dolibarr 24.0.0-beta
api_eventattendees.class.php
1<?php
2/*
3/* Copyright (C) 2025 Jon Bendtsen <jon.bendtsen.github@jonb.dk>
4 * Copyright (C) 2025 Frédéric France <frederic.france@free.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20use Luracast\Restler\RestException;
21
22require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
23require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
24require_once DOL_DOCUMENT_ROOT.'/eventorganization/class/conferenceorboothattendee.class.php';
25
32class EventAttendees extends DolibarrApi
33{
37 public static $FIELDS = array(
38 'fk_project'
39 );
40
44 public static $INTFIELDS = array(
45 'fk_soc',
46 'fk_actioncomm',
47 'fk_project',
48 'fk_invoice',
49 'status'
50 );
51
55 public $event_attendees;
56
60 public $table_element = 'eventorganization_conferenceorboothattendee';
61
65 public function __construct()
66 {
67 global $db;
68 $this->db = $db;
69 $this->event_attendees = new ConferenceOrBoothAttendee($this->db);
70 }
71
86 public function deleteById($id)
87 {
88 if ($id < 1 ) {
89 throw new RestException(400, 'No eventattendee with id<1 can exist');
90 }
91 $allowaccess = $this->_checkAccessRights('delete', 0);
92 if (!$allowaccess) {
93 throw new RestException(403, 'denied read access to Event attendees');
94 }
95
96 $result = $this->event_attendees->fetch($id, '');
97 if (!$result) {
98 throw new RestException(404, 'Event attendee with id '.$id.' not found');
99 }
100
101 if (!$this->event_attendees->delete(DolibarrApiAccess::$user)) {
102 throw new RestException(500, 'Error when delete event attendee : '.$this->event_attendees->error);
103 }
104
105 return array(
106 'success' => array(
107 'code' => 200,
108 'message' => 'event attendee deleted'
109 )
110 );
111 }
112
127 public function deleteByRef($ref)
128 {
129 $allowaccess = $this->_checkAccessRights('delete', 0);
130 if (!$allowaccess) {
131 throw new RestException(403, 'denied read access to Event attendees');
132 }
133
134 $result = $this->event_attendees->fetch(0, $ref);
135 if (!$result) {
136 throw new RestException(404, "Event attendee with ref ".$ref." not found");
137 }
138
139 if (!$this->event_attendees->delete(DolibarrApiAccess::$user)) {
140 throw new RestException(500, 'Error when delete event attendee : '.$this->event_attendees->error);
141 }
142
143 return array(
144 'success' => array(
145 'code' => 200,
146 'message' => 'event attendee deleted'
147 )
148 );
149 }
150
166 public function getById($id)
167 {
168 return $this->_fetch($id, '');
169 }
170
186 public function getByRef($ref)
187 {
188 return $this->_fetch(0, $ref);
189 }
190
213 public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '', $pagination_data = false, $loadlinkedobjects = 0)
214 {
215 // $allowaccess = $this->_checkAccessRights('read', 0);
216 // if (!$allowaccess) {
217 // throw new RestException(403, 'denied read access to Event attendees');
218 // }
219 // access check delayed until we can do it for each row checking each fk_project
220 // entity stolen from api_setup.class.php
221 $entity = (int) DolibarrApiAccess::$user->entity;
222 $obj_ret = array();
223
224 $sql = "SELECT t.rowid";
225 $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." AS t";
226 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."projet AS p ON t.fk_project = p.rowid";
227 if (isModEnabled('multicompany')) {
228 $sql .= ' WHERE p.entity = '.((int) $entity);
229 } else {
230 $sql .= ' WHERE 1 = 1';
231 }
232
233
234 // Add sql filters
235 if ($sqlfilters) {
236 $errormessage = '';
237 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
238 if ($errormessage) {
239 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
240 }
241 }
242
243 //this query will return total orders with the filters given
244 $sqlTotals = str_replace('SELECT t.rowid', 'SELECT count(t.rowid) as total', $sql);
245
246 $sql .= $this->db->order($sortfield, $sortorder);
247 if ($limit) {
248 if ($page < 0) {
249 $page = 0;
250 }
251 $offset = $limit * $page;
252
253 $sql .= $this->db->plimit($limit + 1, $offset);
254 }
255
256 dol_syslog(get_class($this)."::index", LOG_DEBUG);
257 $result = $this->db->query($sql);
258
259 if ($result) {
260 $num = $this->db->num_rows($result);
261 $min = min($num, ($limit <= 0 ? $num : $limit));
262 $i = 0;
263 $onerowaccessgranted = false;
264 while ($i < $min) {
265 $obj = $this->db->fetch_object($result);
266 $event_attendees_static = new ConferenceOrBoothAttendee($this->db);
