dolibarr  16.0.5
api_documents.class.php
1 <?php
2 /* Copyright (C) 2016 Xebax Christy <xebax@wanadoo.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  * Copyright (C) 2016 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
5  *
6  * This program is free software you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <https://www.gnu.org/licenses/>.
18  */
19 
20 use Luracast\Restler\RestException;
21 use Luracast\Restler\Format\UploadFormat;
22 
23 require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
24 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
25 
32 class Documents extends DolibarrApi
33 {
34 
38  public static $DOCUMENT_FIELDS = array(
39  'modulepart'
40  );
41 
45  public function __construct()
46  {
47  global $db;
48  $this->db = $db;
49  }
50 
51 
68  public function index($modulepart, $original_file = '')
69  {
70  global $conf, $langs;
71 
72  if (empty($modulepart)) {
73  throw new RestException(400, 'bad value for parameter modulepart');
74  }
75  if (empty($original_file)) {
76  throw new RestException(400, 'bad value for parameter original_file');
77  }
78 
79  //--- Finds and returns the document
80  $entity = $conf->entity;
81 
82  // Special cases that need to use get_exdir to get real dir of object
83  // If future, all object should use this to define path of documents.
84  /*
85  $tmpreldir = '';
86  if ($modulepart == 'supplier_invoice') {
87  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
88  }
89 
90  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
91  $relativefile = $original_file;
92 
93  $check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'read');
94  $accessallowed = $check_access['accessallowed'];
95  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
96  $original_file = $check_access['original_file'];
97 
98  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
99  throw new RestException(401);
100  }
101  if (!$accessallowed) {
102  throw new RestException(401);
103  }
104 
105  $filename = basename($original_file);
106  $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
107 
108  if (!file_exists($original_file_osencoded)) {
109  dol_syslog("Try to download not found file ".$original_file_osencoded, LOG_WARNING);
110  throw new RestException(404, 'File not found');
111  }
112 
113  $file_content = file_get_contents($original_file_osencoded);
114  return array('filename'=>$filename, 'content-type' => dol_mimetype($filename), 'filesize'=>filesize($original_file), 'content'=>base64_encode($file_content), 'encoding'=>'base64');
115  }
116 
117 
137  public function builddoc($modulepart, $original_file = '', $doctemplate = '', $langcode = '')
138  {
139  global $conf, $langs;
140 
141  if (empty($modulepart)) {
142  throw new RestException(400, 'bad value for parameter modulepart');
143  }
144  if (empty($original_file)) {
145  throw new RestException(400, 'bad value for parameter original_file');
146  }
147 
148  $outputlangs = $langs;
149  if ($langcode && $langs->defaultlang != $langcode) {
150  $outputlangs = new Translate('', $conf);
151  $outputlangs->setDefaultLang($langcode);
152  }
153 
154  //--- Finds and returns the document
155  $entity = $conf->entity;
156 
157  // Special cases that need to use get_exdir to get real dir of object
158  // If future, all object should use this to define path of documents.
