dolibarr  21.0.0-alpha
api_users.class.php
1 <?php
2 /* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3  * Copyright (C) 2020 Thibault FOUCART <support@ptibogxiv.net>
4  * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
5  * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program. If not, see <https://www.gnu.org/licenses/>.
19  */
20 
21 use Luracast\Restler\RestException;
22 
23 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
24 require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php';
25 
26 
33 class Users extends DolibarrApi
34 {
38  public static $FIELDS = array(
39  'login',
40  );
41 
45  public $useraccount;
46 
50  public function __construct()
51  {
52  global $db;
53 
54  $this->db = $db;
55  $this->useraccount = new User($this->db);
56  }
57 
58 
74  public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $user_ids = '0', $category = 0, $sqlfilters = '', $properties = '')
75  {
76  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin)) {
77  throw new RestException(403, "You are not allowed to read list of users");
78  }
79 
80  $obj_ret = array();
81 
82  // case of external user, $societe param is ignored and replaced by user's socid
83  //$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $societe;
84 
85  $sql = "SELECT t.rowid";
86  $sql .= " FROM ".MAIN_DB_PREFIX."user AS t LEFT JOIN ".MAIN_DB_PREFIX."user_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
87  if ($category > 0) {
88  $sql .= ", ".$this->db->prefix()."categorie_user as c";
89  }
90  $sql .= ' WHERE t.entity IN ('.getEntity('user').')';
91  if ($user_ids) {
92  $sql .= " AND t.rowid IN (".$this->db->sanitize($user_ids).")";
93  }
94 
95  // Select products of given category
96  if ($category > 0) {
97  $sql .= " AND c.fk_categorie = ".((int) $category);
98  $sql .= " AND c.fk_user = t.rowid";
99  }
100 
101  // Add sql filters
102  if ($sqlfilters) {
103  $errormessage = '';
104  $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
105  if ($errormessage) {
106  throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
107  }
108  }
109 
110  $sql .= $this->db->order($sortfield, $sortorder);
111  if ($limit) {
112  if ($page < 0) {
113  $page = 0;
114  }
115  $offset = $limit * $page;
116 
117  $sql .= $this->db->plimit($limit + 1, $offset);
118  }
119 
120  $result = $this->db->query($sql);
121 
122  if ($result) {
123  $i = 0;
124  $num = $this->db->num_rows($result);
125  $min = min($num, ($limit <= 0 ? $num : $limit));
126  while ($i < $min) {
127  $obj = $this->db->fetch_object($result);
128  $user_static = new User($this->db);
129  if ($user_static->fetch($obj->rowid)) {
130  $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($user_static), $properties);
131  }
132  $i++;
133  }
134  } else {
135  throw new RestException(503, 'Error when retrieve User list : '.$this->db->lasterror());
136  }
137 
138  return $obj_ret;
139  }
140 
151  public function get($id, $includepermissions = 0)
152  {
153  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin) && $id != 0 && DolibarrApiAccess::$user->id != $id) {
154  throw new RestException(403, 'Not allowed');
155  }
156 
157  if ($id == 0) {
158  $result = $this->useraccount->initAsSpecimen();
159  } else {
160  $result = $this->useraccount->fetch($id);
161  }
162  if (!$result) {
163  throw new RestException(404, 'User not found');
164  }
165 
166  if ($id > 0 && !DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user')) {
167  throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
168  }
169 
170  if ($includepermissions) {
171  $this->useraccount->getRights();
172  }
173 
174  return $this->_cleanObjectDatas($this->useraccount);
175  }
176 
190  public function getByLogin($login, $includepermissions = 0)
191  {
192  if (empty($login)) {
193  throw new RestException(400, 'Bad parameters');
194  }
195 
196  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin) && DolibarrApiAccess::$user->login != $login) {
197  throw new RestException(403, 'Not allowed');
198  }
199 
200  $result = $this->useraccount->fetch('', $login);
201  if (!$result) {
202  throw new RestException(404, 'User not found');
203  }
204 
205  if (!DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user')) {
