dolibarr  18.0.0
api_expensereports.class.php
1 <?php
2 /* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  * Copyright (C) 2020 Frédéric France <frederic.france@netlogic.fr>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <https://www.gnu.org/licenses/>.
18  */
19 
20  use Luracast\Restler\RestException;
21 
22  require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
23 
31 {
32 
36  public static $FIELDS = array(
37  'fk_user_author'
38  );
39 
43  public $expensereport;
44 
45 
49  public function __construct()
50  {
51  global $db, $conf;
52  $this->db = $db;
53  $this->expensereport = new ExpenseReport($this->db);
54  }
55 
66  public function get($id)
67  {
68  if (!DolibarrApiAccess::$user->rights->expensereport->lire) {
69  throw new RestException(401);
70  }
71 
72  $result = $this->expensereport->fetch($id);
73  if (!$result) {
74  throw new RestException(404, 'Expense report not found');
75  }
76 
77  if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
78  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
79  }
80 
81  $this->expensereport->fetchObjectLinked();
82  return $this->_cleanObjectDatas($this->expensereport);
83  }
84 
98  public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $user_ids = 0, $sqlfilters = '')
99  {
100  global $db, $conf;
101 
102  if (!DolibarrApiAccess::$user->rights->expensereport->lire) {
103  throw new RestException(401);
104  }
105 
106  $obj_ret = array();
107 
108  // case of external user, $societe param is ignored and replaced by user's socid
109  //$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $societe;
110 
111  $sql = "SELECT t.rowid";
112  $sql .= " FROM ".MAIN_DB_PREFIX."expensereport AS t LEFT JOIN ".MAIN_DB_PREFIX."expensereport_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
113  $sql .= ' WHERE t.entity IN ('.getEntity('expensereport').')';
114  if ($user_ids) {
115  $sql .= " AND t.fk_user_author IN (".$this->db->sanitize($user_ids).")";
116  }
117 
118  // Add sql filters
119  if ($sqlfilters) {
120  $errormessage = '';
121  $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
122  if ($errormessage) {
123  throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
124  }
125  }
126 
127  $sql .= $this->db->order($sortfield, $sortorder);
128  if ($limit) {
129  if ($page < 0) {
130  $page = 0;
131  }
132  $offset = $limit * $page;
133 
134  $sql .= $this->db->plimit($limit + 1, $offset);
135  }
136 
137  $result = $this->db->query($sql);
138 
139  if ($result) {
140  $num = $this->db->num_rows($result);
141  $min = min($num, ($limit <= 0 ? $num : $limit));
142  $i = 0;
143  while ($i < $min) {
144  $obj = $this->db->fetch_object($result);
145  $expensereport_static = new ExpenseReport($this->db);
146  if ($expensereport_static->fetch($obj->rowid)) {
147  $obj_ret[] = $this->_cleanObjectDatas($expensereport_static);
148  }
149  $i++;
150  }
151  } else {
152  throw new RestException(503, 'Error when retrieve Expense Report list : '.$this->db->lasterror());
153  }
154  if (!count($obj_ret)) {
155  throw new RestException(404, 'No Expense Report found');
156  }
157  return $obj_ret;
158  }
159 
166  public function post($request_data = null)
167  {
168  if (!DolibarrApiAccess::$user->rights->expensereport->creer) {
169  throw new RestException(401, "Insuffisant rights");
170  }
171 
172  // Check mandatory fields
173  $result = $this->_validate($request_data);
174 
175  foreach ($request_data as $field => $value) {
176  $this->expensereport->$field = $value;
177  }
178  /*if (isset($request_data["lines"])) {
179  $lines = array();
180  foreach ($request_data["lines"] as $line) {
181  array_push($lines, (object) $line);
182  }
183  $this->expensereport->lines = $lines;
184  }*/
185  if ($this->expensereport->create(DolibarrApiAccess::$user) < 0) {
186  throw new RestException(500, "Error creating expensereport", array_merge(array($this->expensereport->error), $this->expensereport->errors));
187  }
188 
189  return $this->expensereport->id;
190  }
191 
201  /*
202  public function getLines($id)
203  {
204  if(! DolibarrApiAccess::$user->rights->expensereport->lire) {
205  throw new RestException(401);
206  }
207 
208  $result = $this->expensereport->fetch($id);
209  if( ! $result ) {
210  throw new RestException(404, 'expensereport not found');
211  }
212 
213  if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
214  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
215  }
216  $this->expensereport->getLinesArray();
217  $result = array();
218  foreach ($this->expensereport->lines as $line) {
