dolibarr 20.0.5
api_expensereports.class.php
1<?php
2/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3 * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4 * Copyright (C) 2020-2024 Frédéric France <frederic.france@free.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20use Luracast\Restler\RestException;
21
22require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
23require_once DOL_DOCUMENT_ROOT.'/expensereport/class/paymentexpensereport.class.php';
24
25
32class ExpenseReports extends DolibarrApi
33{
37 public static $FIELDS = array(
38 'fk_user_author'
39 );
40
44 public static $FIELDSPAYMENT = array(
45 "fk_typepayment",
46 'datepaid',
47 'amounts',
48 );
49
53 public $expensereport;
54
55
59 public function __construct()
60 {
61 global $db;
62
63 $this->db = $db;
64 $this->expensereport = new ExpenseReport($this->db);
65 }
66
77 public function get($id)
78 {
79 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'lire')) {
80 throw new RestException(403);
81 }
82
83 $result = $this->expensereport->fetch($id);
84 if (!$result) {
85 throw new RestException(404, 'Expense report not found');
86 }
87
88 if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
89 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
90 }
91
92 $this->expensereport->fetchObjectLinked();
93 return $this->_cleanObjectDatas($this->expensereport);
94 }
95
110 public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $user_ids = '', $sqlfilters = '', $properties = '')
111 {
112 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'lire')) {
113 throw new RestException(403);
114 }
115
116 $obj_ret = array();
117
118 // case of external user, $societe param is ignored and replaced by user's socid
119 //$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $societe;
120
121 $sql = "SELECT t.rowid";
122 $sql .= " FROM ".MAIN_DB_PREFIX."expensereport AS t LEFT JOIN ".MAIN_DB_PREFIX."expensereport_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
123 $sql .= ' WHERE t.entity IN ('.getEntity('expensereport').')';
124 if ($user_ids) {
125 $sql .= " AND t.fk_user_author IN (".$this->db->sanitize($user_ids).")";
126 }
127
128 // Add sql filters
129 if ($sqlfilters) {
130 $errormessage = '';
131 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
132 if ($errormessage) {
133 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
134 }
135 }
136
137 $sql .= $this->db->order($sortfield, $sortorder);
138 if ($limit) {
139 if ($page < 0) {
140 $page = 0;
141 }
142 $offset = $limit * $page;
143
144 $sql .= $this->db->plimit($limit + 1, $offset);
145 }
146
147 $result = $this->db->query($sql);
148
149 if ($result) {
150 $num = $this->db->num_rows($result);
151 $min = min($num, ($limit <= 0 ? $num : $limit));
152 $i = 0;
153 while ($i < $min) {
154 $obj = $this->db->fetch_object($result);
155 $expensereport_static = new ExpenseReport($this->db);
156 if ($expensereport_static->fetch($obj->rowid)) {
157 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($expensereport_static), $properties);
158 }
159 $i++;
160 }
161 } else {
162 throw new RestException(503, 'Error when retrieve Expense Report list : '.$this->db->lasterror());
163 }
164
165 return $obj_ret;
166 }
167
174 public function post($request_data = null)
175 {
176 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
177 throw new RestException(403, "Insuffisant rights");
178 }
179
180 // Check mandatory fields
181 $result = $this->_validate($request_data);
182
183 foreach ($request_data as $field => $value) {
184 if ($field === 'caller') {
185 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
186 $this->expensereport->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
187 continue;
188 }
189
190 $this->expensereport->$field = $this->_checkValForAPI($field, $value, $this->expensereport);
191 }
192 /*if (isset($request_data["lines"])) {
193 $lines = array();
194 foreach ($request_data["lines"] as $line) {
195 array_push($lines, (object) $line);
196 }
197 $this->expensereport->lines = $lines;
198 }*/
199 if ($this->expensereport->create(DolibarrApiAccess::$user) < 0) {
200 throw new RestException(500, "Error creating expensereport", array_merge(array($this->expensereport->error), $this->expensereport->errors));
201 }
202
203 return $this->expensereport->id;
204 }
205
215 /*
216 public function getLines($id)
217 {
218 if(! DolibarrApiAccess::$user->hasRight('expensereport', 'lire')) {
219 throw new RestException(403);
220 }
221
222 $result = $this->expensereport->fetch($id);
223 if( ! $result ) {
224 throw new RestException(404, 'expensereport not found');
225 }
226
227 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
228 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
229 }
230 $this->expensereport->getLinesArray();
231 $result = array();
232 foreach ($this->expensereport->lines as $line) {
233 array_push($result,$this->_cleanObjectDatas($line));
234 }
235 return $result;
236 }
237 */
238
249 /*
250 public function postLine($id, $request_data = null)
