dolibarr 23.0.3
api_contacts.class.php
1<?php
2/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3 * Copyright (C) 2019-2025 Frédéric France <frederic.france@free.fr>
4 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
5 * Copyright (C) 2025 William Mead <william@m34d.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
21use Luracast\Restler\RestException;
22
23//require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
24//require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
25require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
26
27
36class Contacts extends DolibarrApi
37{
42 public static $FIELDS = array(
43 'lastname',
44 );
45
49 public $contact;
50
54 public function __construct()
55 {
56 global $db, $conf;
57 $this->db = $db;
58
59 require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
60 require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
61
62 $this->contact = new Contact($this->db);
63 }
64
79 public function get($id, $includecount = 0, $includeroles = 0)
80 {
81 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'lire')) {
82 throw new RestException(403, 'No permission to read contacts');
83 }
84
85 if ($id === 0) {
86 $result = $this->contact->initAsSpecimen();
87 } else {
88 $result = $this->contact->fetch($id);
89 }
90
91 if (!$result) {
92 throw new RestException(404, 'Contact not found');
93 }
94
95 if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id, 'socpeople&societe')) {
96 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
97 }
98
99 if ($includecount) {
100 $this->contact->load_ref_elements();
101 }
102
103 if ($includeroles) {
104 $this->contact->fetchRoles();
105 }
106
107 if (isModEnabled('mailing')) {
108 $this->contact->getNoEmail();
109 }
110
111 return $this->_cleanObjectDatas($this->contact);
112 }
113
129 public function getByEmail($email, $includecount = 0, $includeroles = 0)
130 {
131 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'lire')) {
132 throw new RestException(403, 'No permission to read contacts');
133 }
134
135 if (empty($email)) {
136 $result = $this->contact->initAsSpecimen();
137 } else {
138 $result = $this->contact->fetch(0, null, '', $email);
139 }
140
141 if (!$result) {
142 throw new RestException(404, 'Contact not found');
143 }
144
145 if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id, 'socpeople&societe')) {
146 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
147 }
148
149 if ($includecount) {
150 $this->contact->load_ref_elements();
151 }
152
153 if ($includeroles) {
154 $this->contact->fetchRoles();
155 }
156
157 if (isModEnabled('mailing')) {
158 $this->contact->getNoEmail();
159 }
160
161 return $this->_cleanObjectDatas($this->contact);
162 }
163
186 public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $category = 0, $sqlfilters = '', $includecount = 0, $includeroles = 0, $properties = '', $pagination_data = false)
187 {
188 global $db, $conf;
189
190 $obj_ret = array();
191
192 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'lire')) {
193 throw new RestException(403, 'No permission to read contacts');
194 }
195
196 // case of external user, $thirdparty_ids param is ignored and replaced by user's socid
197 $socids = DolibarrApiAccess::$user->socid ?: $thirdparty_ids;
198
199 // If the internal user must only see his customers, force searching by him
200 $search_sale = 0;
201 if (!DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socids) {
202 $search_sale = DolibarrApiAccess::$user->id;
203 }
204
205 $sql = "SELECT t.rowid";
206 $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as t";
207 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as te ON te.fk_object = t.rowid";
208 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON t.fk_soc = s.rowid";
209 $sql .= ' WHERE t.entity IN ('.getEntity('contact').')';
210 if ($socids) {
211 $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
212 }
213 // Search on sale representative
214 if ($search_sale && $search_sale != '-1') {
215 if ($search_sale == -2) {
216 $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)";
217 } elseif ($search_sale > 0) {
