2016-12-12 15:19:47 +01:00
< ? php
/* Copyright ( C ) 2016 Xebax Christy < xebax @ wanadoo . fr >
* Copyright ( C ) 2016 Laurent Destailleur < eldy @ users . sourceforge . net >
* Copyright ( C ) 2016 Jean - François Ferry < jfefe @ aternatik . fr >
*
* This program is free software you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http :// www . gnu . org / licenses />.
*/
use Luracast\Restler\RestException ;
use Luracast\Restler\Format\UploadFormat ;
require_once DOL_DOCUMENT_ROOT . '/main.inc.php' ;
2017-09-28 12:14:49 +02:00
require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php' ;
2016-12-12 15:19:47 +01:00
/**
* API class for receive files
*
* @ access protected
* @ class Documents { @ requires user , external }
*/
class Documents extends DolibarrApi
{
2017-10-06 02:42:32 +02:00
/**
* @ var array $DOCUMENT_FIELDS Mandatory fields , checked when create and update object
*/
static $DOCUMENT_FIELDS = array (
'modulepart'
);
/**
* Constructor
*/
function __construct ()
{
global $db ;
$this -> db = $db ;
}
/**
2017-11-06 11:06:31 +01:00
* Download a document .
*
* Note that , this API is similar to using the wrapper link " documents.php " to download a file ( used for
* internal HTML links of documents into application ), but with no need to have a session cookie ( the token is used instead ) .
2017-10-06 02:42:32 +02:00
*
* @ param string $module_part Name of module or area concerned by file download ( 'facture' , ... )
* @ param string $original_file Relative path with filename , relative to modulepart ( for example : IN201701 - 999 / IN201701 - 999. pdf )
* @ return array List of documents
*
* @ throws 400
* @ throws 401
2017-12-27 15:48:20 +01:00
* @ throws 404
2017-10-06 02:42:32 +02:00
* @ throws 200
2017-11-06 11:06:31 +01:00
*
* @ url GET / download
2017-10-06 02:42:32 +02:00
*/
2017-12-27 15:48:20 +01:00
public function index ( $module_part , $original_file = '' )
2017-10-06 02:42:32 +02:00
{
2017-10-07 20:21:47 +02:00
global $conf , $langs ;
2017-10-05 10:21:52 +02:00
if ( empty ( $module_part )) {
2017-10-06 02:42:32 +02:00
throw new RestException ( 400 , 'bad value for parameter modulepart' );
}
if ( empty ( $original_file )) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 400 , 'bad value for parameter original_file' );
2017-10-05 10:21:52 +02:00
}
2017-10-04 15:59:54 +02:00
2017-10-05 10:21:52 +02:00
//--- Finds and returns the document
$entity = $conf -> entity ;
2017-10-04 15:59:54 +02:00
2017-12-27 15:48:20 +01:00
$check_access = dol_check_secure_access_document ( $module_part , $original_file , $entity , DolibarrApiAccess :: $user , '' , 'read' );
2017-10-05 10:21:52 +02:00
$accessallowed = $check_access [ 'accessallowed' ];
$sqlprotectagainstexternals = $check_access [ 'sqlprotectagainstexternals' ];
$original_file = $check_access [ 'original_file' ];
2017-09-28 12:14:49 +02:00
2017-10-05 10:21:52 +02:00
if ( preg_match ( '/\.\./' , $original_file ) || preg_match ( '/[<>|]/' , $original_file ))
{
2017-10-07 13:09:31 +02:00
throw new RestException ( 401 );
}
if ( ! $accessallowed ) {
throw new RestException ( 401 );
}
2017-12-27 15:48:20 +01:00
$filename = basename ( $original_file );
$original_file_osencoded = dol_osencode ( $original_file ); // New file name encoded in OS encoding charset
if ( ! file_exists ( $original_file_osencoded ))
2017-10-07 13:09:31 +02:00
{
2017-12-27 15:48:20 +01:00
throw new RestException ( 404 , 'File not found' );
}
2017-10-07 13:09:31 +02:00
2017-12-27 15:48:20 +01:00
$file_content = file_get_contents ( $original_file_osencoded );
return array ( 'filename' => $filename , 'content' => base64_encode ( $file_content ), 'encoding' => 'MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)' );
}
/**
* Build a document .