251 {
252 if(! DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
253 throw new RestException(403);
254 }
255
256 $result = $this->expensereport->fetch($id);
257 if( ! $result ) {
258 throw new RestException(404, 'expensereport not found');
259 }
260
261 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
262 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
263 }
264
265 $request_data = (object) $request_data;
266
267 $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
268 $request_data->label = sanitizeVal($request_data->label);
269
270 $updateRes = $this->expensereport->addline(
271 $request_data->desc,
272 $request_data->subprice,
273 $request_data->qty,
274 $request_data->tva_tx,
275 $request_data->localtax1_tx,
276 $request_data->localtax2_tx,
277 $request_data->fk_product,
278 $request_data->remise_percent,
279 $request_data->info_bits,
280 $request_data->fk_remise_except,
281 'HT',
282 0,
283 $request_data->date_start,
284 $request_data->date_end,
285 $request_data->product_type,
286 $request_data->rang,
287 $request_data->special_code,
288 $fk_parent_line,
289 $request_data->fk_fournprice,
290 $request_data->pa_ht,
291 $request_data->label,
292 $request_data->array_options,
293 $request_data->fk_unit,
294 $this->element,
295 $request_data->id
296 );
297
298 if ($updateRes > 0) {
299 return $updateRes;
300
301 }
302 return false;
303 }
304 */
305
317 /*
318 public function putLine($id, $lineid, $request_data = null)
319 {
320 if(! DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
321 throw new RestException(403);
322 }
323
324 $result = $this->expensereport->fetch($id);
325 if( ! $result ) {
326 throw new RestException(404, 'expensereport not found');
327 }
328
329 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
330 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
331 }
332
333 $request_data = (object) $request_data;
334
335 $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
336 $request_data->label = sanitizeVal($request_data->label);
337
338 $updateRes = $this->expensereport->updateline(
339 $lineid,
340 $request_data->desc,
341 $request_data->subprice,
342 $request_data->qty,
343 $request_data->remise_percent,
344 $request_data->tva_tx,
345 $request_data->localtax1_tx,
346 $request_data->localtax2_tx,
347 'HT',
348 $request_data->info_bits,
349 $request_data->date_start,
350 $request_data->date_end,
351 $request_data->product_type,
352 $request_data->fk_parent_line,
353 0,
354 $request_data->fk_fournprice,
355 $request_data->pa_ht,
356 $request_data->label,
357 $request_data->special_code,
358 $request_data->array_options,
359 $request_data->fk_unit
360 );
361
362 if ($updateRes > 0) {
363 $result = $this->get($id);
364 unset($result->line);
365 return $this->_cleanObjectDatas($result);
366 }
367 return false;
368 }
369 */
370
381 /*
382 public function deleteLine($id, $lineid)
383 {
384 if(! DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
385 throw new RestException(403);
386 }
387
388 $result = $this->expensereport->fetch($id);
389 if( ! $result ) {
390 throw new RestException(404, 'expensereport not found');
391 }
392
393 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
394 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
395 }
396
397 // TODO Check the lineid $lineid is a line of object
398
399 $updateRes = $this->expensereport->deleteLine($lineid);
400 if ($updateRes == 1) {
401 return $this->get($id);
402 }
403 return false;
404 }
405 */
406
418 public function put($id, $request_data = null)
419 {
420 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
421 throw new RestException(403);
422 }
423
424 $result = $this->expensereport->fetch($id);
425 if (!$result) {
426 throw new RestException(404, 'expensereport not found');
427 }
428
429 if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
430 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
431 }
432 foreach ($request_data as $field => $value) {
433 if ($field == 'id') {
434 continue;
435 }
436 if ($field === 'caller') {
437 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
438 $this->expensereport->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
439 continue;
440 }
441
442 if ($field == 'array_options' && is_array($value)) {
443 foreach ($value as $index => $val) {
444 $this->expensereport->array_options[$index] = $this->_checkValForAPI($field, $val, $this->expensereport);
445 }
446 continue;
447 }
448
449 $this->expensereport->$field = $this->_checkValForAPI($field, $value, $this->expensereport);
450 }
451
452 if ($this->expensereport->update(DolibarrApiAccess::$user) > 0) {
453 return $this->get($id);
454 } else {
455 throw new RestException(500, $this->expensereport->error);
456 }
457 }
458
466 public function delete($id)
467 {
468 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'supprimer')) {
469 throw new RestException(403);
470 }
471
472 $result = $this->expensereport->fetch($id);
473 if (!$result) {
