189  $result = $this->order->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
190  if( ! $result ) {
191  throw new RestException(404, 'Order not found');
192  }
193  $templateused = $doctemplate?$doctemplate:$this->order->modelpdf;
194  $result = $this->order->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
195  if( $result <= 0 ) {
196  throw new RestException(500, 'Error generating document');
197  }
198  }
199  elseif ($module_part == 'propal' || $module_part == 'proposal')
200  {
201  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
202  $this->propal = new Propal($this->db);
203  $result = $this->propal->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
204  if( ! $result ) {
205  throw new RestException(404, 'Proposal not found');
206  }
207  $templateused = $doctemplate?$doctemplate:$this->propal->modelpdf;
208  $result = $this->propal->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
209  if( $result <= 0 ) {
210  throw new RestException(500, 'Error generating document');
211  }
212  }
213  else
214  {
215  throw new RestException(403, 'Generation not available for this modulepart');
216  }
217 
218  $filename = basename($original_file);
219  $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
220 
221  if (! file_exists($original_file_osencoded))
222  {
223  throw new RestException(404, 'File not found');
224  }
225 
226  $file_content=file_get_contents($original_file_osencoded);
227  return array('filename'=>$filename, 'content-type' => dol_mimetype($filename), 'filesize'=>filesize($original_file), 'content'=>base64_encode($file_content), 'langcode'=>$outputlangs->defaultlang, 'template'=>$templateused, 'encoding'=>'base64' );
228  }
229 
248  function getDocumentsListByElement($modulepart, $id=0, $ref='', $sortfield='', $sortorder='')
249  {
250  global $conf;
251 
252  if (empty($modulepart)) {
253  throw new RestException(400, 'bad value for parameter modulepart');
254  }
255 
256  if (empty($id) && empty($ref)) {
257  throw new RestException(400, 'bad value for parameter id or ref');
258  }
259 
260  $id = (empty($id)?0:$id);
261 
262  if ($modulepart == 'societe' || $modulepart == 'thirdparty')
263  {
264  require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
265 
266  if (!DolibarrApiAccess::$user->rights->societe->lire) {
267  throw new RestException(401);
268  }
269 
270  $object = new Societe($this->db);
271  $result=$object->fetch($id, $ref);
272  if ( ! $result ) {
273  throw new RestException(404, 'Thirdparty not found');
274  }
275 
276  $upload_dir = $conf->societe->multidir_output[$object->entity] . "/" . $object->id;
277  }
278  else if ($modulepart == 'adherent' || $modulepart == 'member')
279  {
280  require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
281 
282  if (!DolibarrApiAccess::$user->rights->adherent->lire) {
283  throw new RestException(401);
284  }
285 
286  $object = new Adherent($this->db);
287  $result=$object->fetch($id, $ref);
288  if ( ! $result ) {
289  throw new RestException(404, 'Member not found');
290  }
291 
292  $upload_dir = $conf->adherent->dir_output . "/" . get_exdir(0, 0, 0, 1, $object, 'member');
293  }
294  else if ($modulepart == 'propal' || $modulepart == 'proposal')
295  {
296  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
297 
298  if (!DolibarrApiAccess::$user->rights->propal->lire) {
299  throw new RestException(401);
300  }
301 
302  $object = new Propal($this->db);
303  $result=$object->fetch($id, $ref);
304  if ( ! $result ) {
305  throw new RestException(404, 'Proposal not found');
306  }
307 
308  $upload_dir = $conf->propal->multidir_output[$object->entity] . "/" . get_exdir(0, 0, 0, 1, $object, 'propal');
309  }
310  else if ($modulepart == 'commande' || $modulepart == 'order')
311  {
312  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
313 
314  if (!DolibarrApiAccess::$user->rights->commande->lire) {
315  throw new RestException(401);
316  }
317 
318  $object = new Commande($this->db);
319  $result=$object->fetch($id, $ref);
320  if ( ! $result ) {
321  throw new RestException(404, 'Order not found');
322  }
323 
324  $upload_dir = $conf->commande->dir_output . "/" . get_exdir(0, 0, 0, 1, $object, 'commande');
325  }
326  else if ($modulepart == 'shipment' || $modulepart == 'expedition')
327  {
328  require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
329 
330  if (!DolibarrApiAccess::$user->rights->expedition->lire) {
331  throw new RestException(401);
332  }
333 
334  $object = new Expedition($this->db);
335  $result=$object->fetch($id, $ref);
336  if ( ! $result ) {
337  throw new RestException(404, 'Shipment not found');
338  }
339 
340  $upload_dir = $conf->expedition->dir_output . "/sending/" . get_exdir(0, 0, 0, 1, $object, 'shipment');
341  }
342  else if ($modulepart == 'facture' || $modulepart == 'invoice')
