2016-12-12 15:19:47 +01:00
< ? php
/* Copyright ( C ) 2016 Xebax Christy < xebax @ wanadoo . fr >
* Copyright ( C ) 2016 Laurent Destailleur < eldy @ users . sourceforge . net >
* Copyright ( C ) 2016 Jean - François Ferry < jfefe @ aternatik . fr >
2023-05-02 00:59:51 +02:00
* Copyright ( C ) 2023 Romain Neil < contact @ romain - neil . fr >
2016-12-12 15:19:47 +01:00
*
* This program is free software you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2019-09-23 21:55:30 +02:00
* along with this program . If not , see < https :// www . gnu . org / licenses />.
2016-12-12 15:19:47 +01:00
*/
use Luracast\Restler\RestException ;
use Luracast\Restler\Format\UploadFormat ;
require_once DOL_DOCUMENT_ROOT . '/main.inc.php' ;
2023-10-26 12:22:54 +02:00
require_once DOL_DOCUMENT_ROOT . '/api/class/api.class.php' ;
2017-09-28 12:14:49 +02:00
require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php' ;
2016-12-12 15:19:47 +01:00
/**
* API class for receive files
*
* @ access protected
* @ class Documents { @ requires user , external }
*/
class Documents extends DolibarrApi
{
2017-10-06 02:42:32 +02:00
/**
* @ var array $DOCUMENT_FIELDS Mandatory fields , checked when create and update object
*/
2021-02-23 17:44:43 +01:00
public static $DOCUMENT_FIELDS = array (
2017-10-06 02:42:32 +02:00
'modulepart'
);
/**
* Constructor
*/
2019-02-25 20:35:59 +01:00
public function __construct ()
2017-10-06 02:42:32 +02:00
{
global $db ;
$this -> db = $db ;
}
/**
2017-11-06 11:06:31 +01:00
* Download a document .
*
* Note that , this API is similar to using the wrapper link " documents.php " to download a file ( used for
* internal HTML links of documents into application ), but with no need to have a session cookie ( the token is used instead ) .
2017-10-06 02:42:32 +02:00
*
2019-08-25 16:38:09 +02:00
* @ param string $modulepart Name of module or area concerned by file download ( 'facture' , ... )
2017-10-06 02:42:32 +02:00
* @ param string $original_file Relative path with filename , relative to modulepart ( for example : IN201701 - 999 / IN201701 - 999. pdf )
* @ return array List of documents
*
2017-11-06 11:06:31 +01:00
* @ url GET / download
2024-01-13 19:34:51 +01:00
*
2024-01-14 12:26:37 +01:00
* @ throws RestException 400 Bad value for parameter modulepart or original_file
2024-01-13 19:34:51 +01:00
* @ throws RestException 401 Access denied
* @ throws RestException 404 File not found
2017-10-06 02:42:32 +02:00
*/
2019-08-25 16:38:09 +02:00
public function index ( $modulepart , $original_file = '' )
2017-10-06 02:42:32 +02:00
{
2023-08-06 12:26:27 +02:00
global $conf ;
2017-10-05 10:21:52 +02:00
2019-08-25 16:38:09 +02:00
if ( empty ( $modulepart )) {
2023-12-04 11:41:14 +01:00
throw new RestException ( 400 , 'bad value for parameter modulepart' );
2017-10-06 02:42:32 +02:00
}
if ( empty ( $original_file )) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 400 , 'bad value for parameter original_file' );
2017-10-05 10:21:52 +02:00
}
2017-10-04 15:59:54 +02:00
2017-10-05 10:21:52 +02:00
//--- Finds and returns the document
2019-11-22 15:13:30 +01:00
$entity = $conf -> entity ;
2017-10-04 15:59:54 +02:00
2020-02-25 14:59:47 +01:00
// Special cases that need to use get_exdir to get real dir of object
// If future, all object should use this to define path of documents.
/*
$tmpreldir = '' ;
if ( $modulepart == 'supplier_invoice' ) {
$tmpreldir = get_exdir ( $object -> id , 2 , 0 , 0 , $object , 'invoice_supplier' );
}
$relativefile = $tmpreldir . dol_sanitizeFileName ( $object -> ref ); */
$relativefile = $original_file ;
$check_access = dol_check_secure_access_document ( $modulepart , $relativefile , $entity , DolibarrApiAccess :: $user , '' , 'read' );
2019-02-25 20:35:59 +01:00
$accessallowed = $check_access [ 'accessallowed' ];
2017-10-05 10:21:52 +02:00
$sqlprotectagainstexternals = $check_access [ 'sqlprotectagainstexternals' ];
2019-02-25 20:35:59 +01:00
$original_file = $check_access [ 'original_file' ];
2017-09-28 12:14:49 +02:00
2019-02-25 20:35:59 +01:00
if ( preg_match ( '/\.\./' , $original_file ) || preg_match ( '/[<>|]/' , $original_file )) {
2017-10-07 13:09:31 +02:00
throw new RestException ( 401 );
}
if ( ! $accessallowed ) {
throw new RestException ( 401 );
}
2017-12-27 15:48:20 +01:00
$filename = basename ( $original_file );
2019-11-22 15:13:30 +01:00
$original_file_osencoded = dol_osencode ( $original_file ); // New file name encoded in OS encoding charset
2017-12-27 15:48:20 +01:00
2021-02-23 17:44:43 +01:00
if ( ! file_exists ( $original_file_osencoded )) {
2019-08-25 16:38:09 +02:00
dol_syslog ( " Try to download not found file " . $original_file_osencoded , LOG_WARNING );
2017-12-27 15:48:20 +01:00
throw new RestException ( 404 , 'File not found' );
}
2017-10-07 13:09:31 +02:00
2019-11-22 15:13:30 +01:00
$file_content = file_get_contents ( $original_file_osencoded );
return array ( 'filename' => $filename , 'content-type' => dol_mimetype ( $filename ), 'filesize' => filesize ( $original_file ), 'content' => base64_encode ( $file_content ), 'encoding' => 'base64' );
2017-12-27 15:48:20 +01:00
}
/**
* Build a document .
*
2020-12-09 16:26:31 +01:00
* Test sample 1 : { " modulepart " : " invoice " , " original_file " : " FA1701-001/FA1701-001.pdf " , " doctemplate " : " crabe " , " langcode " : " fr_FR " } .
