dolibarr 22.0.5
saveinplace.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2011-2012 Regis Houssin <regis.houssin@inodbox.com>
3 * Copyright (C) 2024-2025 MDW <mdeweerd@users.noreply.github.com>
4 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
25if (!defined('NOTOKENRENEWAL')) {
26 define('NOTOKENRENEWAL', '1'); // Disables token renewal
27}
28if (!defined('NOREQUIREMENU')) {
29 define('NOREQUIREMENU', '1');
30}
31if (!defined('NOREQUIREAJAX')) {
32 define('NOREQUIREAJAX', '1');
33}
34if (!defined('NOREQUIRESOC')) {
35 define('NOREQUIRESOC', '1');
36}
37
38// Load Dolibarr environment
39require '../../main.inc.php';
40require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
41
50$field = GETPOST('field', 'alpha', 2);
51$element = GETPOST('element', 'alpha', 2);
52$table_element = GETPOST('table_element', 'alpha', 2);
53$fk_element = GETPOST('fk_element', 'alpha', 2);
54$id = $fk_element;
55
56/* Example:
57field:editval_ref_customer (8 first chars will removed to know name of property)
58element:contrat
59table_element:contrat
60fk_element:4
61type:string
62value:aaa
63loadmethod:
64savemethod:
65savemethodname:
66*/
67
68print 'field='.$field.' - element='.$element.' - table_element='.$table_element.' - id/fk_element='.$fk_element."\n";
69
70// Load object according to $id and $element
71$element_ref = '';
72if (is_numeric($fk_element)) {
73 $id = (int) $fk_element;
74} else {
75 $element_ref = $fk_element;
76 $id = 0;
77}
78$object = fetchObjectByElement($id, $element, $element_ref);
79if (! is_object($object)) {
80 httponly_accessforbidden('Not allowed, bad combination of parameters for fetchObjectByElement');
81}
82
83$module = $object->module;
84$element = $object->element;
85$usesublevelpermission = ($module != $element ? $element : '');
86if ($usesublevelpermission && !$user->hasRight($module, $element)) { // There is no permission on object defined, we will check permission on module directly
87 $usesublevelpermission = '';
88}
89print 'object->id='.$object->id.' - object->module='.$object->module.' - object->element='.$object->element.' - object->table_element='.$object->table_element.' - usesublevelpermission='.$usesublevelpermission."\n";
90
91// Security check
92$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1); // Call with mode return
93if (!$result) {
94 httponly_accessforbidden('Not allowed by restrictArea');
95}
96
97
98/*
99 * View
100 */
101
102top_httphead();
103
104//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
105//print_r($_POST);
106
107// Load original field value
108if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element)) {
109 $field = preg_replace('/^editval_/', '', $field); // remove prefix "editval_"
110
111 $type = GETPOST('type', 'alpha', 2); // type string by default
112
113 $value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2));
114
115 //$ext_element = GETPOST('ext_element', 'alpha', 2);
116 $ext_element = 'notused';
117
118 //$savemethod = GETPOST('savemethod', 'alpha', 2);
119 //$savemethodname = (!empty($savemethod) ? $savemethod : 'setValueFrom');
120 $savemethodname = 'setValueFrom';
121
122 $newelement = $element;
123 $subelement = null;
124
125 $format = 'text';
126 $return = array();
127 $error = 0;
128
129 $regs = array();
130 if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) {
131 $element = $regs[1];
132 $subelement = $regs[2];
133 }
134
135 if ($element == 'propal') {
136 $newelement = 'propale';
137 } elseif ($element == 'fichinter') {
138 $newelement = 'ficheinter';
139 } elseif ($element == 'product') {
140 $newelement = 'produit';
141 } elseif ($element == 'member') {
142 $newelement = 'adherent';
143 } elseif ($element == 'order_supplier') {
144 $newelement = 'fournisseur';
145 $subelement = 'commande';
146 } elseif ($element == 'invoice_supplier') {
147 $newelement = 'fournisseur';
148 $subelement = 'facture';
149 } else {
150 $newelement = $element;
151 }
152
153 $_POST['action'] = 'update'; // Keep this. It is a hack so restrictarea will test permissions on write too
154
155 $feature = $newelement;
156 $feature2 = $subelement;
157 $object_id = $fk_element;
158 if ($feature == 'expedition' || $feature == 'shipping') {
159 $feature = 'commande';
160 $object_id = 0;
161 }
162 if ($feature == 'shipping') {
163 $feature = 'commande';
164 }
165 if ($feature == 'payment') {
166 $feature = 'facture';
167 }
168 if ($feature == 'payment_supplier') {
169 $feature = 'fournisseur';
170 $feature2 = 'facture';
171 }
172 //var_dump(GETPOST('action','aZ09'));
173 //var_dump($newelement.'-'.$subelement."-".$feature."-".$object_id);
174 $check_access = restrictedArea($user, $feature, $object_id, '', (string) $feature2);
175 //var_dump($user->rights);
176
177 if ($check_access) {
178 // Clean parameters
179 $newvalue = trim($value);
180
181 if ($type == 'numeric') {
182 $newvalue = price2num($newvalue);
183
184 // Check parameters
185 if (!is_numeric($newvalue)) {
186 $error++;
187 $return['error'] = $langs->trans('ErrorBadValue');
188 }
189 } elseif ($type == 'datepicker') {
190 $timestamp = GETPOSTINT('timestamp', 2);
191 $format = 'date';
192 $newvalue = ($timestamp / 1000);
193 }
194
195 if (!$error) {
196 // Specific for add_object_linked()
197 // TODO add a function for variable treatment
198 $object->ext_fk_element = $newvalue;
199 $object->ext_element = $ext_element;
200 $object->fk_element = $fk_element;
201 $object->element = $element;
202
203 $ret = $object->setValueFrom($field, $newvalue, $object->table_element, (int) $fk_element, $format);
204 if ($ret > 0) {
205 if ($type == 'numeric') {
206 $value = price($newvalue);
207 } elseif ($type == 'textarea') {
208 $value = dol_nl2br($newvalue);
209 }
210
211 $return['value'] = $value;
212 } else {
213 $return['error'] = $object->error;
214 }
215 }
216
217 echo json_encode($return);
218 } else {
219 echo $langs->trans('NotEnoughPermissions');
220 }
221}
$id
$id
Support class for third parties, contacts, members, users or resources.
Definition account.php:48
$object
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:67
GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition functions.lib.php:1187
price2num
price2num($amount, $rounding='', $option=0)
Function that return a number with universal decimal format (decimal separator is '.
Definition functions.lib.php:7211
dol_nl2br
dol_nl2br($stringtoencode, $nl2brmode=0, $forxml=false)
Replace CRLF in string with a HTML BR tag.
Definition functions.lib.php:8763
price
price($amount, $form=0, $outlangs='', $trunc=1, $rounding=-1, $forcerounding=-1, $currency_code='')
Function to format a value into an amount for visual output Function used into PDF and HTML pages.
Definition functions.lib.php:7083
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:851
fetchObjectByElement
fetchObjectByElement($element_id, $element_type, $element_ref='', $useCache=0, $maxCacheByType=10)
Fetch an object from its id and element_type Inclusion of classes is automatic.
Definition functions.lib.php:14229
top_httphead
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition main.inc.php:1453
httponly_accessforbidden
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition security.lib.php:1287
restrictedArea
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
Definition security.lib.php:429
Generated on Sun Jun 7 2026 01:00:19 for dolibarr by Doxygen 1.11.0