dolibarr  21.0.0-alpha
saveinplace.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2011-2012 Regis Houssin <regis.houssin@inodbox.com>
3  * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <https://www.gnu.org/licenses/>.
17  */
18 
24 if (!defined('NOTOKENRENEWAL')) {
25  define('NOTOKENRENEWAL', '1'); // Disables token renewal
26 }
27 if (!defined('NOREQUIREMENU')) {
28  define('NOREQUIREMENU', '1');
29 }
30 if (!defined('NOREQUIREAJAX')) {
31  define('NOREQUIREAJAX', '1');
32 }
33 if (!defined('NOREQUIRESOC')) {
34  define('NOREQUIRESOC', '1');
35 }
36 
37 // Load Dolibarr environment
38 require '../../main.inc.php';
39 require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
40 
41 $field = GETPOST('field', 'alpha', 2);
42 $element = GETPOST('element', 'alpha', 2);
43 $table_element = GETPOST('table_element', 'alpha', 2);
44 $fk_element = GETPOST('fk_element', 'alpha', 2);
45 $id = $fk_element;
46 
47 /* Example:
48 field:editval_ref_customer (8 first chars will removed to know name of property)
49 element:contrat
50 table_element:contrat
51 fk_element:4
52 type:string
53 value:aaa
54 loadmethod:
55 savemethod:
56 savemethodname:
57 */
58 
59 // Load object according to $id and $element
60 $object = fetchObjectByElement($id, $element);
61 
62 $module = $object->module;
63 $element = $object->element;
64 $usesublevelpermission = ($module != $element ? $element : '');
65 if ($usesublevelpermission && !$user->hasRight($module, $element)) { // There is no permission on object defined, we will check permission on module directly
66  $usesublevelpermission = '';
67 }
68 
69 //print $object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";
70 
71 // Security check
72 $result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1); // Call with mode return
73 if (!$result) {
74  httponly_accessforbidden('Not allowed by restrictArea');
75 }
76 
77 if (!getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE')) {
78  httponly_accessforbidden('Can be used only when option MAIN_USE_JQUERY_JEDITABLE is set');
79 }
80 
81 
82 /*
83  * View
84  */
85 
86 top_httphead();
87 
88 //print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
89 //print_r($_POST);
90 
91 // Load original field value
92 if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element)) {
93  $ext_element = GETPOST('ext_element', 'alpha', 2);
94  $field = substr($field, 8); // remove prefix val_
95  $type = GETPOST('type', 'alpha', 2);
96  $value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2));
97  $loadmethod = GETPOST('loadmethod', 'alpha', 2);
98  $savemethod = GETPOST('savemethod', 'alpha', 2);
99  $savemethodname = (!empty($savemethod) ? $savemethod : 'setValueFrom');
100  $newelement = $element;
101 
102  $view = '';
103  $format = 'text';
104  $return = array();
105  $error = 0;
106 
107  if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) {
108  $element = $regs[1];
109  $subelement = $regs[2];
110  }
111 
112  if ($element == 'propal') {
113  $newelement = 'propale';
114  } elseif ($element == 'fichinter') {
115  $newelement = 'ficheinter';
116  } elseif ($element == 'product') {
117  $newelement = 'produit';
118  } elseif ($element == 'member') {
119  $newelement = 'adherent';
120  } elseif ($element == 'order_supplier') {
121  $newelement = 'fournisseur';
122  $subelement = 'commande';
123  } elseif ($element == 'invoice_supplier') {
124  $newelement = 'fournisseur';
125  $subelement = 'facture';
126  } else {
127  $newelement = $element;
128  }
129 
130  $_POST['action'] = 'update'; // Keep this. It is a hack so restrictarea will test permissions on write too
131 
132  $feature = $newelement;
133  $feature2 = $subelement;
134  $object_id = $fk_element;
135  if ($feature == 'expedition' || $feature == 'shipping') {
136  $feature = 'commande';
137  $object_id = 0;
138  }
139  if ($feature == 'shipping') {
140  $feature = 'commande';
141  }
142  if ($feature == 'payment') {
143  $feature = 'facture';
144  }
145  if ($feature == 'payment_supplier') {
146  $feature = 'fournisseur';
147  $feature2 = 'facture';
148  }
149  //var_dump(GETPOST('action','aZ09'));
150  //var_dump($newelement.'-'.$subelement."-".$feature."-".$object_id);
151  $check_access = restrictedArea($user, $feature, $object_id, '', $feature2);
152  //var_dump($user->rights);
153  /*
