dolibarr 20.0.2
api_donations.class.php
1<?php
2/* Copyright (C) 2019 Thibault FOUCART <support@ptibogxiv.net>
3 * Copyright (C) 2019 Laurent Destailleur <eldy@users.sourceforge.net>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 */
18
19use Luracast\Restler\RestException;
20
21require_once DOL_DOCUMENT_ROOT.'/don/class/don.class.php';
22
30{
34 public static $FIELDS = array(
35 'amount'
36 );
37
41 public $don;
42
46 public function __construct()
47 {
48 global $db, $conf;
49 $this->db = $db;
50 $this->don = new Don($this->db);
51 }
52
63 public function get($id)
64 {
65 if (!DolibarrApiAccess::$user->hasRight('don', 'lire')) {
66 throw new RestException(403);
67 }
68
69 $result = $this->don->fetch($id);
70 if (!$result) {
71 throw new RestException(404, 'Donation not found');
72 }
73
74 if (!DolibarrApi::_checkAccessToResource('don', $this->don->id)) {
75 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
76 }
77
78 // Add external contacts ids
79 //$this->don->contacts_ids = $this->don->liste_contact(-1,'external',1);
80 //$this->don->fetchObjectLinked();
81 return $this->_cleanObjectDatas($this->don);
82 }
83
84
85
102 public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '')
103 {
104 if (!DolibarrApiAccess::$user->hasRight('don', 'lire')) {
105 throw new RestException(403);
106 }
107
108 $obj_ret = array();
109
110 // case of external user, $thirdparty_ids param is ignored and replaced by user's socid
111 $socids = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $thirdparty_ids;
112
113 $sql = "SELECT t.rowid";
114 if ((!DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socids)) {
115 $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
116 }
117 $sql .= " FROM ".MAIN_DB_PREFIX."don AS t LEFT JOIN ".MAIN_DB_PREFIX."don_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
118
119 $sql .= ' WHERE t.entity IN ('.getEntity('don').')';
120 if ((!DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socids)) {
121 $sql .= " AND t.fk_soc = sc.fk_soc";
122 }
123 if ($thirdparty_ids) {
124 $sql .= " AND t.fk_soc = ".((int) $thirdparty_ids)." ";
125 }
126
127 // Add sql filters
128 if ($sqlfilters) {
129 $errormessage = '';
130 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
131 if ($errormessage) {
132 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
133 }
134 }
135
136 $sql .= $this->db->order($sortfield, $sortorder);
137 if ($limit) {
138 if ($page < 0) {
139 $page = 0;
140 }
141 $offset = $limit * $page;
142
143 $sql .= $this->db->plimit($limit + 1, $offset);
144 }
145
146 dol_syslog("API Rest request");
147 $result = $this->db->query($sql);
148
149 if ($result) {
150 $num = $this->db->num_rows($result);
151 $min = min($num, ($limit <= 0 ? $num : $limit));
152 $i = 0;
153 while ($i < $min) {
154 $obj = $this->db->fetch_object($result);
155 $don_static = new Don($this->db);
156 if ($don_static->fetch($obj->rowid)) {
157 // Add external contacts ids
158 //$don_static->contacts_ids = $don_static->liste_contact(-1, 'external', 1);
159 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($don_static), $properties);
160 }
161 $i++;
162 }
163 } else {
164 throw new RestException(503, 'Error when retrieve donation list : '.$this->db->lasterror());
165 }
166
167 return $obj_ret;
168 }
169
176 public function post($request_data = null)
177 {
178 if (!DolibarrApiAccess::$user->hasRight('don', 'creer')) {
179 throw new RestException(403, "Insuffisant rights");
180 }
181
182 // Check mandatory fields
183 $result = $this->_validate($request_data);
184
185 foreach ($request_data as $field => $value) {
186 if ($field === 'caller') {
187 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
188 $this->don->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
189 continue;
190 }
191
192 $this->don->$field = $this->_checkValForAPI($field, $value, $this->don);
193 }
194 /*if (isset($request_data["lines"])) {
195 $lines = array();
196 foreach ($request_data["lines"] as $line) {
197 array_push($lines, (object) $line);
198 }
199 $this->don->lines = $lines;
200 }*/
201
202 if ($this->don->create(DolibarrApiAccess::$user) < 0) {
203 throw new RestException(500, "Error creating donation", array_merge(array($this->don->error), $this->don->errors));
204 }
205
206 return $this->don->id;
207 }
208
