dolibarr 24.0.0-beta
api_orders.class.php
1<?php
2/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3 * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4 * Copyright (C) 2024-2025 Frédéric France <frederic.france@free.fr>
5 * Copyright (C) 2025 MDW <mdeweerd@users.noreply.github.com>
6 * Copyright (C) 2025 William Mead <william@m34d.com>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21
22use Luracast\Restler\RestException;
23
24require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
25
33class Orders extends DolibarrApi
34{
38 public static $FIELDS = array(
39 'socid',
40 'date'
41 );
42
46 public $commande;
47
51 public function __construct()
52 {
53 global $db;
54
55 $this->db = $db;
56 $this->commande = new Commande($this->db);
57 }
58
71 public function get($id, $contact_list = -1)
72 {
73 return $this->_fetch($id, '', '', $contact_list);
74 }
75
90 public function getByRef($ref, $contact_list = -1)
91 {
92 return $this->_fetch(0, $ref, '', $contact_list);
93 }
94
109 public function getByRefExt($ref_ext, $contact_list = -1)
110 {
111 return $this->_fetch(0, '', $ref_ext, $contact_list);
112 }
113
127 private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = -1)
128 {
129 if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
130 throw new RestException(403);
131 }
132 if (empty($id) && empty($ref) && empty($ref_ext)) {
133 throw new RestException(400, 'No ID or Ref provided');
134 }
135 $result = $this->commande->fetch($id, $ref, $ref_ext);
136 if (!$result) {
137 throw new RestException(404, 'Order not found');
138 }
139
140 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
141 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
142 }
143
144 if ($contact_list > -1) {
145 // Add external contacts ids
146 $tmparray = $this->commande->liste_contact(-1, 'external', $contact_list);
147 if (is_array($tmparray)) {
148 $this->commande->contacts_ids = $tmparray;
149 }
150 $tmparray = $this->commande->liste_contact(-1, 'internal', $contact_list);
151 if (is_array($tmparray)) {
152 $this->commande->contacts_ids_internal = $tmparray;
153 }
154 }
155
156 $this->commande->fetchObjectLinked();
157
158 // Add online_payment_url, cf #20477
159 require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
160 $this->commande->online_payment_url = getOnlinePaymentUrl(0, 'order', (string) $this->commande->ref);
161
162 return $this->_cleanObjectDatas($this->commande);
163 }
164
189 public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $sqlfilterlines = '', $properties = '', $pagination_data = false, $loadlinkedobjects = 0)
190 {
191 global $hookmanager;
192
193 if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
194 throw new RestException(403);
195 }
196
197 $obj_ret = array();
198
199 // case of external user, $thirdparty_ids param is ignored and replaced by user's socid
200 $socids = DolibarrApiAccess::$user->socid ?: $thirdparty_ids;
201
202 // If the internal user must only see his customers, force searching by him
203 $search_sale = 0;
204 if (!DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socids) {
205 $search_sale = DolibarrApiAccess::$user->id;
206 }
207
208 $sql = "SELECT t.rowid";
209 $sql .= " FROM ".MAIN_DB_PREFIX."commande AS t";
210 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe AS s ON (s.rowid = t.fk_soc)";
211 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
212 $sql .= ' WHERE t.entity IN ('.getEntity('commande').')';
213 if ($socids) {
214 $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
215 }
216 // Search on sale representative
217 if ($search_sale && $search_sale != '-1') {
218 if ($search_sale == -2) {
219 $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)";
220 } elseif ($search_sale > 0) {
221 $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
222 }
223 }
224 $parameters = array();
225 $hookmanager->executeHooks('printFieldListWhere', $parameters, $this->commande); // Note that $action and $object may have been modified by hook
226 $sql .= $hookmanager->resPrint;
227 // Add sql filters
228 if ($sqlfilters) {
229 $errormessage = '';
230 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
231 if ($errormessage) {
232 throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
233 }
234 }
235 // Add sql filters for lines
236 if ($sqlfilterlines) {
237 $errormessage = '';
238 $sql .= " AND EXISTS (SELECT tl.rowid FROM ".MAIN_DB_PREFIX."commandedet AS tl WHERE tl.fk_commande = t.rowid";
239 $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilterlines, $errormessage);
240 $sql .= ")";
241 if ($errormessage) {
242 throw new RestException(400, 'Error when validating parameter sqlfilterlines -> '.$errormessage);
243 }
244 }
245
246 //this query will return total orders with the filters given
247 $sqlTotals = str_replace('SELECT t.rowid', 'SELECT count(t.rowid) as total', $sql);
248
249 $sql .= $this->db->order($sortfield, $sortorder);
250 if ($limit) {
251 if ($page < 0) {
252 $page = 0;
253 }
254 $offset = $limit * $page;
255
256 $sql .= $this->db->plimit($limit + 1, $offset);
257 }
258
259 dol_syslog("API Rest request");
260 $result = $this->db->query($sql);
261
262 if ($result) {
263 $num = $this->db->num_rows($result);
264 $min = min($num, ($limit <= 0 ? $num : $limit));
265 $i = 0;
266 while ($i < $min) {
267 $obj = $this->db->fetch_object($result);
268 $commande_static = new Commande($this->db);
269 if ($commande_static->fetch($obj->rowid) > 0) {
270 // Add external contacts ids
271 $tmparray = $commande_static->liste_contact(-1, 'external', 1);
272 if (is_array($tmparray)) {
273 $commande_static->contacts_ids = $tmparray;
274 }
275
276 if ($loadlinkedobjects) {
277 // retrieve linked objects
278 $commande_static->fetchObjectLinked();
279 }
280
281 // Add online_payment_url, cf #20477
282 require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
283 $commande_static->online_payment_url = getOnlinePaymentUrl(0, 'order', (string) $commande_static->ref);
284
285 $obj_ret[] = $this->_filterObjectProperties($this->_cleanObjectDatas($commande_static), $properties);
286 }
287 $i++;
288 }
289 } else {
290 throw new RestException(503, 'Error when retrieve commande list : '.$this->db->lasterror());
291 }
292
293 //if $pagination_data is true the response will contain element data with all values and element pagination with pagination data(total,page,limit)
294 if ($pagination_data) {
295 $totalsResult = $this->db->query($sqlTotals);
296 $total = $this->db->fetch_object($totalsResult)->total;
297
298 $tmp = $obj_ret;
299 $obj_ret = [];
300
301 $obj_ret['data'] = $tmp;
302 $obj_ret['pagination'] = [
303 'total' => (int) $total,
304 'page' => $page, //count starts from 0
305 'page_count' => ceil((int) $total / $limit),
306 'limit' => $limit
307 ];
308 }
309
310 return $obj_ret;
311 }
312
327 public function post($request_data = null)
328 {
329 global $conf;
330 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
331 throw new RestException(403, "Insufficiant rights");
332 }
333
334 // Check mandatory fields
335 $this->_validate($request_data);
336
337 // Check thirdparty validity
338 $socid = (int) $request_data['socid'];
339 $thirdpartytmp = new Societe($this->db);
340 $thirdparty_result = $thirdpartytmp->fetch($socid);
341 if ($thirdparty_result < 1) {
342 throw new RestException(404, 'Third party with id='.$socid.' not found or not allowed');
343 }
344 if (!DolibarrApi::_checkAccessToResource('societe', $thirdpartytmp->id)) {
345 throw new RestException(404, 'Third party with id='.$thirdpartytmp->id.' not found or not allowed');
346 }
347
348 foreach ($request_data as $field => $value) {
349 if ($field === 'caller') {
350 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
351 $this->commande->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
352 continue;
353 }
354 if ($field == 'id') {
355 throw new RestException(400, 'Creating with id field is forbidden');
356 }
357 if ($field == 'entity' && ((int) $value) != ((int) $conf->entity)) {
358 throw new RestException(403, 'Creating with entity='.((int) $value).' MUST be the same entity='.((int) $conf->entity).' as your API user/key belongs to');
359 }
360
361 $this->commande->$field = $this->_checkValForAPI($field, $value, $this->commande);
362 }
363 /*if (isset($request_data["lines"])) {
364 $lines = array();
365 foreach ($request_data["lines"] as $line) {
366 array_push($lines, (object) $line);
367 }
368 $this->commande->lines = $lines;
369 }*/
370
371 if ($this->commande->create(DolibarrApiAccess::$user) < 0) {
372 throw new RestException(500, "Error creating order", array_merge(array($this->commande->error), $this->commande->errors));
373 }
374
375 return ((int) $this->commande->id);
376 }
377
390 public function getLines($id)
391 {
392 if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
393 throw new RestException(403);
394 }
395
396 $result = $this->commande->fetch($id);
397 if (!$result) {
398 throw new RestException(404, 'Order not found');
399 }
400
401 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
402 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
403 }
404 $this->commande->getLinesArray();
405 $result = array();
406 foreach ($this->commande->lines as $line) {
407 array_push($result, $this->_cleanObjectDatas($line));
408 }
409 return $result;
410 }
411
424 public function getLine($id, $lineid, $properties = '')
425 {
426 if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
427 throw new RestException(403);
428 }
429
430 $result = $this->commande->fetch($id);
431 if (!$result) {
432 throw new RestException(404, 'Order not found');
433 }
434
435 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
436 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
437 }
438
439 $this->commande->fetch_lines();
440 foreach ($this->commande->lines as $line) {
441 if ($line->id == $lineid) {
442 return $this->_filterObjectProperties($this->_cleanObjectDatas($line), $properties);
443 }
444 }
445 throw new RestException(404, 'Line not found');
446 }
447
461 public function postLine($id, $request_data = null)
462 {
463 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
464 throw new RestException(403);
465 }
466
467 $result = $this->commande->fetch($id);
468 if (!$result) {
469 throw new RestException(404, 'Order not found');
470 }
471
472 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
473 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
474 }
475
476 $request_data = (object) $request_data;
477
478 $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
479 $request_data->label = sanitizeVal($request_data->label);
480
481 $updateRes = $this->commande->addline(
482 $request_data->desc,
483 $request_data->subprice,
484 $request_data->qty,
485 $request_data->tva_tx,
486 $request_data->localtax1_tx,
487 $request_data->localtax2_tx,
488 $request_data->fk_product,
489 $request_data->remise_percent,
490 $request_data->info_bits,
491 $request_data->fk_remise_except,
492 $request_data->price_base_type ? $request_data->price_base_type : 'HT',
493 $request_data->subprice,
494 $request_data->date_start,
495 $request_data->date_end,
496 $request_data->product_type,
497 $request_data->rang,
498 $request_data->special_code,
499 $request_data->fk_parent_line,
500 $request_data->fk_fournprice,
501 $request_data->pa_ht,
502 $request_data->label,
503 $request_data->array_options,
504 $request_data->fk_unit,
505 $request_data->origin,
506 $request_data->origin_id,
507 $request_data->multicurrency_subprice,
508 $request_data->ref_ext
509 );
510
511 if ($updateRes > 0) {
512 return $updateRes;
513 } else {
514 throw new RestException(400, $this->commande->error);
515 }
516 }
517
531 public function putLine($id, $lineid, $request_data = null)
532 {
533 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
534 throw new RestException(403);
535 }
536
537 $result = $this->commande->fetch($id);
538 if (!$result) {
539 throw new RestException(404, 'Order not found');
540 }
541
542 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
543 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
544 }
545
546 $request_data = (object) $request_data;
547
548 $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
549 $request_data->label = sanitizeVal($request_data->label);
550
551 $updateRes = $this->commande->updateline(
552 $lineid,
553 $request_data->desc,
554 $request_data->subprice,
555 $request_data->qty,
556 $request_data->remise_percent,
557 $request_data->tva_tx,
558 $request_data->localtax1_tx,
559 $request_data->localtax2_tx,
560 $request_data->price_base_type ? $request_data->price_base_type : 'HT',
561 $request_data->info_bits,
562 $request_data->date_start,
563 $request_data->date_end,
564 $request_data->product_type,
565 $request_data->fk_parent_line,
566 0,
567 $request_data->fk_fournprice,
568 $request_data->pa_ht,
569 $request_data->label,
570 $request_data->special_code,
571 $request_data->array_options,
572 $request_data->fk_unit,
573 $request_data->multicurrency_subprice,
574 0,
575 $request_data->ref_ext,
576 $request_data->rang
577 );
578
579 if ($updateRes > 0) {
580 $result = $this->get($id);
581 unset($result->line);
582 return $this->_cleanObjectDatas($result);
583 }
584 return false;
585 }
586
600 public function deleteLine($id, $lineid)
601 {
602 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
603 throw new RestException(403);
604 }
605
606 $result = $this->commande->fetch($id);
607 if (!$result) {
608 throw new RestException(404, 'Order not found');
609 }
610
611 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
612 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
613 }
614
615 $updateRes = $this->commande->deleteLine(DolibarrApiAccess::$user, $lineid, $id);
616 if ($updateRes > 0) {
617 return $this->get($id);
618 } else {
619 throw new RestException(405, $this->commande->error);
620 }
621 }
622
637 public function getContacts($id, $type = '')
638 {
639 if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
640 throw new RestException(403);
641 }
642
643 $result = $this->commande->fetch($id);
644 if (!$result) {
645 throw new RestException(404, 'Order not found');
646 }
647
648 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
649 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
650 }
651
652 $contacts = $this->commande->liste_contact(-1, 'external', 0, $type);
653 $socpeoples = $this->commande->liste_contact(-1, 'internal', 0, $type);
654
655 $contacts = array_merge($contacts, $socpeoples);
656
657 return $contacts;
658 }
659
680 public function postContact($id, $contactid, $type, $source = "external", $notrigger = 0)
681 {
682 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
683 throw new RestException(403);
684 }
685
686 // test source
687 if (empty($source)) {
688 throw new RestException(400, 'Source can not be empty');
689 }
690 $sql_distinct_source = "SELECT DISTINCT source";
691 $sql_distinct_source .= " FROM ".MAIN_DB_PREFIX."c_type_contact";
692 $sql_distinct_source .= " WHERE element LIKE 'commande'";
693 $sql_distinct_source .= " AND source is NOT NULL";
694 $sql_distinct_source .= " AND active != 0";
695 $source_result = $this->db->query($sql_distinct_source);
696 $source_array = array();
697
698 if ($source_result) {
699 $num = $this->db->num_rows($source_result);
700 $i = 0;
701 while ($i < $num) {
702 $obj = $this->db->fetch_object($source_result);
703 $source_kind = (string) $obj->source;
704 array_push($source_array, $source_kind);
705 dol_syslog("source_kind=".$source_kind);
706 $i++;
707 }
708 } else {
709 throw new RestException(503, 'Error when retrieving a list of order contact sources: '.$this->db->lasterror());
710 }
711 if (!in_array($source, (array) $source_array, true)) {
712 throw new RestException(400, 'Combo of Source='.$source.' and Type='.$type.' not found in dictionary with active order contact types');
713 }
714
715 // test type
716 if (empty($type)) {
717 throw new RestException(400, 'type can not be empty');
718 }
719 // variable called type here, but code in dictionary and database
720 $sql_distinct_type = "SELECT DISTINCT code";
721 $sql_distinct_type .= " FROM ".MAIN_DB_PREFIX."c_type_contact";
722 $sql_distinct_type .= " WHERE element LIKE 'commande'";
723 $sql_distinct_type .= " AND source='".$this->db->escape($source)."'";
724 $sql_distinct_type .= " AND code is NOT NULL";
725 $sql_distinct_type .= " AND active != 0";
726 $type_result = $this->db->query($sql_distinct_type);
727 $type_array = array();
728
729 if ($type_result) {
730 $num = $this->db->num_rows($type_result);
731 $i = 0;
732 while ($i < $num) {
733 $obj = $this->db->fetch_object($type_result);
734 // variable called type here, but code in dictionary and database
735 $type_kind = (string) $obj->code;
736 array_push($type_array, $type_kind);
737 dol_syslog("type_kind=".$type_kind);
738 $i++;
739 }
740 } else {
741 throw new RestException(503, 'Error when retrieving a list of order contact types: '.$this->db->lasterror());
742 }
743 if (!in_array($type, (array) $type_array, true)) {
744 throw new RestException(400, 'Combo of Type='.$type.' and Source='.$source.' not found in dictionary with active order contact types');
745 }
746
747 // tests done, let's get it
748 $result = $this->commande->fetch($id);
749 if (!$result) {
750 throw new RestException(404, 'Order not found');
751 }
752 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
753 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
754 }
755
756 $result = $this->commande->add_contact($contactid, $type, $source, $notrigger);
757
758 if ($result == 0) {
759 throw new RestException(400, 'Already exists: Contact='.$contactid.' is already linked to the order='.$id.' as source='.$source.' and type='.$type);
760 } elseif ($result == -1) {
761 throw new RestException(400, 'Wrong contact='.$contactid);
762 } elseif ($result == -2) {
763 throw new RestException(400, 'Wrong type='.$type);
764 } elseif ($result == -3) {
765 throw new RestException(400, 'Not allowed contacts');
766 } elseif ($result == -4) {
767 throw new RestException(400, 'ErrorCommercialNotAllowedForThirdparty');
768 } elseif ($result == -5) {
769 throw new RestException(400, 'Trigger failed');
770 } elseif ($result == -6) {
771 throw new RestException(400, 'DB_ERROR_RECORD_ALREADY_EXISTS');
772 } elseif ($result == -7) {
773 throw new RestException(400, 'Some other error');
774 }
775
776 return array(
777 'success' => array(
778 'code' => 200,
779 'message' => 'Contact='.$contactid.' linked to the order='.$id.' as '.$source.' '.$type
780 )
781 );
782 }
783
802 public function deleteContact($id, $contactid, $type)
803 {
804 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
805 throw new RestException(403);
806 }
807
808 $result = $this->commande->fetch($id);
809 if (!$result) {
810 throw new RestException(404, 'Order not found');
811 }
812
813 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
814 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
815 }
816
817 foreach (array('internal', 'external') as $source) {
818 $contacts = $this->commande->liste_contact(-1, $source);
819 foreach ($contacts as $contact) {
820 if ($contact['id'] == $contactid && $contact['code'] == $type) {
821 $result = $this->commande->delete_contact($contact['rowid']);
822
823 if (!$result) {
824 throw new RestException(500, 'Error when deleting the contact '.$contact['rowid']);
825 }
826 }
827 }
828 }
829
830 return array(
831 'success' => array(
832 'code' => 200,
833 'message' => 'Contact unlinked from order'
834 )
835 );
836 }
837
848 public function put($id, $request_data = null)
849 {
850 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
851 throw new RestException(403);
852 }
853 if ($id == 0) {
854 throw new RestException(400, 'No order with id=0 can exist');
855 }
856 $result = $this->commande->fetch($id);
857 if (!$result) {
858 throw new RestException(404, 'Order not found');
859 }
860
861 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
862 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
863 }
864 foreach ($request_data as $field => $value) {
865 if ($field == 'id') {
866 continue;
867 }
868 if ($field === 'caller') {
869 // Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
870 $this->commande->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
871 continue;
872 }
873 if ($field == 'array_options' && is_array($value)) {
874 foreach ($value as $index => $val) {
875 $this->commande->array_options[$index] = $this->_checkValExtrafieldsForAPI($index, $val, $this->commande);
876 }
877 continue;
878 }
879
880 $this->commande->$field = $this->_checkValForAPI($field, $value, $this->commande);
881 }
882
883 // Update availability
884 if (!empty($this->commande->availability_id)) {
885 if ($this->commande->availability($this->commande->availability_id) < 0) {
886 throw new RestException(400, 'Error while updating availability');
887 }
888 }
889
890 if ($this->commande->update(DolibarrApiAccess::$user) > 0) {
891 return $this->get($id);
892 } else {
893 throw new RestException(500, $this->commande->error);
894 }
895 }
896
906 public function delete($id)
907 {
908 if (!DolibarrApiAccess::$user->hasRight('commande', 'supprimer')) {
909 throw new RestException(403);
910 }
911 if ($id == 0) {
912 throw new RestException(400, 'No order with id=0 can exist');
913 }
914 $result = $this->commande->fetch($id);
915 if (!$result) {
916 throw new RestException(404, 'Order not found');
917 }
918
919 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
920 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
921 }
922
923 if ($this->commande->delete(DolibarrApiAccess::$user) <= 0) {
924 throw new RestException(500, 'Error when deleting order : '.$this->commande->error);
925 }
926
927 return array(
928 'success' => array(
929 'code' => 200,
930 'message' => 'Order deleted'
931 )
932 );
933 }
934
957 public function validate($id, $idwarehouse = 0, $notrigger = 0)
958 {
959 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
960 throw new RestException(403);
961 }
962 $result = $this->commande->fetch($id);
963 if (!$result) {
964 throw new RestException(404, 'Order not found');
965 }
966
967 $result = $this->commande->fetch_thirdparty(); // do not check result, as failure is not fatal (used only for mail notification substitutes)
968
969 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
970 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
971 }
972
973 $result = $this->commande->valid(DolibarrApiAccess::$user, $idwarehouse, $notrigger);
974 if ($result == 0) {
975 throw new RestException(304, 'Error nothing done. May be object is already validated');
976 }
977 if ($result < 0) {
978 throw new RestException(500, 'Error when validating Order: '.$this->commande->error);
979 }
980 $result = $this->commande->fetch($id);
981
982 $this->commande->fetchObjectLinked();
983
984 //fix #20477 : add online_payment_url
985 require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
986 $this->commande->online_payment_url = getOnlinePaymentUrl(0, 'order', (string) $this->commande->ref);
987
988 return $this->_cleanObjectDatas($this->commande);
989 }
990
1009 public function reopen($id)
1010 {
1011 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
1012 throw new RestException(403);
1013 }
1014 if (empty($id)) {
1015 throw new RestException(400, 'Order ID is mandatory');
1016 }
1017 $result = $this->commande->fetch($id);
1018 if (!$result) {
1019 throw new RestException(404, 'Order not found');
1020 }
1021
1022 $result = $this->commande->set_reopen(DolibarrApiAccess::$user);
1023 if ($result < 0) {
1024 throw new RestException(405, $this->commande->error);
1025 } elseif ($result == 0) {
1026 throw new RestException(304);
1027 }
1028
1029 return $result;
1030 }
1031
1046 public function setinvoiced($id)
1047 {
1048 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
1049 throw new RestException(403);
1050 }
1051 if (empty($id)) {
1052 throw new RestException(400, 'Order ID is mandatory');
1053 }
1054 $result = $this->commande->fetch($id);
1055 if (!$result) {
1056 throw new RestException(404, 'Order not found');
1057 }
1058
1059 $result = $this->commande->classifyBilled(DolibarrApiAccess::$user);
1060 if ($result < 0) {
1061 throw new RestException(400, $this->commande->error);
1062 }
1063
1064 $result = $this->commande->fetch($id);
1065 if (!$result) {
1066 throw new RestException(404, 'Order not found');
1067 }
1068
1069 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
1070 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
1071 }
1072
1073 $this->commande->fetchObjectLinked();
1074
1075 return $this->_cleanObjectDatas($this->commande);
1076 }
1077
1088 public function close($id, $notrigger = 0)
1089 {
1090 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
1091 throw new RestException(403);
1092 }
1093 $result = $this->commande->fetch($id);
1094 if (!$result) {
1095 throw new RestException(404, 'Order not found');
1096 }
1097
1098 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
1099 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
1100 }
1101
1102 $result = $this->commande->cloture(DolibarrApiAccess::$user, $notrigger);
1103 if ($result == 0) {
1104 throw new RestException(304, 'Error nothing done. May be object is already closed');
1105 }
1106 if ($result < 0) {
1107 throw new RestException(500, 'Error when closing Order: '.$this->commande->error);
1108 }
1109
1110 $result = $this->commande->fetch($id);
1111 if (!$result) {
1112 throw new RestException(404, 'Order not found');
1113 }
1114
1115 // test already done
1116 // if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
1117 // throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
1118 // }
1119
1120 $this->commande->fetchObjectLinked();
1121
1122 return $this->_cleanObjectDatas($this->commande);
1123 }
1124
1135 public function settodraft($id, $idwarehouse = -1)
1136 {
1137 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
1138 throw new RestException(403);
1139 }
1140 $result = $this->commande->fetch($id);
1141 if (!$result) {
1142 throw new RestException(404, 'Order not found');
1143 }
1144
1145 if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
1146 throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
1147 }
1148
1149 $result = $this->commande->setDraft(DolibarrApiAccess::$user, $idwarehouse);
1150 if ($result == 0) {
1151 throw new RestException(304, 'Nothing done. May be object is already closed');
1152 }
1153 if ($result < 0) {
1154 throw new RestException(500, 'Error when closing Order: '.$this->commande->error);
1155 }
1156
1157 $result = $this->commande->fetch($id);
1158 if (!$result) {
1159 throw new RestException(404, 'Order not found');
1160 }
1161
1162 // test already done
1163 // if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
1164 // throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
1165 // }
1166
1167 $this->commande->fetchObjectLinked();
1168
1169 return $this->_cleanObjectDatas($this->commande);
1170 }
1171
1172
1187 public function createOrderFromProposal($proposalid)
1188 {
1189 require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
1190
1191 if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) {
1192 throw new RestException(403);
1193 }
1194 if (!DolibarrApiAccess::$user->hasRight('commande', 'creer')) {
1195 throw new RestException(403);
1196 }
1197 if (empty($proposalid)) {
1198 throw new RestException(400, 'Proposal ID is mandatory');
1199 }
1200
1201 $propal = new Propal($this->db);
1202 $result = $propal->fetch($proposalid);
1203 if (!$result) {
1204 throw new RestException(404, 'Proposal not found');
1205 }
1206
1207 $result = $this->commande->createFromProposal($propal, DolibarrApiAccess::$user);
1208 if ($result < 0) {
1209 throw new RestException(405, $this->commande->error);
1210 }
1211 $this->commande->fetchObjectLinked();
1212
1213 return $this->_cleanObjectDatas($this->commande);
1214 }
1215
1232 public function getOrderShipments($id)
1233 {
1234 require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