2017-12-27 15:48:20 +01:00
*
2023-10-16 15:50:23 +02:00
* Supported modules : invoice , order , proposal , contract , shipment
2023-05-10 12:23:32 +02:00
*
2021-10-06 18:50:29 +02:00
* @ param string $modulepart Name of module or area concerned by file download ( 'thirdparty' , 'member' , 'proposal' , 'supplier_proposal' , 'order' , 'supplier_order' , 'invoice' , 'supplier_invoice' , 'shipment' , 'project' , ... )
2017-12-27 15:48:20 +01:00
* @ param string $original_file Relative path with filename , relative to modulepart ( for example : IN201701 - 999 / IN201701 - 999. pdf ) .
* @ param string $doctemplate Set here the doc template to use for document generation ( If not set , use the default template ) .
* @ param string $langcode Language code like 'en_US' , 'fr_FR' , 'es_ES' , ... ( If not set , use the default language ) .
* @ return array List of documents
*
* @ url PUT / builddoc
2024-01-13 19:34:51 +01:00
*
2024-01-14 12:26:37 +01:00
* @ throws RestException 400 Bad value for parameter modulepart or original_file
2024-01-13 19:34:51 +01:00
* @ throws RestException 401 Access denied
* @ throws RestException 403 Generation not available for this modulepart
* @ throws RestException 404 Invoice , Order , Proposal , Contract or Shipment not found
* @ throws RestException 500 Error generating document
* @ throws RestException 501 File not found
2017-12-27 15:48:20 +01:00
*/
2019-08-25 16:38:09 +02:00
public function builddoc ( $modulepart , $original_file = '' , $doctemplate = '' , $langcode = '' )
2017-12-27 15:48:20 +01:00
{
global $conf , $langs ;
2019-08-25 16:38:09 +02:00
if ( empty ( $modulepart )) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 400 , 'bad value for parameter modulepart' );
}
if ( empty ( $original_file )) {
throw new RestException ( 400 , 'bad value for parameter original_file' );
}
$outputlangs = $langs ;
2021-02-23 17:44:43 +01:00
if ( $langcode && $langs -> defaultlang != $langcode ) {
2019-11-22 15:13:30 +01:00
$outputlangs = new Translate ( '' , $conf );
2017-12-27 15:48:20 +01:00
$outputlangs -> setDefaultLang ( $langcode );
}
//--- Finds and returns the document
2019-11-22 15:13:30 +01:00
$entity = $conf -> entity ;
2017-12-27 15:48:20 +01:00
2020-02-25 14:59:47 +01:00
// Special cases that need to use get_exdir to get real dir of object
// If future, all object should use this to define path of documents.
/*
$tmpreldir = '' ;
if ( $modulepart == 'supplier_invoice' ) {
$tmpreldir = get_exdir ( $object -> id , 2 , 0 , 0 , $object , 'invoice_supplier' );
}
$relativefile = $tmpreldir . dol_sanitizeFileName ( $object -> ref ); */
$relativefile = $original_file ;
$check_access = dol_check_secure_access_document ( $modulepart , $relativefile , $entity , DolibarrApiAccess :: $user , '' , 'write' );
2017-12-27 15:48:20 +01:00
$accessallowed = $check_access [ 'accessallowed' ];
$sqlprotectagainstexternals = $check_access [ 'sqlprotectagainstexternals' ];
$original_file = $check_access [ 'original_file' ];
2019-02-25 20:35:59 +01:00
if ( preg_match ( '/\.\./' , $original_file ) || preg_match ( '/[<>|]/' , $original_file )) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 401 );
}
if ( ! $accessallowed ) {
throw new RestException ( 401 );
}
// --- Generates the document
2023-10-24 17:00:13 +02:00
$hidedetails = ! getDolGlobalString ( 'MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS' ) ? 0 : 1 ;
$hidedesc = ! getDolGlobalString ( 'MAIN_GENERATE_DOCUMENTS_HIDE_DESC' ) ? 0 : 1 ;
$hideref = ! getDolGlobalString ( 'MAIN_GENERATE_DOCUMENTS_HIDE_REF' ) ? 0 : 1 ;
2017-12-27 15:48:20 +01:00
2019-11-22 15:13:30 +01:00
$templateused = '' ;
2017-12-27 15:48:20 +01:00
2021-02-23 17:44:43 +01:00
if ( $modulepart == 'facture' || $modulepart == 'invoice' ) {
2017-12-27 15:48:20 +01:00
require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php' ;
2023-08-06 12:26:27 +02:00
$tmpobject = new Facture ( $this -> db );
$result = $tmpobject -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
2019-11-22 15:13:30 +01:00
if ( ! $result ) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 404 , 'Invoice not found' );
2017-10-07 13:09:31 +02:00
}
2017-11-10 16:42:06 +01:00
2023-08-06 12:26:27 +02:00
$templateused = $doctemplate ? $doctemplate : $tmpobject -> model_pdf ;
$result = $tmpobject -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
2019-11-22 15:13:30 +01:00
if ( $result <= 0 ) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 500 , 'Error generating document' );
}
2023-05-10 14:30:51 +02:00
} elseif ( $modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier' ) {
2023-05-10 14:27:51 +02:00
require_once DOL_DOCUMENT_ROOT . '/fourn/class/fournisseur.facture.class.php' ;
2023-08-06 12:26:27 +02:00
$tmpobject = new FactureFournisseur ( $this -> db );
$result = $tmpobject -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
2023-05-10 14:27:51 +02:00
if ( ! $result ) {
throw new RestException ( 404 , 'Supplier invoice not found' );
}
2023-08-06 12:26:27 +02:00
$templateused = $doctemplate ? $doctemplate : $tmpobject -> model_pdf ;
$result = $tmpobject -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
2023-05-10 14:27:51 +02:00
if ( $result < 0 ) {
throw new RestException ( 500 , 'Error generating document' );
}
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'commande' || $modulepart == 'order' ) {
2017-12-27 15:48:20 +01:00
require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php' ;
2023-08-06 12:26:27 +02:00
$tmpobject = new Commande ( $this -> db );
$result = $tmpobject -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
2019-11-22 15:13:30 +01:00
if ( ! $result ) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 404 , 'Order not found' );
}
2023-08-06 12:26:27 +02:00
$templateused = $doctemplate ? $doctemplate : $tmpobject -> model_pdf ;
$result = $tmpobject -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
2019-11-22 15:13:30 +01:00
if ( $result <= 0 ) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 500 , 'Error generating document' );
}
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'propal' || $modulepart == 'proposal' ) {
2018-01-04 21:14:45 +01:00
