dolibarr 20.0.0
api_members.class.php
1<?php
2/* Copyright (C) 2016 Xebax Christy <xebax@wanadoo.fr>
3 * Copyright (C) 2017 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2020 Thibault FOUCART<support@ptibogxiv.net>
5 * Copyright (C) 2020 Frédéric France <frederic.france@netlogic.fr>
6 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21
22use Luracast\Restler\RestException;
23
24require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
25require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
26require_once DOL_DOCUMENT_ROOT.'/adherents/class/subscription.class.php';
27require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
28require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
29
30
37class Members extends DolibarrApi
38{
42 public static $FIELDS = array(
43 'morphy',
44 'typeid'
45 );
46
50 public function __construct()
51 {
52 global $db;
53 $this->db = $db;
54 }
55
67 public function get($id)
68 {
69 if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
70 throw new RestException(403);
71 }
72
73 $member = new Adherent($this->db);
74 if ($id == 0) {
75 $result = $member->initAsSpecimen();
76 } else {
77 $result = $member->fetch($id);
78 }
79 if (!$result) {
80 throw new RestException(404, 'member not found');
81 }
82
83 if (!DolibarrApi::_checkAccessToResource('adherent', $member->id) && $id > 0) {
84 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
85 }
86
87 return $this->_cleanObjectDatas($member);
88 }
89
104 public function getByThirdparty($thirdparty)
105 {
106 if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
107 throw new RestException(403);
108 }
109
110 $member = new Adherent($this->db);
111 $result = $member->fetch('', '', $thirdparty);
112 if (!$result) {
113 throw new RestException(404, 'member not found');
114 }
115
116 if (!DolibarrApi::_checkAccessToResource('adherent', $member->id)) {
117 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
118 }
119
120 return $this->_cleanObjectDatas($member);
121 }
122
137 public function getByThirdpartyEmail($email)
138 {
139 if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
140 throw new RestException(403);
141 }
142
143 $thirdparty = new Societe($this->db);
144 $result = $thirdparty->fetch('', '', '', '', '', '', '', '', '', '', $email);
145 if (!$result) {
146 throw new RestException(404, 'thirdparty not found');
147 }
148
149 $member = new Adherent($this->db);
150 $result = $member->fetch('', '', $thirdparty->id);
151 if (!$result) {
152 throw new RestException(404, 'member not found');
153 }
154
155 if (!DolibarrApi::_checkAccessToResource('adherent', $member->id)) {
156 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
157 }
158
159 return $this->_cleanObjectDatas($member);
160 }
161
176 public function getByThirdpartyBarcode($barcode)
177 {
178 if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
179 throw new RestException(403);
180 }
181
182 $thirdparty = new Societe($this->db);
183 $result = $thirdparty->fetch('', '', '', $barcode);
184 if (!$result) {
185 throw new RestException(404, 'thirdparty not found');
186 }
187
188 $member = new Adherent($this->db);
189 $result = $member->fetch('', '', $thirdparty->id);
190 if (!$result) {
191 throw new RestException(404, 'member not found');
192 }
193
194 if (!DolibarrApi::_checkAccessToResource('adherent', $member->id)) {
195 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
196 }
197
198 return $this->_cleanObjectDatas($member);
199 }
200
222 public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $typeid = '', $category = 0, $sqlfilters = '', $properties = '')
223 {
224 $obj_ret = array();
225
226 if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
227 throw new RestException(403);
228 }
229
230 $sql = "SELECT t.rowid";
231 $sql .= " FROM ".MAIN_DB_PREFIX."adherent AS t LEFT JOIN ".MAIN_DB_PREFIX."adherent_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call
232 if ($category > 0) {
233 $sql .= ", ".MAIN_DB_PREFIX."categorie_member as c";
234 }
235 $sql .= ' WHERE t.entity IN ('.getEntity('adherent').')';
236 if (!empty($typeid)) {
237 $sql .= ' AND t.fk_adherent_type='.((int) $typeid);
238 }
239 // Select members of given category
240 if ($category > 0) {
241 $sql .= " AND c.fk_categorie = ".((int) $category);
242 $sql .= " AND c.fk_member = t.rowid";
243 }
244 // Add sql filters
245 if ($sqlfilters) {
246 $errormessage = '';
247 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
248 if ($errormessage) {
249 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
250 }
251 }
252
253 $sql .= $this->db->order($sortfield, $sortorder);
254 if ($limit) {
255 if ($page < 0) {
256 $page = 0;
257 }
258 $offset = $limit * $page;
259
260 $sql .= $this->db->plimit($limit + 1, $offset);
261 }
262
263 $result = $this->db->query($sql);