1235 if (!DolibarrApiAccess::$user->hasRight('expedition', 'lire')) {
1236 throw new RestException(403);
1237 }
1238 $obj_ret = array();
1239 $sql = "SELECT e.rowid";
1240 $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e";
1241 $sql .= " JOIN ".MAIN_DB_PREFIX."expeditiondet as edet";
1242 $sql .= " ON e.rowid = edet.fk_expedition";
1243 $sql .= " JOIN ".MAIN_DB_PREFIX."commandedet as cdet";
1244 $sql .= " ON edet.fk_elementdet = cdet.rowid";
1245 $sql .= " JOIN ".MAIN_DB_PREFIX."commande as c";
1246 $sql .= " ON cdet.fk_commande = c.rowid";
1247 $sql .= " WHERE c.rowid = ".((int) $id);
1248 $sql .= " GROUP BY e.rowid";
1249 $sql .= $this->db->order("e.rowid", "ASC");
1250
1251 dol_syslog("API Rest request");
1252 $result = $this->db->query($sql);
1253
1254 if ($result) {
1255 $i = 0;
1256 $num = $this->db->num_rows($result);
1257 if ($num <= 0) {
1258 throw new RestException(404, 'Shipments not found ');
1259 }
1260 //$min = min($num, ($limit <= 0 ? $num : $limit));
1261 $min = $num;
1262 while ($i < $min) {
1263 $obj = $this->db->fetch_object($result);
1264 $shipment_static = new Expedition($this->db);
1265 if ($shipment_static->fetch($obj->rowid)) {
1266 $obj_ret[] = $this->_cleanObjectDatas($shipment_static);
1267 }
1268 $i++;
1269 }
1270 } else {
1271 throw new RestException(500, 'Error when retrieve shipment list : '.$this->db->lasterror());
1272 }
1273 return $obj_ret;
1274 }
1275
1291 public function createOrderShipment($id, $warehouse_id)
1292 {
1293 require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
1294 if (!DolibarrApiAccess::$user->hasRight('expedition', 'creer')) {
1295 throw new RestException(403);
1296 }
1297 if ($warehouse_id <= 0) {
1298 throw new RestException(404, 'Warehouse not found');
1299 }
1300 $result = $this->commande->fetch($id);
1301 if (!$result) {
1302 throw new RestException(404, 'Order not found');
1303 }
1304 $shipment = new Expedition($this->db);
1305 $shipment->socid = $this->commande->socid;
1306 $shipment->origin_id = $this->commande->id;
1307 $shipment->origin = $this->commande->element;
1308 $result = $shipment->create(DolibarrApiAccess::$user);
1309 if ($result <= 0) {
1310 throw new RestException(500, 'Error on creating expedition :'.$this->db->lasterror());
1311 }
1312 foreach ($this->commande->lines as $line) {
1313 $result = $shipment->create_line($warehouse_id, $line->id, $line->qty);
1314 if ($result <= 0) {
1315 throw new RestException(500, 'Error on creating expedition lines:'.$this->db->lasterror());
1316 }
1317 }
1318 return $shipment->id;
1319 }
1320
1321 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
1331 protected function _cleanObjectDatas($object)
1332 {
1333 // phpcs:enable
1334 $object = parent::_cleanObjectDatas($object);
1335
1336 unset($object->note);
1337 unset($object->address);
1338 unset($object->barcode_type);
1339 unset($object->barcode_type_code);
1340 unset($object->barcode_type_label);
1341 unset($object->barcode_type_coder);
1342
1343 return $object;
1344 }
1345
1353 private function _validate($data)
1354 {
1355 if ($data === null) {
1356 $data = array();
1357 }
1358 $commande = array();
1359 foreach (Orders::$FIELDS as $field) {
1360 if (!isset($data[$field])) {
1361 throw new RestException(400, $field." field missing");
1362 }
1363 $commande[$field] = $data[$field];
1364 }
1365 return $commande;
1366 }
1367}
$id
$id
Support class for third parties, contacts, members, users or resources.
Definition account.php:47
$object
if(! $sortfield) if(! $sortorder) $object
Definition account.php:100
Commande
Class to manage customers orders.
Definition commande.class.php:53
DolibarrApi
Class for API REST v1.
Definition api.class.php:35
DolibarrApi\_checkValExtrafieldsForAPI
_checkValExtrafieldsForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:185
DolibarrApi\_filterObjectProperties
_filterObjectProperties($object, $properties)
Filter properties that will be returned on object.
Definition api.class.php:248
DolibarrApi\_checkAccessToResource
static _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
Check access by user to a given resource.
Definition api.class.php:493
DolibarrApi\_checkValForAPI
_checkValForAPI($field, $value, $object)
Check and convert a string depending on its type/name.
Definition api.class.php:101
Orders\deleteContact
deleteContact($id, $contactid, $type)
Unlink a contact type of given order.
Definition api_orders.class.php:802
Orders\__construct
__construct()
Constructor.
Definition api_orders.class.php:51
Orders\_validate
_validate($data)
Validate fields before create or update object.
Definition api_orders.class.php:1353
Orders\deleteLine
deleteLine($id, $lineid)
Delete a line of a given order.
Definition api_orders.class.php:600
Orders\getByRef
getByRef($ref, $contact_list=-1)
Get properties of an order object by ref.
Definition api_orders.class.php:90
Orders\close
close($id, $notrigger=0)
Close an order (Classify it as "Delivered")
Definition api_orders.class.php:1088
Orders\postContact
postContact($id, $contactid, $type, $source="external", $notrigger=0)
Add a contact type of given order.
Definition api_orders.class.php:680
Orders\index
index($sortfield="t.rowid", $sortorder='ASC', $limit=100, $page=0, $thirdparty_ids='', $sqlfilters='', $sqlfilterlines='', $properties='', $pagination_data=false, $loadlinkedobjects=0)
List orders.
Definition api_orders.class.php:189
Orders\_cleanObjectDatas
_cleanObjectDatas($object)
Clean sensible object datas @phpstan-template T.
Definition api_orders.class.php:1331
Orders\_fetch
_fetch($id, $ref='', $ref_ext='', $contact_list=-1)
Get properties of an order object.
Definition api_orders.class.php:127
Orders\put
put($id, $request_data=null)
Update order general fields (won't touch lines of order)
Definition api_orders.class.php:848
Orders\getLines
getLines($id)
Get lines of an order.
Definition api_orders.class.php:390
Orders\reopen
reopen($id)
Tag the order as validated (opened)
Definition api_orders.class.php:1009
Orders\setinvoiced
setinvoiced($id)
Classify the order as invoiced.
Definition api_orders.class.php:1046
Orders\getContacts
getContacts($id, $type='')
Get contacts of a given order.
Definition api_orders.class.php:637
Orders\getLine
getLine($id, $lineid, $properties='')
Get properties of a line of an order object by id.
Definition api_orders.class.php:424
Orders\postLine
postLine($id, $request_data=null)
Add a line to given order.
Definition api_orders.class.php:461
Orders\post
post($request_data=null)
Create a sale order.
Definition api_orders.class.php:327
Orders\validate
validate($id, $idwarehouse=0, $notrigger=0)
Validate an order.
Definition api_orders.class.php:957
Orders\createOrderFromProposal
createOrderFromProposal($proposalid)
Create an order using an existing proposal.
Definition api_orders.class.php:1187
Orders\putLine
putLine($id, $lineid, $request_data=null)
Update a line to given order.
Definition api_orders.class.php:531
Orders\getOrderShipments
getOrderShipments($id)
Get the shipments of an order.
Definition api_orders.class.php:1232
Orders\settodraft
settodraft($id, $idwarehouse=-1)
Set an order to draft.
Definition api_orders.class.php:1135
Orders\createOrderShipment
createOrderShipment($id, $warehouse_id)
Create the shipment of an order.
Definition api_orders.class.php:1291
Orders\getByRefExt
getByRefExt($ref_ext, $contact_list=-1)
Get properties of an order object by ref_ext.
Definition api_orders.class.php:109
Propal
Class to manage proposals.
Definition propal.class.php:56
Societe
Class to manage third parties objects (customers, suppliers, prospects...)
Definition societe.class.php:57
$conf
if(!isModEnabled('ai')||!getDolGlobalString('AI_ASSISTANT_ENABLED')) global $conf
The main.inc.php has been included so the following variable are now defined:
Definition execute_tool.php:50
$db
if(!isModEnabled('ai')||!getDolGlobalString('AI_ASSISTANT_ENABLED')) global $db
API class for accounts.
Definition execute_tool.php:46
sanitizeVal
sanitizeVal($out='', $check='alphanohtml', $filter=null, $options=null)
Return a sanitized or empty value after checking value against a rule.
Definition functions.lib.php:1360
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2754
string
print $langs trans("Show") . '< td style="' . $timeColor . '" align="center"> s</td > badge status0 badge status4 badge status3 Error badge status8< td align="center">< span class="badge ' . $badge . '"></span ></td >< td align="center">< a href="#" class="button button-small" onclick="openLogModal(this)" data-req="' . dol_escape_htmltag($reqSafe) . '" data-res="' . dol_escape_htmltag($resSafe) . '" data-err="' . dol_escape_htmltag($errSafe) . '">< span class="fa fa-search-plus"></span ></a ></td ></tr >< tr >< td colspan="' . $colspan . '" class="opacitymedium"></td ></tr ></table ></div ></form > logModal none logModal none s a JSON string
buildzip.php
Definition log_viewer.php:266
Generated on Mon Jun 22 2026 21:04:37 for dolibarr by Doxygen 1.11.0