474 throw new RestException(404, 'Expense Report not found');
475 }
476
477 if (!DolibarrApi::_checkAccessToResource('expensereport', $this->expensereport->id)) {
478 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
479 }
480
481 if (!$this->expensereport->delete(DolibarrApiAccess::$user)) {
482 throw new RestException(500, 'Error when delete Expense Report : '.$this->expensereport->error);
483 }
484
485 return array(
486 'success' => array(
487 'code' => 200,
488 'message' => 'Expense Report deleted'
489 )
490 );
491 }
492
508 /*
509 public function validate($id, $idwarehouse=0)
510 {
511 if(! DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
512 throw new RestException(403);
513 }
514
515 $result = $this->expensereport->fetch($id);
516 if( ! $result ) {
517 throw new RestException(404, 'expensereport not found');
518 }
519
520 if( ! DolibarrApi::_checkAccessToResource('expensereport',$this->expensereport->id)) {
521 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
522 }
523
524 if( ! $this->expensereport->valid(DolibarrApiAccess::$user, $idwarehouse)) {
525 throw new RestException(500, 'Error when validate expensereport');
526 }
527
528 return array(
529 'success' => array(
530 'code' => 200,
531 'message' => 'expensereport validated'
532 )
533 );
534 }*/
535
536
537
551 public function getAllPayments($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0)
552 {
553 $list = array();
554
555 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'lire')) {
556 throw new RestException(403);
557 }
558
559 $sql = "SELECT t.rowid FROM " . MAIN_DB_PREFIX . "payment_expensereport as t, ".MAIN_DB_PREFIX."expensereport as e";
560 $sql .= " WHERE e.rowid = t.fk_expensereport";
561 $sql .= ' AND e.entity IN ('.getEntity('expensereport').')';
562
563 $sql .= $this->db->order($sortfield, $sortorder);
564 if ($limit) {
565 if ($page < 0) {
566 $page = 0;
567 }
568 $offset = $limit * $page;
569
570 $sql .= $this->db->plimit($limit + 1, $offset);
571 }
572
573 dol_syslog("API Rest request");
574 $result = $this->db->query($sql);
575
576 if ($result) {
577 $num = $this->db->num_rows($result);
578 $min = min($num, ($limit <= 0 ? $num : $limit));
579 for ($i = 0; $i < $min; $i++) {
580 $obj = $this->db->fetch_object($result);
581 $paymentExpenseReport = new PaymentExpenseReport($this->db);
582 if ($paymentExpenseReport->fetch($obj->rowid) > 0) {
583 $list[] = $this->_cleanObjectDatas($paymentExpenseReport);
584 }
585 }
586 } else {
587 throw new RestException(503, 'Error when retrieving list of paymentexpensereport: ' . $this->db->lasterror());
588 }
589
590 return $list;
591 }
592
603 public function getPayments($pid)
604 {
605 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'lire')) {
606 throw new RestException(403);
607 }
608
609 $paymentExpenseReport = new PaymentExpenseReport($this->db);
610 $result = $paymentExpenseReport->fetch($pid);
611 if (!$result) {
612 throw new RestException(404, 'paymentExpenseReport not found');
613 }
614
615 return $this->_cleanObjectDatas($paymentExpenseReport);
616 }
617
627 public function addPayment($id, $request_data = null)
628 {
629 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
630 throw new RestException(403);
631 }
632 // Check mandatory fields
633 $result = $this->_validatepayment($request_data);
634
635 $paymentExpenseReport = new PaymentExpenseReport($this->db);
636 $paymentExpenseReport->fk_expensereport = $id;
637 foreach ($request_data as $field => $value) {
638 $paymentExpenseReport->$field = $this->_checkValForAPI($field, $value, $paymentExpenseReport);
639 }
640
641 if ($paymentExpenseReport->create(DolibarrApiAccess::$user) < 0) {
642 throw new RestException(500, 'Error creating paymentExpenseReport', array_merge(array($paymentExpenseReport->error), $paymentExpenseReport->errors));
643 }
644 if (isModEnabled("bank")) {
645 $paymentExpenseReport->addPaymentToBank(
646 DolibarrApiAccess::$user,
647 'payment_expensereport',
648 '(ExpenseReportPayment)',
649 (int) $request_data['accountid'],
650 '',
651 ''
652 );
653 }
654
655 return $paymentExpenseReport->id;
656 }
657
667 public function updatePayment($id, $request_data = null)
668 {
669 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'creer')) {
670 throw new RestException(403);
671 }
672
673 $paymentExpenseReport = new PaymentExpenseReport($this->db);
674 $result = $paymentExpenseReport->fetch($id);
675 if (!$result) {
676 throw new RestException(404, 'payment of expense report not found');
677 }
678
679 foreach ($request_data as $field => $value) {
680 if ($field == 'id') {
681 continue;
682 }
683 $paymentExpenseReport->$field = $this->_checkValForAPI($field, $value, $paymentExpenseReport);
684 }
685
686 if ($paymentExpenseReport->update(DolibarrApiAccess::$user) > 0) {
687 return $this->get($id);
688 } else {
689 throw new RestException(500, $paymentExpenseReport->error);
690 }
691 }
692
701 /*public function delete($id)
702 {
703 if (!DolibarrApiAccess::$user->hasRight('expensereport', 'creer') {
