dolibarr 21.0.0-alpha
api_agendaevents.class.php
1<?php
2/* Copyright (C) 2015 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
3 * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 */
18
19use Luracast\Restler\RestException;
20
21require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
22
23
31{
35 public static $FIELDS = array(
36 );
37
41 public $actioncomm;
42
43
47 public function __construct()
48 {
49 global $db, $conf;
50 $this->db = $db;
51 $this->actioncomm = new ActionComm($this->db);
52 }
53
64 public function get($id)
65 {
66 if (!DolibarrApiAccess::$user->hasRight('agenda', 'myactions', 'read')) {
67 throw new RestException(403, "Insufficient rights to read an event");
68 }
69 if ($id === 0) {
70 $result = $this->actioncomm->initAsSpecimen();
71 } else {
72 $result = $this->actioncomm->fetch($id);
73 if ($result) {
74 $this->actioncomm->fetch_optionals();
75 $this->actioncomm->fetchObjectLinked();
76 }
77 }
78 if (!$result) {
79 throw new RestException(404, 'Agenda Events not found');
80 }
81
82 if (!DolibarrApiAccess::$user->hasRight('agenda', 'allactions', 'read') && $this->actioncomm->userownerid != DolibarrApiAccess::$user->id) {
83 throw new RestException(403, 'Insufficient rights to read event of this owner id. Your id is '.DolibarrApiAccess::$user->id);
84 }
85
86 if (!DolibarrApi::_checkAccessToResource('agenda', $this->actioncomm->id, 'actioncomm', '', 'fk_soc', 'id')) {
87 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
88 }
89 return $this->_cleanObjectDatas($this->actioncomm);
90 }
91
106 public function index($sortfield = "t.id", $sortorder = 'ASC', $limit = 100, $page = 0, $user_ids = '', $sqlfilters = '', $properties = '')
107 {
108 global $db, $conf;
109
110 $obj_ret = array();
111
112 if (!DolibarrApiAccess::$user->hasRight('agenda', 'myactions', 'read')) {
113 throw new RestException(403, "Insufficient rights to read events");
114 }
115
116 // case of external user
117 $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0;
118
119 // If the internal user must only see his customers, force searching by him
120 $search_sale = 0;
121 if (!DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socid) {
122 $search_sale = DolibarrApiAccess::$user->id;
123 }
124 if (!isModEnabled('societe')) {
125 $search_sale = 0; // If module thirdparty not enabled, sale representative is something that does not exists
126 }
127
128 $sql = "SELECT t.id as rowid";
129 $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm AS t";
130 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_extrafields AS ef ON (ef.fk_object = t.id)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
131 $sql .= ' WHERE t.entity IN ('.getEntity('agenda').')';
132 if ($user_ids) {
133 $sql .= " AND t.fk_user_action IN (".$this->db->sanitize($user_ids).")";
134 }
135 if ($socid > 0) {
136 $sql .= " AND t.fk_soc = ".((int) $socid);
137 }
138 // Search on sale representative
139 if ($search_sale && $search_sale != '-1') {
140 if ($search_sale == -2) {
141 $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)";
142 } elseif ($search_sale > 0) {
143 $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
144 }
145 }
146 // Add sql filters
147 if ($sqlfilters) {
148 $errormessage = '';
149 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
150 if ($errormessage) {
151 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
152 }
153 }
154
155 $sql .= $this->db->order($sortfield, $sortorder);
156 if ($limit) {
157 if ($page < 0) {
158 $page = 0;
159 }
160 $offset = $limit * $page;
161
162 $sql .= $this->db->plimit($limit + 1, $offset);
163 }
164
165 $result = $this->db->query($sql);
166
167 if ($result) {
168 $i = 0;
169 $num = $this->db->num_rows($result);
170 $min = min($num, ($limit <= 0 ? $num : $limit));
171 while ($i < $min) {
172 $obj = $this->db->fetch_object($result);
