2017-05-27 13:46:34 +02:00
< ? php
/* Copyright ( C ) 2015 Jean - François Ferry < jfefe @ aternatik . fr >
2017-06-27 20:14:48 +02:00
* Copyright ( C ) --- Put here your own copyright and developer email ---
2017-05-27 13:46:34 +02:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2019-09-23 21:55:30 +02:00
* along with this program . If not , see < https :// www . gnu . org / licenses />.
2017-05-27 13:46:34 +02:00
*/
use Luracast\Restler\RestException ;
2017-11-05 18:15:59 +01:00
dol_include_once ( '/mymodule/class/myobject.class.php' );
2017-05-27 13:46:34 +02:00
/**
2017-11-05 18:15:59 +01:00
* \file htdocs / modulebuilder / template / class / api_mymodule . class . php
2017-05-27 13:46:34 +02:00
* \ingroup mymodule
* \brief File for API management of myobject .
*/
2017-06-27 20:14:48 +02:00
2017-05-27 13:46:34 +02:00
/**
* API class for mymodule myobject
*
2017-06-27 20:14:48 +02:00
* @ access protected
2017-05-27 13:46:34 +02:00
* @ class DolibarrApiAccess { @ requires user , external }
*/
2017-11-05 18:15:59 +01:00
class MyModuleApi extends DolibarrApi
2017-05-27 13:46:34 +02:00
{
2020-05-01 08:40:55 +02:00
/**
* @ var MyObject $myobject { @ type MyObject }
*/
public $myobject ;
/**
* Constructor
*
* @ url GET /
*
*/
public function __construct ()
{
2022-04-03 12:25:43 +02:00
global $db ;
2020-05-01 08:40:55 +02:00
$this -> db = $db ;
$this -> myobject = new MyObject ( $this -> db );
}
2023-03-01 23:20:42 +01:00
/*begin methods CRUD*/
2020-05-01 08:40:55 +02:00
/**
* Get properties of a myobject object
*
* Return an array with myobject informations
*
2023-09-26 18:43:25 +02:00
* @ param int $id ID of myobject
* @ return Object Object with cleaned properties
2020-05-01 08:40:55 +02:00
*
* @ url GET myobjects / { id }
*
2020-09-20 16:57:53 +02:00
* @ throws RestException 401 Not allowed
* @ throws RestException 404 Not found
2020-05-01 08:40:55 +02:00
*/
public function get ( $id )
{
2021-08-27 11:48:56 +02:00
if ( ! DolibarrApiAccess :: $user -> rights -> mymodule -> myobject -> read ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 401 );
}
$result = $this -> myobject -> fetch ( $id );
if ( ! $result ) {
throw new RestException ( 404 , 'MyObject not found' );
}
if ( ! DolibarrApi :: _checkAccessToResource ( 'myobject' , $this -> myobject -> id , 'mymodule_myobject' )) {
throw new RestException ( 401 , 'Access to instance id=' . $this -> myobject -> id . ' of object not allowed for login ' . DolibarrApiAccess :: $user -> login );
}
return $this -> _cleanObjectDatas ( $this -> myobject );
}
/**
* List myobjects
*
* Get a list of myobjects
*
2023-09-26 18:43:25 +02:00
* @ param string $sortfield Sort field
* @ param string $sortorder Sort order
* @ param int $limit Limit for list
* @ param int $page Page number
2020-05-01 08:40:55 +02:00
* @ param string $sqlfilters Other criteria to filter answers separated by a comma . Syntax example " (t.ref:like:'SO-%') and (t.date_creation:<:'20160101') "
2023-09-26 18:43:25 +02:00
* @ param string $properties Restrict the data returned to theses properties . Ignored if empty . Comma separated list of properties names
2020-05-01 08:40:55 +02:00
* @ return array Array of order objects
*
* @ throws RestException
*
* @ url GET / myobjects /
*/
2023-09-26 18:04:48 +02:00
public function index ( $sortfield = " t.rowid " , $sortorder = 'ASC' , $limit = 100 , $page = 0 , $sqlfilters = '' , $properties = '' )
2020-05-01 08:40:55 +02:00
{
global $db , $conf ;
$obj_ret = array ();
2020-09-19 23:30:29 +02:00
$tmpobject = new MyObject ( $this -> db );
2020-05-01 08:40:55 +02:00
2020-06-17 22:11:22 +02:00
if ( ! DolibarrApiAccess :: $user -> rights -> mymodule -> myobject -> read ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 401 );
