29require
'../../main.inc.php';
37require_once DOL_DOCUMENT_ROOT.
'/core/lib/functions2.lib.php';
38require_once DOL_DOCUMENT_ROOT.
'/core/lib/usergroups.lib.php';
41$langs->loadLangs(array(
'admin',
'users',
'errors'));
46$action =
GETPOST(
'action',
'aZ09');
48if (empty($id) && $action !=
'add' && $action !=
'create') {
53if ($user->socid > 0) {
54 $socid = $user->socid;
56$feature2 = (($socid && $user->hasRight(
"user",
"self",
"write")) ?
'' :
'user');
59$toselect =
GETPOST(
'toselect',
'array');
60$tokenid =
GETPOST(
'tokenid',
'aZ09');
61$confirm =
GETPOST(
'confirm',
'alpha');
62$module =
GETPOST(
'module',
'alpha');
64$cancel =
GETPOST(
'cancel',
'alpha');
65$backtopage =
GETPOST(
'backtopage',
'alpha');
68$sql =
"SELECT oat.rowid as token_id, oat.token, oat.entity, oat.state as rights, oat.datec as date_creation, oat.tms as date_modification";
72$sql .=
" FROM ".MAIN_DB_PREFIX.
"oauth_token as oat";
74 $sql .=
" JOIN ".$db->prefix().
"entity as e ON oat.entity = e.rowid";
76$sql .=
" WHERE oat.rowid = ".((int) $tokenid);
78$resql =
$db->query($sql);
90$token =
$db->fetch_object($resql);
92$entity =
$conf->entity;
94$result =
restrictedArea($user,
'user', $id,
'user&user', $feature2);
97$canreaduser = ($user->admin || ($user->id ==
$id));
98$canedittoken = ($user->admin || (($user->id ==
$id) && $user->hasRight(
"user",
"self",
"write")));
109$parameters = array(
'id' => $socid);
110$reshook = $hookmanager->executeHooks(
'doActions', $parameters, $object, $action);
115if (empty($reshook)) {
116 if (empty($backtopage)) {
117 $backtopage =
'list.php?id='.$object->id;
121 if (!empty($backtopage)) {
122 header(
"Location: ".$backtopage);
128 if ($action ==
'add' && $canedittoken) {
129 $tokenstring =
GETPOST(
'api_key',
'alphanohtml');
131 $useridtoadd = !empty($userid) && $userid > 0 ? $userid :
$id;
133 if (empty($tokenstring)) {
134 setEventMessages($langs->trans(
"ErrorFieldRequired", $langs->transnoentitiesnoconv(
"Token")),
null,
'errors');
139 if (empty($useridtoadd)) {
140 setEventMessages($langs->trans(
"ErrorFieldRequired", $langs->transnoentitiesnoconv(
"User")),
null,
'errors');
146 $nbtotalofrecords =
'';
147 $sqlforcount =
'SELECT COUNT(*) as nbtotalofrecords';
148 $sqlforcount .=
" FROM ".MAIN_DB_PREFIX.
"oauth_token as oat";
149 $sqlforcount .=
" WHERE token = '".$db->escape(
dolEncrypt($tokenstring,
'',
'',
'dolibarr')).
"'";
150 $sqlforcount .=
" AND service = 'dolibarr_rest_api'";
151 $resql =
$db->query($sqlforcount);
153 $objforcount =
$db->fetch_object($resql);
154 $nbtotalofrecords = $objforcount->nbtotalofrecords;
160 if (isset($nbtotalofrecords) && $nbtotalofrecords > 0) {
161 setEventMessages($langs->trans(
"ErrorFieldExist", $langs->transnoentitiesnoconv(
"Token")),
null,
'errors');
169 $sql =
"INSERT INTO ".MAIN_DB_PREFIX.
"oauth_token (service, token, state, fk_user, entity, datec)";
170 $sql .=
" VALUES ('dolibarr_rest_api', '".$db->escape(
dolEncrypt($tokenstring,
'',
'',
'dolibarr')).
"', 0, ".((int) $useridtoadd).
", ".((int) $entity).
", '".
$db->idate(
dol_now()).
"')";
171 $resql =
$db->query($sql);
186 $insertedtokenid =
$db->last_insert_id(MAIN_DB_PREFIX.
