2017-05-27 13:46:34 +02:00
< ? php
2024-09-05 16:05:37 +02:00
/* Copyright ( C ) 2015 Jean - François Ferry < jfefe @ aternatik . fr >
* Copyright ( C ) 2024 Frédéric France < frederic . france @ free . fr >
2024-08-18 18:16:08 +02:00
* Copyright ( C ) --- Replace with your own copyright and developer email ---
2017-05-27 13:46:34 +02:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2019-09-23 21:55:30 +02:00
* along with this program . If not , see < https :// www . gnu . org / licenses />.
2017-05-27 13:46:34 +02:00
*/
use Luracast\Restler\RestException ;
2017-11-05 18:15:59 +01:00
dol_include_once ( '/mymodule/class/myobject.class.php' );
2017-05-27 13:46:34 +02:00
/**
2017-11-05 18:15:59 +01:00
* \file htdocs / modulebuilder / template / class / api_mymodule . class . php
2017-05-27 13:46:34 +02:00
* \ingroup mymodule
* \brief File for API management of myobject .
*/
2017-06-27 20:14:48 +02:00
2017-05-27 13:46:34 +02:00
/**
* API class for mymodule myobject
*
2017-06-27 20:14:48 +02:00
* @ access protected
2017-05-27 13:46:34 +02:00
* @ class DolibarrApiAccess { @ requires user , external }
*/
2017-11-05 18:15:59 +01:00
class MyModuleApi extends DolibarrApi
2017-05-27 13:46:34 +02:00
{
2020-05-01 08:40:55 +02:00
/**
* @ var MyObject $myobject { @ type MyObject }
*/
public $myobject ;
/**
* Constructor
*
* @ url GET /
*
*/
public function __construct ()
{
2022-04-03 12:25:43 +02:00
global $db ;
2020-05-01 08:40:55 +02:00
$this -> db = $db ;
$this -> myobject = new MyObject ( $this -> db );
}
2024-03-08 11:00:19 +01:00
2024-03-07 15:00:08 +01:00
/* BEGIN MODULEBUILDER API MYOBJECT */
2023-03-01 23:20:42 +01:00
2020-05-01 08:40:55 +02:00
/**
* Get properties of a myobject object
*
2024-01-12 18:06:50 +01:00
* Return an array with myobject information
2020-05-01 08:40:55 +02:00
*
2023-09-26 18:43:25 +02:00
* @ param int $id ID of myobject
* @ return Object Object with cleaned properties
2024-08-18 18:16:08 +02:00
* @ phan - return MyObject Object with cleaned properties
* @ phpstan - return MyObject Object with cleaned properties
2020-05-01 08:40:55 +02:00
*
2024-08-17 19:32:52 +02:00
* @ phan - return MyObject
*
2024-03-08 11:00:19 +01:00
* @ url GET myobjects / { id }
2020-05-01 08:40:55 +02:00
*
2024-01-18 16:18:23 +01:00
* @ throws RestException 403 Not allowed
2020-09-20 16:57:53 +02:00
* @ throws RestException 404 Not found
2020-05-01 08:40:55 +02:00
*/
public function get ( $id )
{
2024-02-09 15:58:49 +01:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'mymodule' , 'myobject' , 'read' )) {
2024-01-18 16:18:23 +01:00
throw new RestException ( 403 );
}
if ( ! DolibarrApi :: _checkAccessToResource ( 'myobject' , $id , 'mymodule_myobject' )) {
2024-04-02 11:57:30 +02:00
throw new RestException ( 403 , 'Access to instance id=' . $id . ' of object not allowed for login ' . DolibarrApiAccess :: $user -> login );
2020-05-01 08:40:55 +02:00
}
$result = $this -> myobject -> fetch ( $id );
if ( ! $result ) {
throw new RestException ( 404 , 'MyObject not found' );
}
return $this -> _cleanObjectDatas ( $this -> myobject );
}
/**
* List myobjects
*
* Get a list of myobjects
*
2023-09-26 18:43:25 +02:00
* @ param string $sortfield Sort field
* @ param string $sortorder Sort order
* @ param int $limit Limit for list
* @ param int $page Page number
2020-05-01 08:40:55 +02:00
* @ param string $sqlfilters Other criteria to filter answers separated by a comma . Syntax example " (t.ref:like:'SO-%') and (t.date_creation:<:'20160101') "
