dolibarr 19.0.4
api_expensereports.class.php
1<?php
2/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3 * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4 * Copyright (C) 2020 Frédéric France <frederic.france@netlogic.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20 use Luracast\Restler\RestException;
21
22 require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
23
31{
35 public static $FIELDS = array(
36 'fk_user_author'
37 );
38
42 public $expensereport;
43
44
48 public function __construct()
49 {
50 global $db, $conf;
51 $this->db = $db;
52 $this->expensereport = new ExpenseReport($this->db);
53 }
54
65 public function get($id)
66 {
67 if (!DolibarrApiAccess::$user->rights->expensereport->lire) {
68 throw new RestException(401);
69 }
70
71 $result = $this->expensereport->fetch($id);
72 if (!$result) {
73 throw new RestException(404, 'Expense report not found');
74 }
75
76 if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
77 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
78 }
79
80 $this->expensereport->fetchObjectLinked();
81 return $this->_cleanObjectDatas($this->expensereport);
82 }
83
98 public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $user_ids = 0, $sqlfilters = '', $properties = '')
99 {
100 global $db, $conf;
101
102 if (!DolibarrApiAccess::$user->rights->expensereport->lire) {
103 throw new RestException(401);
104 }
105
106 $obj_ret = array();
107
108 // case of external user, $societe param is ignored and replaced by user's socid
109 //$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $societe;
110
111 $sql = "SELECT t.rowid";
112 $sql .= " FROM ".MAIN_DB_PREFIX."expensereport AS t LEFT JOIN ".MAIN_DB_PREFIX."expensereport_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
113 $sql .= ' WHERE t.entity IN ('.getEntity('expensereport').')';
114 if ($user_ids) {
115 $sql .= " AND t.fk_user_author IN (".$this->db->sanitize($user_ids).")";
116 }
117
118 // Add sql filters
119 if ($sqlfilters) {
120 $errormessage = '';
121 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
122 if ($errormessage) {
123 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
124 }
125 }
126
127 $sql .= $this->db->order($sortfield, $sortorder);
128 if ($limit) {
129 if ($page < 0) {
130 $page = 0;
131 }
132 $offset = $limit * $page;
133
134 $sql .= $this->db->plimit($limit + 1, $offset);
135 }
136
137 $result = $this->db->query($sql);
138
139 if ($result) {
140 $num = $this->db->num_rows($result);
141 $min = min($num, ($limit <= 0 ? $num : $limit));
142 $i = 0;
143 while ($i < $min) {
144 $obj = $this->db->fetch_object($result);
145 $expensereport_static = new ExpenseReport($this->db);
146 if ($expensereport_static->fetch($obj->rowid)) {
147 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($expensereport_static), $properties);
148 }
149 $i++;
150 }
151 } else {
152 throw new RestException(503, 'Error when retrieve Expense Report list : '.$this->db->lasterror());
153 }
154
155 return $obj_ret;
156 }
157
164 public function post($request_data = null)
165 {
166 if (!DolibarrApiAccess::$user->rights->expensereport->creer) {
167 throw new RestException(401, "Insuffisant rights");
168 }
169
170 // Check mandatory fields
171 $result = $this->_validate($request_data);
172
173 foreach ($request_data as $field => $value) {
174 if ($field === 'caller') {
175 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again whith the caller
176 $this->expensereport->context['caller'] = $request_data['caller'];
177 continue;
178 }
179
180 $this->expensereport->$field = $value;
181 }
182 /*if (isset($request_data["lines"])) {
183 $lines = array();
184 foreach ($request_data["lines"] as $line) {
185 array_push($lines, (object) $line);
186 }
187 $this->expensereport->lines = $lines;
188 }*/
189 if ($this->expensereport->create(DolibarrApiAccess::$user) < 0) {
190 throw new RestException(500, "Error creating expensereport", array_merge(array($this->expensereport->error), $this->expensereport->errors));
191 }
192
193 return $this->expensereport->id;
194 }
195
205 /*
206 public function getLines($id)
207 {
208 if(! DolibarrApiAccess::$user->rights->expensereport->lire) {
209 throw new RestException(401);
210 }
211
212 $result = $this->expensereport->fetch($id);
213 if( ! $result ) {