}
$socid = DolibarrApiAccess :: $user -> socid ? DolibarrApiAccess :: $user -> socid : '' ;
$restrictonsocid = 0 ; // Set to 1 if there is a field socid in table of object
// If the internal user must only see his customers, force searching by him
$search_sale = 0 ;
2021-02-26 18:26:44 +01:00
if ( $restrictonsocid && ! DolibarrApiAccess :: $user -> rights -> societe -> client -> voir && ! $socid ) {
$search_sale = DolibarrApiAccess :: $user -> id ;
}
2020-05-01 08:40:55 +02:00
$sql = " SELECT t.rowid " ;
2021-02-26 18:26:44 +01:00
if ( $restrictonsocid && ( ! DolibarrApiAccess :: $user -> rights -> societe -> client -> voir && ! $socid ) || $search_sale > 0 ) {
$sql .= " , sc.fk_soc, sc.fk_user " ; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
}
2023-04-28 09:31:33 +02:00
$sql .= " FROM " . MAIN_DB_PREFIX . $tmpobject -> table_element . " AS t LEFT JOIN " . MAIN_DB_PREFIX . $tmpobject -> table_element . " _extrafields AS ef ON (ef.fk_object = t.rowid) " ; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
2020-05-01 08:40:55 +02:00
2021-02-26 18:26:44 +01:00
if ( $restrictonsocid && ( ! DolibarrApiAccess :: $user -> rights -> societe -> client -> voir && ! $socid ) || $search_sale > 0 ) {
$sql .= " , " . MAIN_DB_PREFIX . " societe_commerciaux as sc " ; // We need this table joined to the select in order to filter by sale
}
2020-05-01 08:40:55 +02:00
$sql .= " WHERE 1 = 1 " ;
// Example of use $mode
//if ($mode == 1) $sql.= " AND s.client IN (1, 3)";
//if ($mode == 2) $sql.= " AND s.client IN (2, 3)";
2021-02-26 18:26:44 +01:00
if ( $tmpobject -> ismultientitymanaged ) {
$sql .= ' AND t.entity IN (' . getEntity ( $tmpobject -> element ) . ')' ;
}
if ( $restrictonsocid && ( ! DolibarrApiAccess :: $user -> rights -> societe -> client -> voir && ! $socid ) || $search_sale > 0 ) {
$sql .= " AND t.fk_soc = sc.fk_soc " ;
}
if ( $restrictonsocid && $socid ) {
2021-06-09 15:36:47 +02:00
$sql .= " AND t.fk_soc = " . (( int ) $socid );
2021-02-26 18:26:44 +01:00
}
if ( $restrictonsocid && $search_sale > 0 ) {
$sql .= " AND t.rowid = sc.fk_soc " ; // Join for the needed table to filter by sale
}
2020-05-01 08:40:55 +02:00
// Insert sale filter
if ( $restrictonsocid && $search_sale > 0 ) {
2021-06-09 15:36:47 +02:00
$sql .= " AND sc.fk_user = " . (( int ) $search_sale );
2020-05-01 08:40:55 +02:00
}
2021-02-26 18:26:44 +01:00
if ( $sqlfilters ) {
2021-12-20 20:49:32 +01:00
$errormessage = '' ;
2023-02-25 19:48:33 +01:00
$sql .= forgeSQLFromUniversalSearchCriteria ( $sqlfilters , $errormessage );
if ( $errormessage ) {
throw new RestException ( 400 , 'Error when validating parameter sqlfilters -> ' . $errormessage );
2020-05-01 08:40:55 +02:00
}
}
2020-09-19 23:30:29 +02:00
$sql .= $this -> db -> order ( $sortfield , $sortorder );
2020-05-01 08:40:55 +02:00
if ( $limit ) {
if ( $page < 0 ) {
$page = 0 ;
}
$offset = $limit * $page ;
2020-09-19 23:30:29 +02:00
$sql .= $this -> db -> plimit ( $limit + 1 , $offset );
2020-05-01 08:40:55 +02:00
}
2020-09-19 23:30:29 +02:00
$result = $this -> db -> query ( $sql );
2020-05-21 00:02:33 +02:00
$i = 0 ;
2021-02-26 18:26:44 +01:00
if ( $result ) {
2020-09-19 23:30:29 +02:00
$num = $this -> db -> num_rows ( $result );
2021-02-26 18:26:44 +01:00
while ( $i < $num ) {
2020-09-19 23:30:29 +02:00
$obj = $this -> db -> fetch_object ( $result );
$tmp_object = new MyObject ( $this -> db );
2020-06-18 01:09:30 +02:00
if ( $tmp_object -> fetch ( $obj -> rowid )) {
2023-09-26 18:04:48 +02:00
$obj_ret [] = $this -> _filterObjectProperties ( $this -> _cleanObjectDatas ( $tmp_object ), $properties );
2020-05-01 08:40:55 +02:00
}
$i ++ ;
}
2020-05-21 09:35:30 +02:00