159  /*
160  $tmpreldir = '';
161  if ($modulepart == 'supplier_invoice') {
162  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
163  }
164 
165  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
166  $relativefile = $original_file;
167 
168  $check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
169  $accessallowed = $check_access['accessallowed'];
170  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
171  $original_file = $check_access['original_file'];
172 
173  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
174  throw new RestException(401);
175  }
176  if (!$accessallowed) {
177  throw new RestException(401);
178  }
179 
180  // --- Generates the document
181  $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
182  $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
183  $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
184 
185  $templateused = '';
186 
187  if ($modulepart == 'facture' || $modulepart == 'invoice') {
188  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
189  $this->invoice = new Facture($this->db);
190  $result = $this->invoice->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
191  if (!$result) {
192  throw new RestException(404, 'Invoice not found');
193  }
194 
195  $templateused = $doctemplate ? $doctemplate : $this->invoice->model_pdf;
196  $result = $this->invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
197  if ($result <= 0) {
198  throw new RestException(500, 'Error generating document');
199  }
200  } elseif ($modulepart == 'commande' || $modulepart == 'order') {
201  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
202  $this->order = new Commande($this->db);
203  $result = $this->order->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
204  if (!$result) {
205  throw new RestException(404, 'Order not found');
206  }
207  $templateused = $doctemplate ? $doctemplate : $this->order->model_pdf;
208  $result = $this->order->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
209  if ($result <= 0) {
210  throw new RestException(500, 'Error generating document');
211  }
212  } elseif ($modulepart == 'propal' || $modulepart == 'proposal') {
213  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
214  $this->propal = new Propal($this->db);
215  $result = $this->propal->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
216  if (!$result) {
217  throw new RestException(404, 'Proposal not found');
218  }
219  $templateused = $doctemplate ? $doctemplate : $this->propal->model_pdf;
220  $result = $this->propal->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
221  if ($result <= 0) {
222  throw new RestException(500, 'Error generating document');
223  }
224  } else {
225  throw new RestException(403, 'Generation not available for this modulepart');
226  }
227 
228  $filename = basename($original_file);
229  $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
230 
231  if (!file_exists($original_file_osencoded)) {
232  throw new RestException(404, 'File not found');
233  }
234 
235  $file_content = file_get_contents($original_file_osencoded);
236  return array('filename'=>$filename, 'content-type' => dol_mimetype($filename), 'filesize'=>filesize($original_file), 'content'=>base64_encode($file_content), 'langcode'=>$outputlangs->defaultlang, 'template'=>$templateused, 'encoding'=>'base64');
237  }
238 
256  public function getDocumentsListByElement($modulepart, $id = 0, $ref = '', $sortfield = '', $sortorder = '')
257  {
258  global $conf;
259 
260  if (empty($modulepart)) {
261  throw new RestException(400, 'bad value for parameter modulepart');
262  }
263 
264  if (empty($id) && empty($ref)) {
265  throw new RestException(400, 'bad value for parameter id or ref');
266  }
267 
268  $id = (empty($id) ? 0 : $id);
269  $recursive = 0;
270  $type = 'files';
271 
272  if ($modulepart == 'societe' || $modulepart == 'thirdparty') {
273  require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
274 
275  if (!DolibarrApiAccess::$user->rights->societe->lire) {
276  throw new RestException(401);
277  }
278 
279  $object = new Societe($this->db);
280  $result = $object->fetch($id, $ref);
281  if (!$result) {
282  throw new RestException(404, 'Thirdparty not found');
283  }
284 
285  $upload_dir = $conf->societe->multidir_output[$object->entity]."/".$object->id;
286  } elseif ($modulepart == 'user') {
287  require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
288 
289  // Can get doc if has permission to read all user or if it is user itself
290  if (!DolibarrApiAccess::$user->rights->user->user->lire && DolibarrApiAccess::$user->id != $id) {
291  throw new RestException(401);