206  throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
207  }
208 
209  if ($includepermissions) {
210  $this->useraccount->getRights();
211  }
212 
213  return $this->_cleanObjectDatas($this->useraccount);
214  }
215 
229  public function getByEmail($email, $includepermissions = 0)
230  {
231  if (empty($email)) {
232  throw new RestException(400, 'Bad parameters');
233  }
234 
235  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin) && DolibarrApiAccess::$user->email != $email) {
236  throw new RestException(403, 'Not allowed');
237  }
238 
239  $result = $this->useraccount->fetch('', '', '', 0, -1, $email);
240  if (!$result) {
241  throw new RestException(404, 'User not found');
242  }
243 
244  if (!DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user')) {
245  throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
246  }
247 
248  if ($includepermissions) {
249  $this->useraccount->getRights();
250  }
251 
252  return $this->_cleanObjectDatas($this->useraccount);
253  }
254 
266  public function getInfo($includepermissions = 0)
267  {
268  if (!DolibarrApiAccess::$user->hasRight('user', 'self', 'creer') && !DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin)) {
269  throw new RestException(403, 'Not allowed');
270  }
271 
272  $apiUser = DolibarrApiAccess::$user;
273 
274  $result = $this->useraccount->fetch($apiUser->id);
275  if (!$result) {
276  throw new RestException(404, 'User not found');
277  }
278 
279  if (!DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user')) {
280  throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
281  }
282 
283  if ($includepermissions) {
284  $this->useraccount->getRights();
285  }
286 
287  $usergroup = new UserGroup($this->db);
288  $userGroupList = $usergroup->listGroupsForUser($apiUser->id, false);
289  if (!is_array($userGroupList)) {
290  throw new RestException(404, 'User group not found');
291  }
292 
293  $this->useraccount->user_group_list = $this->_cleanUserGroupListDatas($userGroupList);
294 
295  return $this->_cleanObjectDatas($this->useraccount);
296  }
297 
306  public function post($request_data = null)
307  {
308  // Check user authorization
309  if (!DolibarrApiAccess::$user->hasRight('user', 'creer') && empty(DolibarrApiAccess::$user->admin)) {
310  throw new RestException(403, "User creation not allowed for login ".DolibarrApiAccess::$user->login);
311  }
312 
313  // check mandatory fields
314  /*if (!isset($request_data["login"]))
315  throw new RestException(400, "login field missing");
316  if (!isset($request_data["password"]))
317  throw new RestException(400, "password field missing");
318  if (!isset($request_data["lastname"]))
319  throw new RestException(400, "lastname field missing");*/
320 
321  //assign field values
322  foreach ($request_data as $field => $value) {
323  if (in_array($field, array('pass_crypted', 'pass_indatabase', 'pass_indatabase_crypted', 'pass_temp', 'api_key'))) {
324  // This properties can't be set/modified with API
325  throw new RestException(405, 'The property '.$field." can't be set/modified using the APIs");
326  }
327  if ($field === 'caller') {
328  // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
329  $this->useraccount->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
330  continue;
331  }
332  /*if ($field == 'pass') {
333  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'password')) {
334  throw new RestException(403, 'You are not allowed to modify/set password of other users');
335  continue;
336  }
337  }
338  */
339 
340  $this->useraccount->$field = $this->_checkValForAPI($field, $value, $this->useraccount);
341  }
342 
343  if ($this->useraccount->create(DolibarrApiAccess::$user) < 0) {
344  throw new RestException(500, 'Error creating', array_merge(array($this->useraccount->error), $this->useraccount->errors));
345  }
346  return $this->useraccount->id;
347  }
348 
349 
361  public function put($id, $request_data = null)
362  {
363  // Check user authorization
364  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'creer') && empty(DolibarrApiAccess::$user->admin)) {
365  throw new RestException(403, "User update not allowed");
366  }
367 
368  $result = $this->useraccount->fetch($id);
369  if (!$result) {
370  throw new RestException(404, 'Account not found');