343  {
344  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
345 
346  if (!DolibarrApiAccess::$user->rights->facture->lire) {
347  throw new RestException(401);
348  }
349 
350  $object = new Facture($this->db);
351  $result=$object->fetch($id, $ref);
352  if ( ! $result ) {
353  throw new RestException(404, 'Invoice not found');
354  }
355 
356  $upload_dir = $conf->facture->dir_output . "/" . get_exdir(0, 0, 0, 1, $object, 'invoice');
357  }
358  else if ($modulepart == 'agenda' || $modulepart == 'action' || $modulepart == 'event')
359  {
360  require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
361 
362  if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) {
363  throw new RestException(401);
364  }
365 
366  $object = new ActionComm($this->db);
367  $result=$object->fetch($id, $ref);
368  if ( ! $result ) {
369  throw new RestException(404, 'Event not found');
370  }
371 
372  $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
373  }
374  else
375  {
376  throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
377  }
378 
379  $filearray=dol_dir_list($upload_dir,"files",0,'','(\.meta|_preview.*\.png)$',$sortfield,(strtolower($sortorder)=='desc'?SORT_DESC:SORT_ASC),1);
380  if (empty($filearray)) {
381  throw new RestException(404, 'Search for modulepart '.$modulepart.' with Id '.$object->id.(! empty($object->Ref)?' or Ref '.$object->ref:'').' does not return any document.');
382  }
383 
384  return $filearray;
385  }
386 
387 
396  /*
397  public function get($id) {
398  return array('note'=>'xxx');
399  }*/
400 
401 
424  public function post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0)
425  {
426  global $db, $conf;
427 
428  /*var_dump($modulepart);
429  var_dump($filename);
430  var_dump($filecontent);
431  exit;*/
432 
433  if(empty($modulepart))
434  {
435  throw new RestException(400, 'Modulepart not provided.');
436  }
437 
438  if (!DolibarrApiAccess::$user->rights->ecm->upload) {
439  throw new RestException(401);
440  }
441 
442  $newfilecontent = '';
443  if (empty($fileencoding)) $newfilecontent = $filecontent;
444  if ($fileencoding == 'base64') $newfilecontent = base64_decode($filecontent);
445 
446  $original_file = dol_sanitizeFileName($filename);
447 
448  // Define $uploadir
449  $object = null;
450  $entity = DolibarrApiAccess::$user->entity;
451  if ($ref)
452  {
453  $tmpreldir='';
454 
455  if ($modulepart == 'facture' || $modulepart == 'invoice')
456  {
457  $modulepart='facture';
458 
459  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
460  $object = new Facture($this->db);
461  }
462  elseif ($modulepart == 'project')
463  {
464  require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
465  $object = new Project($this->db);
466  }
467  elseif ($modulepart == 'task' || $modulepart == 'project_task')
468  {
469  $modulepart = 'project_task';
470 
471  require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
472  $object = new Task($this->db);
473 
474  $task_result = $object->fetch('', $ref);
475 
476  // Fetching the tasks project is required because its out_dir might be a sub-directory of the project
477  if($task_result > 0)
478  {
479  $project_result = $object->fetch_projet();
480 
481  if($project_result >= 0)
482  {
483  $tmpreldir = dol_sanitizeFileName($object->project->ref).'/';
484  }
485  }
486  else
487  {
488  throw new RestException(500, 'Error while fetching Task '.$ref);
489  }
490  }
491  // TODO Implement additional moduleparts
492  else
493  {
494  throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
495  }
496 
497  if(is_object($object))
498  {
499  $result = $object->fetch('', $ref);
500 
501  if($result == 0)
502  {
503  throw new RestException(404, "Object with ref '".$ref."' was not found.");
504  }
505  elseif ($result < 0)
506  {
507  throw new RestException(500, 'Error while fetching object.');
508  }
509  }
510 
511  if (! ($object->id > 0))
512  {
513  throw new RestException(404, 'The object '.$modulepart." with ref '".$ref."' was not found.");
514  }
515 
516  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
517 
518  $tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');
519  $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
520 
521  if (empty($upload_dir) || $upload_dir == '/')
522  {
523  throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
524  }
525  }
526  else
527  {
528  if ($modulepart == 'invoice') $modulepart ='facture';
529 
530  $relativefile = $subdir;
531 
532  $tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
533  $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
534 
535  if (empty($upload_dir) || $upload_dir == '/')
536  {
537  throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
538  }
539  }
540  // $original_file here is still value of filename without any dir.