2024-01-14 12:26:37 +01:00
* @ param string $properties Restrict the data returned to these properties . Ignored if empty . Comma separated list of properties names
2024-08-18 18:16:08 +02:00
* @ return array Array of MyObject objects
* @ phan - return array < int , MyObject >
* @ phpstan - return array < int , MyObject >
2020-05-01 08:40:55 +02:00
*
2024-01-18 16:18:23 +01:00
* @ throws RestException 403 Not allowed
* @ throws RestException 503 System error
2020-05-01 08:40:55 +02:00
*
2024-03-08 11:00:19 +01:00
* @ url GET / myobjects /
2020-05-01 08:40:55 +02:00
*/
2023-09-26 18:04:48 +02:00
public function index ( $sortfield = " t.rowid " , $sortorder = 'ASC' , $limit = 100 , $page = 0 , $sqlfilters = '' , $properties = '' )
2020-05-01 08:40:55 +02:00
{
$obj_ret = array ();
2020-09-19 23:30:29 +02:00
$tmpobject = new MyObject ( $this -> db );
2020-05-01 08:40:55 +02:00
2024-02-09 15:58:49 +01:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'mymodule' , 'myobject' , 'read' )) {
2024-01-18 16:18:23 +01:00
throw new RestException ( 403 );
2020-05-01 08:40:55 +02:00
}
2024-01-09 10:44:50 +01:00
$socid = DolibarrApiAccess :: $user -> socid ? DolibarrApiAccess :: $user -> socid : 0 ;
2020-05-01 08:40:55 +02:00
$restrictonsocid = 0 ; // Set to 1 if there is a field socid in table of object
// If the internal user must only see his customers, force searching by him
$search_sale = 0 ;
2024-01-09 10:44:50 +01:00
if ( $restrictonsocid && ! DolibarrApiAccess :: $user -> hasRight ( 'societe' , 'client' , 'voir' ) && ! $socid ) {
2021-02-26 18:26:44 +01:00
$search_sale = DolibarrApiAccess :: $user -> id ;
}
2024-01-09 10:44:50 +01:00
if ( ! isModEnabled ( 'societe' )) {
$search_sale = 0 ; // If module thirdparty not enabled, sale representative is something that does not exists
2021-02-26 18:26:44 +01:00
}
2020-05-01 08:40:55 +02:00
2024-01-09 10:44:50 +01:00
$sql = " SELECT t.rowid " ;
$sql .= " FROM " . MAIN_DB_PREFIX . $tmpobject -> table_element . " AS t " ;
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . $tmpobject -> table_element . " _extrafields AS ef ON (ef.fk_object = t.rowid) " ; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
2020-05-01 08:40:55 +02:00
$sql .= " WHERE 1 = 1 " ;
2021-02-26 18:26:44 +01:00
if ( $tmpobject -> ismultientitymanaged ) {
$sql .= ' AND t.entity IN (' . getEntity ( $tmpobject -> element ) . ')' ;
}
if ( $restrictonsocid && $socid ) {
2021-06-09 15:36:47 +02:00
$sql .= " AND t.fk_soc = " . (( int ) $socid );
2021-02-26 18:26:44 +01:00
}
2024-01-09 10:44:50 +01:00
// Search on sale representative
if ( $search_sale && $search_sale != '-1' ) {
if ( $search_sale == - 2 ) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM " . MAIN_DB_PREFIX . " societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc) " ;
} elseif ( $search_sale > 0 ) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM " . MAIN_DB_PREFIX . " societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = " . (( int ) $search_sale ) . " ) " ;
}
2020-05-01 08:40:55 +02:00
}
2021-02-26 18:26:44 +01:00
if ( $sqlfilters ) {
2021-12-20 20:49:32 +01:00
$errormessage = '' ;
2023-02-25 19:48:33 +01:00
$sql .= forgeSQLFromUniversalSearchCriteria ( $sqlfilters , $errormessage );
if ( $errormessage ) {
throw new RestException ( 400 , 'Error when validating parameter sqlfilters -> ' . $errormessage );
2020-05-01 08:40:55 +02:00