"oauth_token");
189 header(
"Location: " .
dolBuildUrl($_SERVER[
"PHP_SELF"], [
'id' => $useridtoadd,
'tokenid' => $insertedtokenid]));
192 } elseif ($action ==
'confirm_delete' && $confirm ==
'yes' && $canedittoken) {
194 $sql =
"DELETE FROM ".MAIN_DB_PREFIX.
"oauth_token";
195 $sql .=
" WHERE rowid = ".((int) $tokenid);
197 $resql =
$db->query($sql);
200 header(
'Location: list.php?id='.((
int)
$object->id));
215 $title = $person_name.
" - ".$langs->trans(
'ApiTokens');
217 $title = $langs->trans(
"NewToken");
221llxHeader(
'', $title, $help_url,
'', 0, 0,
'',
'',
'',
'mod-user page-card_param_ihm');
225if ($action ==
'delete') {
226 $formconfirm = $form->formconfirm($_SERVER[
"PHP_SELF"].
'?id='.
$object->id.
'&tokenid='.$token->token_id, $langs->trans(
'DeleteToken'), $langs->trans(
'ConfirmDeleteToken'),
'confirm_delete',
'', 0, 1);
231if ($action ==
'create') {
233 print
'<form action="'.$_SERVER[
"PHP_SELF"].
'?id='.
$object->id.
'" method="post">';
234 print
'<input type="hidden" name="token" value="'.newToken().
'">';
235 print
'<input type="hidden" name="action" value="add">';
236 print
'<input type="hidden" name="backtopage" value="'.$backtopage.
'">';
240 print
'<table class="border centpercent tableforfieldcreate">';
242 if ($user->admin && empty($id)) {
243 print
'<tr class="field_ref"><td class="titlefieldcreate fieldrequired">'.$langs->trans(
'User').
'</td>';
244 print
'<td class="valuefieldcreate">';
245 print $form->select_dolusers(
'',
'user', 1,
null, 0,
'',
'', (
string)
$object->entity, 0, 0,
'', 0,
'',
'minwidth200 maxwidth500');
248 print
'<tr class="field_ref"><td class="titlefieldcreate fieldrequired">'.$langs->trans(
'User').
'</td><td class="valuefieldcreate">'.($person_name ??
'').
'</td></tr>';
251 print
'<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans(
"Token").
'</td>';
253 print
'<input class="minwidth300 maxwidth400 widthcentpercentminusx" minlength="12" maxlength="128" type="text" id="api_key" name="api_key" value="'.GETPOST(
'api_key',
'alphanohtml').
'" autocomplete="off">';
254 if (!empty(
$conf->use_javascript_ajax)) {
255 print
img_picto($langs->transnoentities(
'Generate'),
'refresh',
'id="generate_api_key" class="linkobject paddingleft"');
262 print
'<div class="center">';
263 print
'<input class="button" name="add" value="'.$langs->trans(
"Create").
'" type="submit">';
264 print
'<input class="button button-cancel" value="'.$langs->trans(
"Cancel").
'" name="cancel" type="submit">';
268} elseif ($id > 0 && !empty($token)) {
269 $arrayofselected = is_array($toselect) ? $toselect : array();
273 $title = $langs->trans(
"User");
279 $linkback =
'<a href="'.DOL_URL_ROOT.
'/user/api_token/list.php?id='.
$id.
'">'.$langs->trans(
"BackToTokenList").
'</a>';
280 $linkback .=
'<a href="'.DOL_URL_ROOT.
'/user/list.php">'.$langs->trans(
"BackToList").
'</a>';
282 $morehtmlref =
'<a href="'.DOL_URL_ROOT.
'/user/vcard.php?id='.
$object->id.
'&output=file&file='.urlencode(
dol_sanitizeFileName(
$object->getFullName($langs).
'.vcf')).
'" class="refid" rel="noopener">';
283 $morehtmlref .=
img_picto($langs->trans(
"Download").
' '.$langs->trans(
"VCard"),
'vcard.png',
'class="valignmiddle marginleftonly paddingrightonly"');
284 $morehtmlref .=
'</a>';
286 $urltovirtualcard =
'/user/virtualcard.php?id='.((int)
$object->id);
287 $morehtmlref .=
dolButtonToOpenUrlInDialogPopup(
'publicvirtualcard', $langs->transnoentitiesnoconv(
"PublicVirtualCardUrl").
' - '.
