dolibarr 19.0.4
api.class.php
1<?php
2/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3 * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4 * Copyright (C) 2020 Frédéric France <frederic.france@netlogic.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20use Luracast\Restler\Restler;
21use Luracast\Restler\RestException;
22use Luracast\Restler\Defaults;
23use Luracast\Restler\Format\UploadFormat;
24
25require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
26
31{
35 protected $db;
36
40 public $r;
41
49 public function __construct($db, $cachedir = '', $refreshCache = false)
50 {
51 global $conf, $dolibarr_main_url_root;
52
53 if (empty($cachedir)) {
54 $cachedir = $conf->api->dir_temp;
55 }
56 Defaults::$cacheDirectory = $cachedir;
57
58 $this->db = $db;
59 $production_mode = (!getDolGlobalString('API_PRODUCTION_MODE') ? false : true);
60 $this->r = new Restler($production_mode, $refreshCache);
61
62 $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
63 $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
64
65 $urlwithouturlrootautodetect = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim(DOL_MAIN_URL_ROOT));
66 $urlwithrootautodetect = $urlwithouturlroot.DOL_URL_ROOT; // This is to use local domain autodetected by dolibarr from url
67
68 $this->r->setBaseUrls($urlwithouturlroot, $urlwithouturlrootautodetect);
69 $this->r->setAPIVersion(1);
70 //$this->r->setSupportedFormats('json');
71 //$this->r->setSupportedFormats('jsonFormat');
72 }
73
74 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
85 protected function _checkValForAPI($field, $value, $object)
86 {
87 // phpcs:enable
88 if (!is_array($value)) {
89 // TODO Use type detected in $object->fields if $object known and we can
90 if (in_array($field, array('note', 'note_private', 'note_public', 'desc', 'description'))) {
91 return sanitizeVal($value, 'restricthtml');
92 } else {
93 return sanitizeVal($value, 'alphanohtml');
94 }
95 } else {
96 // TODO Recall _checkValForAPI for each element of array
97
98 return $value;
99 }
100 }
101
102 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
110 protected function _filterObjectProperties($object, $properties)
111 {
112 // If properties is empty, we return all properties
113 if (empty($properties)) {
114 return $object;
115 }
116 // Else we filter properties
117 foreach (get_object_vars($object) as $key => $value) {
118 if (!in_array($key, explode(',', $properties))) {
119 unset($object->$key);
120 }
121 }
122 return $object;
123 }
124
125 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
132 protected function _cleanObjectDatas($object)
133 {
134 // phpcs:enable
135 // Remove $db object property for object
136 unset($object->db);
137 unset($object->isextrafieldmanaged);
138 unset($object->ismultientitymanaged);
139 unset($object->restrictiononfksoc);
140 unset($object->table_rowid);
141 unset($object->pass);
142 unset($object->pass_indatabase);
143
144 // Remove linkedObjects. We should already have and keep only linkedObjectsIds that avoid huge responses
145 unset($object->linkedObjects);
146 //unset($object->lines[$i]->linked_objects); // This is the array to create linked object during create
147
148 unset($object->fields);
149 unset($object->oldline);
150
151 unset($object->error);
152 unset($object->errors);
153 unset($object->errorhidden);
154
155 unset($object->ref_previous);
156 unset($object->ref_next);
157 unset($object->imgWidth);
158 unset($object->imgHeight);
159 unset($object->barcode_type_code);
160 unset($object->barcode_type_label);
161
162 unset($object->mode_reglement); // We use mode_reglement_id now
163 unset($object->cond_reglement); // We use cond_reglement_id now
164 unset($object->note); // We use note_public or note_private now
165 unset($object->contact); // We use contact_id now
166 unset($object->thirdparty); // We use thirdparty_id or fk_soc or socid now
167
168 unset($object->projet); // Should be fk_project
169 unset($object->project); // Should be fk_project
170 unset($object->fk_projet); // Should be fk_project
171 unset($object->author); // Should be fk_user_author
172 unset($object->timespent_old_duration);
173 unset($object->timespent_id);
174 unset($object->timespent_duration);
175 unset($object->timespent_date);
176 unset($object->timespent_datehour);
177 unset($object->timespent_withhour);
178 unset($object->timespent_fk_user);
179 unset($object->timespent_note);
180 unset($object->fk_delivery_address);
181 unset($object->modelpdf);
182 unset($object->sendtoid);
183 unset($object->name_bis);
184 unset($object->newref);
185 unset($object->alreadypaid);
186 unset($object->openid);
187
188 //unset($object->labelStatus);
189 //unset($object->labelStatusShort);
190
191 unset($object->stats_propale);
192 unset($object->stats_commande);
193 unset($object->stats_contrat);
194 unset($object->stats_facture);
195 unset($object->stats_commande_fournisseur);
196 unset($object->stats_reception);
197 unset($object->stats_mrptoconsume);
198 unset($object->stats_mrptoproduce);
199
200 unset($object->element);
201 unset($object->element_for_permission);
202 unset($object->fk_element);
203 unset($object->table_element);
204 unset($object->table_element_line);
205 unset($object->class_element_line);