}
}
2020-09-19 23:30:29 +02:00
$sql .= $this -> db -> order ( $sortfield , $sortorder );
2020-05-01 08:40:55 +02:00
if ( $limit ) {
if ( $page < 0 ) {
$page = 0 ;
}
$offset = $limit * $page ;
2020-09-19 23:30:29 +02:00
$sql .= $this -> db -> plimit ( $limit + 1 , $offset );
2020-05-01 08:40:55 +02:00
}
2020-09-19 23:30:29 +02:00
$result = $this -> db -> query ( $sql );
2020-05-21 00:02:33 +02:00
$i = 0 ;
2021-02-26 18:26:44 +01:00
if ( $result ) {
2020-09-19 23:30:29 +02:00
$num = $this -> db -> num_rows ( $result );
2021-02-26 18:26:44 +01:00
while ( $i < $num ) {
2020-09-19 23:30:29 +02:00
$obj = $this -> db -> fetch_object ( $result );
$tmp_object = new MyObject ( $this -> db );
2020-06-18 01:09:30 +02:00
if ( $tmp_object -> fetch ( $obj -> rowid )) {
2023-09-26 18:04:48 +02:00
$obj_ret [] = $this -> _filterObjectProperties ( $this -> _cleanObjectDatas ( $tmp_object ), $properties );
2020-05-01 08:40:55 +02:00
}
$i ++ ;
}
2020-05-21 09:35:30 +02:00
} else {
2020-09-19 23:30:29 +02:00
throw new RestException ( 503 , 'Error when retrieving myobject list: ' . $this -> db -> lasterror ());
2020-05-01 08:40:55 +02:00
}
2023-12-31 14:11:05 +01:00
2020-05-01 08:40:55 +02:00
return $obj_ret ;
}
/**
* Create myobject object
*
2024-08-17 19:32:52 +02:00
* @ param array $request_data Request data
2024-08-18 18:16:08 +02:00
* @ phan - param array { string , mixed } $request_data
* @ phpstan - param array { string , mixed } $request_data
2024-01-18 16:18:23 +01:00
* @ return int ID of myobject
2020-05-01 08:40:55 +02:00
*
2024-01-18 16:18:23 +01:00
* @ throws RestException 403 Not allowed
* @ throws RestException 500 System error
2020-05-01 08:40:55 +02:00
*
2024-03-08 11:00:19 +01:00
* @ url POST myobjects /
2020-05-01 08:40:55 +02:00
*/
public function post ( $request_data = null )
{
2024-02-09 15:58:49 +01:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'mymodule' , 'myobject' , 'write' )) {
2024-01-18 16:18:23 +01:00
throw new RestException ( 403 );
2020-05-01 08:40:55 +02:00
}
2021-04-24 21:02:48 +02:00
2020-05-01 08:40:55 +02:00
// Check mandatory fields
2024-03-08 11:00:19 +01:00
$result = $this -> _validateMyObject ( $request_data );
2020-05-01 08:40:55 +02:00
foreach ( $request_data as $field => $value ) {
2023-12-15 12:15:33 +01:00
if ( $field === 'caller' ) {
2024-09-29 21:52:31 +02:00
// Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller @phan-suppress-next-line PhanTypeInvalidDimOffset
2024-04-02 12:28:55 +02:00
$this -> myobject -> context [ 'caller' ] = sanitizeVal ( $request_data [ 'caller' ], 'aZ09' );
continue ;
}
if ( $field == 'array_options' && is_array ( $value )) {
foreach ( $value as $index => $val ) {
2024-04-02 14:43:05 +02:00
$this -> myobject -> array_options [ $index ] = $this -> _checkValForAPI ( 'extrafields' , $val , $this -> myobject );
2024-04-02 12:28:55 +02:00
}
2023-12-15 12:15:33 +01:00
continue ;
}
2024-09-05 16:05:37 +02:00
$this -> myobject -> $field = $this -> _checkValForAPI (( string ) $field , $value , $this -> myobject );
2020-05-01 08:40:55 +02:00
}
2021-04-24 21:02:48 +02:00
// Clean data
2022-03-30 12:16:17 +02:00
// $this->myobject->abc = sanitizeVal($this->myobject->abc, 'alphanohtml');
2021-04-24 21:02:48 +02:00
2024-08-17 19:32:52 +02:00
if ( $this -> myobject -> create ( DolibarrApiAccess :: $user ) < 0 ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 500 , " Error creating MyObject " , array_merge ( array ( $this -> myobject -> error ), $this -> myobject -> errors ));
