dolibarr  17.0.4
api_documents.class.php
1 <?php
2 /* Copyright (C) 2016 Xebax Christy <xebax@wanadoo.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  * Copyright (C) 2016 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
5  *
6  * This program is free software you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <https://www.gnu.org/licenses/>.
18  */
19 
20 use Luracast\Restler\RestException;
21 use Luracast\Restler\Format\UploadFormat;
22 
23 require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
24 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
25 
32 class Documents extends DolibarrApi
33 {
34 
38  public static $DOCUMENT_FIELDS = array(
39  'modulepart'
40  );
41 
45  public function __construct()
46  {
47  global $db;
48  $this->db = $db;
49  }
50 
51 
68  public function index($modulepart, $original_file = '')
69  {
70  global $conf, $langs;
71 
72  if (empty($modulepart)) {
73  throw new RestException(400, 'bad value for parameter modulepart');
74  }
75  if (empty($original_file)) {
76  throw new RestException(400, 'bad value for parameter original_file');
77  }
78 
79  //--- Finds and returns the document
80  $entity = $conf->entity;
81 
82  // Special cases that need to use get_exdir to get real dir of object
83  // If future, all object should use this to define path of documents.
84  /*
85  $tmpreldir = '';
86  if ($modulepart == 'supplier_invoice') {
87  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
88  }
89 
90  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
91  $relativefile = $original_file;
92 
93  $check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'read');
94  $accessallowed = $check_access['accessallowed'];
95  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
96  $original_file = $check_access['original_file'];
97 
98  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
99  throw new RestException(401);
100  }
101  if (!$accessallowed) {
102  throw new RestException(401);
103  }
104 
105  $filename = basename($original_file);
106  $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
107 
108  if (!file_exists($original_file_osencoded)) {
109  dol_syslog("Try to download not found file ".$original_file_osencoded, LOG_WARNING);
110  throw new RestException(404, 'File not found');
111  }
112 
113  $file_content = file_get_contents($original_file_osencoded);
114  return array('filename'=>$filename, 'content-type' => dol_mimetype($filename), 'filesize'=>filesize($original_file), 'content'=>base64_encode($file_content), 'encoding'=>'base64');
115  }
116 
117 
137  public function builddoc($modulepart, $original_file = '', $doctemplate = '', $langcode = '')
138  {
139  global $conf, $langs;
140 
141  if (empty($modulepart)) {
142  throw new RestException(400, 'bad value for parameter modulepart');
143  }
144  if (empty($original_file)) {
145  throw new RestException(400, 'bad value for parameter original_file');
146  }
147 
148  $outputlangs = $langs;
149  if ($langcode && $langs->defaultlang != $langcode) {
150  $outputlangs = new Translate('', $conf);
151  $outputlangs->setDefaultLang($langcode);
152  }
153 
154  //--- Finds and returns the document
155  $entity = $conf->entity;
156 
157  // Special cases that need to use get_exdir to get real dir of object
158  // If future, all object should use this to define path of documents.
159  /*
160  $tmpreldir = '';
161  if ($modulepart == 'supplier_invoice') {
162  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
163  }
164 
165  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
166  $relativefile = $original_file;
167 
168  $check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
169  $accessallowed = $check_access['accessallowed'];
170  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
171  $original_file = $check_access['original_file'];
172 
173  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
174  throw new RestException(401);
175  }
176  if (!$accessallowed) {
177  throw new RestException(401);
178  }
179 
180  // --- Generates the document
181  $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
182  $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
183  $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
184 
185  $templateused = '';
186 
187  if ($modulepart == 'facture' || $modulepart == 'invoice') {
188  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
189  $this->invoice = new Facture($this->db);
190  $result = $this->invoice->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
191  if (!$result) {
192  throw new RestException(404, 'Invoice not found');
193  }
194 
195  $templateused = $doctemplate ? $doctemplate : $this->invoice->model_pdf;
196  $result = $this->invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