218 $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
219 }
220 }
221 // Select contacts of given category
222 if ($category > 0) {
223 // Search Contact Categories
224 $searchCategoryContactList = $category ? array($category) : array();
225 // $searchCategoryContactOperator = 0;
226 // Search for tag/category ($searchCategoryContactList is an array of ID)
227 if (!empty($searchCategoryContactList)) {
228 $searchCategoryContactSqlList = array();
229 // $listofcategoryid = '';
230 foreach ($searchCategoryContactList as $searchCategoryContact) {
231 if (intval($searchCategoryContact) == -2) {
232 $searchCategoryContactSqlList[] = "NOT EXISTS (SELECT ck.fk_socpeople FROM ".MAIN_DB_PREFIX."categorie_contact as ck WHERE t.rowid = ck.fk_socpeople)";
233 } elseif (intval($searchCategoryContact) > 0) {
234 // if ($searchCategoryContactOperator == 0) {
235 $searchCategoryContactSqlList[] = " EXISTS (SELECT ck.fk_socpeople FROM ".MAIN_DB_PREFIX."categorie_contact as ck WHERE t.rowid = ck.fk_socpeople AND ck.fk_categorie = ".((int) $searchCategoryContact).")";
236 // } else {
237 // $listofcategoryid .= ($listofcategoryid ? ', ' : '') .((int) $searchCategoryContact);
238 // }
239 }
240 }
241 // if ($listofcategoryid) {
242 // $searchCategoryContactSqlList[] = " EXISTS (SELECT ck.fk_socpeople FROM ".MAIN_DB_PREFIX."categorie_contact as ck WHERE t.rowid = ck.fk_socpeople AND ck.fk_categorie IN (".$this->db->sanitize($listofcategoryid)."))";
243 // }
244 // if ($searchCategoryContactOperator == 1) {
245 // if (!empty($searchCategoryContactSqlList)) {
246 // $sql .= " AND (".implode(' OR ', $searchCategoryContactSqlList).")";
247 // }
248 // } else {
249 if (!empty($searchCategoryContactSqlList)) {
250 $sql .= " AND (".implode(' AND ', $searchCategoryContactSqlList).")";
251 }
252 // }
253 }
254 }
255
256 // Add sql filters
257 if ($sqlfilters) {
258 $errormessage = '';
259 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
260 if ($errormessage) {
261 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
262 }
263 }
264
265 //this query will return total orders with the filters given
266 $sqlTotals = str_replace('SELECT t.rowid', 'SELECT count(t.rowid) as total', $sql);
267
268 $sql .= $this->db->order($sortfield, $sortorder);
269
270 if ($limit) {
271 if ($page < 0) {
272 $page = 0;
273 }
274 $offset = $limit * $page;
275
276 $sql .= $this->db->plimit($limit + 1, $offset);
277 }
278 $result = $this->db->query($sql);
279 if ($result) {
280 $num = $this->db->num_rows($result);
281 $min = min($num, ($limit <= 0 ? $num : $limit));
282 $i = 0;
283 while ($i < $min) {
284 $obj = $this->db->fetch_object($result);
285 $contact_static = new Contact($this->db);
286 if ($contact_static->fetch($obj->rowid)) {
287 $contact_static->fetchRoles();
288 if ($includecount) {
289 $contact_static->load_ref_elements();
290 }
291 if ($includeroles) {
292 $contact_static->fetchRoles();
293 }
294 if (isModEnabled('mailing')) {
295 $contact_static->getNoEmail();
296 }
297
298 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($contact_static), $properties);
299 }
300
301 $i++;
302 }
303 } else {
304 throw new RestException(503, 'Error when retrieve contacts : '.$sql);
305 }
306
307 //if $pagination_data is true the response will contain element data with all values and element pagination with pagination data(total,page,limit)
308 if ($pagination_data) {
309 $totalsResult = $this->db->query($sqlTotals);
310 $total = $this->db->fetch_object($totalsResult)->total;
311
312 $tmp = $obj_ret;
313 $obj_ret = [];
314
315 $obj_ret['data'] = $tmp;
316 $obj_ret['pagination'] = [
317 'total' => (int) $total,
318 'page' => $page, //count starts from 0
319 'page_count' => ceil((int) $total / $limit),
320 'limit' => $limit
321 ];
322 }
323
324 return $obj_ret;
325 }
326
339 public function post($request_data = null)
340 {
341 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'creer')) {
342 throw new RestException(403, 'No permission to create/update contacts');
343 }
344 // Check mandatory fields
345 $result = $this->_validate($request_data);
346