}
return $this -> myobject -> id ;
}
/**
* Update myobject
*
2024-02-22 01:32:55 +01:00
* @ param int $id Id of myobject to update
2024-08-18 18:16:08 +02:00
* @ param array $request_data Data
* @ phan - param mixed [] $request_data
* @ phpstan - param mixed [] $request_data
2024-02-22 01:32:55 +01:00
* @ return Object Object after update
2024-08-18 18:16:08 +02:00
* @ phan - return MyObject
* @ phpstan - return MyObject
2020-05-01 08:40:55 +02:00
*
2024-08-17 19:32:52 +02:00
* @ phan - return MyObject
*
2024-01-18 16:18:23 +01:00
* @ throws RestException 403 Not allowed
* @ throws RestException 404 Not found
* @ throws RestException 500 System error
2020-05-01 08:40:55 +02:00
*
2024-03-08 11:00:19 +01:00
* @ url PUT myobjects / { id }
2020-05-01 08:40:55 +02:00
*/
public function put ( $id , $request_data = null )
{
2024-02-09 15:58:49 +01:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'mymodule' , 'myobject' , 'write' )) {
2024-01-18 16:18:23 +01:00
throw new RestException ( 403 );
}
if ( ! DolibarrApi :: _checkAccessToResource ( 'myobject' , $id , 'mymodule_myobject' )) {
throw new RestException ( 403 , 'Access to instance id=' . $this -> myobject -> id . ' of object not allowed for login ' . DolibarrApiAccess :: $user -> login );
2020-05-01 08:40:55 +02:00
}
$result = $this -> myobject -> fetch ( $id );
if ( ! $result ) {
throw new RestException ( 404 , 'MyObject not found' );
}
foreach ( $request_data as $field => $value ) {
2021-02-26 18:26:44 +01:00
if ( $field == 'id' ) {
continue ;
}
2023-12-15 12:15:33 +01:00
if ( $field === 'caller' ) {
2024-01-12 18:06:50 +01:00
// Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
2024-04-02 11:57:30 +02:00
$this -> myobject -> context [ 'caller' ] = sanitizeVal ( $request_data [ 'caller' ], 'aZ09' );
continue ;
}
if ( $field == 'array_options' && is_array ( $value )) {
foreach ( $value as $index => $val ) {
2024-04-02 12:28:55 +02:00
$this -> myobject -> array_options [ $index ] = $this -> _checkValForAPI ( 'extrafields' , $val , $this -> myobject );
2024-04-02 11:57:30 +02:00
}
2023-12-15 12:15:33 +01:00
continue ;
}
2021-04-28 15:25:06 +02:00
$this -> myobject -> $field = $this -> _checkValForAPI ( $field , $value , $this -> myobject );
2020-05-01 08:40:55 +02:00
}
2021-04-24 21:02:48 +02:00
// Clean data
2022-03-30 12:16:17 +02:00
// $this->myobject->abc = sanitizeVal($this->myobject->abc, 'alphanohtml');
2021-04-24 21:02:48 +02:00
2021-02-26 18:26:44 +01:00
if ( $this -> myobject -> update ( DolibarrApiAccess :: $user , false ) > 0 ) {
2020-05-01 08:40:55 +02:00
return $this -> get ( $id );
2020-05-21 09:35:30 +02:00
} else {
2020-05-01 08:40:55 +02:00
throw new RestException ( 500 , $this -> myobject -> error );
}
}
/**
* Delete myobject
*
* @ param int $id MyObject ID
* @ return array
2024-08-18 18:16:08 +02:00
* @ phan - return array < string , array { code : int , message : string } >
* @ phpstan - return array < string , array { code : int , message : string } >
2020-05-01 08:40:55 +02:00
*
2024-01-18 16:18:23 +01:00
* @ throws RestException 403 Not allowed
* @ throws RestException 404 Not found
* @ throws RestException 409 Nothing to do
* @ throws RestException 500 System error
2020-05-01 08:40:55 +02:00
*
2024-03-08 11:00:19 +01:00
* @ url DELETE myobjects / { id }
2020-05-01 08:40:55 +02:00
*/
public function delete ( $id )
{