371  }
372 
373  if (!DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user')) {
374  throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
375  }
376 
377  foreach ($request_data as $field => $value) {
378  if (in_array($field, array('pass_crypted', 'pass_indatabase', 'pass_indatabase_crypted', 'pass_temp', 'api_key'))) {
379  // This properties can't be set/modified with API
380  throw new RestException(405, 'The property '.$field." can't be set/modified using the APIs");
381  }
382  if ($field == 'id') {
383  continue;
384  }
385  if ($field == 'pass') {
386  if ($this->useraccount->id != DolibarrApiAccess::$user->id && !DolibarrApiAccess::$user->hasRight('user', 'user', 'password')) {
387  throw new RestException(403, 'You are not allowed to modify password of other users');
388  }
389  if ($this->useraccount->id == DolibarrApiAccess::$user->id && !DolibarrApiAccess::$user->hasRight('user', 'self', 'password')) {
390  throw new RestException(403, 'You are not allowed to modify your own password');
391  }
392  }
393  if ($field === 'caller') {
394  // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
395  $this->useraccount->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
396  continue;
397  }
398 
399  if (DolibarrApiAccess::$user->admin) { // If user for API is admin
400  if ($field == 'admin' && $value != $this->useraccount->admin && empty($value)) {
401  throw new RestException(403, 'Reseting the admin status of a user is not possible using the API');
402  }
403  } else {
404  if ($field == 'admin' && $value != $this->useraccount->admin) {
405  throw new RestException(403, 'Only an admin user can modify the admin status of another user');
406  }
407  }
408  if ($field == 'entity' && $value != $this->useraccount->entity) {
409  throw new RestException(403, 'Changing entity of a user using the APIs is not possible');
410  }
411 
412  // The status must be updated using setstatus() because it
413  // is not handled by the update() method.
414  if ($field == 'statut' || $field == 'status') {
415  $result = $this->useraccount->setstatus($value);
416  if ($result < 0) {
417  throw new RestException(500, 'Error when updating status of user: '.$this->useraccount->error);
418  }
419  } else {
420  $this->useraccount->$field = $this->_checkValForAPI($field, $value, $this->useraccount);
421  }
422  }
423 
424  // If there is no error, update() returns the number of affected
425  // rows so if the update is a no op, the return value is zezo.
426  if ($this->useraccount->update(DolibarrApiAccess::$user) >= 0) {
427  return $this->get($id);
428  } else {
429  throw new RestException(500, $this->useraccount->error);
430  }
431  }
432 
433 
445  public function getGroups($id)
446  {
447  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin)) {
448  throw new RestException(403);
449  }
450 
451  $user = new User($this->db);
452  $result = $user->fetch($id);
453  if (!$result) {
454  throw new RestException(404, 'user not found');
455  }
456 
457  $usergroup = new UserGroup($this->db);
458  $groups = $usergroup->listGroupsForUser($id, false);
459  $obj_ret = array();
460  foreach ($groups as $group) {
461  $obj_ret[] = $this->_cleanObjectDatas($group);
462  }
463  return $obj_ret;
464  }
465 
466 
481  public function setGroup($id, $group, $entity = 1)
482  {
483  global $conf;
484 
485  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'creer') && empty(DolibarrApiAccess::$user->admin)) {
486  throw new RestException(403);
487  }
488 
489  $result = $this->useraccount->fetch($id);
490  if (!$result) {
491  throw new RestException(404, 'User not found');
492  }
493 
494  if (!DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user')) {
495  throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
496  }
497 
498  if (isModEnabled('multicompany') && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') && !empty(DolibarrApiAccess::$user->admin) && empty(DolibarrApiAccess::$user->entity)) {
499  $entity = (!empty($entity) ? $entity : $conf->entity);
500  } else {
501  // When using API, action is done on entity of logged user because a user of entity X with permission to create user should not be able to
502  // hack the security by giving himself permissions on another entity.