*
* Test sample 1 : { " module_part " : " invoice " , " original_file " : " FA1701-001/FA1701-001.pdf " , " doctemplate " : " crabe " , " langcode " : " fr_FR " } .
*
* @ param string $module_part Name of module or area concerned by file download ( 'invoice' , 'order' , ... ) .
* @ param string $original_file Relative path with filename , relative to modulepart ( for example : IN201701 - 999 / IN201701 - 999. pdf ) .
* @ param string $doctemplate Set here the doc template to use for document generation ( If not set , use the default template ) .
* @ param string $langcode Language code like 'en_US' , 'fr_FR' , 'es_ES' , ... ( If not set , use the default language ) .
* @ return array List of documents
*
* @ throws 500
* @ throws 501
* @ throws 400
* @ throws 401
* @ throws 404
* @ throws 200
*
* @ url PUT / builddoc
*/
public function builddoc ( $module_part , $original_file = '' , $doctemplate = '' , $langcode = '' )
{
global $conf , $langs ;
if ( empty ( $module_part )) {
throw new RestException ( 400 , 'bad value for parameter modulepart' );
}
if ( empty ( $original_file )) {
throw new RestException ( 400 , 'bad value for parameter original_file' );
}
$outputlangs = $langs ;
if ( $langcode && $langs -> defaultlang != $langcode )
{
$outputlangs = new Translate ( '' , $conf );
$outputlangs -> setDefaultLang ( $langcode );
}
//--- Finds and returns the document
$entity = $conf -> entity ;
$check_access = dol_check_secure_access_document ( $module_part , $original_file , $entity , DolibarrApiAccess :: $user , '' , 'write' );
$accessallowed = $check_access [ 'accessallowed' ];
$sqlprotectagainstexternals = $check_access [ 'sqlprotectagainstexternals' ];
$original_file = $check_access [ 'original_file' ];
if ( preg_match ( '/\.\./' , $original_file ) || preg_match ( '/[<>|]/' , $original_file )) {
throw new RestException ( 401 );
}
if ( ! $accessallowed ) {
throw new RestException ( 401 );
}
// --- Generates the document
$hidedetails = empty ( $conf -> global -> MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS ) ? 0 : 1 ;
$hidedesc = empty ( $conf -> global -> MAIN_GENERATE_DOCUMENTS_HIDE_DESC ) ? 0 : 1 ;
$hideref = empty ( $conf -> global -> MAIN_GENERATE_DOCUMENTS_HIDE_REF ) ? 0 : 1 ;
$templateused = '' ;
if ( $module_part == 'facture' || $module_part == 'invoice' )
{
require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php' ;
$this -> invoice = new Facture ( $this -> db );
$result = $this -> invoice -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
if ( ! $result ) {
throw new RestException ( 404 , 'Invoice not found' );
2017-10-07 13:09:31 +02:00
}
2017-11-10 16:42:06 +01:00
2017-12-27 15:48:20 +01:00
$templateused = $doctemplate ? $doctemplate : $this -> invoice -> modelpdf ;
$result = $this -> invoice -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
if ( $result <= 0 ) {
throw new RestException ( 500 , 'Error generating document' );
}
}
elseif ( $module_part == 'commande' || $module_part == 'order' )
{
require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php' ;
$this -> order = new Commande ( $this -> db );
$result = $this -> order -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
if ( ! $result ) {
throw new RestException ( 404 , 'Order not found' );
}
$templateused = $doctemplate ? $doctemplate : $this -> order -> modelpdf ;
$result = $this -> order -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
if ( $result <= 0 ) {
throw new RestException ( 500 , 'Error generating document' );
}
}
2018-01-04 21:14:45 +01:00
elseif ( $module_part == 'propal' || $module_part == 'proposal' )