206 unset($object->picto);
207
208 unset($object->fieldsforcombobox);
209 unset($object->regeximgext);
210
211 unset($object->skip_update_total);
212 unset($object->context);
213 unset($object->next_prev_filter);
214
215 unset($object->region);
216 unset($object->region_code);
217 unset($object->country);
218 unset($object->state);
219 unset($object->state_code);
220 unset($object->departement);
221 unset($object->departement_code);
222
223 unset($object->libelle_statut);
224 unset($object->libelle_paiement);
225
226 unset($object->prefix_comm);
227
228 if (!isset($object->table_element) || $object->table_element != 'ticket') {
229 unset($object->comments);
230 }
231
232 // Remove the $oldcopy property because it is not supported by the JSON
233 // encoder. The following error is generated when trying to serialize
234 // it: "Error encoding/decoding JSON: Type is not supported"
235 // Note: Event if this property was correctly handled by the JSON
236 // encoder, it should be ignored because keeping it would let the API
237 // have a very strange behavior: calling PUT and then GET on the same
238 // resource would give different results:
239 // PUT /objects/{id} -> returns object with oldcopy = previous version of the object
240 // GET /objects/{id} -> returns object with oldcopy empty
241 unset($object->oldcopy);
242
243 // If object has lines, remove $db property
244 if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) {
245 $nboflines = count($object->lines);
246 for ($i = 0; $i < $nboflines; $i++) {
247 $this->_cleanObjectDatas($object->lines[$i]);
248
249 unset($object->lines[$i]->contact);
250 unset($object->lines[$i]->contact_id);
251 unset($object->lines[$i]->country);
252 unset($object->lines[$i]->country_id);
253 unset($object->lines[$i]->country_code);
254 unset($object->lines[$i]->mode_reglement_id);
255 unset($object->lines[$i]->mode_reglement_code);
256 unset($object->lines[$i]->mode_reglement);
257 unset($object->lines[$i]->cond_reglement_id);
258 unset($object->lines[$i]->cond_reglement_code);
259 unset($object->lines[$i]->cond_reglement);
260 unset($object->lines[$i]->fk_delivery_address);
261 unset($object->lines[$i]->fk_projet);
262 unset($object->lines[$i]->fk_project);
263 unset($object->lines[$i]->thirdparty);
264 unset($object->lines[$i]->user);
265 unset($object->lines[$i]->model_pdf);
266 unset($object->lines[$i]->modelpdf);
267 unset($object->lines[$i]->note_public);
268 unset($object->lines[$i]->note_private);
269 unset($object->lines[$i]->fk_incoterms);
270 unset($object->lines[$i]->label_incoterms);
271 unset($object->lines[$i]->location_incoterms);
272 unset($object->lines[$i]->name);
273 unset($object->lines[$i]->lastname);
274 unset($object->lines[$i]->firstname);
275 unset($object->lines[$i]->civility_id);
276 unset($object->lines[$i]->fk_multicurrency);
277 unset($object->lines[$i]->multicurrency_code);
278 unset($object->lines[$i]->shipping_method_id);
279 }
280 }
281
282 if (!empty($object->thirdparty) && is_object($object->thirdparty)) {
283 $this->_cleanObjectDatas($object->thirdparty);
284 }
285
286 if (!empty($object->product) && is_object($object->product)) {
287 $this->_cleanObjectDatas($object->product);
288 }
289
290 return $object;
291 }
292
293 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
305 protected static function _checkAccessToResource($resource, $resource_id = 0, $dbtablename = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid')
306 {
307 // phpcs:enable
308 // Features/modules to check
309 $featuresarray = array($resource);
310 if (preg_match('/&/', $resource)) {
311 $featuresarray = explode("&", $resource);
312 } elseif (preg_match('/\|/', $resource)) {
313 $featuresarray = explode("|", $resource);
314 }
315
316 // More subfeatures to check
317 if (!empty($feature2)) {
318 $feature2 = explode("|", $feature2);
319 }
320
321 return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray, $resource_id, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
322 }
323
324 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
333 protected function _checkFilters($sqlfilters, &$error = '')
334 {
335 // phpcs:enable
336
337 return dolCheckFilters($sqlfilters, $error);
338 }
339
340 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
341 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
351 protected static function _forge_criteria_callback($matches)
352 {
353 return dolForgeCriteriaCallback($matches);
354 }
355}
Class for API REST v1.
Definition api.class.php:31
__construct($db, $cachedir='', $refreshCache=false)
Constructor.
Definition api.class.php:49
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
_checkFilters($sqlfilters, &$error='')
Return if a $sqlfilters parameter is valid Function no more used.
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:85
_cleanObjectDatas($object)
Clean sensible object datas.
static _forge_criteria_callback($matches)
Function to forge a SQL criteria from a Generic filter string.
dolCheckFilters($sqlfilters, &$error='')
Return if a $sqlfilters parameter has a valid balance of parenthesis.
dolForgeCriteriaCallback($matches)
Function to forge a SQL criteria from a Dolibarr filter syntax string.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.