503  $entity = (DolibarrApiAccess::$user->entity > 0 ? DolibarrApiAccess::$user->entity : $conf->entity);
504  }
505 
506  $result = $this->useraccount->SetInGroup($group, $entity);
507  if (!($result > 0)) {
508  throw new RestException(500, $this->useraccount->error);
509  }
510 
511  return 1;
512  }
513 
534  public function listGroups($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $group_ids = '0', $sqlfilters = '', $properties = '')
535  {
536  global $conf;
537 
538  $obj_ret = array();
539 
540  if ((!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && !DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin)) ||
541  getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && !DolibarrApiAccess::$user->hasRight('user', 'group_advance', 'read') && empty(DolibarrApiAccess::$user->admin)) {
542  throw new RestException(403, "You are not allowed to read groups");
543  }
544 
545  // case of external user, $societe param is ignored and replaced by user's socid
546  //$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $societe;
547 
548  $sql = "SELECT t.rowid";
549  $sql .= " FROM ".MAIN_DB_PREFIX."usergroup AS t LEFT JOIN ".MAIN_DB_PREFIX."usergroup_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
550  $sql .= ' WHERE t.entity IN ('.getEntity('user').')';
551  if ($group_ids) {
552  $sql .= " AND t.rowid IN (".$this->db->sanitize($group_ids).")";
553  }
554  // Add sql filters
555  if ($sqlfilters) {
556  $errormessage = '';
557  $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
558  if ($errormessage) {
559  throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
560  }
561  }
562 
563  $sql .= $this->db->order($sortfield, $sortorder);
564  if ($limit) {
565  if ($page < 0) {
566  $page = 0;
567  }
568  $offset = $limit * $page;
569 
570  $sql .= $this->db->plimit($limit + 1, $offset);
571  }
572 
573  $result = $this->db->query($sql);
574 
575  if ($result) {
576  $i = 0;
577  $num = $this->db->num_rows($result);
578  $min = min($num, ($limit <= 0 ? $num : $limit));
579  while ($i < $min) {
580  $obj = $this->db->fetch_object($result);
581  $group_static = new UserGroup($this->db);
582  if ($group_static->fetch($obj->rowid)) {
583  $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($group_static), $properties);
584  }
585  $i++;
586  }
587  } else {
588  throw new RestException(503, 'Error when retrieve Group list : '.$this->db->lasterror());
589  }
590 
591  return $obj_ret;
592  }
593 
608  public function infoGroups($group, $load_members = 0)
609  {
610  global $db, $conf;
611 
612  if ((!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && !DolibarrApiAccess::$user->hasRight('user', 'user', 'lire') && empty(DolibarrApiAccess::$user->admin)) ||
613  getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && !DolibarrApiAccess::$user->hasRight('user', 'group_advance', 'read') && empty(DolibarrApiAccess::$user->admin)) {
614  throw new RestException(403, "You are not allowed to read groups");
615  }
616 
617  $group_static = new UserGroup($this->db);
618  $result = $group_static->fetch($group, '', $load_members);
619 
620  if (!$result) {
621  throw new RestException(404, 'Group not found');
622  }
623 
624  return $this->_cleanObjectDatas($group_static);
625  }
626 
636  public function delete($id)
637  {
638  if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'supprimer') && empty(DolibarrApiAccess::$user->admin)) {
639  throw new RestException(403, 'Not allowed');
640  }
641  $result = $this->useraccount->fetch($id);
642  if (!$result) {
643  throw new RestException(404, 'User not found');
644  }
645 
646  if (!DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user')) {
647  throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
648  }
649  $this->useraccount->oldcopy = clone $this->useraccount;
650 
651  if (!$this->useraccount->delete(DolibarrApiAccess::$user)) {
652  throw new RestException(500);
653  }
654 
655  return array(
656  'success' => array(
657  'code' => 200,
658  'message' => 'Ticket deleted'
659  )
660  );
661  }
662 
663  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
670  protected function _cleanObjectDatas($object)
671  {
672  // phpcs:enable
673  global $conf;
674 
675  $object = parent::_cleanObjectDatas($object);
676 
677  unset($object->default_values);
678  unset($object->lastsearch_values);
679  unset($object->lastsearch_values_tmp);
680 
681  unset($object->total_ht);
682  unset($object->total_tva);
683  unset($object->total_localtax1);
684  unset($object->total_localtax2);
685  unset($object->total_ttc);
686 
687  unset($object->label_incoterms);