214 throw new RestException(404, 'expensereport not found');
215 }
216
217 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
218 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
219 }
220 $this->expensereport->getLinesArray();
221 $result = array();
222 foreach ($this->expensereport->lines as $line) {
223 array_push($result,$this->_cleanObjectDatas($line));
224 }
225 return $result;
226 }
227 */
228
239 /*
240 public function postLine($id, $request_data = null)
241 {
242 if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
243 throw new RestException(401);
244 }
245
246 $result = $this->expensereport->fetch($id);
247 if( ! $result ) {
248 throw new RestException(404, 'expensereport not found');
249 }
250
251 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
252 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
253 }
254
255 $request_data = (object) $request_data;
256
257 $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
258 $request_data->label = sanitizeVal($request_data->label);
259
260 $updateRes = $this->expensereport->addline(
261 $request_data->desc,
262 $request_data->subprice,
263 $request_data->qty,
264 $request_data->tva_tx,
265 $request_data->localtax1_tx,
266 $request_data->localtax2_tx,
267 $request_data->fk_product,
268 $request_data->remise_percent,
269 $request_data->info_bits,
270 $request_data->fk_remise_except,
271 'HT',
272 0,
273 $request_data->date_start,
274 $request_data->date_end,
275 $request_data->product_type,
276 $request_data->rang,
277 $request_data->special_code,
278 $fk_parent_line,
279 $request_data->fk_fournprice,
280 $request_data->pa_ht,
281 $request_data->label,
282 $request_data->array_options,
283 $request_data->fk_unit,
284 $this->element,
285 $request_data->id
286 );
287
288 if ($updateRes > 0) {
289 return $updateRes;
290
291 }
292 return false;
293 }
294 */
295
307 /*
308 public function putLine($id, $lineid, $request_data = null)
309 {
310 if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
311 throw new RestException(401);
312 }
313
314 $result = $this->expensereport->fetch($id);
315 if( ! $result ) {
316 throw new RestException(404, 'expensereport not found');
317 }
318
319 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
320 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
321 }
322
323 $request_data = (object) $request_data;
324
325 $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
326 $request_data->label = sanitizeVal($request_data->label);
327
328 $updateRes = $this->expensereport->updateline(
329 $lineid,
330 $request_data->desc,
331 $request_data->subprice,
332 $request_data->qty,
333 $request_data->remise_percent,
334 $request_data->tva_tx,
335 $request_data->localtax1_tx,
336 $request_data->localtax2_tx,
337 'HT',
338 $request_data->info_bits,
339 $request_data->date_start,
340 $request_data->date_end,
341 $request_data->product_type,
342 $request_data->fk_parent_line,
343 0,
344 $request_data->fk_fournprice,
345 $request_data->pa_ht,
346 $request_data->label,
347 $request_data->special_code,
348 $request_data->array_options,
349 $request_data->fk_unit
350 );
351
352 if ($updateRes > 0) {
353 $result = $this->get($id);
354 unset($result->line);
355 return $this->_cleanObjectDatas($result);
356 }
357 return false;
358 }
359 */
360
371 /*
372 public function deleteLine($id, $lineid)
373 {
374 if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
375 throw new RestException(401);
376 }
377
378 $result = $this->expensereport->fetch($id);
379 if( ! $result ) {
380 throw new RestException(404, 'expensereport not found');
381 }
382
383 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
384 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
385 }
386
387 // TODO Check the lineid $lineid is a line of ojbect
388
389 $updateRes = $this->expensereport->deleteline($lineid);
390 if ($updateRes == 1) {
391 return $this->get($id);
392 }
393 return false;
394 }
395 */
396
409 public function put($id, $request_data = null)
410 {
411 if (!DolibarrApiAccess::$user->rights->expensereport->creer) {
412 throw new RestException(401);
413 }
414
415 $result = $this->expensereport->fetch($id);
416 if (!$result) {
417 throw new RestException(404, 'expensereport not found');
418 }
419
420 if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