267 if ($event_attendees_static->fetch($obj->rowid) > 0) {
268 $rowallowaccess = $this->_checkAccessRights('read', $event_attendees_static->fk_project);
269 if ($rowallowaccess) {
270 if ($loadlinkedobjects) {
271 // retrieve linked objects
272 $event_attendees_static->fetchObjectLinked();
273 }
274 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($event_attendees_static), $properties);
275 $onerowaccessgranted = $rowallowaccess;
276 }
277 }
278 $i++;
279 }
280 if (($num > 0) && !$onerowaccessgranted) {
281 throw new RestException(403, 'No access granted for even a single of the rows found');
282 }
283 } else {
284 throw new RestException(503, 'Error when retrieve event attendee list : '.$this->db->lasterror());
285 }
286
287 //if $pagination_data is true the response will contain element data with all values and element pagination with pagination data(total,page,limit)
288 if ($pagination_data) {
289 $totalsResult = $this->db->query($sqlTotals);
290 $total = $this->db->fetch_object($totalsResult)->total;
291
292 $tmp = $obj_ret;
293 $obj_ret = [];
294
295 $obj_ret['data'] = $tmp;
296 $obj_ret['pagination'] = [
297 'total' => (int) $total,
298 'page' => $page, //count starts from 0
299 'page_count' => ceil((int) $total / $limit),
300 'limit' => $limit
301 ];
302 }
303
304 return $obj_ret;
305 }
306
325 public function post($request_data = null)
326 {
327 $allowaccess = $this->_checkAccessRights('write', 0);
328 if (!$allowaccess) {
329 throw new RestException(403, 'denied create access to Event attendees');
330 }
331
332 // Check mandatory fields
333 $result = $this->_validate($request_data);
334
335 foreach ($request_data as $field => $value) {
336 if ($field === 'caller') {
337 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
338 $this->event_attendees->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
339 continue;
340 }
341
342 $this->event_attendees->$field = $this->_checkValForAPI($field, $value, $this->event_attendees);
343 }
344
345 if ($this->event_attendees->create(DolibarrApiAccess::$user) < 0) {
346 throw new RestException(500, "Error creating event attendee", array_merge(array($this->event_attendees->error), $this->event_attendees->errors));
347 }
348
349 return ((int) $this->event_attendees->id);
350 }
351
371 public function putById($id, $request_data = null)
372 {
373 if ($id < 1 ) {
374 throw new RestException(400, 'No eventattendee with id<1 can exist');
375 }
376 $allowaccess = $this->_checkAccessRights('write', 0);
377 if (!$allowaccess) {
378 throw new RestException(403, 'denied update access to Event attendees');
379 }
380
381 $result = $this->event_attendees->fetch($id, '');
382 if (!$result) {
383 throw new RestException(404, 'event attendee not found');
384 }
385
386 foreach ($request_data as $field => $value) {
387 if ($field == 'id') {
388 continue;
389 }
390 if ($field === 'caller') {
391 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
392 $this->event_attendees->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
393 continue;
394 }
395
396 $this->event_attendees->$field = $this->_checkValForAPI($field, $value, $this->event_attendees);
397 }
398
399 if ($this->event_attendees->update(DolibarrApiAccess::$user) > 0) {
400 return $this->_fetch($id, '');
401 } else {
402 throw new RestException(500, end($this->event_attendees->errors));
403 }
404 }
405
425 public function putByRef($ref, $request_data = null)
426 {
427 $allowaccess = $this->_checkAccessRights('write', 0);
428 if (!$allowaccess) {
429 throw new RestException(403, 'denied update access to Event attendees');
430 }
431
432 $result = $this->event_attendees->fetch(0, $ref);
433 if (!$result) {
434 throw new RestException(404, 'event attendee not found');
435 }
436
437 $newref = $ref;
438 foreach ($request_data as $field => $value) {
439 if ($field == 'id') {
440 continue;
441 }
442 if ($field == 'ref') {
443 $newref = $this->_checkValForAPI($field, $value, $this->event_attendees);
444 }
445 if ($field === 'caller') {
446 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
447 $this->event_attendees->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
448 continue;
449 }
450
451 $this->event_attendees->$field = $this->_checkValForAPI($field, $value, $this->event_attendees);
452 }
453
454 if ($this->event_attendees->update(DolibarrApiAccess::$user) > 0) {
455 return $this->_fetch(0, $newref);
456 } else {
457 throw new RestException(500, end($this->event_attendees->errors));