292  }
293 
294  $object = new User($this->db);
295  $result = $object->fetch($id, $ref);
296  if (!$result) {
297  throw new RestException(404, 'User not found');
298  }
299 
300  $upload_dir = $conf->user->dir_output.'/'.get_exdir(0, 0, 0, 0, $object, 'user').'/'.$object->id;
301  } elseif ($modulepart == 'adherent' || $modulepart == 'member') {
302  require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
303 
304  if (!DolibarrApiAccess::$user->rights->adherent->lire) {
305  throw new RestException(401);
306  }
307 
308  $object = new Adherent($this->db);
309  $result = $object->fetch($id, $ref);
310  if (!$result) {
311  throw new RestException(404, 'Member not found');
312  }
313 
314  $upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'member');
315  } elseif ($modulepart == 'propal' || $modulepart == 'proposal') {
316  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
317 
318  if (!DolibarrApiAccess::$user->rights->propal->lire) {
319  throw new RestException(401);
320  }
321 
322  $object = new Propal($this->db);
323  $result = $object->fetch($id, $ref);
324  if (!$result) {
325  throw new RestException(404, 'Proposal not found');
326  }
327 
328  $upload_dir = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
329  } elseif ($modulepart == 'supplier_proposal') {
330  require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
331 
332  if (!DolibarrApiAccess::$user->rights->supplier_proposal->read) {
333  throw new RestException(401);
334  }
335 
336  $object = new Propal($this->db);
337  $result = $object->fetch($id, $ref);
338  if (!$result) {
339  throw new RestException(404, 'Supplier proposal not found');
340  }
341 
342  $upload_dir = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
343  } elseif ($modulepart == 'commande' || $modulepart == 'order') {
344  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
345 
346  if (!DolibarrApiAccess::$user->rights->commande->lire) {
347  throw new RestException(401);
348  }
349 
350  $object = new Commande($this->db);
351  $result = $object->fetch($id, $ref);
352  if (!$result) {
353  throw new RestException(404, 'Order not found');
354  }
355 
356  $upload_dir = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande');
357  } elseif ($modulepart == 'commande_fournisseur' || $modulepart == 'supplier_order') {
358  $modulepart = 'supplier_order';
359 
360  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
361 
362  if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->lire) && empty(DolibarrApiAccess::$user->rights->supplier_order->lire)) {
363  throw new RestException(401);
364  }
365 
366  $object = new CommandeFournisseur($this->db);
367  $result = $object->fetch($id, $ref);
368  if (!$result) {
369  throw new RestException(404, 'Purchase order not found');
370  }
371 
372  $upload_dir = $conf->fournisseur->dir_output."/facture/".get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').dol_sanitizeFileName($object->ref);
373  } elseif ($modulepart == 'shipment' || $modulepart == 'expedition') {
374  require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
375 
376  if (!DolibarrApiAccess::$user->rights->expedition->lire) {
377  throw new RestException(401);
378  }
379 
380  $object = new Expedition($this->db);
381  $result = $object->fetch($id, $ref);
382  if (!$result) {
383  throw new RestException(404, 'Shipment not found');
384  }
385 
386  $upload_dir = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment');
387  } elseif ($modulepart == 'facture' || $modulepart == 'invoice') {
388  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
389 
390  if (!DolibarrApiAccess::$user->rights->facture->lire) {
391  throw new RestException(401);
392  }
393 
394  $object = new Facture($this->db);
395  $result = $object->fetch($id, $ref);
396  if (!$result) {
397  throw new RestException(404, 'Invoice not found');
398  }
399 
400  $upload_dir = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
401  } elseif ($modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice') {
402  $modulepart = 'supplier_invoice';
403 
404  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
405 
406  if (empty(DolibarrApiAccess::$user->rights->fournisseur->facture->lire) && empty(DolibarrApiAccess::$user->rights->supplier_invoice->lire)) {
407  throw new RestException(401);
408  }
409 
410  $object = new FactureFournisseur($this->db);
411  $result = $object->fetch($id, $ref);
412  if (!$result) {
413  throw new RestException(404, 'Invoice not found');
414  }
415 
416  $upload_dir = $conf->fournisseur->dir_output."/facture/".get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').dol_sanitizeFileName($object->ref);