{
require_once DOL_DOCUMENT_ROOT . '/comm/propal/class/propal.class.php' ;
$this -> propal = new Propal ( $this -> db );
$result = $this -> propal -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
if ( ! $result ) {
throw new RestException ( 404 , 'Proposal not found' );
}
$templateused = $doctemplate ? $doctemplate : $this -> propal -> modelpdf ;
$result = $this -> propal -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
if ( $result <= 0 ) {
throw new RestException ( 500 , 'Error generating document' );
}
}
2017-12-27 15:48:20 +01:00
else
{
throw new RestException ( 403 , 'Generation not available for this modulepart' );
2017-10-05 10:21:52 +02:00
}
2017-09-28 12:14:49 +02:00
2017-10-05 10:21:52 +02:00
$filename = basename ( $original_file );
$original_file_osencoded = dol_osencode ( $original_file ); // New file name encoded in OS encoding charset
2017-09-28 12:14:49 +02:00
2017-10-05 10:21:52 +02:00
if ( ! file_exists ( $original_file_osencoded ))
{
2017-10-07 13:09:31 +02:00
throw new RestException ( 404 , 'File not found' );
2017-10-05 10:21:52 +02:00
}
2017-09-28 12:14:49 +02:00
2017-10-05 10:21:52 +02:00
$file_content = file_get_contents ( $original_file_osencoded );
2017-12-27 15:48:20 +01:00
return array ( 'filename' => $filename , 'content' => base64_encode ( $file_content ), 'langcode' => $outputlangs -> defaultlang , 'template' => $templateused , 'encoding' => 'MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)' );
2017-10-07 13:09:31 +02:00
}
2017-12-27 15:48:20 +01:00
2017-10-12 12:28:10 +02:00
/**
2017-10-16 08:52:00 +02:00
* Return the list of documents of a dedicated element ( from its ID or Ref )
2017-10-12 12:28:10 +02:00
*
2017-12-22 19:49:31 +01:00
* @ param string $modulepart Name of module or area concerned ( 'thirdparty' , 'member' , 'proposal' , 'order' , 'invoice' , 'shipment' , 'project' , ... )
2017-10-16 08:52:00 +02:00
* @ param int $id ID of element
2017-10-12 12:28:10 +02:00
* @ param string $ref Ref of element
2017-10-16 08:52:00 +02:00
* @ param string $sortfield Sort criteria ( '' , 'fullname' , 'relativename' , 'name' , 'date' , 'size' )
* @ param string $sortorder Sort order ( 'asc' or 'desc' )
* @ return array Array of documents with path
2017-10-12 12:28:10 +02:00
*
2017-12-27 15:48:20 +01:00
* @ throws 200
* @ throws 400
* @ throws 401
* @ throws 404
* @ throws 500
2017-10-12 12:28:10 +02:00
*
2017-11-06 11:06:31 +01:00
* @ url GET /
2017-10-12 12:28:10 +02:00
*/
2017-10-16 08:52:00 +02:00
function getDocumentsListByElement ( $modulepart , $id = 0 , $ref = '' , $sortfield = '' , $sortorder = '' )
2017-10-12 12:28:10 +02:00
{
global $conf ;
if ( empty ( $modulepart )) {
throw new RestException ( 400 , 'bad value for parameter modulepart' );
}
if ( empty ( $id ) && empty ( $ref )) {
throw new RestException ( 400 , 'bad value for parameter id or ref' );
}
$id = ( empty ( $id ) ? 0 : $id );
if ( $modulepart == 'societe' || $modulepart == 'thirdparty' )
{
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php' ;
2017-10-12 12:28:10 +02:00
if ( ! DolibarrApiAccess :: $user -> rights -> societe -> lire ) {
throw new RestException ( 401 );
}
$object = new Societe ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Thirdparty not found' );
}
$upload_dir = $conf -> societe -> multidir_output [ $object -> entity ] . " / " . $object -> id ;
}
else if ( $modulepart == 'adherent' || $modulepart == 'member' )
{
require_once DOL_DOCUMENT_ROOT . '/adherents/class/adherent.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> adherent -> lire ) {