197  if ($result <= 0) {
198  throw new RestException(500, 'Error generating document');
199  }
200  } elseif ($modulepart == 'commande' || $modulepart == 'order') {
201  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
202  $this->order = new Commande($this->db);
203  $result = $this->order->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
204  if (!$result) {
205  throw new RestException(404, 'Order not found');
206  }
207  $templateused = $doctemplate ? $doctemplate : $this->order->model_pdf;
208  $result = $this->order->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
209  if ($result <= 0) {
210  throw new RestException(500, 'Error generating document');
211  }
212  } elseif ($modulepart == 'propal' || $modulepart == 'proposal') {
213  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
214  $this->propal = new Propal($this->db);
215  $result = $this->propal->fetch(0, preg_replace('/\.[^\.]+$/', '', basename($original_file)));
216  if (!$result) {
217  throw new RestException(404, 'Proposal not found');
218  }
219  $templateused = $doctemplate ? $doctemplate : $this->propal->model_pdf;
220  $result = $this->propal->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
221  if ($result <= 0) {
222  throw new RestException(500, 'Error generating document');
223  }
224  } else {
225  throw new RestException(403, 'Generation not available for this modulepart');
226  }
227 
228  $filename = basename($original_file);
229  $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
230 
231  if (!file_exists($original_file_osencoded)) {
232  throw new RestException(404, 'File not found');
233  }
234 
235  $file_content = file_get_contents($original_file_osencoded);
236  return array('filename'=>$filename, 'content-type' => dol_mimetype($filename), 'filesize'=>filesize($original_file), 'content'=>base64_encode($file_content), 'langcode'=>$outputlangs->defaultlang, 'template'=>$templateused, 'encoding'=>'base64');
237  }
238 
256  public function getDocumentsListByElement($modulepart, $id = 0, $ref = '', $sortfield = '', $sortorder = '')
257  {
258  global $conf;
259 
260  if (empty($modulepart)) {
261  throw new RestException(400, 'bad value for parameter modulepart');
262  }
263 
264  if (empty($id) && empty($ref)) {
265  throw new RestException(400, 'bad value for parameter id or ref');
266  }
267 
268  $id = (empty($id) ? 0 : $id);
269  $recursive = 0;
270  $type = 'files';
271 
272  if ($modulepart == 'societe' || $modulepart == 'thirdparty') {
273  require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
274 
275  if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
276  throw new RestException(401);
277  }
278 
279  $object = new Societe($this->db);
280  $result = $object->fetch($id, $ref);
281  if (!$result) {
282  throw new RestException(404, 'Thirdparty not found');
283  }
284 
285  $upload_dir = $conf->societe->multidir_output[$object->entity]."/".$object->id;
286  } elseif ($modulepart == 'user') {
287  require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
288 
289  // Can get doc if has permission to read all user or if it is user itself
290  if (!DolibarrApiAccess::$user->rights->user->user->lire && DolibarrApiAccess::$user->id != $id) {
291  throw new RestException(401);
292  }
293 
294  $object = new User($this->db);
295  $result = $object->fetch($id, $ref);
296  if (!$result) {
297  throw new RestException(404, 'User not found');
298  }
299 
300  $upload_dir = $conf->user->dir_output.'/'.get_exdir(0, 0, 0, 0, $object, 'user').'/'.$object->id;
301  } elseif ($modulepart == 'adherent' || $modulepart == 'member') {
302  require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
303 
304  if (!DolibarrApiAccess::$user->rights->adherent->lire) {
305  throw new RestException(401);
306  }
307 
308  $object = new Adherent($this->db);
309  $result = $object->fetch($id, $ref);
310  if (!$result) {
311  throw new RestException(404, 'Member not found');
312  }
313 
314  $upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'member');
315  } elseif ($modulepart == 'propal' || $modulepart == 'proposal') {
316  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
317 
318  if (!DolibarrApiAccess::$user->rights->propal->lire) {
319  throw new RestException(401);
320  }
321 
322  $object = new Propal($this->db);
323  $result = $object->fetch($id, $ref);
324  if (!$result) {
325  throw new RestException(404, 'Proposal not found');
326  }
327 
328  $upload_dir = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
329  } elseif ($modulepart == 'supplier_proposal') {
330  require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
331 
332  if (!DolibarrApiAccess::$user->rights->supplier_proposal->read) {