417  } elseif ($modulepart == 'produit' || $modulepart == 'product') {
418  require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
419 
420  if (!DolibarrApiAccess::$user->rights->produit->lire) {
421  throw new RestException(401);
422  }
423 
424  $object = new Product($this->db);
425  $result = $object->fetch($id, $ref);
426  if ($result == 0) {
427  throw new RestException(404, 'Product not found');
428  } elseif ($result < 0) {
429  throw new RestException(500, 'Error while fetching object: '.$object->error);
430  }
431 
432  $upload_dir = $conf->product->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 1, $object, 'product');
433  } elseif ($modulepart == 'agenda' || $modulepart == 'action' || $modulepart == 'event') {
434  require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
435 
436  if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) {
437  throw new RestException(401);
438  }
439 
440  $object = new ActionComm($this->db);
441  $result = $object->fetch($id, $ref);
442  if (!$result) {
443  throw new RestException(404, 'Event not found');
444  }
445 
446  $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
447  } elseif ($modulepart == 'expensereport') {
448  require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
449 
450  if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
451  throw new RestException(401);
452  }
453 
454  $object = new ExpenseReport($this->db);
455  $result = $object->fetch($id, $ref);
456  if (!$result) {
457  throw new RestException(404, 'Expense report not found');
458  }
459 
460  $upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
461  } elseif ($modulepart == 'knowledgemanagement') {
462  require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php';
463 
464  if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read && !DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) {
465  throw new RestException(401);
466  }
467 
468  $object = new KnowledgeRecord($this->db);
469  $result = $object->fetch($id, $ref);
470  if (!$result) {
471  throw new RestException(404, 'KM article not found');
472  }
473 
474  $upload_dir = $conf->knowledgemanagement->dir_output.'/knowledgerecord/'.dol_sanitizeFileName($object->ref);
475  } elseif ($modulepart == 'categorie' || $modulepart == 'category') {
476  require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
477 
478  if (!DolibarrApiAccess::$user->rights->categorie->lire) {
479  throw new RestException(401);
480  }
481 
482  $object = new Categorie($this->db);
483  $result = $object->fetch($id, $ref);
484  if (!$result) {
485  throw new RestException(404, 'Category not found');
486  }
487 
488  $upload_dir = $conf->categorie->multidir_output[$object->entity].'/'.get_exdir($object->id, 2, 0, 0, $object, 'category').$object->id."/photos/".dol_sanitizeFileName($object->ref);
489  } elseif ($modulepart == 'ecm') {
490  throw new RestException(500, 'Modulepart Ecm not implemented yet.');
491  // // require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
492 
493  // if (!DolibarrApiAccess::$user->rights->ecm->read) {
494  // throw new RestException(401);
495  // }
496 
497  // // $object = new EcmDirectory($this->db);
498  // // $result = $object->fetch($ref);
499  // // if (!$result) {
500  // // throw new RestException(404, 'EcmDirectory not found');
501  // // }
502  // $upload_dir = $conf->ecm->dir_output;
503  // $type = 'all';
504  // $recursive = 0;
505  } else {
506  throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
507  }
508 
509  $objectType = $modulepart;
510  if (! empty($object->id) && ! empty($object->table_element)) {
511  $objectType = $object->table_element;
512  }
513 
514  $filearray = dol_dir_list($upload_dir, $type, $recursive, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1);
515  if (empty($filearray)) {
516  throw new RestException(404, 'Search for modulepart '.$modulepart.' with Id '.$object->id.(!empty($object->ref) ? ' or Ref '.$object->ref : '').' does not return any document.');
517  } else {
518  if (($object->id) > 0 && !empty($modulepart)) {
519  require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
520  $ecmfile = new EcmFiles($this->db);
521  $result = $ecmfile->fetchAll('', '', 0, 0, array('t.src_object_type' => $objectType, 't.src_object_id' => $object->id));
522  if ($result < 0) {
523  throw new RestException(503, 'Error when retrieve ecm list : '.$this->db->lasterror());
524  } elseif (is_array($ecmfile->lines) && count($ecmfile->lines) > 0) {
525  $count = count($filearray);
526  for ($i = 0 ; $i < $count ; $i++) {