421 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
422 }
423 foreach ($request_data as $field => $value) {
424 if ($field == 'id') {
425 continue;
426 }
427 if ($field === 'caller') {
428 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again whith the caller
429 $this->expensereport->context['caller'] = $request_data['caller'];
430 continue;
431 }
432
433 $this->expensereport->$field = $value;
434 }
435
436 if ($this->expensereport->update(DolibarrApiAccess::$user) > 0) {
437 return $this->get($id);
438 } else {
439 throw new RestException(500, $this->expensereport->error);
440 }
441 }
442
450 public function delete($id)
451 {
452 if (!DolibarrApiAccess::$user->rights->expensereport->supprimer) {
453 throw new RestException(401);
454 }
455
456 $result = $this->expensereport->fetch($id);
457 if (!$result) {
458 throw new RestException(404, 'Expense Report not found');
459 }
460
461 if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
462 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
463 }
464
465 if (!$this->expensereport->delete(DolibarrApiAccess::$user)) {
466 throw new RestException(500, 'Error when delete Expense Report : '.$this->expensereport->error);
467 }
468
469 return array(
470 'success' => array(
471 'code' => 200,
472 'message' => 'Expense Report deleted'
473 )
474 );
475 }
476
492 /*
493 public function validate($id, $idwarehouse=0)
494 {
495 if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
496 throw new RestException(401);
497 }
498
499 $result = $this->expensereport->fetch($id);
500 if( ! $result ) {
501 throw new RestException(404, 'expensereport not found');
502 }
503
504 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
505 throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
506 }
507
508 if( ! $this->expensereport->valid(DolibarrApiAccess::$user, $idwarehouse)) {
509 throw new RestException(500, 'Error when validate expensereport');
510 }
511
512 return array(
513 'success' => array(
514 'code' => 200,
515 'message' => 'expensereport validated'
516 )
517 );
518 }*/
519
520 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
527 protected function _cleanObjectDatas($object)
528 {
529 // phpcs:enable
530 $object = parent::_cleanObjectDatas($object);
531
532 unset($object->fk_statut);
533 unset($object->statut);
534 unset($object->user);
535 unset($object->thirdparty);
536
537 unset($object->cond_reglement);
538 unset($object->shipping_method_id);
539
540 unset($object->barcode_type);
541 unset($object->barcode_type_code);
542 unset($object->barcode_type_label);
543 unset($object->barcode_type_coder);
544
545 unset($object->code_paiement);
546 unset($object->code_statut);
547 unset($object->fk_c_paiement);
548 unset($object->fk_incoterms);
549 unset($object->label_incoterms);
550 unset($object->location_incoterms);
551 unset($object->mode_reglement_id);
552 unset($object->cond_reglement_id);
553
554 unset($object->name);
555 unset($object->lastname);
556 unset($object->firstname);
557 unset($object->civility_id);
558 unset($object->cond_reglement_id);
559 unset($object->contact);
560 unset($object->contact_id);
561
562 unset($object->state);
563 unset($object->state_id);
564 unset($object->state_code);
565 unset($object->country);
566 unset($object->country_id);
567 unset($object->country_code);
568
569 unset($object->note); // We already use note_public and note_pricate
570
571 return $object;
572 }
573
581 private function _validate($data)
582 {
583 $expensereport = array();
584 foreach (ExpenseReports::$FIELDS as $field) {
585 if (!isset($data[$field])) {
586 throw new RestException(400, "$field field missing");
587 }
588 $expensereport[$field] = $data[$field];
589 }
590 return $expensereport;
591 }
592}
Class for API REST v1.
Definition api.class.php:31
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
Class to manage Trips and Expenses.
_cleanObjectDatas($object)
Validate an Expense Report.
_validate($data)
Validate fields before create or update object.
put($id, $request_data=null)
Get lines of an Expense Report.
post($request_data=null)
Create Expense Report object.
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $user_ids=0, $sqlfilters='', $properties='')
List Expense Reports.
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria