d8/d57/selectobject_8php_source.html

<?php

/* Copyright (C) 2017 Laurent Destailleur  <eldy@users.sourceforge.net>

 * Copyright (C) 2024   Frédéric France     <frederic.france@free.fr>

 * Copyright (C) 2024-2026  MDW           <mdeweerd@users.noreply.github.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 3 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program. If not, see <https://www.gnu.org/licenses/>.

 */


if (!defined('NOTOKENRENEWAL')) {

  define('NOTOKENRENEWAL', 1); // Disables token renewal

}

if (!defined('NOREQUIREMENU')) {

  define('NOREQUIREMENU', '1');

}

if (!defined('NOREQUIREHTML')) {

  define('NOREQUIREHTML', '1');

}

if (!defined('NOREQUIREAJAX')) {

  define('NOREQUIREAJAX', '1');

}

if (!defined('NOREQUIRESOC')) {

  define('NOREQUIRESOC', '1');

}


// Load Dolibarr environment

require '../../main.inc.php';

require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';

require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';


$extrafields = new ExtraFields($db);


$objectdesc = GETPOST('objectdesc', 'alphanohtml', 0, null, null, 1); // Deprecated. Do not use this anymore. Use param 'objectfield' instead.

$htmlname = GETPOST('htmlname', 'aZ09');

$outjson = (GETPOSTINT('outjson') ? GETPOSTINT('outjson') : 0);

$id = GETPOSTINT('id');

$objectfield = GETPOST('objectfield', 'alpha'); // 'MyObject:field' or 'MyModule_MyObject:field' or 'MyObject:option_field' or 'MyModule_MyObject:option_field'


if (empty($htmlname)) {

  httponly_accessforbidden('Bad value for param htmlname');

}


if (!empty($objectfield)) {

  // Recommended method to call selectobject.

  // $objectfield is Object:Field that contains the definition (in table $fields or extrafield). Example: 'Societe:t.ddd' or 'Societe:options_xxx'


  $tmparray = explode(':', $objectfield);

  $objectdesc = '';


  // Load object according to $id and $element

  $objectforfieldstmp = fetchObjectByElement(0, strtolower($tmparray[0]));


  $reg = array();

  if (preg_match('/^options_(.*)$/', $tmparray[1], $reg)) {

    // For a property in extrafields

    $key = $reg[1];

    // fetch optionals attributes and labels

    $extrafields->fetch_name_optionals_label($objectforfieldstmp->table_element);


    if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key]) && $extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key] == 'link') {

      if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options'])) {

        $tmpextrafields = array_keys($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options']);

        $objectdesc = $tmpextrafields[0];

      }

    }

  } else {

    // For a property in ->fields

    $objectdesc = $objectforfieldstmp->fields[$tmparray[1]]['type'];

    $objectdesc = preg_replace('/^integer[^:]*:/', '', $objectdesc);

  }

}


$objecttmp = null;

$filter = '';

if ($objectdesc) {

  // Example of value for $objectdesc:

  // Bom:bom/class/bom.class.php:0:t.status=1

  // Bom:bom/class/bom.class.php:0:t.status=1:ref

  // Bom:bom/class/bom.class.php:0:(t.status:=:1) OR (t.field2:=:2):ref

  $InfoFieldList = explode(":", $objectdesc, 4);

  $vartmp = (empty($InfoFieldList[3]) ? '' : $InfoFieldList[3]);

  $reg = array();

  if (preg_match('/^.*:(\w*)$/', $vartmp, $reg)) {

    $InfoFieldList[4] = $reg[1];    // take the sort field

  }

  $InfoFieldList[3] = preg_replace('/:\w*$/', '', $vartmp);    // take the filter field


  $classname = $InfoFieldList[0];

  $classpath = '';

  if (!empty($InfoFieldList[1])) {

    $classpath = dol_sanitizePathName($InfoFieldList[1]);

  }


  //$addcreatebuttonornot = empty($InfoFieldList[2]) ? 0 : $InfoFieldList[2];

  $filter = empty($InfoFieldList[3]) ? '' : $InfoFieldList[3];

  $sortfield = empty($InfoFieldList[4]) ? '' : $InfoFieldList[4];


  // Load object according to $id and $element

  $objecttmp = fetchObjectByElement(0, strtolower($InfoFieldList[0]));