688  unset($object->location_incoterms);
689 
690  unset($object->fk_delivery_address);
691  unset($object->fk_incoterms);
692  unset($object->all_permissions_are_loaded);
693  unset($object->shipping_method_id);
694  unset($object->nb_rights);
695  unset($object->search_sid);
696  unset($object->ldap_sid);
697  unset($object->clicktodial_loaded);
698 
699  // List of properties never returned by API, whatever are permissions
700  unset($object->pass);
701  unset($object->pass_indatabase);
702  unset($object->pass_indatabase_crypted);
703  unset($object->pass_temp);
704  unset($object->api_key);
705  unset($object->clicktodial_password);
706  unset($object->openid);
707 
708  unset($object->lines);
709  unset($object->model_pdf);
710 
711  $canreadsalary = ((isModEnabled('salaries') && DolibarrApiAccess::$user->hasRight('salaries', 'read')) || !isModEnabled('salaries'));
712 
713  if (!$canreadsalary) {
714  unset($object->salary);
715  unset($object->salaryextra);
716  unset($object->thm);
717  unset($object->tjm);
718  }
719 
720  return $object;
721  }
722 
729  private function _cleanUserGroupListDatas($objectList)
730  {
731  $cleanObjectList = array();
732 
733  foreach ($objectList as $object) {
734  $cleanObject = parent::_cleanObjectDatas($object);
735 
736  unset($cleanObject->default_values);
737  unset($cleanObject->lastsearch_values);
738  unset($cleanObject->lastsearch_values_tmp);
739 
740  unset($cleanObject->total_ht);
741  unset($cleanObject->total_tva);
742  unset($cleanObject->total_localtax1);
743  unset($cleanObject->total_localtax2);
744  unset($cleanObject->total_ttc);
745 
746  unset($cleanObject->libelle_incoterms);
747  unset($cleanObject->location_incoterms);
748 
749  unset($cleanObject->fk_delivery_address);
750  unset($cleanObject->fk_incoterms);
751  unset($cleanObject->all_permissions_are_loaded);
752  unset($cleanObject->shipping_method_id);
753  unset($cleanObject->nb_rights);
754  unset($cleanObject->search_sid);
755  unset($cleanObject->ldap_sid);
756  unset($cleanObject->clicktodial_loaded);
757 
758  unset($cleanObject->datec);
759  unset($cleanObject->tms);
760  unset($cleanObject->members);
761  unset($cleanObject->note);
762  unset($cleanObject->note_private);
763 
764  $cleanObjectList[] = $cleanObject;
765  }
766 
767  return $cleanObjectList;
768  }
769 
777  private function _validate($data) // @phpstan-ignore-line
778  {
779  $account = array();
780  foreach (Users::$FIELDS as $field) {
781  if (!isset($data[$field])) {
782  throw new RestException(400, "$field field missing");
783  }
784  $account[$field] = $data[$field];
785  }
786  return $account;
787  }
788 }
if($user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition: card.php:58
Class for API REST v1.
Definition: api.class.php:30
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
Definition: api.class.php:136
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
Definition: api.class.php:369
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition: api.class.php:82
Class to manage user groups.
Class to manage Dolibarr users.
Definition: user.class.php:50
put($id, $request_data=null)
Update user account.
listGroups($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $group_ids='0', $sqlfilters='', $properties='')
List Groups.
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $user_ids='0', $category=0, $sqlfilters='', $properties='')
List Users.
_cleanObjectDatas($object)
Clean sensible object datas.
getInfo($includepermissions=0)
Get more properties of a user.
_cleanUserGroupListDatas($objectList)
Clean sensible user group list datas.
setGroup($id, $group, $entity=1)
Add a user into a group.
infoGroups($group, $load_members=0)
Get properties of an group object.
_validate($data)
Validate fields before create or update object.
getByEmail($email, $includepermissions=0)
Get properties of an user object by Email.
getGroups($id)
List the groups of a user.
post($request_data=null)
Create user account.
getByLogin($login, $includepermissions=0)
Get properties of an user object by login.
__construct()
Constructor.
if(isModEnabled('invoice') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&!getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') && $user->hasRight('tax', 'charges', 'lire')) if(isModEnabled('invoice') &&isModEnabled('order') && $user->hasRight("commande", "lire") &&!getDolGlobalString('WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER')) $sql
Social contributions to pay.
Definition: index.php:751
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.
isModEnabled($module)
Is Dolibarr module enabled.