2024-01-18 16:18:23 +01:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'mymodule' , 'myobject' , 'delete' )) {
throw new RestException ( 403 );
}
if ( ! DolibarrApi :: _checkAccessToResource ( 'myobject' , $id , 'mymodule_myobject' )) {
throw new RestException ( 403 , 'Access to instance id=' . $this -> myobject -> id . ' of object not allowed for login ' . DolibarrApiAccess :: $user -> login );
2020-05-01 08:40:55 +02:00
}
2024-01-18 16:18:23 +01:00
2020-05-01 08:40:55 +02:00
$result = $this -> myobject -> fetch ( $id );
if ( ! $result ) {
throw new RestException ( 404 , 'MyObject not found' );
}
2022-11-26 00:22:01 +01:00
if ( $this -> myobject -> delete ( DolibarrApiAccess :: $user ) == 0 ) {
throw new RestException ( 409 , 'Error when deleting MyObject : ' . $this -> myobject -> error );
} elseif ( $this -> myobject -> delete ( DolibarrApiAccess :: $user ) < 0 ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 500 , 'Error when deleting MyObject : ' . $this -> myobject -> error );
}
return array (
'success' => array (
'code' => 200 ,
'message' => 'MyObject deleted'
)
);
}
2023-03-01 23:20:42 +01:00
/**
2024-08-17 19:32:52 +02:00
* Validate fields before creating or updating object
2023-03-01 23:20:42 +01:00
*
* @ param array $data Array of data to validate
2024-08-18 18:16:08 +02:00
* @ phan - param array < string , null | int | float | string > $data
* @ phpstan - param array < string , null | int | float | string > $data
2023-03-01 23:20:42 +01:00
* @ return array
2024-08-18 18:16:08 +02:00
* @ phan - return array < string , null | int | float | string >| array {}
* @ phpstan - return array < string , null | int | float | string >| array {}
2023-03-01 23:20:42 +01:00
*
* @ throws RestException
*/
2024-03-08 11:00:19 +01:00
private function _validateMyObject ( $data )
2023-03-01 23:20:42 +01:00
{
$myobject = array ();
foreach ( $this -> myobject -> fields as $field => $propfield ) {
if ( in_array ( $field , array ( 'rowid' , 'entity' , 'date_creation' , 'tms' , 'fk_user_creat' )) || $propfield [ 'notnull' ] != 1 ) {
continue ; // Not a mandatory field
}
if ( ! isset ( $data [ $field ])) {
throw new RestException ( 400 , " $field field missing " );
}
$myobject [ $field ] = $data [ $field ];
}
return $myobject ;
}
2024-03-07 15:00:08 +01:00
/* END MODULEBUILDER API MYOBJECT */
2023-03-01 23:20:42 +01:00
2020-05-01 08:40:55 +02:00
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**
2024-08-18 18:16:08 +02:00
* Clean sensitive object data fields
* @ phpstan - template T of Object
2020-05-01 08:40:55 +02:00
*
2020-10-31 18:51:30 +01:00
* @ param Object $object Object to clean
* @ return Object Object with cleaned properties
2024-08-18 18:16:08 +02:00
*
* @ phpstan - param T $object
* @ phpstan - return T
2020-05-01 08:40:55 +02:00
*/
protected function _cleanObjectDatas ( $object )
{
// phpcs:enable
$object = parent :: _cleanObjectDatas ( $object );
unset ( $object -> rowid );
unset ( $object -> canvas );
// If object has lines, remove $db property
if ( isset ( $object -> lines ) && is_array ( $object -> lines ) && count ( $object -> lines ) > 0 ) {
$nboflines = count ( $object -> lines );
2021-02-26 18:26:44 +01:00
for ( $i = 0 ; $i < $nboflines ; $i ++ ) {
2020-05-01 08:40:55 +02:00
$this -> _cleanObjectDatas ( $object -> lines [ $i ]);
unset ( $object -> lines [ $i ] -> lines );
unset ( $object -> lines [ $i ] -> note );
}
}
return $object ;
}
2017-05-27 13:46:34 +02:00
}