458 }
459 }
460
475 private function _fetch($id, $ref = '')
476 {
477 if ($id < 1 && empty($ref)) {
478 throw new RestException(400, 'No eventattendee with id<1 can exist');
479 }
480 if (empty($id) && empty($ref)) {
481 throw new RestException(400, 'No eventattendee can be found with no criteria');
482 }
483 // we first need to fetch the object so we can get the fk_project id and then check for access
484 $result = $this->event_attendees->fetch($id, $ref);
485 if (!$result) {
486 if ($id) {
487 throw new RestException(404, 'Event attendee with id '.((string) $id).' not found');
488 }
489 if ($ref) {
490 throw new RestException(404, 'Event attendee with ref '.$ref.' not found');
491 }
492 throw new RestException(404, 'Event attendee not found');
493 }
494 $project_id = $this->event_attendees->fk_project;
495 $allowaccess = $this->_checkAccessRights('read', $project_id);
496 if (!$allowaccess) {
497 throw new RestException(403, 'denied read access to Event attendees');
498 }
499
500 $this->event_attendees->fetchObjectLinked();
501
502 return $this->_cleanObjectDatas($this->event_attendees);
503 }
504
505 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
518 protected function _cleanObjectDatas($object)
519 {
520 // phpcs:enable
521 $object = parent::_cleanObjectDatas($object);
522
523 unset($object->array_languages);
524 unset($object->contacts_ids);
525 unset($object->canvas);
526 unset($object->contact_id);
527 unset($object->user);
528 unset($object->origin_type);
529 unset($object->origin_id);
530 unset($object->ref_ext);
531 unset($object->statut);
532 unset($object->civility_code);
533 unset($object->country_id);
534 unset($object->country_code);
535 unset($object->state_id);
536 unset($object->region_id);
537 unset($object->barcode_type);
538 unset($object->barcode_type_coder);
539 unset($object->mode_reglement_id);
540 unset($object->cond_reglement_id);
541 unset($object->demand_reason_id);
542 unset($object->transport_mode_id);
543 unset($object->shipping_method_id);
544 unset($object->shipping_method);
545 unset($object->fk_multicurrency);
546 unset($object->multicurrency_code);
547 unset($object->multicurrency_tx);
548 unset($object->multicurrency_total_ht);
549 unset($object->multicurrency_total_tva);
550 unset($object->multicurrency_total_ttc);
551 unset($object->multicurrency_total_localtax1);
552 unset($object->multicurrency_total_localtax2);
553 unset($object->fk_account);
554 unset($object->total_ht);
555 unset($object->total_tva);
556 unset($object->total_localtax1);
557 unset($object->total_localtax2);
558 unset($object->total_ttc);
559 unset($object->lines);
560 unset($object->actiontypecode);
561 unset($object->name);
562 unset($object->civility_id);
563 unset($object->user_creation_id);
564 unset($object->user_validation_id);
565 unset($object->user_closing_id);
566 unset($object->user_modification_id);
567 unset($object->totalpaid);
568 unset($object->product);
569 unset($object->cond_reglement_supplier_id);
570 unset($object->deposit_percent);
571 unset($object->retained_warranty_fk_cond_reglement);
572 unset($object->warehouse_id);
573 unset($object->target);
574 unset($object->extraparams);
575 unset($object->specimen);
576 unset($object->date_validation);
577 unset($object->date_modification);
578 unset($object->date_cloture);
579 unset($object->rowid);
580 unset($object->module);
581 unset($object->entity);
582 unset($object->paid);
583
584 return $object;
585 }
586
596 private function _validate($data)
597 {
598 $event_attendees = array();
599 foreach (EventAttendees::$FIELDS as $field) {
600 if (!isset($data[$field])) {
601 throw new RestException(400, $field." field missing");
602 }
603 $event_attendees[$field] = $data[$field];
604 }
605 return $event_attendees;
606 }
607
619 private function _checkAccessRights($accesstype, $project_id = 0)
620 {
621 // what kind of access management do we need?
622 $moduleaccess = false;
623 if (isModEnabled("eventorganization") && DolibarrApiAccess::$user->hasRight('project', $accesstype)) {
624 $moduleaccess = true;
625 }
626 $fullprojectaccess = false;
627 if (DolibarrApiAccess::$user->hasRight('project', 'all', $accesstype)) {
628 $fullprojectaccess = true;
629 }
630
631 if ($moduleaccess && $fullprojectaccess) {
632 return true;
633 } else {
634 $singleprojectaccess = false;
635 if (0 < $project_id) {
636 // we should also check project visibility and if set to assigned contacts it should be only those contacts.