$object->getFullName($langs),
img_picto($langs->trans(
"PublicVirtualCardUrl"),
'card',
'class="valignmiddle marginleftonly paddingrightonly"'), $urltovirtualcard,
'',
'nohover');
289 dol_banner_tab($object,
'api_token_card', $linkback, $user->admin,
'rowid',
'ref', $morehtmlref);
292 print
'<div class="fichecenter">';
293 print
'<div class="underbanner clearboth"></div>';
294 print
'<table class="border centpercent tableforfield">';
297 print
'<tr><td class="titlefield">'.$langs->trans(
"Login").
'</td>';
299 print
'<td class="error">';
300 print $langs->trans(
"LoginAccountDisableInDolibarr");
306 $addadmin .=
img_picto($langs->trans(
"SuperAdministratorDesc"),
"superadmin",
'class="paddingleft valignmiddle"');
307 } elseif (!empty(
$object->admin)) {
308 $addadmin .=
img_picto($langs->trans(
"AdministratorDesc"),
"admin",
'class="paddingleft valignmiddle"');
310 print showValueWithClipboardCPButton(
$object->login).$addadmin;
316 print
'<tr><td class="titlefield">'.$langs->trans(
"Token").
'</td>';
318 print showValueWithClipboardCPButton($tokenvalue, 1, $tokenvalue);
323 print
'<tr><td class="titlefield">'.$langs->trans(
"DateCreation").
'</td>';
330 print
'<tr><td class="titlefield">'.$langs->trans(
"DateModification").
'</td>';
337 print
'<div class="tabsAction">';
338 print dolGetButtonAction($langs->trans(
'Delete'),
'',
'delete', $_SERVER[
"PHP_SELF"].
'?id='.
$object->id.
'&tokenid='.$token->token_id.
'&action=delete&token='.newToken(),
'', $canedittoken);
347 print
'<!-- Rights section -->'.
"\n";
350 print
info_admin($langs->trans(
"WarningOnlyPermissionOfActivatedModules"));
353 print
'TODO If no ACL given, show message to say permissions are the one of user. If ACL set, show ACL active (common to user permission)and ACL no more active (not own by user)';
357 include_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
$id
Support class for third parties, contacts, members, users or resources.
if(! $sortfield) if(! $sortorder) $object
llxFooter($comment='', $zone='private', $disabledoutputofmessages=0)
Empty footer.
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader($head='', $title='', $help_url='', $target='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='', $morequerystring='', $morecssonbody='', $replacemainareaby='', $disablenofollow=0, $disablenoindex=0)
Empty header.
Class to manage Dolibarr users.
dol_now($mode='gmt')
Return date for now.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0, $attop=0)
Set event messages in dol_events session object.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2, $allowothertags=array())
Show picto whatever it's its name (generic function)
info_admin($text, $infoonimgalt=0, $nodiv=0, $admin='1', $morecss='hideonsmartphone', $textfordropdown='', $picto='', $textonpictotooltip='')
Show information in HTML for admin users or standard users.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_get_fiche_head($links=array(), $active='', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='', $morecss='', $limittoshow=0, $moretabssuffix='', $dragdropfile=0, $morecssdiv='')
Show tabs of a record.
dolButtonToOpenUrlInDialogPopup($name, $label, $buttonstring, $url, $disabled='', $morecss='classlink button bordertransp', $jsonopen='', $jsonclose='', $accesskey='')
Return HTML code to output a button to open a dialog popup box.
dolBuildUrl($url, $params=[], $addtoken=false, $anchor='')
Return path of url.
dol_get_fiche_end($notab=0)
Return tab footer of a card.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1, $includequotes=0, $allowdash=0)
Clean a string to use it as a file name.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_print_date($time, $format='', $tzoutput='auto', $outputlangs=null, $encodetooutput=false, $decorate=0)
Output date in a string format according to outputlangs (or langs if not defined).
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
load_fiche_titre($title, $morehtmlright='', $picto='generic', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='', $morecssonpicto='widthpictotitle')
Load a title with picto.
isModEnabled($module)
Is Dolibarr module enabled.
dolJSToSetRandomPassword($htmlname, $htmlnameofbutton='generate_token', $generic=1)
Output javascript to autoset a generated password using default module into a HTML element.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
dolDecrypt($chain, $key='', $patterntotest='')
Decode a string with a symmetric encryption.
dolEncrypt($chain, $key='', $ciphering='', $forceseed='', $obfuscationmode='dolcrypt')
Encode a string with a symmetric encryption.
user_prepare_head(User $object)
Prepare array with list of tabs.