264 if ($result) {
265 $i = 0;
266 $num = $this->db->num_rows($result);
267 $min = min($num, ($limit <= 0 ? $num : $limit));
268 while ($i < $min) {
269 $obj = $this->db->fetch_object($result);
270 $member = new Adherent($this->db);
271 if ($member->fetch($obj->rowid)) {
272 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($member), $properties);
273 }
274 $i++;
275 }
276 } else {
277 throw new RestException(503, 'Error when retrieve member list : '.$this->db->lasterror());
278 }
279
280 return $obj_ret;
281 }
282
292 public function post($request_data = null)
293 {
294 if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) {
295 throw new RestException(403);
296 }
297 // Check mandatory fields
298 $result = $this->_validate($request_data);
299
300 $member = new Adherent($this->db);
301 foreach ($request_data as $field => $value) {
302 if ($field === 'caller') {
303 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
304 $member->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
305 continue;
306 }
307
308 $member->$field = $this->_checkValForAPI($field, $value, $member);
309 }
310 if ($member->create(DolibarrApiAccess::$user) < 0) {
311 throw new RestException(500, 'Error creating member', array_merge(array($member->error), $member->errors));
312 }
313 return $member->id;
314 }
315
327 public function put($id, $request_data = null)
328 {
329 if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) {
330 throw new RestException(403);
331 }
332
333 $member = new Adherent($this->db);
334 $result = $member->fetch($id);
335 if (!$result) {
336 throw new RestException(404, 'member not found');
337 }
338
339 if (!DolibarrApi::_checkAccessToResource('member', $member->id)) {
340 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
341 }
342
343 foreach ($request_data as $field => $value) {
344 if ($field == 'id') {
345 continue;
346 }
347 if ($field === 'caller') {
348 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
349 $member->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
350 continue;
351 }
352 if ($field == 'array_options' && is_array($value)) {
353 foreach ($value as $index => $val) {
354 $member->array_options[$index] = $val;
355 }
356 continue;
357 }
358 // Process the status separately because it must be updated using
359 // the validate(), resiliate() and exclude() methods of the class Adherent.
360 if ($field == 'statut') {
361 if ($value == '0') {
362 $result = $member->resiliate(DolibarrApiAccess::$user);
363 if ($result < 0) {
364 throw new RestException(500, 'Error when resiliating member: '.$member->error);
365 }
366 } elseif ($value == '1') {
367 $result = $member->validate(DolibarrApiAccess::$user);
368 if ($result < 0) {
369 throw new RestException(500, 'Error when validating member: '.$member->error);
370 }
371 } elseif ($value == '-2') {
372 $result = $member->exclude(DolibarrApiAccess::$user);
373 if ($result < 0) {
374 throw new RestException(500, 'Error when excluding member: '.$member->error);
375 }
376 }
377 } else {
378 $member->$field = $this->_checkValForAPI($field, $value, $member);
379 }
380 }
381
382 // If there is no error, update() returns the number of affected rows
383 // so if the update is a no op, the return value is zero.
384 if ($member->update(DolibarrApiAccess::$user) >= 0) {
385 return $this->get($id);
386 } else {
387 throw new RestException(500, 'Error when updating member: '.$member->error);
388 }
389 }
390
401 public function delete($id)
402 {
403 if (!DolibarrApiAccess::$user->hasRight('adherent', 'supprimer')) {
404 throw new RestException(403);
405 }
406 $member = new Adherent($this->db);
407 $result = $member->fetch($id);
408 if (!$result) {
409 throw new RestException(404, 'member not found');
410 }
411
412 if (!DolibarrApi::_checkAccessToResource('member', $member->id)) {
413 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
414 }
415
416
417 $res = $member->delete(DolibarrApiAccess::$user);
418 if ($res < 0) {
419 throw new RestException(500, "Can't delete, error occurs");
420 }
421
422 return array(
423 'success' => array(
424 'code' => 200,
425 'message' => 'Member deleted'
426 )
427 );
428 }
429
438 private function _validate($data)
439 {
440 $member = array();
441
442 $mandatoryfields = array(
443 'morphy',
444 'typeid'
445 );
446 foreach ($mandatoryfields as $field) {
447 if (!isset($data[$field])) {
448 throw new RestException(400, "$field field missing");
449 }
450 $member[$field] = $data[$field];
451 }
452 return $member;
453 }
454
455 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
462 protected function _cleanObjectDatas($object)
463 {
464 // phpcs:enable
465 $object = parent::_cleanObjectDatas($object);
466
467 // Remove the subscriptions because they are handled as a subresource.