637 require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
638 $event_project = new Project($this->db);
639 $result = $event_project->fetch($project_id);
640 if (0 < $result) {
641 $public = $event_project->public;
642 if ( 1 == $public) {
643 $singleprojectaccess = true;
644 } else {
645 $userProjectAccessListId = $event_project->getProjectsAuthorizedForUser(DolibarrApiAccess::$user, 0, 0);
646 $project_title = $event_project->title;
647 if (in_array($project_title, $userProjectAccessListId)) {
648 $singleprojectaccess = true;
649 } else {
650 dol_syslog("project_title ".$project_title." is NOT in array from getProjectsAuthorizedForUser()", LOG_DEBUG);
651 return false;
652 }
653 }
654 } elseif (0 == $result) {
655 throw new RestException(500, 'Project id '.$project_id.' not found');
656 } else {
657 throw new RestException(500, 'Error during fetch project '.$project_id.': '.$this->db->lasterror());
658 }
659 } elseif ($moduleaccess && ($project_id == 0)) {
660 return true;
661 // because we assume that the caller will know to check for each fk_projekt
662 }
663 if ($moduleaccess && $singleprojectaccess) {
664 return true;
665 } elseif ($moduleaccess) {
666 throw new RestException(403, 'Event attendees access granted, but denied access to the project');
667 } elseif ($singleprojectaccess) {
668 throw new RestException(403, 'project access granted, but denied access to Event attendees');
669 } else {
670 throw new RestException(403, 'denied access both Event attendees and the project');
671 }
672 }
673 }
674}
$id
$id
Support class for third parties, contacts, members, users or resources.
Definition account.php:47
$object
if(! $sortfield) if(! $sortorder) $object
Definition account.php:100
ConferenceOrBoothAttendee
Class for ConferenceOrBoothAttendee.
Definition conferenceorboothattendee.class.php:35
DolibarrApi
Class for API REST v1.
Definition api.class.php:35
DolibarrApi\_filterObjectProperties
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
Definition api.class.php:248
DolibarrApi\_checkValForAPI
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:101
EventAttendees\_validate
_validate($data)
Validate fields before create or update object.
Definition api_eventattendees.class.php:596
EventAttendees\putByRef
putByRef($ref, $request_data=null)
Update an event attendee.
Definition api_eventattendees.class.php:425
EventAttendees\_checkAccessRights
_checkAccessRights($accesstype, $project_id=0)
function to check for access rights - should probably have 1.
Definition api_eventattendees.class.php:619
EventAttendees\index
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $sqlfilters='', $properties='', $pagination_data=false, $loadlinkedobjects=0)
List Event attendees.
Definition api_eventattendees.class.php:213
EventAttendees\getById
getById($id)
Get properties of a event attendee by id.
Definition api_eventattendees.class.php:166
EventAttendees\deleteByRef
deleteByRef($ref)
Delete an event attendee.
Definition api_eventattendees.class.php:127
EventAttendees\_fetch
_fetch($id, $ref='')
Get properties of an event attendee.
Definition api_eventattendees.class.php:475
EventAttendees\_cleanObjectDatas
_cleanObjectDatas($object)
Clean sensible object datas @phpstan-template T.
Definition api_eventattendees.class.php:518
EventAttendees\getByRef
getByRef($ref)
Get properties of an event attendee by ref.
Definition api_eventattendees.class.php:186
EventAttendees\__construct
__construct()
Constructor of the class.
Definition api_eventattendees.class.php:65
EventAttendees\putById
putById($id, $request_data=null)
Update an event attendee.
Definition api_eventattendees.class.php:371
EventAttendees\deleteById
deleteById($id)
Delete an event attendee.
Definition api_eventattendees.class.php:86
EventAttendees\post
post($request_data=null)
Create an event attendee.
Definition api_eventattendees.class.php:325
Project
Class to manage projects.
Definition project.class.php:40
$db
if(!isModEnabled('ai')||!getDolGlobalString('AI_ASSISTANT_ENABLED')) global $db
API class for accounts.
Definition execute_tool.php:46
sanitizeVal
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.
Definition functions.lib.php:1360
isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition functions.lib.php:489
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2754
Generated on Mon Jun 22 2026 21:04:43 for dolibarr by Doxygen 1.11.0