333  throw new RestException(401);
334  }
335 
336  $object = new Propal($this->db);
337  $result = $object->fetch($id, $ref);
338  if (!$result) {
339  throw new RestException(404, 'Supplier proposal not found');
340  }
341 
342  $upload_dir = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
343  } elseif ($modulepart == 'commande' || $modulepart == 'order') {
344  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
345 
346  if (!DolibarrApiAccess::$user->rights->commande->lire) {
347  throw new RestException(401);
348  }
349 
350  $object = new Commande($this->db);
351  $result = $object->fetch($id, $ref);
352  if (!$result) {
353  throw new RestException(404, 'Order not found');
354  }
355 
356  $upload_dir = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande');
357  } elseif ($modulepart == 'commande_fournisseur' || $modulepart == 'supplier_order') {
358  $modulepart = 'supplier_order';
359 
360  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
361 
362  if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->lire) && empty(DolibarrApiAccess::$user->rights->supplier_order->lire)) {
363  throw new RestException(401);
364  }
365 
366  $object = new CommandeFournisseur($this->db);
367  $result = $object->fetch($id, $ref);
368  if (!$result) {
369  throw new RestException(404, 'Purchase order not found');
370  }
371 
372  $upload_dir = $conf->fournisseur->dir_output."/facture/".get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').dol_sanitizeFileName($object->ref);
373  } elseif ($modulepart == 'shipment' || $modulepart == 'expedition') {
374  require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
375 
376  if (!DolibarrApiAccess::$user->rights->expedition->lire) {
377  throw new RestException(401);
378  }
379 
380  $object = new Expedition($this->db);
381  $result = $object->fetch($id, $ref);
382  if (!$result) {
383  throw new RestException(404, 'Shipment not found');
384  }
385 
386  $upload_dir = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment');
387  } elseif ($modulepart == 'facture' || $modulepart == 'invoice') {
388  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
389 
390  if (!DolibarrApiAccess::$user->rights->facture->lire) {
391  throw new RestException(401);
392  }
393 
394  $object = new Facture($this->db);
395  $result = $object->fetch($id, $ref);
396  if (!$result) {
397  throw new RestException(404, 'Invoice not found');
398  }
399 
400  $upload_dir = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
401  } elseif ($modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice') {
402  $modulepart = 'supplier_invoice';
403 
404  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
405 
406  if (empty(DolibarrApiAccess::$user->rights->fournisseur->facture->lire) && empty(DolibarrApiAccess::$user->rights->supplier_invoice->lire)) {
407  throw new RestException(401);
408  }
409 
410  $object = new FactureFournisseur($this->db);
411  $result = $object->fetch($id, $ref);
412  if (!$result) {
413  throw new RestException(404, 'Invoice not found');
414  }
415 
416  $upload_dir = $conf->fournisseur->dir_output."/facture/".get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').dol_sanitizeFileName($object->ref);
417  } elseif ($modulepart == 'produit' || $modulepart == 'product') {
418  require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
419 
420  if (!DolibarrApiAccess::$user->rights->produit->lire) {
421  throw new RestException(401);
422  }
423 
424  $object = new Product($this->db);
425  $result = $object->fetch($id, $ref);
426  if ($result == 0) {
427  throw new RestException(404, 'Product not found');
428  } elseif ($result < 0) {
429  throw new RestException(500, 'Error while fetching object: '.$object->error);
430  }
431 
432  $upload_dir = $conf->product->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 1, $object, 'product');
433  } elseif ($modulepart == 'agenda' || $modulepart == 'action' || $modulepart == 'event') {
434  require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
435 
436  if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) {
437  throw new RestException(401);
438  }
439 
440  $object = new ActionComm($this->db);
441  $result = $object->fetch($id, $ref);
442  if (!$result) {
443  throw new RestException(404, 'Event not found');
444  }
445 
446  $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
447  } elseif ($modulepart == 'expensereport') {
448  require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
449 
450  if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
451  throw new RestException(401);
452  }
453 
454  $object = new ExpenseReport($this->db);
455  $result = $object->fetch($id, $ref);
456  if (!$result) {