219  array_push($result,$this->_cleanObjectDatas($line));
220  }
221  return $result;
222  }
223  */
224 
235  /*
236  public function postLine($id, $request_data = null)
237  {
238  if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
239  throw new RestException(401);
240  }
241 
242  $result = $this->expensereport->fetch($id);
243  if( ! $result ) {
244  throw new RestException(404, 'expensereport not found');
245  }
246 
247  if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
248  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
249  }
250 
251  $request_data = (object) $request_data;
252 
253  $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
254  $request_data->label = sanitizeVal($request_data->label);
255 
256  $updateRes = $this->expensereport->addline(
257  $request_data->desc,
258  $request_data->subprice,
259  $request_data->qty,
260  $request_data->tva_tx,
261  $request_data->localtax1_tx,
262  $request_data->localtax2_tx,
263  $request_data->fk_product,
264  $request_data->remise_percent,
265  $request_data->info_bits,
266  $request_data->fk_remise_except,
267  'HT',
268  0,
269  $request_data->date_start,
270  $request_data->date_end,
271  $request_data->product_type,
272  $request_data->rang,
273  $request_data->special_code,
274  $fk_parent_line,
275  $request_data->fk_fournprice,
276  $request_data->pa_ht,
277  $request_data->label,
278  $request_data->array_options,
279  $request_data->fk_unit,
280  $this->element,
281  $request_data->id
282  );
283 
284  if ($updateRes > 0) {
285  return $updateRes;
286 
287  }
288  return false;
289  }
290  */
291 
303  /*
304  public function putLine($id, $lineid, $request_data = null)
305  {
306  if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
307  throw new RestException(401);
308  }
309 
310  $result = $this->expensereport->fetch($id);
311  if( ! $result ) {
312  throw new RestException(404, 'expensereport not found');
313  }
314 
315  if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
316  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
317  }
318 
319  $request_data = (object) $request_data;
320 
321  $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
322  $request_data->label = sanitizeVal($request_data->label);
323 
324  $updateRes = $this->expensereport->updateline(
325  $lineid,
326  $request_data->desc,
327  $request_data->subprice,
328  $request_data->qty,
329  $request_data->remise_percent,
330  $request_data->tva_tx,
331  $request_data->localtax1_tx,
332  $request_data->localtax2_tx,
333  'HT',
334  $request_data->info_bits,
335  $request_data->date_start,
336  $request_data->date_end,
337  $request_data->product_type,
338  $request_data->fk_parent_line,
339  0,
340  $request_data->fk_fournprice,
341  $request_data->pa_ht,
342  $request_data->label,
343  $request_data->special_code,
344  $request_data->array_options,
345  $request_data->fk_unit
346  );
347 
348  if ($updateRes > 0) {
349  $result = $this->get($id);
350  unset($result->line);
351  return $this->_cleanObjectDatas($result);
352  }
353  return false;
354  }
355  */
356 
367  /*
368  public function deleteLine($id, $lineid)
369  {
370  if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
371  throw new RestException(401);
372  }
373 
374  $result = $this->expensereport->fetch($id);
375  if( ! $result ) {
376  throw new RestException(404, 'expensereport not found');
377  }
378 
379  if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
380  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
381  }
382 
383  // TODO Check the lineid $lineid is a line of ojbect
384 
385  $updateRes = $this->expensereport->deleteline($lineid);
386  if ($updateRes == 1) {
387  return $this->get($id);
388  }
389  return false;
390  }
391  */
392 
405  public function put($id, $request_data = null)
406  {
407  if (!DolibarrApiAccess::$user->rights->expensereport->creer) {
408  throw new RestException(401);
409  }
410 
411  $result = $this->expensereport->fetch($id);
412  if (!$result) {
413  throw new RestException(404, 'expensereport not found');
414  }
415 
416  if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
417  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
418  }
419  foreach ($request_data as $field => $value) {
420  if ($field == 'id') {
421  continue;
422  }
423  $this->expensereport->$field = $value;
424  }
425 
426  if ($this->expensereport->update(DolibarrApiAccess::$user) > 0) {
427  return $this->get($id);
428  } else {
429  throw new RestException(500, $this->expensereport->error);
430  }
431  }
432 
440  public function delete($id)