541 
542  $upload_dir = dol_sanitizePathName($upload_dir);
543 
544  $destfile = $upload_dir . '/' . $original_file;
545  $destfiletmp = DOL_DATA_ROOT.'/admin/temp/' . $original_file;
546  dol_delete_file($destfiletmp);
547  //var_dump($original_file);exit;
548 
549  if (!dol_is_dir(dirname($destfile))) {
550  throw new RestException(401, 'Directory not exists : '.dirname($destfile));
551  }
552 
553  if (! $overwriteifexists && dol_is_file($destfile))
554  {
555  throw new RestException(500, "File with name '".$original_file."' already exists.");
556  }
557 
558  $fhandle = @fopen($destfiletmp, 'w');
559  if ($fhandle)
560  {
561  $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
562  fclose($fhandle);
563  @chmod($destfiletmp, octdec($conf->global->MAIN_UMASK));
564  }
565  else
566  {
567  throw new RestException(500, "Failed to open file '".$destfiletmp."' for write");
568  }
569 
570  $result = dol_move($destfiletmp, $destfile, 0, $overwriteifexists, 1);
571  if (! $result)
572  {
573  throw new RestException(500, "Failed to move file into '".$destfile."'");
574  }
575 
576  return dol_basename($destfile);
577  }
578 
586  function _validate_file($data) {
587  $result = array();
588  foreach (Documents::$DOCUMENT_FIELDS as $field) {
589  if (!isset($data[$field]))
590  throw new RestException(400, "$field field missing");
591  $result[$field] = $data[$field];
592  }
593  return $result;
594  }
595 }
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
index($module_part, $original_file='')
Download a document.
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
_validate_file($data)
Validate fields before create or update object.
Class to manage agenda events (actions)
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
get_exdir($num, $level, $alpha, $withoutslash, $object, $modulepart)
Return a path to have a the directory according to object where files are stored. ...
API class for receive files.
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return mime type of a file.
dol_is_dir($folder)
Test if filename is a directory.
Definition: files.lib.php:438
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices) ...
Definition: files.lib.php:2109
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1)
Move a file into another name.
Definition: files.lib.php:814
Class for API REST v1.
Definition: api.class.php:29
Class to manage third parties objects (customers, suppliers, prospects...)
Class to manage projects.
Class to manage shipments.
Class to manage customers orders.
Class to manage members of a foundation.
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
Definition: files.lib.php:35
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1)
Remove a file or several files with a mask.
Definition: files.lib.php:1139
builddoc($module_part, $original_file='', $doctemplate='', $langcode='')
Build a document.
Class to manage translations.
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0)
Scan a directory and return a list of files/directories.
Definition: files.lib.php:59
dol_is_file($pathoffile)
Return if path is a file.
Definition: files.lib.php:451
Class to manage tasks.
Definition: task.class.php:33
__construct()
Constructor.
Class to manage invoices.
getDocumentsListByElement($modulepart, $id=0, $ref='', $sortfield='', $sortorder='')
Return the list of documents of a dedicated element (from its ID or Ref)
Class to manage proposals.