457  throw new RestException(404, 'Expense report not found');
458  }
459 
460  $upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
461  } elseif ($modulepart == 'knowledgemanagement') {
462  require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php';
463 
464  if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read && !DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) {
465  throw new RestException(401);
466  }
467 
468  $object = new KnowledgeRecord($this->db);
469  $result = $object->fetch($id, $ref);
470  if (!$result) {
471  throw new RestException(404, 'KM article not found');
472  }
473 
474  $upload_dir = $conf->knowledgemanagement->dir_output.'/knowledgerecord/'.dol_sanitizeFileName($object->ref);
475  } elseif ($modulepart == 'categorie' || $modulepart == 'category') {
476  require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
477 
478  if (!DolibarrApiAccess::$user->rights->categorie->lire) {
479  throw new RestException(401);
480  }
481 
482  $object = new Categorie($this->db);
483  $result = $object->fetch($id, $ref);
484  if (!$result) {
485  throw new RestException(404, 'Category not found');
486  }
487 
488  $upload_dir = $conf->categorie->multidir_output[$object->entity].'/'.get_exdir($object->id, 2, 0, 0, $object, 'category').$object->id."/photos/".dol_sanitizeFileName($object->ref);
489  } elseif ($modulepart == 'ecm') {
490  throw new RestException(500, 'Modulepart Ecm not implemented yet.');
491  // // require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
492 
493  // if (!DolibarrApiAccess::$user->rights->ecm->read) {
494  // throw new RestException(401);
495  // }
496 
497  // // $object = new EcmDirectory($this->db);
498  // // $result = $object->fetch($ref);
499  // // if (!$result) {
500  // // throw new RestException(404, 'EcmDirectory not found');
501  // // }
502  // $upload_dir = $conf->ecm->dir_output;
503  // $type = 'all';
504  // $recursive = 0;
505  } elseif ($modulepart == 'projet' || $modulepart == 'project') {
506  $modulepart = 'project';
507  require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
508 
509  $object = new Project($this->db);
510  $result = $object->fetch($id, $ref);
511  if (!$result) {
512  throw new RestException(404, 'Project not found');
513  }
514 
515  $upload_dir = $conf->projet->dir_output . "/" . get_exdir(0, 0, 0, 1, $object, 'project');
516  } else {
517  throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
518  }
519 
520  $objectType = $modulepart;
521  if (! empty($object->id) && ! empty($object->table_element)) {
522  $objectType = $object->table_element;
523  }
524 
525  $filearray = dol_dir_list($upload_dir, $type, $recursive, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1);
526  if (empty($filearray)) {
527  throw new RestException(404, 'Search for modulepart '.$modulepart.' with Id '.$object->id.(!empty($object->ref) ? ' or Ref '.$object->ref : '').' does not return any document.');
528  } else {
529  if (($object->id) > 0 && !empty($modulepart)) {
530  require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
531  $ecmfile = new EcmFiles($this->db);
532  $result = $ecmfile->fetchAll('', '', 0, 0, array('t.src_object_type' => $objectType, 't.src_object_id' => $object->id));
533  if ($result < 0) {
534  throw new RestException(503, 'Error when retrieve ecm list : '.$this->db->lasterror());
535  } elseif (is_array($ecmfile->lines) && count($ecmfile->lines) > 0) {
536  $count = count($filearray);
537  for ($i = 0 ; $i < $count ; $i++) {
538  if ($filearray[$i]['name'] == $ecmfile->lines[$i]->filename) $filearray[$i] = array_merge($filearray[$i], (array) $ecmfile->lines[0]);
539  }
540  }
541  }
542  }
543 
544  return $filearray;
545  }
546 
547 
556  /*
557  public function get($id) {
558  return array('note'=>'xxx');
559  }*/
560 
561 
586  public function post($filename, $modulepart, $ref = '', $subdir = '', $filecontent = '', $fileencoding = '', $overwriteifexists = 0, $createdirifnotexists = 1)
587  {
588  global $db, $conf;
589 
590  //var_dump($modulepart);
591  //var_dump($filename);
592  //var_dump($filecontent);exit;
593 
594  if (empty($modulepart)) {
595  throw new RestException(400, 'Modulepart not provided.');
596  }
597 
598  if (!DolibarrApiAccess::$user->rights->ecm->upload) {
599  throw new RestException(401);
600  }
601 
602  $newfilecontent = '';
603  if (empty($fileencoding)) {
604  $newfilecontent = $filecontent;
605  }
606  if ($fileencoding == 'base64') {
607  $newfilecontent = base64_decode($filecontent);
608  }
609 
610  $original_file = dol_sanitizeFileName($filename);
611 
612  // Define $uploadir
613  $object = null;
614  $entity = DolibarrApiAccess::$user->entity;
615  if (empty($entity)) {
616  $entity = 1;
617  }
618 
619  if ($ref) {
620  $tmpreldir = '';
621 
622  if ($modulepart == 'facture' || $modulepart == 'invoice') {
623  $modulepart = 'facture';
624 
625  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
626  $object = new Facture($this->db);
627  } elseif ($modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice') {
628  $modulepart = 'supplier_invoice';
629 
630  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
631  $object = new FactureFournisseur($this->db);
632  } elseif ($modulepart == 'commande' || $modulepart == 'order') {
633  $modulepart = 'commande';
634 
635  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
636  $object = new Commande($this->db);
637  } elseif ($modulepart == 'commande_fournisseur' || $modulepart == 'supplier_order') {
638  $modulepart = 'supplier_order';
639 
640  require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
641  $object = new CommandeFournisseur($this->db);
642  } elseif ($modulepart == 'projet' || $modulepart == 'project') {
643  require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
644  $object = new Project($this->db);
645  } elseif ($modulepart == 'task' || $modulepart == 'project_task') {
646  $modulepart = 'project_task';
647 
648  require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
649  $object = new Task($this->db);
650 
651  $task_result = $object->fetch('', $ref);
652 
653  // Fetching the tasks project is required because its out_dir might be a sub-directory of the project
654  if ($task_result > 0) {
655  $project_result = $object->fetch_projet();
656 
657  if ($project_result >= 0) {
658  $tmpreldir = dol_sanitizeFileName($object->project->ref).'/';
659  }
660  } else {
661  throw new RestException(500, 'Error while fetching Task '.$ref);
662  }
663  } elseif ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service' || $modulepart == 'produit|service') {
664  require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
665  $object = new Product($this->db);
666  } elseif ($modulepart == 'expensereport') {
667  require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
668  $object = new ExpenseReport($this->db);
669  } elseif ($modulepart == 'fichinter') {
670  require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php';
671  $object = new Fichinter($this->db);
672  } elseif ($modulepart == 'adherent' || $modulepart == 'member') {
673  $modulepart = 'adherent';
674  require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
675  $object = new Adherent($this->db);
676  } elseif ($modulepart == 'proposal' || $modulepart == 'propal' || $modulepart == 'propale') {
677  $modulepart = 'propale';
678  require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
679  $object = new Propal($this->db);
680  } else {
681  // TODO Implement additional moduleparts
682  throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
683  }
684 
685  if (is_object($object)) {
686  $result = $object->fetch('', $ref);
687 
688  if ($result == 0) {
689  throw new RestException(404, "Object with ref '".$ref."' was not found.");
690  } elseif ($result < 0) {
691  throw new RestException(500, 'Error while fetching object: '.$object->error);
692  }
693  }
694 
695  if (!($object->id > 0)) {
696  throw new RestException(404, 'The object '.$modulepart." with ref '".$ref."' was not found.");
697  }
698 
699  // Special cases that need to use get_exdir to get real dir of object
700  // In future, all object should use this to define path of documents.
701  if ($modulepart == 'supplier_invoice') {
702  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
703  }
704 
705  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
706 
707  $tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');
708  $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
709 
710  if (empty($upload_dir) || $upload_dir == '/') {
711  throw new RestException(500, 'This value of modulepart ('.$modulepart.') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
712  }
713  } else {
714  if ($modulepart == 'invoice') {
715  $modulepart = 'facture';
716  }
717  if ($modulepart == 'member') {
718  $modulepart = 'adherent';
719  }
720 
721  $relativefile = $subdir;
722  $tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
723  $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
724 
725  if (empty($upload_dir) || $upload_dir == '/') {
726  if (!empty($tmp['error'])) {
727  throw new RestException(401, 'Error returned by dol_check_secure_access_document: '.$tmp['error']);
728  } else {
729  throw new RestException(500, 'This value of modulepart ('.$modulepart.') is not allowed with this value of subdir ('.$relativefile.')');
730  }
731  }
732  }
733  // $original_file here is still value of filename without any dir.