441  {
442  if (!DolibarrApiAccess::$user->rights->expensereport->supprimer) {
443  throw new RestException(401);
444  }
445 
446  $result = $this->expensereport->fetch($id);
447  if (!$result) {
448  throw new RestException(404, 'Expense Report not found');
449  }
450 
451  if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
452  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
453  }
454 
455  if (!$this->expensereport->delete(DolibarrApiAccess::$user)) {
456  throw new RestException(500, 'Error when delete Expense Report : '.$this->expensereport->error);
457  }
458 
459  return array(
460  'success' => array(
461  'code' => 200,
462  'message' => 'Expense Report deleted'
463  )
464  );
465  }
466 
482  /*
483  public function validate($id, $idwarehouse=0)
484  {
485  if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
486  throw new RestException(401);
487  }
488 
489  $result = $this->expensereport->fetch($id);
490  if( ! $result ) {
491  throw new RestException(404, 'expensereport not found');
492  }
493 
494  if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
495  throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
496  }
497 
498  if( ! $this->expensereport->valid(DolibarrApiAccess::$user, $idwarehouse)) {
499  throw new RestException(500, 'Error when validate expensereport');
500  }
501 
502  return array(
503  'success' => array(
504  'code' => 200,
505  'message' => 'expensereport validated'
506  )
507  );
508  }*/
509 
510  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
517  protected function _cleanObjectDatas($object)
518  {
519  // phpcs:enable
520  $object = parent::_cleanObjectDatas($object);
521 
522  unset($object->fk_statut);
523  unset($object->statut);
524  unset($object->user);
525  unset($object->thirdparty);
526 
527  unset($object->cond_reglement);
528  unset($object->shipping_method_id);
529 
530  unset($object->barcode_type);
531  unset($object->barcode_type_code);
532  unset($object->barcode_type_label);
533  unset($object->barcode_type_coder);
534 
535  unset($object->code_paiement);
536  unset($object->code_statut);
537  unset($object->fk_c_paiement);
538  unset($object->fk_incoterms);
539  unset($object->label_incoterms);
540  unset($object->location_incoterms);
541  unset($object->mode_reglement_id);
542  unset($object->cond_reglement_id);
543 
544  unset($object->name);
545  unset($object->lastname);
546  unset($object->firstname);
547  unset($object->civility_id);
548  unset($object->cond_reglement_id);
549  unset($object->contact);
550  unset($object->contact_id);
551 
552  unset($object->state);
553  unset($object->state_id);
554  unset($object->state_code);
555  unset($object->country);
556  unset($object->country_id);
557  unset($object->country_code);
558 
559  unset($object->note); // We already use note_public and note_pricate
560 
561  return $object;
562  }
563 
571  private function _validate($data)
572  {
573  $expensereport = array();
574  foreach (ExpenseReports::$FIELDS as $field) {
575  if (!isset($data[$field])) {
576  throw new RestException(400, "$field field missing");
577  }
578  $expensereport[$field] = $data[$field];
579  }
580  return $expensereport;
581  }
582 }
ExpenseReports\_validate
_validate($data)
Validate fields before create or update object.
Definition: api_expensereports.class.php:571
forgeSQLFromUniversalSearchCriteria
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria
Definition: functions.lib.php:11933
ExpenseReports\_cleanObjectDatas
_cleanObjectDatas($object)
Validate an Expense Report.
Definition: api_expensereports.class.php:517
ExpenseReports\__construct
__construct()
Constructor.
Definition: api_expensereports.class.php:49
DolibarrApi\_checkAccessToResource
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
Definition: api.class.php:282
ExpenseReports\put
put($id, $request_data=null)
Get lines of an Expense Report.
Definition: api_expensereports.class.php:405
DolibarrApi
Class for API REST v1.
Definition: api.class.php:30
ExpenseReports\index
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $user_ids=0, $sqlfilters='')
List Expense Reports.
Definition: api_expensereports.class.php:98
ExpenseReports\post
post($request_data=null)
Create Expense Report object.
Definition: api_expensereports.class.php:166
$sql
if(isModEnabled('facture') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $sql
Social contributions to pay.
Definition: index.php:746
ExpenseReport
Class to manage Trips and Expenses.
Definition: expensereport.class.php:36
ExpenseReports
Definition: api_expensereports.class.php:30