154  if (!empty($user->rights->$newelement->creer) || !empty($user->rights->$newelement->create) || !empty($user->rights->$newelement->write)
155  || (isset($subelement) && (!empty($user->rights->$newelement->$subelement->creer) || !empty($user->rights->$newelement->$subelement->write)))
156  || ($element == 'payment' && $user->rights->facture->paiement)
157  || ($element == 'payment_supplier' && $user->rights->fournisseur->facture->creer))
158  */
159 
160  if ($check_access) {
161  // Clean parameters
162  $newvalue = trim($value);
163 
164  if ($type == 'numeric') {
165  $newvalue = price2num($newvalue);
166 
167  // Check parameters
168  if (!is_numeric($newvalue)) {
169  $error++;
170  $return['error'] = $langs->trans('ErrorBadValue');
171  }
172  } elseif ($type == 'datepicker') {
173  $timestamp = GETPOSTINT('timestamp', 2);
174  $format = 'date';
175  $newvalue = ($timestamp / 1000);
176  } elseif ($type == 'select') {
177  $loadmethodname = 'load_cache_'.$loadmethod;
178  $loadcachename = 'cache_'.$loadmethod;
179  $loadviewname = 'view_'.$loadmethod;
180 
181  $form = new Form($db);
182  if (method_exists($form, $loadmethodname)) {
183  $ret = $form->$loadmethodname();
184  if ($ret > 0) {
185  $loadcache = $form->$loadcachename;
186  $value = $loadcache[$newvalue];
187 
188  if (!empty($form->$loadviewname)) {
189  $loadview = $form->$loadviewname;
190  $view = $loadview[$newvalue];
191  }
192  } else {
193  $error++;
194  $return['error'] = $form->error;
195  }
196  } else {
197  $module = $subelement = $ext_element;
198  if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs)) {
199  $module = $regs[1];
200  $subelement = $regs[2];
201  }
202 
203  dol_include_once('/'.$module.'/class/actions_'.$subelement.'.class.php');
204  $classname = 'Actions'.ucfirst($subelement);
205  $object = new $classname($db);
206  $ret = $object->$loadmethodname();
207  if ($ret > 0) {
208  $loadcache = $object->$loadcachename;
209  $value = $loadcache[$newvalue];
210 
211  if (!empty($object->$loadviewname)) {
212  $loadview = $object->$loadviewname;
213  $view = $loadview[$newvalue];
214  }
215  } else {
216  $error++;
217  $return['error'] = $object->error;
218  }
219  }
220  }
221 
222  if (!$error) {
223  if ((isset($object) && !is_object($object)) || empty($savemethod)) {
224  $object = new GenericObject($db);
225  }
226 
227  // Specific for add_object_linked()
228  // TODO add a function for variable treatment
229  $object->ext_fk_element = $newvalue;
230  $object->ext_element = $ext_element;
231  $object->fk_element = $fk_element;
232  $object->element = $element;
233 
234  $ret = $object->$savemethodname($field, $newvalue, $table_element, $fk_element, $format);
235  if ($ret > 0) {
236  if ($type == 'numeric') {
237  $value = price($newvalue);
238  } elseif ($type == 'textarea') {
239  $value = dol_nl2br($newvalue);
240  }
241 
242  $return['value'] = $value;
243  $return['view'] = (!empty($view) ? $view : $value);
244  } else {
245  $return['error'] = $object->error;
246  }
247  }
248 
249  echo json_encode($return);
250  } else {
251  echo $langs->trans('NotEnoughPermissions');
252  }
253 }
if($user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition: card.php:58
Class to manage generation of HTML components Only common components must be here.
Class of a generic business object.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
price2num($amount, $rounding='', $option=0)
Function that return a number with universal decimal format (decimal separator is '.
dol_nl2br($stringtoencode, $nl2brmode=0, $forxml=false)
Replace CRLF in string with a HTML BR tag.
price($amount, $form=0, $outlangs='', $trunc=1, $rounding=-1, $forcerounding=-1, $currency_code='')
Function to format a value into an amount for visual output Function used into PDF and HTML pages.
if(!function_exists('dol_getprefix')) dol_include_once($relpath, $classname='')
Make an include_once using default root and alternate root if it fails.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
fetchObjectByElement($element_id, $element_type, $element_ref='', $useCache=0, $maxCacheByType=10)
Fetch an object from its id and element_type Inclusion of classes is automatic.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition: main.inc.php:1650
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.