734 
735  $upload_dir = dol_sanitizePathName($upload_dir);
736 
737  if (!empty($createdirifnotexists)) {
738  if (dol_mkdir($upload_dir) < 0) { // needed by products
739  throw new RestException(500, 'Error while trying to create directory '.$upload_dir);
740  }
741  }
742 
743  $destfile = $upload_dir.'/'.$original_file;
744  $destfiletmp = DOL_DATA_ROOT.'/admin/temp/'.$original_file;
745  dol_delete_file($destfiletmp);
746  //var_dump($original_file);exit;
747 
748  if (!dol_is_dir(dirname($destfile))) {
749  throw new RestException(401, 'Directory not exists : '.dirname($destfile));
750  }
751 
752  if (!$overwriteifexists && dol_is_file($destfile)) {
753  throw new RestException(500, "File with name '".$original_file."' already exists.");
754  }
755 
756  $fhandle = @fopen($destfiletmp, 'w');
757  if ($fhandle) {
758  $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
759  fclose($fhandle);
760  @chmod($destfiletmp, octdec($conf->global->MAIN_UMASK));
761  } else {
762  throw new RestException(500, "Failed to open file '".$destfiletmp."' for write");
763  }
764 
765  $result = dol_move($destfiletmp, $destfile, 0, $overwriteifexists, 1, 1);
766  if (!$result) {
767  throw new RestException(500, "Failed to move file into '".$destfile."'");
768  }
769 
770  return dol_basename($destfile);
771  }
772 
786  public function delete($modulepart, $original_file)
787  {
788  global $conf, $langs;
789 
790  if (empty($modulepart)) {
791  throw new RestException(400, 'bad value for parameter modulepart');
792  }
793  if (empty($original_file)) {
794  throw new RestException(400, 'bad value for parameter original_file');
795  }
796 
797  //--- Finds and returns the document
798  $entity = $conf->entity;
799 
800  // Special cases that need to use get_exdir to get real dir of object
801  // If future, all object should use this to define path of documents.
802  /*
803  $tmpreldir = '';
804  if ($modulepart == 'supplier_invoice') {
805  $tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
806  }
807 
808  $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
809  $relativefile = $original_file;
810 
811  $check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'read');
812  $accessallowed = $check_access['accessallowed'];
813  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
814  $original_file = $check_access['original_file'];
815 
816  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
817  throw new RestException(401);
818  }
819  if (!$accessallowed) {
820  throw new RestException(401);
821  }
822 
823  $filename = basename($original_file);
824  $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
825 
826  if (!file_exists($original_file_osencoded)) {
827  dol_syslog("Try to download not found file ".$original_file_osencoded, LOG_WARNING);
828  throw new RestException(404, 'File not found');
829  }
830 
831  if (@unlink($original_file_osencoded)) {
832  return array(
833  'success' => array(
834  'code' => 200,
835  'message' => 'Document deleted'
836  )
837  );
838  }
839 
840  throw new RestException(401);
841  }
842 
843  // phpcs:disable PEAR.NamingConventions.ValidFunctionName
851  private function _validate_file($data)
852  {
853  // phpcs:enable
854  $result = array();
855  foreach (Documents::$DOCUMENT_FIELDS as $field) {
856  if (!isset($data[$field])) {
857  throw new RestException(400, "$field field missing");
858  }
859  $result[$field] = $data[$field];
860  }
861  return $result;
862  }
863 }
Class to manage agenda events (actions)
Class to manage members of a foundation.
Class to manage categories.
Class to manage predefined suppliers products.
Class to manage customers orders.
API class for receive files.
post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0, $createdirifnotexists=1)
Return a document.
__construct()
Constructor.
index($modulepart, $original_file='')
Download a document.
getDocumentsListByElement($modulepart, $id=0, $ref='', $sortfield='', $sortorder='')
Return the list of documents of a dedicated element (from its ID or Ref)
builddoc($modulepart, $original_file='', $doctemplate='', $langcode='')
Build a document.
_validate_file($data)
Validate fields before create or update object.
Class for API REST v1.
Definition: api.class.php:31
Class to manage ECM files.
Class to manage shipments.
Class to manage Trips and Expenses.
Class to manage suppliers invoices.
Class to manage invoices.
Class to manage interventions.
Class for KnowledgeRecord.
Class to manage products or services.
Class to manage projects.
Class to manage proposals.
Class to manage third parties objects (customers, suppliers, prospects...)
Class to manage tasks.
Definition: task.class.php:38
Class to manage translations.
Class to manage Dolibarr users.
Definition: user.class.php:47
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
Definition: files.lib.php:36
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
Definition: files.lib.php:1251
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition: files.lib.php:2448
dol_is_file($pathoffile)
Return if path is a file.
Definition: files.lib.php:481
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
Definition: files.lib.php:61
dol_is_dir($folder)
Test if filename is a directory.
Definition: files.lib.php:451
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1)
Move a file into another name.
Definition: files.lib.php:875
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
get_exdir($num, $level, $alpha, $withoutslash, $object, $modulepart='')
Return a path to have a the directory according to object where files are stored.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
$conf db
API class for accounts.
Definition: inc.php:41