527  if ($filearray[$i]['name'] == $ecmfile->lines[$i]->filename) $filearray[$i] = array_merge($filearray[$i], (array) $ecmfile->lines[0]);
528  }
529  }
530  }
531  }
532 
533  return $filearray;
534  }
535 
536 
545  /*
546  public function get($id) {
547  return array('note'=>'xxx');
548  }*/
549 
550 
575  public function post($filename, $modulepart, $ref = '', $subdir = '', $filecontent = '', $fileencoding = '', $overwriteifexists = 0, $createdirifnotexists = 1)
576  {
577  global $db, $conf;
578 
579  //var_dump($modulepart);
580  //var_dump($filename);
581  //var_dump($filecontent);exit;
582 
583  if (empty($modulepart)) {
584  throw new RestException(400, 'Modulepart not provided.');
585  }
586 
587  if (!DolibarrApiAccess::$user->rights->ecm->upload) {
588  throw new RestException(401);
589  }
590 
591  $newfilecontent = '';
592  if (empty($fileencoding)) {
593  $newfilecontent = $filecontent;
594  }
595  if ($fileencoding == 'base64') {
596  $newfilecontent = base64_decode($filecontent);
597  }
598 
599  $original_file = dol_sanitizeFileName($filename);
600 
601  // Define $uploadir
602  $object = null;
603  $entity = DolibarrApiAccess::$user->entity;
604  if (empty($entity)) {
605  $entity = 1;
606  }
607 
608  if ($ref) {
609  $tmpreldir = '';
610 
611  if ($modulepart == 'facture' || $modulepart == 'invoice') {
612  $modulepart = 'facture';
613 
614  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
615  $object = new Facture($this->db);
616  } elseif ($modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice') {
617  $modulepart = 'supplier_invoice';
618 
619  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
620  $object = new FactureFournisseur($this->db);
621  } elseif ($modulepart == 'commande' || $modulepart == 'order') {
622  $modulepart = 'commande';
623 
624  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
625  $object = new Commande($this->db);
626  } elseif ($modulepart == 'commande_fournisseur' || $modulepart == 'supplier_order') {
627  $modulepart = 'supplier_order';
628 
629  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
630  $object = new CommandeFournisseur($this->db);
631  } elseif ($modulepart == 'project') {
632  require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
633  $object = new Project($this->db);
634  } elseif ($modulepart == 'task' || $modulepart == 'project_task') {
635  $modulepart = 'project_task';
636 
637  require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
638  $object = new Task($this->db);
639 
640  $task_result = $object->fetch('', $ref);
641 
642  // Fetching the tasks project is required because its out_dir might be a sub-directory of the project
643  if ($task_result > 0) {
644  $project_result = $object->fetch_projet();
645 
646  if ($project_result >= 0) {
647  $tmpreldir = dol_sanitizeFileName($object->project->ref).'/';
648  }
649  } else {
650  throw new RestException(500, 'Error while fetching Task '.$ref);
651  }
652  } elseif ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service' || $modulepart == 'produit|service') {
653  require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
654  $object = new Product($this->db);
655  } elseif ($modulepart == 'expensereport') {
656  require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
657  $object = new ExpenseReport($this->db);
658  } elseif ($modulepart == 'fichinter') {
659  require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php';
660  $object = new Fichinter($this->db);
661  } elseif ($modulepart == 'adherent' || $modulepart == 'member') {
662  $modulepart = 'adherent';
663  require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
664  $object = new Adherent($this->db);
665  } elseif ($modulepart == 'proposal' || $modulepart == 'propal' || $modulepart == 'propale') {
666  $modulepart = 'propale';
667  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
668  $object = new Propal($this->db);
669  } else {
670  // TODO Implement additional moduleparts
671  throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
672  }
673 
674  if (is_object($object)) {
675  $result = $object->fetch('', $ref);
676 
677  if ($result == 0) {
678  throw new RestException(404, "Object with ref '".$ref."' was not found.");
679  } elseif ($result < 0) {
680  throw new RestException(500, 'Error while fetching object: '.$object->error);
681  }
682  }
683 
684  if (!($object->id > 0)) {
685  throw new RestException(404, 'The object '.$modulepart." with ref '".$ref."' was not found.");
686  }
687 
688  // Special cases that need to use get_exdir to get real dir of object
689  // In future, all object should use this to define path of documents.