347 // External api user does not know internal country ID
348 if (!isset($request_data['country_id']) && isset($request_data['country_code'])) {
349 $field = strlen($request_data['country_code']) > 2 ? 'code_iso' : 'code';
350 $id = dol_getIdFromCode($this->db, $request_data['country_code'], "c_country", $field, "rowid");
351 if ($id < 0) {
352 throw new RestException(404, 'Country code not found in database: ' . $this->db->error);
353 }
354 $request_data['country_id'] = $id;
355 }
356
357 foreach ($request_data as $field => $value) {
358 if ($field === 'caller') {
359 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
360 $this->contact->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
361 continue;
362 }
363 if ($field == 'array_options' && is_array($value)) {
364 foreach ($value as $index => $val) {
365 $this->contact->array_options[$index] = $this->_checkValForAPI('extrafields', $val, $this->contact);
366 }
367 continue;
368 }
369 if ($field == 'socid') {
370 $new_socid = (int) $value;
371 $loopthirdpartytmp = new Societe($this->db);
372 $new_thirdparty_result = $loopthirdpartytmp->fetch($new_socid);
373 if ($new_thirdparty_result < 1) {
374 throw new RestException(404, 'Thirdparty with id='.$new_socid.' not found or not allowed');
375 }
376 if (!DolibarrApi::_checkAccessToResource('societe', $new_socid)) {
377 throw new RestException(403, 'Access to socid/thirdparty='.$new_socid.' is not allowed for login '.DolibarrApiAccess::$user->login);
378 }
379 }
380
381 $this->contact->$field = $this->_checkValForAPI($field, $value, $this->contact);
382 }
383 if ($this->contact->create(DolibarrApiAccess::$user) < 0) {
384 throw new RestException(500, "Error creating contact", array_merge(array($this->contact->error), $this->contact->errors));
385 }
386 if (isModEnabled('mailing') && !empty($this->contact->email) && isset($this->contact->no_email)) {
387 $this->contact->setNoEmail($this->contact->no_email);
388 }
389 return $this->contact->id;
390 }
391
407 public function put($id, $request_data = null)
408 {
409 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'creer')) {
410 throw new RestException(403, 'No permission to create/update contacts');
411 }
412
413 $result = $this->contact->fetch($id);
414 if (!$result) {
415 throw new RestException(404, 'Contact not found');
416 }
417
418 if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id, 'socpeople&societe')) {
419 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
420 }
421
422 foreach ($request_data as $field => $value) {
423 if ($field == 'id') {
424 continue;
425 }
426 if ($field === 'caller') {
427 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
428 $this->contact->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
429 continue;
430 }
431 if ($field == 'array_options' && is_array($value)) {
432 foreach ($value as $index => $val) {
433 $this->contact->array_options[$index] = $this->_checkValForAPI($field, $val, $this->contact);
434 }
435 continue;
436 }
437 if ($field == 'socid') {
438 $new_socid = (int) $value;
439 $loopthirdpartytmp = new Societe($this->db);
440 $new_thirdparty_result = $loopthirdpartytmp->fetch($new_socid);
441 if ($new_thirdparty_result < 1) {
442 throw new RestException(404, 'Thirdparty with id='.$new_socid.' not found or not allowed');
443 }
444 if (!DolibarrApi::_checkAccessToResource('societe', $new_socid)) {
445 throw new RestException(403, 'Access to socid/thirdparty='.$new_socid.' is not allowed for login '.DolibarrApiAccess::$user->login);
446 }
447 }
448
449 $this->contact->$field = $this->_checkValForAPI($field, $value, $this->contact);
450 }
451
452 if (isModEnabled('mailing') && !empty($this->contact->email) && isset($this->contact->no_email)) {
453 $this->contact->setNoEmail($this->contact->no_email);
454 }
455
456 if ($this->contact->update($id, DolibarrApiAccess::$user, 0, 'update') > 0) {
457 return $this->get($id);
458 } else {
459 throw new RestException(500, $this->contact->error);
460 }
461 }
462
473 public function delete($id)
474 {
475 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'supprimer')) {