} else {
2020-09-19 23:30:29 +02:00
throw new RestException ( 503 , 'Error when retrieving myobject list: ' . $this -> db -> lasterror ());
2020-05-01 08:40:55 +02:00
}
if ( ! count ( $obj_ret )) {
throw new RestException ( 404 , 'No myobject found' );
}
return $obj_ret ;
}
/**
* Create myobject object
*
* @ param array $request_data Request datas
* @ return int ID of myobject
*
* @ throws RestException
*
* @ url POST myobjects /
*/
public function post ( $request_data = null )
{
2021-08-27 11:48:56 +02:00
if ( ! DolibarrApiAccess :: $user -> rights -> mymodule -> myobject -> write ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 401 );
}
2021-04-24 21:02:48 +02:00
2020-05-01 08:40:55 +02:00
// Check mandatory fields
$result = $this -> _validate ( $request_data );
foreach ( $request_data as $field => $value ) {
2023-12-15 12:15:33 +01:00
if ( $field === 'caller' ) {
// Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again whith the caller
$this -> myobject -> context [ 'caller' ] = $request_data [ 'caller' ];
continue ;
}
2021-04-28 15:25:06 +02:00
$this -> myobject -> $field = $this -> _checkValForAPI ( $field , $value , $this -> myobject );
2020-05-01 08:40:55 +02:00
}
2021-04-24 21:02:48 +02:00
// Clean data
2022-03-30 12:16:17 +02:00
// $this->myobject->abc = sanitizeVal($this->myobject->abc, 'alphanohtml');
2021-04-24 21:02:48 +02:00
2021-02-05 12:44:55 +01:00
if ( $this -> myobject -> create ( DolibarrApiAccess :: $user ) < 0 ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 500 , " Error creating MyObject " , array_merge ( array ( $this -> myobject -> error ), $this -> myobject -> errors ));
}
return $this -> myobject -> id ;
}
/**
* Update myobject
*
* @ param int $id Id of myobject to update
* @ param array $request_data Datas
* @ return int
*
* @ throws RestException
*
* @ url PUT myobjects / { id }
*/
public function put ( $id , $request_data = null )
{
2021-08-27 11:48:56 +02:00
if ( ! DolibarrApiAccess :: $user -> rights -> mymodule -> myobject -> write ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 401 );
}
$result = $this -> myobject -> fetch ( $id );
if ( ! $result ) {
throw new RestException ( 404 , 'MyObject not found' );
}
if ( ! DolibarrApi :: _checkAccessToResource ( 'myobject' , $this -> myobject -> id , 'mymodule_myobject' )) {
throw new RestException ( 401 , 'Access to instance id=' . $this -> myobject -> id . ' of object not allowed for login ' . DolibarrApiAccess :: $user -> login );
}
foreach ( $request_data as $field => $value ) {
2021-02-26 18:26:44 +01:00
if ( $field == 'id' ) {
continue ;
}
2023-12-15 12:15:33 +01:00
if ( $field === 'caller' ) {
// Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again whith the caller
$this -> myobject -> context [ 'caller' ] = $request_data [ 'caller' ];
continue ;
}
2021-04-28 15:25:06 +02:00
$this -> myobject -> $field = $this -> _checkValForAPI ( $field , $value , $this -> myobject );
2020-05-01 08:40:55 +02:00
}
2021-04-24 21:02:48 +02:00
// Clean data
2022-03-30 12:16:17 +02:00
// $this->myobject->abc = sanitizeVal($this->myobject->abc, 'alphanohtml');
2021-04-24 21:02:48 +02:00
2021-02-26 18:26:44 +01:00
if ( $this -> myobject -> update ( DolibarrApiAccess :: $user , false ) > 0 ) {
2020-05-01 08:40:55 +02:00
return $this -> get ( $id );
2020-05-21 09:35:30 +02:00
} else {
2020-05-01 08:40:55 +02:00
throw new RestException ( 500 , $this -> myobject -> error );
}
}
/**
* Delete myobject
*
* @ param int $id MyObject ID
* @ return array
*
* @ throws RestException
*
* @ url DELETE myobjects / { id }
*/
public function delete ( $id )
{
2021-08-27 11:48:56 +02:00
if ( ! DolibarrApiAccess :: $user -> rights -> mymodule -> myobject -> delete ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 401 );
