dolibarr 23.0.3
saveinplace.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2011-2012 Regis Houssin <regis.houssin@inodbox.com>
3 * Copyright (C) 2024-2025 MDW <mdeweerd@users.noreply.github.com>
4 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
26if (!defined('NOTOKENRENEWAL')) {
27 define('NOTOKENRENEWAL', '1'); // Disables token renewal
28}
29if (!defined('NOREQUIREMENU')) {
30 define('NOREQUIREMENU', '1');
31}
32if (!defined('NOREQUIREAJAX')) {
33 define('NOREQUIREAJAX', '1');
34}
35if (!defined('NOREQUIRESOC')) {
36 define('NOREQUIRESOC', '1');
37}
38
39// Load Dolibarr environment
40require '../../main.inc.php';
41require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
42
51$field = GETPOST('field', 'alpha', 2);
52$element = GETPOST('element', 'alpha', 2);
53$table_element = GETPOST('table_element', 'alpha', 2);
54$fk_element = GETPOST('fk_element', 'alpha', 2);
55$id = $fk_element;
56
57/* Example:
58field:editval_ref_customer (8 first chars will removed to know name of property)
59element:contrat
60table_element:contrat
61fk_element:4
62type:string
63value:aaa
64loadmethod:
65savemethod:
66savemethodname:
67*/
68
69print 'field='.$field.' - element='.$element.' - table_element='.$table_element.' - id/fk_element='.$fk_element."\n";
70
71// Load object according to $id and $element
72$element_ref = '';
73if (is_numeric($fk_element)) {
74 $id = (int) $fk_element;
75} else {
76 $element_ref = $fk_element;
77 $id = 0;
78}
79$object = fetchObjectByElement($id, $element, $element_ref);
80if (! is_object($object)) {
81 httponly_accessforbidden('Not allowed, bad combination of parameters for fetchObjectByElement');
82}
83
84$module = $object->module;
85$element = $object->element;
86$usesublevelpermission = ($module != $element ? $element : '');
87if ($usesublevelpermission && !$user->hasRight($module, $element)) { // There is no permission on object defined, we will check permission on module directly
88 $usesublevelpermission = '';
89}
90print 'object->id='.$object->id.' - object->module='.$object->module.' - object->element='.$object->element.' - object->table_element='.$object->table_element.' - usesublevelpermission='.$usesublevelpermission."\n";
91
92// Security check
93$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1); // Call with mode return
94if (!$result) {
95 httponly_accessforbidden('Not allowed by restrictArea');
96}
97
98if (!getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE')) {
99 httponly_accessforbidden('Can be used only when option MAIN_USE_JQUERY_JEDITABLE is set');
100}
101
102
103/*
104 * View
105 */
106
107top_httphead();
108
109//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
110//print_r($_POST);
111
112// Load original field value
113if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element)) {
114 $field = preg_replace('/^editval_/', '', $field); // remove prefix "editval_"
115
116 $type = GETPOST('type', 'alpha', 2); // type string by default
117
118 $value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2));
119
120 //$ext_element = GETPOST('ext_element', 'alpha', 2);
121 $ext_element = 'notused';
122
123 //$savemethod = GETPOST('savemethod', 'alpha', 2);
124 //$savemethodname = (!empty($savemethod) ? $savemethod : 'setValueFrom');
125
126 $newelement = $element;
127 $subelement = null;
128
129 $format = 'text';
130 $return = array();
131 $error = 0;
132
133 $regs = array();
134 if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) {
135 $element = $regs[1];
136 $subelement = $regs[2];
137 }
138
139 if ($element == 'propal') {
140 $newelement = 'propale';
141 } elseif ($element == 'fichinter') {
142 $newelement = 'ficheinter';
143 } elseif ($element == 'product') {
144 $newelement = 'produit';
145 } elseif ($element == 'member') {
146 $newelement = 'adherent';
147 } elseif ($element == 'order_supplier') {
148 $newelement = 'fournisseur';
149 $subelement = 'commande';
150 } elseif ($element == 'invoice_supplier') {
151 $newelement = 'fournisseur';
152 $subelement = 'facture';
153 } else {
154 $newelement = $element;
155 }
156
157 $_POST['action'] = 'update'; // Keep this. It is a hack so restrictarea will test permissions on write too
158
159 $feature = $newelement;
160 $feature2 = $subelement;
161 $object_id = $fk_element;
162 if ($feature == 'expedition' || $feature == 'shipping') {
163 $feature = 'commande';
164 $object_id = 0;
165 }
166 if ($feature == 'shipping') {
167 $feature = 'commande';
168 }
169 if ($feature == 'payment') {
170 $feature = 'facture';
171 }
172 if ($feature == 'payment_supplier') {
173 $feature = 'fournisseur';
174 $feature2 = 'facture';
175 }
176 //var_dump(GETPOST('action','aZ09'));
177 //var_dump($newelement.'-'.$subelement."-".$feature."-".$object_id);
178 $check_access = restrictedArea($user, $feature, $object_id, '', (string) $feature2);
179 //var_dump($user->rights);
180
181 if ($check_access) {
182 // Clean parameters
183 $newvalue = trim($value);
184
185 if ($type == 'numeric') {
186 $newvalue = price2num($newvalue);
187
188 // Check parameters
189 if (!is_numeric($newvalue)) {
190 $error++;
191 $return['error'] = $langs->trans('ErrorBadValue');
192 }
193 } elseif ($type == 'datepicker') {
194 $timestamp = GETPOSTINT('timestamp', 2);
195 $format = 'date';
196 $newvalue = ($timestamp / 1000);
197 }
198
199 if (!$error) {
200 // Specific for add_object_linked()
201 // TODO add a function for variable treatment
202 $object->ext_fk_element = $newvalue;
203 $object->ext_element = $ext_element;
204 $object->fk_element = $fk_element;
205 $object->element = $element;
206
207 $ret = $object->setValueFrom($field, $newvalue, $object->table_element, (int) $fk_element, $format);
208 if ($ret > 0) {
209 if ($type == 'numeric') {
210 $value = price($newvalue);
211 } elseif ($type == 'textarea') {
212 $value = dol_nl2br($newvalue);
213 }
214
215 $return['value'] = $value;
216 } else {
217 $return['error'] = $object->error;
218 }
219 }
220
221 echo json_encode($return);
222 } else {
223 echo $langs->trans('NotEnoughPermissions');
224 }
225}
$id
$id
Support class for third parties, contacts, members, users or resources.
Definition account.php:47
$object
if(! $sortfield) if(! $sortorder) $object
Definition account.php:100
GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition functions.lib.php:902
price2num
price2num($amount, $rounding='', $option=0)
Function that return a number with universal decimal format (decimal separator is '.
Definition functions.lib.php:7735
dol_nl2br
dol_nl2br($stringtoencode, $nl2brmode=0, $forxml=false)
Replace CRLF in string with a HTML BR tag.
Definition functions.lib.php:9404
price
price($amount, $form=0, $outlangs='', $trunc=1, $rounding=-1, $forcerounding=-1, $currency_code='')
Function to format a value into an amount for visual output Function used into PDF and HTML pages.
Definition functions.lib.php:7606
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:1033
getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:258
top_httphead
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition main.inc.php:1488
httponly_accessforbidden
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition security.lib.php:1331
restrictedArea
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
Definition security.lib.php:448
Generated on Mon Jun 22 2026 20:45:25 for dolibarr by Doxygen 1.11.0