476 throw new RestException(403, 'No permission to delete contacts');
477 }
478 $result = $this->contact->fetch($id);
479 if (!$result) {
480 throw new RestException(404, 'Contact not found');
481 }
482
483 if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id, 'socpeople&societe')) {
484 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
485 }
486 $this->contact->oldcopy = clone $this->contact; // @phan-suppress-current-line PhanTypeMismatchProperty
487
488 if ($this->contact->delete(DolibarrApiAccess::$user) <= 0) {
489 throw new RestException(500, 'Error when delete contact ' . $this->contact->error);
490 }
491
492 return array(
493 'success' => array(
494 'code' => 200,
495 'message' => 'Contact deleted'
496 )
497 );
498 }
499
514 public function createUser($id, $request_data = null)
515 {
516 //if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'creer')) {
517 //throw new RestException(403);
518 //}
519
520 if (!isset($request_data["login"])) {
521 throw new RestException(400, "login field missing");
522 }
523 if (!isset($request_data["password"])) {
524 throw new RestException(400, "password field missing");
525 }
526
527 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'lire')) {
528 throw new RestException(403, 'No permission to read contacts');
529 }
530 if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'creer')) {
531 throw new RestException(403, 'No permission to create user');
532 }
533
534 $contact = new Contact($this->db);
535 $contact->fetch($id);
536 if ($contact->id <= 0) {
537 throw new RestException(404, 'Contact not found');
538 }
539
540 if (!DolibarrApi::_checkAccessToResource('contact', $contact->id, 'socpeople&societe')) {
541 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
542 }
543
544 // Check mandatory fields
545 $login = $request_data["login"];
546 $password = $request_data["password"];
547 $useraccount = new User($this->db);
548 $result = $useraccount->create_from_contact($contact, $login, $password);
549 if ($result <= 0) {
550 throw new RestException(500, "User not created");
551 }
552 // password parameter not used in create_from_contact
553 $useraccount->setPassword($useraccount, $password);
554
555 return $result;
556 }
557
573 public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
574 {
575 if (!DolibarrApiAccess::$user->hasRight('categorie', 'lire')) {
576 throw new RestException(403);
577 }
578
579 $categories = new Categorie($this->db);
580
581 $result = $categories->getListForItem($id, 'contact', $sortfield, $sortorder, $limit, $page);
582
583 if ($result < 0) {
584 throw new RestException(503, 'Error when retrieve category list : '.$categories->error);
585 }
586
587 return $result;
588 }
589
605 public function addCategory($id, $category_id)
606 {
607 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'creer')) {
608 throw new RestException(403, 'Insufficient rights');
609 }
610
611 $result = $this->contact->fetch($id);
612 if (!$result) {
613 throw new RestException(404, 'Contact not found');
614 }
615 $category = new Categorie($this->db);
616 $result = $category->fetch($category_id);
617 if (!$result) {
618 throw new RestException(404, 'category not found');
619 }
620
621 if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id)) {
622 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
623 }
624 if (!DolibarrApi::_checkAccessToResource('category', $category->id)) {
625 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
626 }
627
628 $category->add_type($this->contact, 'contact');
629
630 return $this->_cleanObjectDatas($this->contact);
631 }
632
647 public function deleteCategory($id, $category_id)
648 {
649 if (!DolibarrApiAccess::$user->hasRight('societe', 'contact', 'creer')) {
650 throw new RestException(403, 'Insufficient rights');
651 }
652
653 $result = $this->contact->fetch($id);
654 if (!$result) {
655 throw new RestException(404, 'Contact not found');
656 }
657 $category = new Categorie($this->db);
658 $result = $category->fetch($category_id);
659 if (!$result) {
660 throw new RestException(404, 'category not found');
661 }
662
663 if (!DolibarrApi::_checkAccessToResource('contact', $this->contact->id)) {