  // Fallback to another solution to get $objecttmp

  if (getDolGlobalString("MAIN_ALLOW_UNSECURED_FALLBACK_FOR_SELECTOBJECT") && empty($objecttmp) && !empty($classpath) && preg_match('/\.class\.php$/', $classpath)) {

    dol_include_once($classpath);


    if ($classname && class_exists($classname)) {

      $objecttmp = new $classname($db);

    }

  }

}


// Make some replacement

$sharedentities = getEntity(strtolower($objecttmp->element));


$filter = str_replace(

  array('__ENTITY__', '__SHARED_ENTITIES__', '__USER_ID__', '$ID$'),

  array((string) $conf->entity, $sharedentities, (string) $user->id, (string) $id),

  $filter

);


/*

$module = $object->module;

$element = $object->element;

$usesublevelpermission = ($module != $element ? $element : '');

if ($usesublevelpermission && !isset($user->rights->$module->$element)) { // There is no permission on object defined, we will check permission on module directly

  $usesublevelpermission = '';

}

*/


// When used from jQuery, the search term is added as GET param "term".

$searchkey = (($id && GETPOST((string) $id, 'alpha')) ? GETPOST((string) $id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ? GETPOST($htmlname, 'alpha') : ''));


// Add a security test to avoid to get content of all tables

$allowModules = ['bom'];

if ($objecttmp !== null && !empty($objecttmp->module) && !in_array($objecttmp->module, $allowModules)) {

  restrictedArea($user, $objecttmp->module, $id, $objecttmp->table_element, $objecttmp->element);

} else {

  restrictedArea($user, $objecttmp !== null ? $objecttmp->element : 'unknownobject', $id);  // If object is unknown, we force to 'unknownobject' instead of '' to be sure access is forbidden

}


/*

 * View

 */


$form = new Form($db);


top_httphead($outjson ? 'application/json' : 'text/html');


//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";


$arrayresult = ($objecttmp === null) ? [] : $form->selectForFormsList($objecttmp, (string) $htmlname, 0, 0, $searchkey, '', '', '', 0, 1, 0, '', $filter);


$db->close();


if ($outjson) {

  print json_encode($arrayresult);

}

$id
$id
Support class for third parties, contacts, members, users or resources.
Definition account.php:47

ExtraFields
Class to manage standard extra fields.
Definition extrafields.class.php:43

Form
Class to manage generation of HTML components Only common components must be here.
Definition html.form.class.php:59

$conf
if(!isModEnabled('ai')||!getDolGlobalString('AI_ASSISTANT_ENABLED')) global $conf
The main.inc.php has been included so the following variable are now defined:
Definition execute_tool.php:50

$db
if(!isModEnabled('ai')||!getDolGlobalString('AI_ASSISTANT_ENABLED')) global $db
API class for accounts.
Definition execute_tool.php:46

GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition functions.lib.php:951

dol_sanitizePathName
dol_sanitizePathName($str, $newstr='_', $unaccent=0, $allowdash=0)
Clean a string to use it as a path name.
Definition functions.lib.php:1963

dol_include_once
if(!function_exists( 'dol_getprefix')) dol_include_once($relpath, $classname='')
Make an include_once using default root and alternate root if it fails.
Definition functions.lib.php:1598

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:1082

getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:286

getEntity
getEntity($element, $shared=1, $currentobject=null)
Get list of entity id to use.
Definition functions.lib.php:615

string
print $langs trans("Show") . '< td style="' . $timeColor . '" align="center"> s</td > badge status0 badge status4 badge status3 Error badge status8< td align="center">< span class="badge ' . $badge . '"></span ></td >< td align="center">< a href="#" class="button button-small" onclick="openLogModal(this)" data-req="' . dol_escape_htmltag($reqSafe) . '" data-res="' . dol_escape_htmltag($resSafe) . '" data-err="' . dol_escape_htmltag($errSafe) . '">< span class="fa fa-search-plus"></span ></a ></td ></tr >< tr >< td colspan="' . $colspan . '" class="opacitymedium"></td ></tr ></table ></div ></form > logModal none logModal none s a JSON string
buildzip.php
Definition log_viewer.php:266

top_httphead
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition main.inc.php:1512

httponly_accessforbidden
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition security.lib.php:1070

restrictedArea
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
Definition security.lib.php:180