704 throw new RestException(403);
705 }
706 $paymentExpenseReport = new PaymentExpenseReport($this->db);
707 $result = $paymentExpenseReport->fetch($id);
708 if (!$result) {
709 throw new RestException(404, 'paymentExpenseReport not found');
710 }
711
712 if ($paymentExpenseReport->delete(DolibarrApiAccess::$user) < 0) {
713 throw new RestException(403, 'error when deleting paymentExpenseReport');
714 }
715
716 return array(
717 'success' => array(
718 'code' => 200,
719 'message' => 'paymentExpenseReport deleted'
720 )
721 );
722 }*/
723
724
725
726 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
733 protected function _cleanObjectDatas($object)
734 {
735 // phpcs:enable
736 $object = parent::_cleanObjectDatas($object);
737
738 unset($object->fk_statut);
739 unset($object->statut);
740 unset($object->user);
741 unset($object->thirdparty);
742
743 unset($object->cond_reglement);
744 unset($object->shipping_method_id);
745
746 unset($object->barcode_type);
747 unset($object->barcode_type_code);
748 unset($object->barcode_type_label);
749 unset($object->barcode_type_coder);
750
751 unset($object->code_paiement);
752 unset($object->code_statut);
753 unset($object->fk_c_paiement);
754 unset($object->fk_incoterms);
755 unset($object->label_incoterms);
756 unset($object->location_incoterms);
757 unset($object->mode_reglement_id);
758 unset($object->cond_reglement_id);
759
760 unset($object->name);
761 unset($object->lastname);
762 unset($object->firstname);
763 unset($object->civility_id);
764 unset($object->cond_reglement_id);
765 unset($object->contact);
766 unset($object->contact_id);
767
768 unset($object->state);
769 unset($object->state_id);
770 unset($object->state_code);
771 unset($object->country);
772 unset($object->country_id);
773 unset($object->country_code);
774
775 unset($object->note); // We already use note_public and note_pricate
776
777 return $object;
778 }
779
787 private function _validate($data)
788 {
789 $expensereport = array();
790 foreach (ExpenseReports::$FIELDS as $field) {
791 if (!isset($data[$field])) {
792 throw new RestException(400, "$field field missing");
793 }
794 $expensereport[$field] = $data[$field];
795 }
796 return $expensereport;
797 }
798
806 private function _validatepayment($data)
807 {
808 $expensereport = array();
809 foreach (ExpenseReports::$FIELDSPAYMENT as $field) {
810 if (!isset($data[$field])) {
811 throw new RestException(400, "$field field missing");
812 }
813 $expensereport[$field] = $data[$field];
814 }
815 return $expensereport;
816 }
817}
$object
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
DolibarrApi
Class for API REST v1.
Definition api.class.php:30
DolibarrApi\_filterObjectProperties
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
Definition api.class.php:136
DolibarrApi\_checkAccessToResource
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
Definition api.class.php:369
DolibarrApi\_checkValForAPI
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:82
ExpenseReport
Class to manage Trips and Expenses.
Definition expensereport.class.php:40
ExpenseReports\getPayments
getPayments($pid)
Get a given payment.
Definition api_expensereports.class.php:603
ExpenseReports\_cleanObjectDatas
_cleanObjectDatas($object)
Delete paymentExpenseReport.
Definition api_expensereports.class.php:733
ExpenseReports\index
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $user_ids='', $sqlfilters='', $properties='')
List Expense Reports.
Definition api_expensereports.class.php:110
ExpenseReports\_validate
_validate($data)
Validate fields before create or update object.
Definition api_expensereports.class.php:787
ExpenseReports\updatePayment
updatePayment($id, $request_data=null)
Update a payment of ExpenseReport.
Definition api_expensereports.class.php:667
ExpenseReports\put
put($id, $request_data=null)
Get lines of an Expense Report.
Definition api_expensereports.class.php:418
ExpenseReports\addPayment
addPayment($id, $request_data=null)
Create payment of ExpenseReport.
Definition api_expensereports.class.php:627
ExpenseReports\getAllPayments
getAllPayments($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0)
Validate an Expense Report.
Definition api_expensereports.class.php:551
ExpenseReports\post
post($request_data=null)
Create Expense Report object.
Definition api_expensereports.class.php:174
ExpenseReports\_validatepayment
_validatepayment($data)
Validate fields before create or update object.
Definition api_expensereports.class.php:806
PaymentExpenseReport
Class to manage payments of expense report.
Definition paymentexpensereport.class.php:34
forgeSQLFromUniversalSearchCriteria
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria
Definition functions.lib.php:13462
sanitizeVal
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.
Definition functions.lib.php:1130
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2160
Generated on Wed Mar 5 2025 01:00:23 for dolibarr by Doxygen 1.11.0