require_once DOL_DOCUMENT_ROOT . '/comm/propal/class/propal.class.php' ;
2023-08-06 12:26:27 +02:00
$tmpobject = new Propal ( $this -> db );
$result = $tmpobject -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
2019-11-22 15:13:30 +01:00
if ( ! $result ) {
2018-01-04 21:14:45 +01:00
throw new RestException ( 404 , 'Proposal not found' );
}
2023-08-06 12:26:27 +02:00
$templateused = $doctemplate ? $doctemplate : $tmpobject -> model_pdf ;
$result = $tmpobject -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
2019-11-22 15:13:30 +01:00
if ( $result <= 0 ) {
2018-01-04 21:14:45 +01:00
throw new RestException ( 500 , 'Error generating document' );
}
2023-05-01 22:11:27 +02:00
} elseif ( $modulepart == 'contrat' || $modulepart == 'contract' ) {
require_once DOL_DOCUMENT_ROOT . '/contrat/class/contrat.class.php' ;
2023-08-06 12:26:27 +02:00
$tmpobject = new Contrat ( $this -> db );
$result = $tmpobject -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
2023-05-01 22:11:27 +02:00
if ( ! $result ) {
throw new RestException ( 404 , 'Contract not found' );
}
2023-08-06 12:26:27 +02:00
$templateused = $doctemplate ? $doctemplate : $tmpobject -> model_pdf ;
$result = $tmpobject -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
2023-05-01 22:11:27 +02:00
2023-10-16 15:50:23 +02:00
if ( $result <= 0 ) {
throw new RestException ( 500 , 'Error generating document missing doctemplate parameter' );
}
} elseif ( $modulepart == 'expedition' || $modulepart == 'shipment' ) {
require_once DOL_DOCUMENT_ROOT . '/expedition/class/expedition.class.php' ;
2023-10-20 02:20:26 +02:00
$tmpobject = new Expedition ( $this -> db );
$result = $tmpobject -> fetch ( 0 , preg_replace ( '/\.[^\.]+$/' , '' , basename ( $original_file )));
2023-10-16 15:50:23 +02:00
if ( ! $result ) {
throw new RestException ( 404 , 'Shipment not found' );
}
2023-10-20 02:20:26 +02:00
$templateused = $doctemplate ? $doctemplate : $tmpobject -> model_pdf ;
$result = $tmpobject -> generateDocument ( $templateused , $outputlangs , $hidedetails , $hidedesc , $hideref );
2023-10-16 15:50:23 +02:00
2023-05-01 22:11:27 +02:00
if ( $result <= 0 ) {
throw new RestException ( 500 , 'Error generating document missing doctemplate parameter' );
}
2020-10-31 09:03:09 +01:00
} else {
2017-12-27 15:48:20 +01:00
throw new RestException ( 403 , 'Generation not available for this modulepart' );
2017-10-05 10:21:52 +02:00
}
2017-09-28 12:14:49 +02:00
2017-10-05 10:21:52 +02:00
$filename = basename ( $original_file );
2019-11-22 15:13:30 +01:00
$original_file_osencoded = dol_osencode ( $original_file ); // New file name encoded in OS encoding charset
2017-09-28 12:14:49 +02:00
2021-02-23 17:44:43 +01:00
if ( ! file_exists ( $original_file_osencoded )) {
2017-10-07 13:09:31 +02:00
throw new RestException ( 404 , 'File not found' );
2017-10-05 10:21:52 +02:00
}
2017-09-28 12:14:49 +02:00
2019-11-22 15:13:30 +01:00
$file_content = file_get_contents ( $original_file_osencoded );
return array ( 'filename' => $filename , 'content-type' => dol_mimetype ( $filename ), 'filesize' => filesize ( $original_file ), 'content' => base64_encode ( $file_content ), 'langcode' => $outputlangs -> defaultlang , 'template' => $templateused , 'encoding' => 'base64' );
2017-10-07 13:09:31 +02:00
}
2017-10-12 12:28:10 +02:00
/**
2017-10-16 08:52:00 +02:00
* Return the list of documents of a dedicated element ( from its ID or Ref )
2017-10-12 12:28:10 +02:00
*
2023-05-10 12:23:32 +02:00
* Supported modules : thirdparty , user , member , proposal , order , supplier_order , shipment , invoice , supplier_invoice , product , event , expensereport , knowledgemanagement , category , contract
*
2020-02-25 14:47:05 +01:00
* @ param string $modulepart Name of module or area concerned ( 'thirdparty' , 'member' , 'proposal' , 'order' , 'invoice' , 'supplier_invoice' , 'shipment' , 'project' , ... )
2017-10-16 08:52:00 +02:00
* @ param int $id ID of element
2017-10-12 12:28:10 +02:00
* @ param string $ref Ref of element
2017-10-16 08:52:00 +02:00
* @ param string $sortfield Sort criteria ( '' , 'fullname' , 'relativename' , 'name' , 'date' , 'size' )
* @ param string $sortorder Sort order ( 'asc' or 'desc' )
* @ return array Array of documents with path
2017-10-12 12:28:10 +02:00
*
2017-11-06 11:06:31 +01:00
* @ url GET /
2024-01-13 19:34:51 +01:00
*
2024-01-14 12:26:37 +01:00
* @ throws RestException 400 Bad value for parameter modulepart , id or ref
2024-01-13 19:34:51 +01:00
* @ throws RestException 401 Access denied
* @ throws RestException 403 Generation not available for this modulepart
* @ throws RestException 404 Thirdparty , User , Member , Order , Invoice or Proposal not found
* @ throws RestException 500 Error while fetching object
* @ throws RestException 503 Error when retrieve ecm list
2017-10-12 12:28:10 +02:00
*/
2019-02-25 20:35:59 +01:00
public function getDocumentsListByElement ( $modulepart , $id = 0 , $ref = '' , $sortfield = '' , $sortorder = '' )
2017-10-12 12:28:10 +02:00
{
global $conf ;
if ( empty ( $modulepart )) {
throw new RestException ( 400 , 'bad value for parameter modulepart' );
}
if ( empty ( $id ) && empty ( $ref )) {
throw new RestException ( 400 , 'bad value for parameter id or ref' );
}
2019-11-22 15:13:30 +01:00
$id = ( empty ( $id ) ? 0 : $id );
2020-10-31 09:03:09 +01:00
$recursive = 0 ;
$type = 'files' ;
2017-10-12 12:28:10 +02:00
2021-02-23 17:44:43 +01:00
if ( $modulepart == 'societe' || $modulepart == 'thirdparty' ) {
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php' ;
2022-09-10 11:00:38 +02:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'societe' , 'lire' )) {
2017-10-12 12:28:10 +02:00
throw new RestException ( 401 );
}
$object = new Societe ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2017-10-12 12:28:10 +02:00
throw new RestException ( 404 , 'Thirdparty not found' );
}
2019-11-22 15:13:30 +01:00
$upload_dir = $conf -> societe -> multidir_output [ $object -> entity ] . " / " . $object -> id ;
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'user' ) {
2020-02-15 20:33:12 +01:00
require_once DOL_DOCUMENT_ROOT . '/user/class/user.class.php' ;
2020-02-18 22:49:53 +01:00
// Can get doc if has permission to read all user or if it is user itself