216 public function put($id, $request_data = null)
217 {
218 if (!DolibarrApiAccess::$user->hasRight('don', 'creer')) {
219 throw new RestException(403);
220 }
221
222 $result = $this->don->fetch($id);
223 if (!$result) {
224 throw new RestException(404, 'Donation not found');
225 }
226
227 if (!DolibarrApi::_checkAccessToResource('donation', $this->don->id)) {
228 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
229 }
230 foreach ($request_data as $field => $value) {
231 if ($field == 'id') {
232 continue;
233 }
234 if ($field === 'caller') {
235 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
236 $this->don->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
237 continue;
238 }
239
240 $this->don->$field = $this->_checkValForAPI($field, $value, $this->don);
241 }
242
243 if ($this->don->update(DolibarrApiAccess::$user) > 0) {
244 return $this->get($id);
245 } else {
246 throw new RestException(500, $this->don->error);
247 }
248 }
249
256 public function delete($id)
257 {
258 if (!DolibarrApiAccess::$user->hasRight('don', 'supprimer')) {
259 throw new RestException(403);
260 }
261
262 $result = $this->don->fetch($id);
263 if (!$result) {
264 throw new RestException(404, 'Donation not found');
265 }
266
267 if (!DolibarrApi::_checkAccessToResource('donation', $this->don->id)) {
268 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
269 }
270
271 if (!$this->don->delete(DolibarrApiAccess::$user)) {
272 throw new RestException(500, 'Error when delete donation : '.$this->don->error);
273 }
274
275 return array(
276 'success' => array(
277 'code' => 200,
278 'message' => 'Donation deleted'
279 )
280 );
281 }
282
305 public function validate($id, $idwarehouse = 0, $notrigger = 0)
306 {
307 if (!DolibarrApiAccess::$user->hasRight('don', 'creer')) {
308 throw new RestException(403);
309 }
310
311 $result = $this->don->fetch($id);
312 if (!$result) {
313 throw new RestException(404, 'Donation not found');
314 }
315
316 if (!DolibarrApi::_checkAccessToResource('don', $this->don->id)) {
317 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
318 }
319
320 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
321 $result = $this->don->valid_promesse($id, DolibarrApiAccess::$user->id, $notrigger);
322 if ($result == 0) {
323 throw new RestException(304, 'Error nothing done. May be object is already validated');
324 }
325 if ($result < 0) {
326 throw new RestException(500, 'Error when validating Order: '.$this->don->error);
327 }
328 $result = $this->don->fetch($id);
329 if (!$result) {
330 throw new RestException(404, 'Order not found');
331 }
332
333 if (!DolibarrApi::_checkAccessToResource('don', $this->don->id)) {
334 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
335 }
336
337 $this->don->fetchObjectLinked();
338
339 return $this->_cleanObjectDatas($this->don);
340 }
341
342 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
349 protected function _cleanObjectDatas($object)
350 {
351 // phpcs:enable
352 $object = parent::_cleanObjectDatas($object);
353
354 unset($object->note);
355 unset($object->address);
356 unset($object->barcode_type);
357 unset($object->barcode_type_code);
358 unset($object->barcode_type_label);
359 unset($object->barcode_type_coder);
360
361 return $object;
362 }
363
371 private function _validate($data)
372 {
373 $don = array();
374 foreach (Donations::$FIELDS as $field) {
375 if (!isset($data[$field])) {
376 throw new RestException(400, $field." field missing");
377 }
378 $don[$field] = $data[$field];
379 }
380 return $don;
381 }
382}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
Class for API REST v1.
Definition api.class.php:30
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:82
Class to manage donations.
Definition don.class.php:41
validate($id, $idwarehouse=0, $notrigger=0)
Validate an donation.
post($request_data=null)
Create donation object.
_cleanObjectDatas($object)
Clean sensible object datas.
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $thirdparty_ids='', $sqlfilters='', $properties='')
List donations.
put($id, $request_data=null)
Update order general fields (won't touch lines of order)
__construct()
Constructor.
_validate($data)
Validate fields before create or update object.
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.