throw new RestException ( 401 );
}
$object = new Adherent ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Member not found' );
}
$upload_dir = $conf -> adherent -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'member' );
}
2017-12-22 19:49:31 +01:00
else if ( $modulepart == 'propal' || $modulepart == 'proposal' )
{
require_once DOL_DOCUMENT_ROOT . '/comm/propal/class/propal.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> propal -> lire ) {
throw new RestException ( 401 );
}
$object = new Propal ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Proposal not found' );
}
2018-02-25 17:43:19 +01:00
$upload_dir = $conf -> propal -> multidir_output [ $object -> entity ] . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'propal' );
2017-12-22 19:49:31 +01:00
}
else if ( $modulepart == 'commande' || $modulepart == 'order' )
{
require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> commande -> lire ) {
throw new RestException ( 401 );
}
$object = new Commande ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Order not found' );
}
$upload_dir = $conf -> commande -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'commande' );
}
else if ( $modulepart == 'shipment' || $modulepart == 'expedition' )
{
require_once DOL_DOCUMENT_ROOT . '/expedition/class/expedition.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> expedition -> lire ) {
throw new RestException ( 401 );
}
$object = new Expedition ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Shipment not found' );
}
$upload_dir = $conf -> expedition -> dir_output . " /sending/ " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'shipment' );
}
else if ( $modulepart == 'facture' || $modulepart == 'invoice' )
{
require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> facture -> lire ) {
throw new RestException ( 401 );
}
$object = new Facture ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Invoice not found' );
}
$upload_dir = $conf -> facture -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'invoice' );
}
2017-10-12 12:28:10 +02:00
else
{
throw new RestException ( 500 , 'Modulepart ' . $modulepart . ' not implemented yet.' );
}
$filearray = dol_dir_list ( $upload_dir , " files " , 0 , '' , '(\.meta|_preview.*\.png)$' , $sortfield ,( strtolower ( $sortorder ) == 'desc' ? SORT_DESC : SORT_ASC ), 1 );
if ( empty ( $filearray )) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 404 , 'Search for modulepart ' . $modulepart . ' with Id ' . $object -> id . ( ! empty ( $object -> Ref ) ? ' or Ref ' . $object -> ref : '' ) . ' does not return any document.' );
2017-10-12 12:28:10 +02:00
}
return $filearray ;
}
2017-10-07 13:09:31 +02:00
/**
* Return a document .
*
* @ param int $id ID of document
* @ return array Array with data of file
*
* @ throws RestException
*/
/*
2017-05-22 10:40:24 +02:00
public function get ( $id ) {
return array ( 'note' => 'xxx' );
} */
2017-10-05 10:21:52 +02:00
2017-10-07 13:09:31 +02:00
/**
2017-11-06 11:06:31 +01:00
* Upload a file .
*
2017-10-07 13:09:31 +02:00
* Test sample 1 : { " filename " : " mynewfile.txt " , " modulepart " : " facture " , " ref " : " FA1701-001 " , " subdir " : " " , " filecontent " : " content text " , " fileencoding " : " " , " overwriteifexists " : " 0 " } .
2018-01-15 12:59:30 +01:00
* Test sample 2 : { " filename " : " mynewfile.txt " , " modulepart " : " medias " , " ref " : " " , " subdir " : " image/mywebsite " , " filecontent " : " Y29udGVudCB0ZXh0Cg== " , " fileencoding " : " base64 " , " overwriteifexists " : " 0 " } .