2020-02-18 22:50:13 +01:00
if ( ! DolibarrApiAccess :: $user -> rights -> user -> user -> lire && DolibarrApiAccess :: $user -> id != $id ) {
2020-02-15 20:33:12 +01:00
throw new RestException ( 401 );
}
$object = new User ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'User not found' );
}
$upload_dir = $conf -> user -> dir_output . '/' . get_exdir ( 0 , 0 , 0 , 0 , $object , 'user' ) . '/' . $object -> id ;
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'adherent' || $modulepart == 'member' ) {
2017-10-12 12:28:10 +02:00
require_once DOL_DOCUMENT_ROOT . '/adherents/class/adherent.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> adherent -> lire ) {
throw new RestException ( 401 );
}
$object = new Adherent ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2017-10-12 12:28:10 +02:00
throw new RestException ( 404 , 'Member not found' );
}
2019-11-22 15:13:30 +01:00
$upload_dir = $conf -> adherent -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'member' );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'propal' || $modulepart == 'proposal' ) {
2017-12-22 19:49:31 +01:00
require_once DOL_DOCUMENT_ROOT . '/comm/propal/class/propal.class.php' ;
2023-06-19 23:27:24 +02:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'propal' , 'lire' )) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 401 );
}
$object = new Propal ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 404 , 'Proposal not found' );
}
2021-10-06 18:50:29 +02:00
$upload_dir = $conf -> propal -> multidir_output [ $object -> entity ] . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'propal' );
} elseif ( $modulepart == 'supplier_proposal' ) {
require_once DOL_DOCUMENT_ROOT . '/supplier_proposal/class/supplier_proposal.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> supplier_proposal -> read ) {
throw new RestException ( 401 );
}
$object = new Propal ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Supplier proposal not found' );
}
2019-11-22 15:13:30 +01:00
$upload_dir = $conf -> propal -> multidir_output [ $object -> entity ] . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'propal' );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'commande' || $modulepart == 'order' ) {
2017-12-22 19:49:31 +01:00
require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php' ;
2023-06-19 23:27:24 +02:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'commande' , 'lire' )) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 401 );
}
$object = new Commande ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 404 , 'Order not found' );
}
2019-11-22 15:13:30 +01:00
$upload_dir = $conf -> commande -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'commande' );
2021-10-06 18:50:29 +02:00
} elseif ( $modulepart == 'commande_fournisseur' || $modulepart == 'supplier_order' ) {
$modulepart = 'supplier_order' ;
require_once DOL_DOCUMENT_ROOT . '/fourn/class/fournisseur.commande.class.php' ;
if ( empty ( DolibarrApiAccess :: $user -> rights -> fournisseur -> commande -> lire ) && empty ( DolibarrApiAccess :: $user -> rights -> supplier_order -> lire )) {
throw new RestException ( 401 );
}
$object = new CommandeFournisseur ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Purchase order not found' );
}
2023-06-05 19:54:48 +02:00
$upload_dir = $conf -> fournisseur -> dir_output . " /commande/ " . dol_sanitizeFileName ( $object -> ref );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'shipment' || $modulepart == 'expedition' ) {
2017-12-22 19:49:31 +01:00
require_once DOL_DOCUMENT_ROOT . '/expedition/class/expedition.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> expedition -> lire ) {
throw new RestException ( 401 );
}
$object = new Expedition ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 404 , 'Shipment not found' );
}
2019-11-22 15:13:30 +01:00
$upload_dir = $conf -> expedition -> dir_output . " /sending/ " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'shipment' );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'facture' || $modulepart == 'invoice' ) {
2017-12-22 19:49:31 +01:00
require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php' ;
2023-06-19 23:18:13 +02:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'facture' , 'lire' )) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 401 );
}
$object = new Facture ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2017-12-22 19:49:31 +01:00
throw new RestException ( 404 , 'Invoice not found' );
}
2019-11-22 15:13:30 +01:00
$upload_dir = $conf -> facture -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'invoice' );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice' ) {
2020-02-25 14:47:05 +01:00
$modulepart = 'supplier_invoice' ;
require_once DOL_DOCUMENT_ROOT . '/fourn/class/fournisseur.facture.class.php' ;
2021-10-06 18:50:29 +02:00
if ( empty ( DolibarrApiAccess :: $user -> rights -> fournisseur -> facture -> lire ) && empty ( DolibarrApiAccess :: $user -> rights -> supplier_invoice -> lire )) {
2020-02-25 14:47:05 +01:00
throw new RestException ( 401 );
}
$object = new FactureFournisseur ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Invoice not found' );
}
$upload_dir = $conf -> fournisseur -> dir_output . " /facture/ " . get_exdir ( $object -> id , 2 , 0 , 0 , $object , 'invoice_supplier' ) . dol_sanitizeFileName ( $object -> ref );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'produit' || $modulepart == 'product' ) {
2019-02-27 00:48:13 +01:00
require_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> produit -> lire ) {
throw new RestException ( 401 );
}
$object = new Product ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
2020-10-31 14:32:18 +01:00
if ( $result == 0 ) {
2019-02-27 00:48:13 +01:00
throw new RestException ( 404 , 'Product not found' );
2020-10-31 14:32:18 +01:00
} elseif ( $result < 0 ) {
2020-07-31 16:09:38 +02:00
throw new RestException ( 500 , 'Error while fetching object: ' . $object -> error );
2019-02-27 00:48:13 +01:00
}
2021-01-30 13:57:42 +01:00
$upload_dir = $conf -> product -> multidir_output [ $object -> entity ] . '/' . get_exdir ( 0 , 0 , 0 , 1 , $object , 'product' );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'agenda' || $modulepart == 'action' || $modulepart == 'event' ) {