173 $actioncomm_static = new ActionComm($this->db);
174 if ($actioncomm_static->fetch($obj->rowid)) {
175 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($actioncomm_static), $properties);
176 }
177 $i++;
178 }
179 } else {
180 throw new RestException(503, 'Error when retrieve Agenda Event list : '.$this->db->lasterror());
181 }
182
183 return $obj_ret;
184 }
185
192 public function post($request_data = null)
193 {
194 if (!DolibarrApiAccess::$user->hasRight('agenda', 'myactions', 'create')) {
195 throw new RestException(403, "Insufficient rights to create your Agenda Event");
196 }
197 if (!DolibarrApiAccess::$user->hasRight('agenda', 'allactions', 'create') && DolibarrApiAccess::$user->id != $request_data['userownerid']) {
198 throw new RestException(403, "Insufficient rights to create an Agenda Event for owner id ".$request_data['userownerid'].' Your id is '.DolibarrApiAccess::$user->id);
199 }
200
201 // Check mandatory fields
202 $result = $this->_validate($request_data);
203
204 foreach ($request_data as $field => $value) {
205 if ($field === 'caller') {
206 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
207 $this->actioncomm->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
208 continue;
209 }
210
211 $this->actioncomm->$field = $this->_checkValForAPI($field, $value, $this->actioncomm);
212 }
213 /*if (isset($request_data["lines"])) {
214 $lines = array();
215 foreach ($request_data["lines"] as $line) {
216 array_push($lines, (object) $line);
217 }
218 $this->expensereport->lines = $lines;
219 }*/
220
221 if ($this->actioncomm->create(DolibarrApiAccess::$user) < 0) {
222 throw new RestException(500, "Error creating event", array_merge(array($this->actioncomm->error), $this->actioncomm->errors));
223 }
224
225 return $this->actioncomm->id;
226 }
227
228
236 public function put($id, $request_data = null)
237 {
238 if (!DolibarrApiAccess::$user->hasRight('agenda', 'myactions', 'create')) {
239 throw new RestException(403, "Insufficient rights to create your Agenda Event");
240 }
241 if (!DolibarrApiAccess::$user->hasRight('agenda', 'allactions', 'create') && DolibarrApiAccess::$user->id != $request_data['userownerid']) {
242 throw new RestException(403, "Insufficient rights to create an Agenda Event for owner id ".$request_data['userownerid'].' Your id is '.DolibarrApiAccess::$user->id);
243 }
244
245 $result = $this->actioncomm->fetch($id);
246 if ($result) {
247 $this->actioncomm->fetch_optionals();
248 $this->actioncomm->fetch_userassigned();
249 $this->actioncomm->oldcopy = clone $this->actioncomm;
250 }
251 if (!$result) {
252 throw new RestException(404, 'actioncomm not found');
253 }
254
255 if (!DolibarrApi::_checkAccessToResource('actioncomm', $this->actioncomm->id, 'actioncomm', '', 'fk_soc', 'id')) {
256 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
257 }
258 foreach ($request_data as $field => $value) {
259 if ($field == 'id') {
260 continue;
261 }
262 if ($field === 'caller') {
263 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
264 $this->actioncomm->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
265 continue;
266 }
267
268 $this->actioncomm->$field = $this->_checkValForAPI($field, $value, $this->actioncomm);
269 }
270
271 if ($this->actioncomm->update(DolibarrApiAccess::$user, 1) > 0) {
272 return $this->get($id);
273 }
274
275 return false;
276 }
277
285 public function delete($id)
286 {
287 if (!DolibarrApiAccess::$user->hasRight('agenda', 'myactions', 'delete')) {
288 throw new RestException(403, "Insufficient rights to delete your Agenda Event");
289 }
290
291 $result = $this->actioncomm->fetch($id);
292 if ($result) {
293 $this->actioncomm->fetch_optionals();
294 $this->actioncomm->fetch_userassigned();
295 $this->actioncomm->oldcopy = clone $this->actioncomm;
296 }
297