2017-10-07 13:09:31 +02:00
*
2017-11-17 11:44:52 +01:00
* @ param string $filename Name of file to create ( 'FA1705-0123.txt' )
2017-10-08 23:26:35 +02:00
* @ param string $modulepart Name of module or area concerned by file upload ( 'facture' , 'project' , 'project_task' , ... )
2017-10-07 13:09:31 +02:00
* @ param string $ref Reference of object ( This will define subdir automatically and store submited file into it )
2017-12-27 15:48:20 +01:00
* @ param string $subdir Subdirectory ( Only if ref not provided )
2017-10-07 13:09:31 +02:00
* @ param string $filecontent File content ( string with file content . An empty file will be created if this parameter is not provided )
2018-01-15 12:59:30 +01:00
* @ param string $fileencoding File encoding ( '' = no encoding , 'base64' = Base 64 ) { @ example '' or 'base64' }
2017-10-07 13:09:31 +02:00
* @ param int $overwriteifexists Overwrite file if exists ( 1 by default )
2017-11-06 11:06:31 +01:00
*
2017-12-27 15:48:20 +01:00
* @ throws 200
* @ throws 400
* @ throws 401
* @ throws 404
* @ throws 500
*
* @ url POST / upload
2017-10-07 13:09:31 +02:00
*/
public function post ( $filename , $modulepart , $ref = '' , $subdir = '' , $filecontent = '' , $fileencoding = '' , $overwriteifexists = 0 )
{
global $db , $conf ;
/* var_dump ( $modulepart );
2017-05-20 15:52:36 +02:00
var_dump ( $filename );
var_dump ( $filecontent );
exit ; */
2017-10-05 10:21:52 +02:00
2017-10-08 23:26:35 +02:00
if ( empty ( $modulepart ))
{
throw new RestException ( 400 , 'Modulepart not provided.' );
}
2016-12-12 15:19:47 +01:00
2017-10-07 13:09:31 +02:00
if ( ! DolibarrApiAccess :: $user -> rights -> ecm -> upload ) {
throw new RestException ( 401 );
}
2016-12-12 15:19:47 +01:00
2017-10-07 13:09:31 +02:00
$newfilecontent = '' ;
if ( empty ( $fileencoding )) $newfilecontent = $filecontent ;
if ( $fileencoding == 'base64' ) $newfilecontent = base64_decode ( $filecontent );
2016-12-12 15:19:47 +01:00
2017-05-20 15:52:36 +02:00
$original_file = dol_sanitizeFileName ( $filename );
2016-12-12 15:19:47 +01:00
2017-05-20 15:52:36 +02:00
// Define $uploadir
$object = null ;
2017-10-16 09:29:10 +02:00
$entity = DolibarrApiAccess :: $user -> entity ;
2017-05-20 15:52:36 +02:00
if ( $ref )
2016-12-12 15:19:47 +01:00
{
2017-10-16 09:29:10 +02:00
$tmpreldir = '' ;
2017-10-06 02:42:32 +02:00
if ( $modulepart == 'facture' || $modulepart == 'invoice' )
{
$modulepart = 'facture' ;
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php' ;
2017-10-08 23:26:35 +02:00
$object = new Facture ( $this -> db );
}
elseif ( $modulepart == 'project' )
{
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php' ;
2017-10-08 23:26:35 +02:00
$object = new Project ( $this -> db );
}
elseif ( $modulepart == 'task' || $modulepart == 'project_task' )
{
$modulepart = 'project_task' ;
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/projet/class/task.class.php' ;
2017-10-08 23:26:35 +02:00
$object = new Task ( $this -> db );
$task_result = $object -> fetch ( '' , $ref );
2017-12-27 15:48:20 +01:00
// Fetching the tasks project is required because its out_dir might be a sub-directory of the project
2017-10-08 23:26:35 +02:00
if ( $task_result > 0 )
{
$project_result = $object -> fetch_projet ();
if ( $project_result >= 0 )
{
$tmpreldir = dol_sanitizeFileName ( $object -> project -> ref ) . '/' ;
}
}
else
{
throw new RestException ( 500 , 'Error while fetching Task ' . $ref );
}
}
// TODO Implement additional moduleparts
else
{
throw new RestException ( 500 , 'Modulepart ' . $modulepart . ' not implemented yet.' );
}
if ( is_object ( $object ))
{
2017-10-06 02:42:32 +02:00
$result = $object -> fetch ( '' , $ref );
2017-10-08 23:26:35 +02:00
if ( $result == 0 )
{