}
$result = $this -> myobject -> fetch ( $id );
if ( ! $result ) {
throw new RestException ( 404 , 'MyObject not found' );
}
if ( ! DolibarrApi :: _checkAccessToResource ( 'myobject' , $this -> myobject -> id , 'mymodule_myobject' )) {
throw new RestException ( 401 , 'Access to instance id=' . $this -> myobject -> id . ' of object not allowed for login ' . DolibarrApiAccess :: $user -> login );
}
2022-11-26 00:22:01 +01:00
if ( $this -> myobject -> delete ( DolibarrApiAccess :: $user ) == 0 ) {
throw new RestException ( 409 , 'Error when deleting MyObject : ' . $this -> myobject -> error );
} elseif ( $this -> myobject -> delete ( DolibarrApiAccess :: $user ) < 0 ) {
2020-05-01 08:40:55 +02:00
throw new RestException ( 500 , 'Error when deleting MyObject : ' . $this -> myobject -> error );
}
return array (
'success' => array (
'code' => 200 ,
'message' => 'MyObject deleted'
)
);
}
2023-03-01 23:20:42 +01:00
/**
* Validate fields before create or update object
*
* @ param array $data Array of data to validate
* @ return array
*
* @ throws RestException
*/
private function _validate ( $data )
{
$myobject = array ();
foreach ( $this -> myobject -> fields as $field => $propfield ) {
if ( in_array ( $field , array ( 'rowid' , 'entity' , 'date_creation' , 'tms' , 'fk_user_creat' )) || $propfield [ 'notnull' ] != 1 ) {
continue ; // Not a mandatory field
}
if ( ! isset ( $data [ $field ])) {
throw new RestException ( 400 , " $field field missing " );
}
$myobject [ $field ] = $data [ $field ];
}
return $myobject ;
}
/*end methods CRUD*/
2020-05-01 08:40:55 +02:00
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**
* Clean sensible object datas
*
2020-10-31 18:51:30 +01:00
* @ param Object $object Object to clean
* @ return Object Object with cleaned properties
2020-05-01 08:40:55 +02:00
*/
protected function _cleanObjectDatas ( $object )
{
// phpcs:enable
$object = parent :: _cleanObjectDatas ( $object );
unset ( $object -> rowid );
unset ( $object -> canvas );
/* unset ( $object -> name );
unset ( $object -> lastname );
unset ( $object -> firstname );
unset ( $object -> civility_id );
unset ( $object -> statut );
unset ( $object -> state );
unset ( $object -> state_id );
unset ( $object -> state_code );
unset ( $object -> region );
unset ( $object -> region_code );
unset ( $object -> country );
unset ( $object -> country_id );
unset ( $object -> country_code );
unset ( $object -> barcode_type );
unset ( $object -> barcode_type_code );
unset ( $object -> barcode_type_label );
unset ( $object -> barcode_type_coder );
unset ( $object -> total_ht );
unset ( $object -> total_tva );
unset ( $object -> total_localtax1 );
unset ( $object -> total_localtax2 );
unset ( $object -> total_ttc );
unset ( $object -> fk_account );
unset ( $object -> comments );
unset ( $object -> note );
unset ( $object -> mode_reglement_id );
unset ( $object -> cond_reglement_id );
unset ( $object -> cond_reglement );
unset ( $object -> shipping_method_id );
unset ( $object -> fk_incoterms );
unset ( $object -> label_incoterms );
unset ( $object -> location_incoterms );
2019-11-02 14:49:26 +01:00
*/
2020-05-01 08:40:55 +02:00
// If object has lines, remove $db property
if ( isset ( $object -> lines ) && is_array ( $object -> lines ) && count ( $object -> lines ) > 0 ) {
$nboflines = count ( $object -> lines );
2021-02-26 18:26:44 +01:00
for ( $i = 0 ; $i < $nboflines ; $i ++ ) {
2020-05-01 08:40:55 +02:00
$this -> _cleanObjectDatas ( $object -> lines [ $i ]);
unset ( $object -> lines [ $i ] -> lines );
unset ( $object -> lines [ $i ] -> note );
}
}
return $object ;
}
2017-05-27 13:46:34 +02:00
}