468 if ($object instanceof Adherent) {
469 unset($object->subscriptions);
470 unset($object->fk_incoterms);
471 unset($object->label_incoterms);
472 unset($object->location_incoterms);
473 unset($object->fk_delivery_address);
474 unset($object->shipping_method_id);
475
476 unset($object->total_ht);
477 unset($object->total_ttc);
478 unset($object->total_tva);
479 unset($object->total_localtax1);
480 unset($object->total_localtax2);
481 }
482
483 if ($object instanceof AdherentType) {
484 unset($object->linkedObjectsIds);
485 unset($object->context);
486 unset($object->canvas);
487 unset($object->fk_project);
488 unset($object->contact);
489 unset($object->contact_id);
490 unset($object->thirdparty);
491 unset($object->user);
492 unset($object->origin);
493 unset($object->origin_id);
494 unset($object->ref_ext);
495 unset($object->country);
496 unset($object->country_id);
497 unset($object->country_code);
498 unset($object->barcode_type);
499 unset($object->barcode_type_code);
500 unset($object->barcode_type_label);
501 unset($object->barcode_type_coder);
502 unset($object->mode_reglement_id);
503 unset($object->cond_reglement_id);
504 unset($object->cond_reglement);
505 unset($object->fk_delivery_address);
506 unset($object->shipping_method_id);
507 unset($object->model_pdf);
508 unset($object->fk_account);
509 unset($object->note_public);
510 unset($object->note_private);
511 unset($object->fk_incoterms);
512 unset($object->label_incoterms);
513 unset($object->location_incoterms);
514 unset($object->name);
515 unset($object->lastname);
516 unset($object->firstname);
517 unset($object->civility_id);
518 unset($object->total_ht);
519 unset($object->total_tva);
520 unset($object->total_localtax1);
521 unset($object->total_localtax2);
522 unset($object->total_ttc);
523 }
524
525 return $object;
526 }
527
541 public function getSubscriptions($id)
542 {
543 if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'lire')) {
544 throw new RestException(403);
545 }
546
547 $member = new Adherent($this->db);
548 $result = $member->fetch($id);
549 if (!$result) {
550 throw new RestException(404, 'member not found');
551 }
552
553 $obj_ret = array();
554 foreach ($member->subscriptions as $subscription) {
555 $obj_ret[] = $this->_cleanObjectDatas($subscription);
556 }
557 return $obj_ret;
558 }
559
575 public function createSubscription($id, $start_date, $end_date, $amount, $label = '')
576 {
577 if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'creer')) {
578 throw new RestException(403);
579 }
580
581 $member = new Adherent($this->db);
582 $result = $member->fetch($id);
583 if (!$result) {
584 throw new RestException(404, 'member not found');
585 }
586
587 return $member->subscription($start_date, $amount, 0, '', $label, '', '', '', $end_date);
588 }
589
607 public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
608 {
609 if (!DolibarrApiAccess::$user->hasRight('categorie', 'lire')) {
610 throw new RestException(403);
611 }
612
613 $categories = new Categorie($this->db);
614
615 $result = $categories->getListForItem($id, 'member', $sortfield, $sortorder, $limit, $page);
616
617 if ($result < 0) {
618 throw new RestException(503, 'Error when retrieve category list : '.$categories->error);
619 }
620
621 return $result;
622 }
623
624
625
626
640 public function getType($id)
641 {
642 if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
643 throw new RestException(403);
644 }
645
646 $membertype = new AdherentType($this->db);
647 $result = $membertype->fetch($id);
648 if (!$result) {
649 throw new RestException(404, 'member type not found');
650 }
651
652 if (!DolibarrApi::_checkAccessToResource('member', $membertype->id, 'adherent_type')) {
653 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
654 }
655
656 return $this->_cleanObjectDatas($membertype);
657 }
658
678 public function indexType($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '')
679 {
680 $obj_ret = array();
681
682 if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
683 throw new RestException(403);
684 }
685
686 $sql = "SELECT t.rowid";
687 $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type AS t LEFT JOIN ".MAIN_DB_PREFIX."adherent_type_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
688 $sql .= ' WHERE t.entity IN ('.getEntity('member_type').')';
689
690 // Add sql filters
691 if ($sqlfilters) {
692 $errormessage = '';
693 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
694 if ($errormessage) {
695 throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
696 }
697 }
698
699 $sql .= $this->db->order($sortfield, $sortorder);
700 if ($limit) {
701 if ($page < 0) {
702 $page = 0;
703 }
704 $offset = $limit * $page;
705
706 $sql .= $this->db->plimit($limit + 1, $offset);
707 }
708
709 $result = $this->db->query($sql);
710 if ($result) {
711 $i = 0;
712 $num = $this->db->num_rows($result);
713 $min = min($num, ($limit <= 0 ? $num : $limit));
714 while ($i < $min) {
715 $obj = $this->db->fetch_object($result);
716 $membertype = new AdherentType($this->db);
717 if ($membertype->fetch($obj->rowid)) {
718 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($membertype), $properties);
719 }
720 $i++;
721 }
722 } else {