2018-07-13 16:07:19 +02:00
require_once DOL_DOCUMENT_ROOT . '/comm/action/class/actioncomm.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> agenda -> myactions -> read && ! DolibarrApiAccess :: $user -> rights -> agenda -> allactions -> read ) {
throw new RestException ( 401 );
}
$object = new ActionComm ( $this -> db );
2019-11-22 15:13:30 +01:00
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2018-07-13 16:07:19 +02:00
throw new RestException ( 404 , 'Event not found' );
}
$upload_dir = $conf -> agenda -> dir_output . '/' . dol_sanitizeFileName ( $object -> ref );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'expensereport' ) {
2020-02-25 14:36:05 +01:00
require_once DOL_DOCUMENT_ROOT . '/expensereport/class/expensereport.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> expensereport -> read && ! DolibarrApiAccess :: $user -> rights -> expensereport -> read ) {
throw new RestException ( 401 );
}
$object = new ExpenseReport ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Expense report not found' );
}
$upload_dir = $conf -> expensereport -> dir_output . '/' . dol_sanitizeFileName ( $object -> ref );
2022-04-14 21:47:35 +02:00
} elseif ( $modulepart == 'knowledgemanagement' ) {
require_once DOL_DOCUMENT_ROOT . '/knowledgemanagement/class/knowledgerecord.class.php' ;
2023-02-11 22:13:15 +01:00
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'knowledgemanagement' , 'knowledgerecord' , 'read' ) && ! DolibarrApiAccess :: $user -> hasRight ( 'knowledgemanagement' , 'knowledgerecord' , 'read' )) {
2022-04-14 21:47:35 +02:00
throw new RestException ( 401 );
}
$object = new KnowledgeRecord ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
2022-04-14 22:16:17 +02:00
throw new RestException ( 404 , 'KM article not found' );
2022-04-14 21:47:35 +02:00
}
$upload_dir = $conf -> knowledgemanagement -> dir_output . '/knowledgerecord/' . dol_sanitizeFileName ( $object -> ref );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'categorie' || $modulepart == 'category' ) {
2020-04-05 11:20:24 +02:00
require_once DOL_DOCUMENT_ROOT . '/categories/class/categorie.class.php' ;
if ( ! DolibarrApiAccess :: $user -> rights -> categorie -> lire ) {
throw new RestException ( 401 );
}
$object = new Categorie ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Category not found' );
}
$upload_dir = $conf -> categorie -> multidir_output [ $object -> entity ] . '/' . get_exdir ( $object -> id , 2 , 0 , 0 , $object , 'category' ) . $object -> id . " /photos/ " . dol_sanitizeFileName ( $object -> ref );
2020-10-31 09:03:09 +01:00
} elseif ( $modulepart == 'ecm' ) {
2020-12-01 02:41:19 +01:00
throw new RestException ( 500 , 'Modulepart Ecm not implemented yet.' );
2023-12-04 11:41:14 +01:00
// require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
2020-10-31 09:03:09 +01:00
// if (!DolibarrApiAccess::$user->rights->ecm->read) {
// throw new RestException(401);
// }
// // $object = new EcmDirectory($this->db);
// // $result = $object->fetch($ref);
// // if (!$result) {
// // throw new RestException(404, 'EcmDirectory not found');
// // }
// $upload_dir = $conf->ecm->dir_output;
// $type = 'all';
// $recursive = 0;
2023-05-01 20:11:31 +02:00
} elseif ( $modulepart == 'contrat' || $modulepart == 'contract' ) {
2023-05-01 20:10:48 +02:00
$modulepart = 'contrat' ;
require_once DOL_DOCUMENT_ROOT . '/contrat/class/contrat.class.php' ;
$object = new Contrat ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Contract not found' );
}
$upload_dir = $conf -> contrat -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'contract' );
2023-07-25 23:24:11 +02:00
} elseif ( $modulepart == 'projet' || $modulepart == 'project' ) {
$modulepart = 'project' ;
require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php' ;
$object = new Project ( $this -> db );
$result = $object -> fetch ( $id , $ref );
if ( ! $result ) {
throw new RestException ( 404 , 'Project not found' );
}
$upload_dir = $conf -> projet -> dir_output . " / " . get_exdir ( 0 , 0 , 0 , 1 , $object , 'project' );
2020-10-31 09:03:09 +01:00
} else {
2017-10-12 12:28:10 +02:00
throw new RestException ( 500 , 'Modulepart ' . $modulepart . ' not implemented yet.' );
}
2022-11-26 00:02:17 +01:00
$objectType = $modulepart ;
2022-12-01 17:46:13 +01:00
if ( ! empty ( $object -> id ) && ! empty ( $object -> table_element )) {
$objectType = $object -> table_element ;
}
2022-11-26 00:02:17 +01:00
2023-12-04 11:41:14 +01:00
$filearray = dol_dir_list ( $upload_dir , $type , $recursive , '' , '(\.meta|_preview.*\.png)$' , $sortfield , ( strtolower ( $sortorder ) == 'desc' ? SORT_DESC : SORT_ASC ), 1 );
2017-10-12 12:28:10 +02:00
if ( empty ( $filearray )) {
2020-10-31 09:03:09 +01:00
throw new RestException ( 404 , 'Search for modulepart ' . $modulepart . ' with Id ' . $object -> id . ( ! empty ( $object -> ref ) ? ' or Ref ' . $object -> ref : '' ) . ' does not return any document.' );
2020-12-11 10:21:10 +01:00
} else {
if (( $object -> id ) > 0 && ! empty ( $modulepart )) {
2021-10-25 22:07:31 +02:00
require_once DOL_DOCUMENT_ROOT . '/ecm/class/ecmfiles.class.php' ;
2020-12-11 10:21:10 +01:00
$ecmfile = new EcmFiles ( $this -> db );
2022-11-26 00:02:17 +01:00
$result = $ecmfile -> fetchAll ( '' , '' , 0 , 0 , array ( 't.src_object_type' => $objectType , 't.src_object_id' => $object -> id ));
2020-12-11 10:21:10 +01:00
if ( $result < 0 ) {
2021-10-25 22:07:31 +02:00
throw new RestException ( 503 , 'Error when retrieve ecm list : ' . $this -> db -> lasterror ());
2020-12-11 10:21:10 +01:00
} elseif ( is_array ( $ecmfile -> lines ) && count ( $ecmfile -> lines ) > 0 ) {
2022-11-26 00:42:50 +01:00
$count = count ( $filearray );
for ( $i = 0 ; $i < $count ; $i ++ ) {
2023-10-31 00:46:53 +01:00
if ( $filearray [ $i ][ 'name' ] == $ecmfile -> lines [ $i ] -> filename ) {
$filearray [ $i ] = array_merge ( $filearray [ $i ], ( array ) $ecmfile -> lines [ 0 ]);
}
2022-11-26 00:02:17 +01:00
}
2020-12-11 10:21:10 +01:00
}
}
2017-10-12 12:28:10 +02:00
}
return $filearray ;
}
2017-10-07 13:09:31 +02:00
/**
* Return a document .