690  if ($modulepart == 'supplier_invoice') {
691  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
692  }
693 
694  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
695 
696  $tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');
697  $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
698 
699  if (empty($upload_dir) || $upload_dir == '/') {
700  throw new RestException(500, 'This value of modulepart ('.$modulepart.') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
701  }
702  } else {
703  if ($modulepart == 'invoice') {
704  $modulepart = 'facture';
705  }
706  if ($modulepart == 'member') {
707  $modulepart = 'adherent';
708  }
709 
710  $relativefile = $subdir;
711  $tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
712  $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
713 
714  if (empty($upload_dir) || $upload_dir == '/') {
715  if (!empty($tmp['error'])) {
716  throw new RestException(401, 'Error returned by dol_check_secure_access_document: '.$tmp['error']);
717  } else {
718  throw new RestException(500, 'This value of modulepart ('.$modulepart.') is not allowed with this value of subdir ('.$relativefile.')');
719  }
720  }
721  }
722  // $original_file here is still value of filename without any dir.
723 
724  $upload_dir = dol_sanitizePathName($upload_dir);
725 
726  if (!empty($createdirifnotexists)) {
727  if (dol_mkdir($upload_dir) < 0) { // needed by products
728  throw new RestException(500, 'Error while trying to create directory '.$upload_dir);
729  }
730  }
731 
732  $destfile = $upload_dir.'/'.$original_file;
733  $destfiletmp = DOL_DATA_ROOT.'/admin/temp/'.$original_file;
734  dol_delete_file($destfiletmp);
735  //var_dump($original_file);exit;
736 
737  if (!dol_is_dir(dirname($destfile))) {
738  throw new RestException(401, 'Directory not exists : '.dirname($destfile));
739  }
740 
741  if (!$overwriteifexists && dol_is_file($destfile)) {
742  throw new RestException(500, "File with name '".$original_file."' already exists.");
743  }
744 
745  $fhandle = @fopen($destfiletmp, 'w');
746  if ($fhandle) {
747  $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
748  fclose($fhandle);
749  @chmod($destfiletmp, octdec($conf->global->MAIN_UMASK));
750  } else {
751  throw new RestException(500, "Failed to open file '".$destfiletmp."' for write");
752  }
753 
754  $result = dol_move($destfiletmp, $destfile, 0, $overwriteifexists, 1);
755  if (!$result) {
756  throw new RestException(500, "Failed to move file into '".$destfile."'");
757  }
758 
759  return dol_basename($destfile);
760  }
761 
775  public function delete($modulepart, $original_file)
776  {
777  global $conf, $langs;
778 
779  if (empty($modulepart)) {
780  throw new RestException(400, 'bad value for parameter modulepart');
781  }
782  if (empty($original_file)) {
783  throw new RestException(400, 'bad value for parameter original_file');
784  }
785 
786  //--- Finds and returns the document
787  $entity = $conf->entity;
788 
789  // Special cases that need to use get_exdir to get real dir of object
790  // If future, all object should use this to define path of documents.
791  /*
792  $tmpreldir = '';
793  if ($modulepart == 'supplier_invoice') {
794  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
795  }
796 
797  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
798  $relativefile = $original_file;
799 
800  $check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'read');
801  $accessallowed = $check_access['accessallowed'];
802  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
803  $original_file = $check_access['original_file'];
804 
805  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
806  throw new RestException(401);
807  }
808  if (!$accessallowed) {
809  throw new RestException(401);
810  }
811 
812  $filename = basename($original_file);
813  $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
814 
815  if (!file_exists($original_file_osencoded)) {
816  dol_syslog("Try to download not found file ".$original_file_osencoded, LOG_WARNING);
817  throw new RestException(404, 'File not found');
818  }
819 
820  if (@unlink($original_file_osencoded)) {
821  return array(
822  'success' => array(
823  'code' => 200,
824  'message' => 'Document deleted'
825  )
826  );
827  }
828 
829  throw new RestException(401);
830  }
831 
832  // phpcs:disable PEAR.NamingConventions.ValidFunctionName
840  private function _validate_file($data)
841  {
842  // phpcs:enable
843  $result = array();
844  foreach (Documents::$DOCUMENT_FIELDS as $field) {
845  if (!isset($data[$field])) {
846  throw new RestException(400, "$field field missing");
847  }
848  $result[$field] = $data[$field];
849  }
850  return $result;
851  }
852 }
Societe
Class to manage third parties objects (customers, suppliers, prospects...)