723 throw new RestException(503, 'Error when retrieve member type list : '.$this->db->lasterror());
724 }
725
726 return $obj_ret;
727 }
728
740 public function postType($request_data = null)
741 {
742 if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) {
743 throw new RestException(403);
744 }
745 // Check mandatory fields
746 $result = $this->_validateType($request_data);
747
748 $membertype = new AdherentType($this->db);
749 foreach ($request_data as $field => $value) {
750 if ($field === 'caller') {
751 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
752 $membertype->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
753 continue;
754 }
755
756 $membertype->$field = $this->_checkValForAPI($field, $value, $membertype);
757 }
758 if ($membertype->create(DolibarrApiAccess::$user) < 0) {
759 throw new RestException(500, 'Error creating member type', array_merge(array($membertype->error), $membertype->errors));
760 }
761 return $membertype->id;
762 }
763
777 public function putType($id, $request_data = null)
778 {
779 if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) {
780 throw new RestException(403);
781 }
782
783 $membertype = new AdherentType($this->db);
784 $result = $membertype->fetch($id);
785 if (!$result) {
786 throw new RestException(404, 'member type not found');
787 }
788
789 if (!DolibarrApi::_checkAccessToResource('member', $membertype->id, 'adherent_type')) {
790 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
791 }
792
793 foreach ($request_data as $field => $value) {
794 if ($field == 'id') {
795 continue;
796 }
797 if ($field === 'caller') {
798 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
799 $membertype->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
800 continue;
801 }
802 if ($field == 'array_options' && is_array($value)) {
803 foreach ($value as $index => $val) {
804 $membertype->array_options[$index] = $val;
805 }
806 continue;
807 }
808 // Process the status separately because it must be updated using
809 // the validate(), resiliate() and exclude() methods of the class AdherentType.
810 $membertype->$field = $this->_checkValForAPI($field, $value, $membertype);
811 }
812
813 // If there is no error, update() returns the number of affected rows
814 // so if the update is a no op, the return value is zero.
815 if ($membertype->update(DolibarrApiAccess::$user) >= 0) {
816 return $this->get($id);
817 } else {
818 throw new RestException(500, 'Error when updating member type: '.$membertype->error);
819 }
820 }
821
834 public function deleteType($id)
835 {
836 if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) {
837 throw new RestException(403);
838 }
839 $membertype = new AdherentType($this->db);
840 $result = $membertype->fetch($id);
841 if ($result < 1) {
842 throw new RestException(404, 'member type not found');
843 }
844
845 if (!DolibarrApi::_checkAccessToResource('member', $membertype->id, 'adherent_type')) {
846 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
847 }
848
849 $res = $membertype->delete(DolibarrApiAccess::$user);
850 if ($res < 0) {
851 throw new RestException(500, "Can't delete, error occurs");
852 }
853
854 return array(
855 'success' => array(
856 'code' => 200,
857 'message' => 'Member type deleted'
858 )
859 );
860 }
861
870 private function _validateType($data)
871 {
872 $membertype = array();
873
874 $mandatoryfields = array('label');
875
876 foreach ($mandatoryfields as $field) {
877 if (!isset($data[$field])) {
878 throw new RestException(400, "$field field missing");
879 }
880 $membertype[$field] = $data[$field];
881 }
882 return $membertype;
883 }
884}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
Class to manage members of a foundation.
Class to manage members type.
Class to manage categories.
Class for API REST v1.
Definition api.class.php:30
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:82
put($id, $request_data=null)
Update member.
getType($id)
Get properties of a member type object.
createSubscription($id, $start_date, $end_date, $amount, $label='')
Add a subscription for a member.
_validate($data)
Validate fields before creating an object.
getByThirdparty($thirdparty)
Get properties of a member object by linked thirdparty.
getByThirdpartyBarcode($barcode)
Get properties of a member object by linked thirdparty barcode.
deleteType($id)
Delete member type.
__construct()
Constructor.
getCategories($id, $sortfield="s.rowid", $sortorder='ASC', $limit=0, $page=0)
Get categories for a member.
getByThirdpartyEmail($email)
Get properties of a member object by linked thirdparty email.
_cleanObjectDatas($object)
Clean sensible object datas.
_validateType($data)
Validate fields before creating an object.
putType($id, $request_data=null)
Update member type.
indexType($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $sqlfilters='', $properties='')
List members types.
getSubscriptions($id)
List subscriptions of a member.
post($request_data=null)
Create member object.
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $typeid='', $category=0, $sqlfilters='', $properties='')
List members.
postType($request_data=null)
Create member type object.
Class to manage third parties objects (customers, suppliers, prospects...)
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.