298 if (!DolibarrApiAccess::$user->hasRight('agenda', 'allactions', 'delete') && DolibarrApiAccess::$user->id != $this->actioncomm->userownerid) {
299 throw new RestException(403, "Insufficient rights to delete an Agenda Event of owner id ".$this->actioncomm->userownerid.' Your id is '.DolibarrApiAccess::$user->id);
300 }
301
302 if (!$result) {
303 throw new RestException(404, 'Agenda Event not found');
304 }
305
306 if (!DolibarrApi::_checkAccessToResource('actioncomm', $this->actioncomm->id, 'actioncomm', '', 'fk_soc', 'id')) {
307 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
308 }
309
310 if (!$this->actioncomm->delete(DolibarrApiAccess::$user)) {
311 throw new RestException(500, 'Error when delete Agenda Event : '.$this->actioncomm->error);
312 }
313
314 return array(
315 'success' => array(
316 'code' => 200,
317 'message' => 'Agenda Event deleted'
318 )
319 );
320 }
321
329 private function _validate($data)
330 {
331 $event = array();
332 foreach (AgendaEvents::$FIELDS as $field) {
333 if (!isset($data[$field])) {
334 throw new RestException(400, "$field field missing");
335 }
336 $event[$field] = $data[$field];
337 }
338 return $event;
339 }
340
341 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
348 protected function _cleanObjectDatas($object)
349 {
350 // phpcs:enable
351 $object = parent::_cleanObjectDatas($object);
352
353 unset($object->note); // alreaydy into note_private
354 unset($object->usermod);
355 unset($object->libelle);
356 unset($object->context);
357 unset($object->canvas);
358 unset($object->contact);
359 unset($object->contact_id);
360 unset($object->thirdparty);
361 unset($object->user);
362 unset($object->origin);
363 unset($object->origin_id);
364 unset($object->ref_ext);
365 unset($object->statut);
366 unset($object->state_code);
367 unset($object->state_id);
368 unset($object->state);
369 unset($object->region);
370 unset($object->region_code);
371 unset($object->country);
372 unset($object->country_id);
373 unset($object->country_code);
374 unset($object->barcode_type);
375 unset($object->barcode_type_code);
376 unset($object->barcode_type_label);
377 unset($object->barcode_type_coder);
378 unset($object->mode_reglement_id);
379 unset($object->cond_reglement_id);
380 unset($object->cond_reglement);
381 unset($object->fk_delivery_address);
382 unset($object->shipping_method_id);
383 unset($object->fk_account);
384 unset($object->total_ht);
385 unset($object->total_tva);
386 unset($object->total_localtax1);
387 unset($object->total_localtax2);
388 unset($object->total_ttc);
389 unset($object->fk_incoterms);
390 unset($object->label_incoterms);
391 unset($object->location_incoterms);
392 unset($object->name);
393 unset($object->lastname);
394 unset($object->firstname);
395 unset($object->civility_id);
396 unset($object->contact);
397 unset($object->societe);
398 unset($object->demand_reason_id);
399 unset($object->transport_mode_id);
400 unset($object->region_id);
401 unset($object->actions);
402 unset($object->lines);
403
404 return $object;
405 }
406}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
Class to manage agenda events (actions)
_cleanObjectDatas($object)
Clean sensible object datas.
_validate($data)
Validate fields before create or update object.
index($sortfield="t.id", $sortorder='ASC', $limit=100, $page=0, $user_ids='', $sqlfilters='', $properties='')
List Agenda Events.
__construct()
Constructor.
put($id, $request_data=null)
Update Agenda Event general fields.
post($request_data=null)
Create Agenda Event object.
Class for API REST v1.
Definition api.class.php:30
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:82
forgeSQLFromUniversalSearchCriteria($filter, &$errorstr='', $noand=0, $nopar=0, $noerror=0)
forgeSQLFromUniversalSearchCriteria
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.