Definition: societe.class.php:48
db
$conf db
API class for accounts.
Definition: inc.php:41
dol_sanitizePathName
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
Definition: functions.lib.php:1251
dol_basename
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
Definition: files.lib.php:36
dol_sanitizeFileName
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
Definition: functions.lib.php:1226
Expedition
Class to manage shipments.
Definition: expedition.class.php:52
Project
Class to manage projects.
Definition: project.class.php:35
ActionComm
Class to manage agenda events (actions)
Definition: actioncomm.class.php:38
Documents\builddoc
builddoc($modulepart, $original_file='', $doctemplate='', $langcode='')
Build a document.
Definition: api_documents.class.php:137
dol_osencode
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
Definition: functions.lib.php:8498
FactureFournisseur
Class to manage suppliers invoices.
Definition: fournisseur.facture.class.php:53
Documents\getDocumentsListByElement
getDocumentsListByElement($modulepart, $id=0, $ref='', $sortfield='', $sortorder='')
Return the list of documents of a dedicated element (from its ID or Ref)
Definition: api_documents.class.php:256
KnowledgeRecord
Class for KnowledgeRecord.
Definition: knowledgerecord.class.php:32
Translate
Class to manage translations.
Definition: translate.class.php:30
Task
Class to manage tasks.
Definition: task.class.php:37
dol_mimetype
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
Definition: functions.lib.php:9740
dol_dir_list
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0)
Scan a directory and return a list of files/directories.
Definition: files.lib.php:60
Documents\index
index($modulepart, $original_file='')
Download a document.
Definition: api_documents.class.php:68
Categorie
Class to manage categories.
Definition: categorie.class.php:47
Facture
Class to manage invoices.
Definition: facture.class.php:60
Documents
API class for receive files.
Definition: api_documents.class.php:32
dol_is_file
dol_is_file($pathoffile)
Return if path is a file.
Definition: files.lib.php:477
DolibarrApi
Class for API REST v1.
Definition: api.class.php:30
dol_delete_file
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
Definition: files.lib.php:1231
get_exdir
get_exdir($num, $level, $alpha, $withoutslash, $object, $modulepart='')
Return a path to have a the directory according to object where files are stored.
Definition: functions.lib.php:6549
Documents\__construct
__construct()
Constructor.
Definition: api_documents.class.php:45
Commande
Class to manage customers orders.
Definition: commande.class.php:46
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1603
Adherent
Class to manage members of a foundation.
Definition: adherent.class.php:46
EcmFiles
Class to manage ECM files.
Definition: ecmfiles.class.php:35
dol_check_secure_access_document
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition: files.lib.php:2405
Documents\post
post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0, $createdirifnotexists=1)
Return a document.
Definition: api_documents.class.php:575
Fichinter
Class to manage interventions.
Definition: fichinter.class.php:37
CommandeFournisseur
Class to manage predefined suppliers products.
Definition: fournisseur.commande.class.php:47
User
Class to manage Dolibarr users.
Definition: user.class.php:44
Product
Class to manage products or services.
Definition: product.class.php:46
ExpenseReport
Class to manage Trips and Expenses.
Definition: expensereport.class.php:36
Documents\_validate_file
_validate_file($data)
Validate fields before create or update object.
Definition: api_documents.class.php:840
dol_is_dir
dol_is_dir($folder)
Test if filename is a directory.
Definition: files.lib.php:447
Propal
Class to manage proposals.
Definition: propal.class.php:52
dol_mkdir
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
Definition: functions.lib.php:6603
dol_move
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1)
Move a file into another name.
Definition: files.lib.php:855