664 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
665 }
666 if (!DolibarrApi::_checkAccessToResource('category', $category->id)) {
667 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
668 }
669
670 $category->del_type($this->contact, 'contact');
671
672 return $this->_cleanObjectDatas($this->contact);
673 }
674
675 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
685 protected function _cleanObjectDatas($object)
686 {
687 // phpcs:enable
688 $object = parent::_cleanObjectDatas($object);
689
690 unset($object->total_ht);
691 unset($object->total_tva);
692 unset($object->total_localtax1);
693 unset($object->total_localtax2);
694 unset($object->total_ttc);
695
696 unset($object->note);
697 unset($object->lines);
698 unset($object->thirdparty);
699
700 return $object;
701 }
702
710 private function _validate($data)
711 {
712 $contact = array();
713 foreach (Contacts::$FIELDS as $field) {
714 if (!isset($data[$field])) {
715 throw new RestException(400, "$field field missing");
716 }
717 $contact[$field] = $data[$field];
718 }
719
720 return $contact;
721 }
722}
$id
$id
Support class for third parties, contacts, members, users or resources.
Definition account.php:47
$object
if(! $sortfield) if(! $sortorder) $object
Definition account.php:100
Categorie
Class to manage categories.
Definition categorie.class.php:51
Contact
Class to manage contact/addresses.
Definition contact.class.php:45
Contacts\addCategory
addCategory($id, $category_id)
Add a category to a contact.
Definition api_contacts.class.php:605
Contacts\put
put($id, $request_data=null)
Update a contact.
Definition api_contacts.class.php:407
Contacts\_validate
_validate($data)
Validate fields before create or update object.
Definition api_contacts.class.php:710
Contacts\deleteCategory
deleteCategory($id, $category_id)
Remove the link between a category and a contact.
Definition api_contacts.class.php:647
Contacts\createUser
createUser($id, $request_data=null)
Create a user account object from contact (external user)
Definition api_contacts.class.php:514
Contacts\post
post($request_data=null)
Create a contact.
Definition api_contacts.class.php:339
Contacts\getByEmail
getByEmail($email, $includecount=0, $includeroles=0)
Get a contact by Email.
Definition api_contacts.class.php:129
Contacts\getCategories
getCategories($id, $sortfield="s.rowid", $sortorder='ASC', $limit=0, $page=0)
Get categories of a contact.
Definition api_contacts.class.php:573
Contacts\_cleanObjectDatas
_cleanObjectDatas($object)
Clean sensible object data @phpstan-template T.
Definition api_contacts.class.php:685
Contacts\__construct
__construct()
Constructor.
Definition api_contacts.class.php:54
Contacts\index
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $thirdparty_ids='', $category=0, $sqlfilters='', $includecount=0, $includeroles=0, $properties='', $pagination_data=false)
List contacts.
Definition api_contacts.class.php:186
DolibarrApi
Class for API REST v1.
Definition api.class.php:33
DolibarrApi\_filterObjectProperties
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
Definition api.class.php:162
DolibarrApi\_checkAccessToResource
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
Definition api.class.php:399
DolibarrApi\_checkValForAPI
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:98
Societe
Class to manage third parties objects (customers, suppliers, prospects...)
Definition societe.class.php:56
User
Class to manage Dolibarr users.
Definition user.class.php:50
dol_getIdFromCode
dol_getIdFromCode($db, $key, $tablename, $fieldkey='code', $fieldid='id', $entityfilter=0, $filters='', $useCache=true)
Return an id or code from a code or id.
Definition functions.lib.php:11636
forgeSQLFromUniversalSearchCriteria
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria
Definition functions.lib.php:15728
sanitizeVal
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.
Definition functions.lib.php:1364
isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition functions.lib.php:440
Generated on Mon Jun 22 2026 20:45:34 for dolibarr by Doxygen 1.11.0