2017-12-27 15:48:20 +01:00
throw new RestException ( 404 , " Object with ref ' " . $ref . " ' was not found. " );
2017-10-08 23:26:35 +02:00
}
elseif ( $result < 0 )
{
throw new RestException ( 500 , 'Error while fetching object.' );
}
2017-10-06 02:42:32 +02:00
}
if ( ! ( $object -> id > 0 ))
{
2017-12-27 15:48:20 +01:00
throw new RestException ( 404 , 'The object ' . $modulepart . " with ref ' " . $ref . " ' was not found. " );
2017-10-06 02:42:32 +02:00
}
2017-12-27 15:48:20 +01:00
$relativefile = $tmpreldir . dol_sanitizeFileName ( $object -> ref );
$tmp = dol_check_secure_access_document ( $modulepart , $relativefile , $entity , DolibarrApiAccess :: $user , $ref , 'write' );
$upload_dir = $tmp [ 'original_file' ]; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
2017-10-06 02:42:32 +02:00
if ( empty ( $upload_dir ) || $upload_dir == '/' )
{
throw new RestException ( 500 , 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.' );
}
2016-12-12 15:19:47 +01:00
}
2017-05-20 15:52:36 +02:00
else
2016-12-12 15:19:47 +01:00
{
2017-10-06 02:42:32 +02:00
if ( $modulepart == 'invoice' ) $modulepart = 'facture' ;
2017-10-05 10:21:52 +02:00
2017-12-27 15:48:20 +01:00
$relativefile = $subdir ;
$tmp = dol_check_secure_access_document ( $modulepart , $relativefile , $entity , DolibarrApiAccess :: $user , '' , 'write' );
$upload_dir = $tmp [ 'original_file' ]; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
2017-05-20 15:52:36 +02:00
2017-10-06 02:42:32 +02:00
if ( empty ( $upload_dir ) || $upload_dir == '/' )
{
throw new RestException ( 500 , 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.' );
}
2016-12-12 15:19:47 +01:00
}
2017-12-27 15:48:20 +01:00
// $original_file here is still value of filename without any dir.
2017-10-05 10:21:52 +02:00
2017-05-20 15:52:36 +02:00
$upload_dir = dol_sanitizePathName ( $upload_dir );
2017-10-05 10:21:52 +02:00
2017-05-21 14:06:43 +02:00
$destfile = $upload_dir . '/' . $original_file ;
$destfiletmp = DOL_DATA_ROOT . '/admin/temp/' . $original_file ;
dol_delete_file ( $destfiletmp );
2017-12-27 15:48:20 +01:00
//var_dump($original_file);exit;
2017-10-05 10:21:52 +02:00
2017-12-27 15:48:20 +01:00
if ( ! dol_is_dir ( dirname ( $destfile ))) {
throw new RestException ( 401 , 'Directory not exists : ' . dirname ( $destfile ));
2017-10-06 02:42:32 +02:00
}
2017-10-05 10:21:52 +02:00
2017-10-06 02:42:32 +02:00
if ( ! $overwriteifexists && dol_is_file ( $destfile ))
{
throw new RestException ( 500 , " File with name ' " . $original_file . " ' already exists. " );
}
2017-10-05 10:21:52 +02:00
2017-10-06 02:42:32 +02:00
$fhandle = @ fopen ( $destfiletmp , 'w' );
if ( $fhandle )
{
$nbofbyteswrote = fwrite ( $fhandle , $newfilecontent );
fclose ( $fhandle );
@ chmod ( $destfiletmp , octdec ( $conf -> global -> MAIN_UMASK ));
}
else
{
throw new RestException ( 500 , " Failed to open file ' " . $destfiletmp . " ' for write " );
}
2016-12-12 15:19:47 +01:00
2017-10-06 02:42:32 +02:00
$result = dol_move ( $destfiletmp , $destfile , 0 , $overwriteifexists , 1 );
2017-12-27 15:48:20 +01:00
if ( ! $result )
{
throw new RestException ( 500 , " Failed to move file into ' " . $destfile . " ' " );
}
2017-10-06 02:42:32 +02:00
2017-12-27 15:48:20 +01:00
return dol_basename ( $destfile );
2017-10-06 02:42:32 +02:00
}
/**
* Validate fields before create or update object
*
* @ param array $data Array with data to verify
* @ return array
* @ throws RestException
*/
function _validate_file ( $data ) {
$result = array ();
foreach ( Documents :: $DOCUMENT_FIELDS as $field ) {
if ( ! isset ( $data [ $field ]))
throw new RestException ( 400 , " $field field missing " );
$result [ $field ] = $data [ $field ];
}
return $result ;
}
2016-12-12 15:19:47 +01:00
}