*
* @ param int $id ID of document
* @ return array Array with data of file
*
* @ throws RestException
*/
/*
2021-02-23 17:44:43 +01:00
public function get ( $id ) {
return array ( 'note' => 'xxx' );
} */
2017-10-05 10:21:52 +02:00
2017-10-07 13:09:31 +02:00
/**
2023-10-31 13:05:27 +01:00
* Upload a document .
2017-11-06 11:06:31 +01:00
*
2020-02-25 00:51:06 +01:00
* Test sample for invoice : { " filename " : " mynewfile.txt " , " modulepart " : " invoice " , " ref " : " FA1701-001 " , " subdir " : " " , " filecontent " : " content text " , " fileencoding " : " " , " overwriteifexists " : " 0 " } .
* Test sample for supplier invoice : { " filename " : " mynewfile.txt " , " modulepart " : " supplier_invoice " , " ref " : " FA1701-001 " , " subdir " : " " , " filecontent " : " content text " , " fileencoding " : " " , " overwriteifexists " : " 0 " } .
* Test sample for medias file : { " filename " : " mynewfile.txt " , " modulepart " : " medias " , " ref " : " " , " subdir " : " image/mywebsite " , " filecontent " : " Y29udGVudCB0ZXh0Cg== " , " fileencoding " : " base64 " , " overwriteifexists " : " 0 " } .
2017-10-07 13:09:31 +02:00
*
2023-05-10 12:23:32 +02:00
* Supported modules : invoice , order , supplier_order , task / project_task , product / service , expensereport , fichinter , member , propale , agenda , contact
*
2020-12-16 02:33:21 +01:00
* @ param string $filename Name of file to create ( 'FA1705-0123.txt' )
2021-10-06 16:19:36 +02:00
* @ param string $modulepart Name of module or area concerned by file upload ( 'product' , 'service' , 'invoice' , 'proposal' , 'project' , 'project_task' , 'supplier_invoice' , 'expensereport' , 'member' , ... )
2024-01-12 20:58:09 +01:00
* @ param string $ref Reference of object ( This will define subdir automatically and store submitted file into it )
2020-12-16 02:33:21 +01:00
* @ param string $subdir Subdirectory ( Only if ref not provided )
* @ param string $filecontent File content ( string with file content . An empty file will be created if this parameter is not provided )
* @ param string $fileencoding File encoding ( '' = no encoding , 'base64' = Base 64 )
* @ param int $overwriteifexists Overwrite file if exists ( 1 by default )
* @ param int $createdirifnotexists Create subdirectories if the doesn ' t exists ( 1 by default )
2020-10-31 14:32:18 +01:00
* @ return string
2017-11-06 11:06:31 +01:00
*
2017-12-27 15:48:20 +01:00
* @ url POST / upload
2024-01-13 19:34:51 +01:00
*
* @ throws RestException 400 Bad Request
* @ throws RestException 401 Access denied
* @ throws RestException 404 Object not found
* @ throws RestException 500 Error on file operationw
2017-10-07 13:09:31 +02:00
*/
2020-12-16 02:33:21 +01:00
public function post ( $filename , $modulepart , $ref = '' , $subdir = '' , $filecontent = '' , $fileencoding = '' , $overwriteifexists = 0 , $createdirifnotexists = 1 )
2017-10-07 13:09:31 +02:00
{
2023-08-06 12:26:27 +02:00
global $conf ;
2017-10-07 13:09:31 +02:00
2022-05-17 14:55:38 +02:00
//var_dump($modulepart);
//var_dump($filename);
//var_dump($filecontent);exit;
2017-10-05 10:21:52 +02:00
2023-10-31 00:46:53 +01:00
$modulepartorig = $modulepart ;
2021-02-23 17:44:43 +01:00
if ( empty ( $modulepart )) {
2017-10-08 23:26:35 +02:00
throw new RestException ( 400 , 'Modulepart not provided.' );
}
2016-12-12 15:19:47 +01:00
2017-10-07 13:09:31 +02:00
$newfilecontent = '' ;
2021-02-23 17:44:43 +01:00
if ( empty ( $fileencoding )) {
$newfilecontent = $filecontent ;
}
if ( $fileencoding == 'base64' ) {
$newfilecontent = base64_decode ( $filecontent );
}
2016-12-12 15:19:47 +01:00
2017-05-20 15:52:36 +02:00
$original_file = dol_sanitizeFileName ( $filename );
2016-12-12 15:19:47 +01:00
2017-05-20 15:52:36 +02:00
// Define $uploadir
$object = null ;
2017-10-16 09:29:10 +02:00
$entity = DolibarrApiAccess :: $user -> entity ;
2021-02-23 17:44:43 +01:00
if ( empty ( $entity )) {
$entity = 1 ;
}
2020-12-16 02:33:21 +01:00
2021-02-23 17:44:43 +01:00
if ( $ref ) {
2019-11-22 15:13:30 +01:00
$tmpreldir = '' ;
2023-03-17 21:07:30 +01:00
$fetchbyid = false ;
2017-10-16 09:29:10 +02:00
2021-02-23 17:44:43 +01:00
if ( $modulepart == 'facture' || $modulepart == 'invoice' ) {
2019-11-22 15:13:30 +01:00
$modulepart = 'facture' ;
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php' ;
2017-10-08 23:26:35 +02:00
$object = new Facture ( $this -> db );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice' ) {
2020-02-25 00:51:06 +01:00
$modulepart = 'supplier_invoice' ;
require_once DOL_DOCUMENT_ROOT . '/fourn/class/fournisseur.facture.class.php' ;
$object = new FactureFournisseur ( $this -> db );
2022-04-26 01:00:10 +02:00
} elseif ( $modulepart == 'commande' || $modulepart == 'order' ) {
2023-12-04 11:41:14 +01:00
$modulepart = 'commande' ;
2022-04-26 01:00:10 +02:00
2023-12-04 11:41:14 +01:00
require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php' ;
$object = new Commande ( $this -> db );
2022-04-26 01:00:10 +02:00
} elseif ( $modulepart == 'commande_fournisseur' || $modulepart == 'supplier_order' ) {
2023-12-04 11:41:14 +01:00
$modulepart = 'supplier_order' ;
2022-04-26 01:00:10 +02:00
2023-12-04 11:41:14 +01:00
require_once DOL_DOCUMENT_ROOT . '/fourn/class/fournisseur.commande.class.php' ;
$object = new CommandeFournisseur ( $this -> db );
2023-07-25 23:24:11 +02:00
} elseif ( $modulepart == 'projet' || $modulepart == 'project' ) {
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php' ;
2017-10-08 23:26:35 +02:00
$object = new Project ( $this -> db );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'task' || $modulepart == 'project_task' ) {
2017-10-08 23:26:35 +02:00
$modulepart = 'project_task' ;
2017-11-17 11:44:52 +01:00
require_once DOL_DOCUMENT_ROOT . '/projet/class/task.class.php' ;
2017-10-08 23:26:35 +02:00
$object = new Task ( $this -> db );
$task_result = $object -> fetch ( '' , $ref );
2017-12-27 15:48:20 +01:00
// Fetching the tasks project is required because its out_dir might be a sub-directory of the project
2021-02-23 17:44:43 +01:00
if ( $task_result > 0 ) {
2017-10-08 23:26:35 +02:00
$project_result = $object -> fetch_projet ();
2021-02-23 17:44:43 +01:00
if ( $project_result >= 0 ) {
2017-10-08 23:26:35 +02:00
$tmpreldir = dol_sanitizeFileName ( $object -> project -> ref ) . '/' ;
}
2020-10-31 09:03:09 +01:00
} else {
2017-10-08 23:26:35 +02:00
throw new RestException ( 500 , 'Error while fetching Task ' . $ref );
}
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service' || $modulepart == 'produit|service' ) {
2019-11-08 19:54:38 +01:00
require_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php' ;
$object = new Product ( $this -> db );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'expensereport' ) {
2020-02-25 14:36:05 +01:00
require_once DOL_DOCUMENT_ROOT . '/expensereport/class/expensereport.class.php' ;
$object = new ExpenseReport ( $this -> db );
2022-01-23 12:06:40 +01:00
} elseif ( $modulepart == 'fichinter' ) {
require_once DOL_DOCUMENT_ROOT . '/fichinter/class/fichinter.class.php' ;
$object = new Fichinter ( $this -> db );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'adherent' || $modulepart == 'member' ) {
2020-06-16 22:46:36 +02:00
$modulepart = 'adherent' ;
2020-06-14 14:42:54 +02:00
require_once DOL_DOCUMENT_ROOT . '/adherents/class/adherent.class.php' ;
$object = new Adherent ( $this -> db );
2021-02-23 17:44:43 +01:00
} elseif ( $modulepart == 'proposal' || $modulepart == 'propal' || $modulepart == 'propale' ) {
2020-10-28 01:47:25 +01:00
$modulepart = 'propale' ;
require_once DOL_DOCUMENT_ROOT . '/comm/propal/class/propal.class.php' ;
$object = new Propal ( $this -> db );
2023-05-01 22:11:35 +02:00
} elseif ( $modulepart == 'agenda' || $modulepart == 'action' || $modulepart == 'event' ) {
$modulepart = 'agenda' ;
require_once DOL_DOCUMENT_ROOT . '/comm/action/class/actioncomm.class.php' ;
$object = new ActionComm ( $this -> db );
2023-03-15 16:00:20 +01:00
} elseif ( $modulepart == 'contact' || $modulepart == 'socpeople' ) {
$modulepart = 'contact' ;
require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php' ;
$object = new Contact ( $this -> db );
$fetchbyid = true ;
2023-05-01 19:45:33 +02:00
} elseif ( $modulepart == 'contrat' || $modulepart == 'contract' ) {
$modulepart = 'contrat' ;
require_once DOL_DOCUMENT_ROOT . '/contrat/class/contrat.class.php' ;
$object = new Contrat ( $this -> db );
2020-10-31 09:03:09 +01:00
} else {
2020-12-01 02:41:19 +01:00
// TODO Implement additional moduleparts
2017-10-08 23:26:35 +02:00
throw new RestException ( 500 , 'Modulepart ' . $modulepart . ' not implemented yet.' );
}
2021-02-23 17:44:43 +01:00
if ( is_object ( $object )) {
2023-03-15 16:00:20 +01:00
if ( $fetchbyid ) {
$result = $object -> fetch ( $ref );
} else {
$result = $object -> fetch ( '' , $ref );
}
2017-10-08 23:26:35 +02:00
2021-02-23 17:44:43 +01:00
if ( $result == 0 ) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 404 , " Object with ref ' " . $ref . " ' was not found. " );
2021-02-23 17:44:43 +01:00
} elseif ( $result < 0 ) {
2020-07-31 16:09:38 +02:00
throw new RestException ( 500 , 'Error while fetching object: ' . $object -> error );
2017-10-08 23:26:35 +02:00
}
2017-10-06 02:42:32 +02:00
}
2020-12-16 02:33:21 +01:00
if ( ! ( $object -> id > 0 )) {
2021-02-23 17:44:43 +01:00
throw new RestException ( 404 , 'The object ' . $modulepart . " with ref ' " . $ref . " ' was not found. " );
2017-10-06 02:42:32 +02:00
}
2020-02-25 00:51:06 +01:00
// Special cases that need to use get_exdir to get real dir of object
2022-04-26 01:00:10 +02:00
// In future, all object should use this to define path of documents.
2020-02-25 00:51:06 +01:00
if ( $modulepart == 'supplier_invoice' ) {
$tmpreldir = get_exdir ( $object -> id , 2 , 0 , 0 , $object , 'invoice_supplier' );
}
2023-10-26 12:22:54 +02:00
// Test on permissions
if ( $modulepart != 'ecm' ) {
$relativefile = $tmpreldir . dol_sanitizeFileName ( $object -> ref );
$tmp = dol_check_secure_access_document ( $modulepart , $relativefile , $entity , DolibarrApiAccess :: $user , $ref , 'write' );
$upload_dir = $tmp [ 'original_file' ]; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
} else {
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'ecm' , 'upload' )) {
throw new RestException ( 401 , 'Missing permission to upload files in ECM module' );
}
$upload_dir = $conf -> medias -> multidir_output [ $conf -> entity ];
}
2017-10-06 02:42:32 +02:00
2021-02-23 17:44:43 +01:00
if ( empty ( $upload_dir ) || $upload_dir == '/' ) {
2020-12-16 02:33:21 +01:00
throw new RestException ( 500 , 'This value of modulepart (' . $modulepart . ') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.' );
2017-10-06 02:42:32 +02:00
}
2020-10-31 09:03:09 +01:00
} else {
2021-02-23 17:44:43 +01:00
if ( $modulepart == 'invoice' ) {
$modulepart = 'facture' ;
}
if ( $modulepart == 'member' ) {
$modulepart = 'adherent' ;
}
2017-10-05 10:21:52 +02:00
2023-10-26 12:22:54 +02:00
// Test on permissions
if ( $modulepart != 'ecm' ) {
$relativefile = $subdir ;
$tmp = dol_check_secure_access_document ( $modulepart , $relativefile , $entity , DolibarrApiAccess :: $user , '' , 'write' );
$upload_dir = $tmp [ 'original_file' ]; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
} else {
if ( ! DolibarrApiAccess :: $user -> hasRight ( 'ecm' , 'upload' )) {
throw new RestException ( 401 , 'Missing permission to upload files in ECM module' );
}
$upload_dir = $conf -> medias -> multidir_output [ $conf -> entity ];
}
2017-05-20 15:52:36 +02:00
2020-12-16 02:33:21 +01:00
if ( empty ( $upload_dir ) || $upload_dir == '/' ) {
if ( ! empty ( $tmp [ 'error' ])) {
throw new RestException ( 401 , 'Error returned by dol_check_secure_access_document: ' . $tmp [ 'error' ]);
} else {
2024-01-13 19:34:51 +01:00
throw new RestException ( 400 , 'This value of modulepart (' . $modulepart . ') is not allowed with this value of subdir (' . $relativefile . ')' );
2020-12-16 02:33:21 +01:00
}
2017-10-06 02:42:32 +02:00
}
2016-12-12 15:19:47 +01:00
}
2017-12-27 15:48:20 +01:00
// $original_file here is still value of filename without any dir.
2017-10-05 10:21:52 +02:00
2017-05-20 15:52:36 +02:00
$upload_dir = dol_sanitizePathName ( $upload_dir );
2019-11-08 19:58:49 +01:00
2020-12-16 02:33:21 +01:00
if ( ! empty ( $createdirifnotexists )) {
if ( dol_mkdir ( $upload_dir ) < 0 ) { // needed by products
2020-12-23 17:25:38 +01:00
throw new RestException ( 500 , 'Error while trying to create directory ' . $upload_dir );
2020-12-16 02:33:21 +01:00
}
2019-11-08 19:54:38 +01:00
}
2017-10-05 10:21:52 +02:00
2019-11-22 15:13:30 +01:00
$destfile = $upload_dir . '/' . $original_file ;
$destfiletmp = DOL_DATA_ROOT . '/admin/temp/' . $original_file ;
2017-05-21 14:06:43 +02:00
dol_delete_file ( $destfiletmp );
2017-12-27 15:48:20 +01:00
//var_dump($original_file);exit;
2017-10-05 10:21:52 +02:00
2017-12-27 15:48:20 +01:00
if ( ! dol_is_dir ( dirname ( $destfile ))) {
2024-01-13 19:34:51 +01:00
throw new RestException ( 400 , 'Directory does not exists : ' . dirname ( $destfile ));
2017-10-06 02:42:32 +02:00
}
2017-10-05 10:21:52 +02:00
2020-12-16 02:33:21 +01:00
if ( ! $overwriteifexists && dol_is_file ( $destfile )) {
2024-01-13 19:34:51 +01:00
throw new RestException ( 400 , " File with name ' " . $original_file . " ' already exists. " );
2017-10-06 02:42:32 +02:00
}
2017-10-05 10:21:52 +02:00
2023-05-02 05:58:18 +02:00
// in case temporary directory admin/temp doesn't exist
if ( ! dol_is_dir ( dirname ( $destfiletmp ))) {
dol_mkdir ( dirname ( $destfiletmp ));
2023-05-01 22:11:35 +02:00
}
2017-10-06 02:42:32 +02:00
$fhandle = @ fopen ( $destfiletmp , 'w' );
2020-10-31 09:08:07 +01:00
if ( $fhandle ) {
2017-10-06 02:42:32 +02:00
$nbofbyteswrote = fwrite ( $fhandle , $newfilecontent );
fclose ( $fhandle );
2023-02-17 19:30:50 +01:00
dolChmod ( $destfiletmp );
2020-10-31 09:03:09 +01:00
} else {
2017-10-06 02:42:32 +02:00
throw new RestException ( 500 , " Failed to open file ' " . $destfiletmp . " ' for write " );
}
2016-12-12 15:19:47 +01:00
2023-07-12 22:56:27 +02:00
$disablevirusscan = 0 ;
$src_file = $destfiletmp ;
$dest_file = $destfile ;
// Security:
// If we need to make a virus scan
if ( empty ( $disablevirusscan ) && file_exists ( $src_file )) {
2024-01-09 21:37:53 +01:00
$checkvirusarray = dolCheckVirus ( $src_file , $dest_file );
2023-07-12 22:56:27 +02:00
if ( count ( $checkvirusarray )) {
dol_syslog ( 'Files.lib::dol_move_uploaded_file File "' . $src_file . '" (target name "' . $dest_file . '") KO with antivirus: errors=' . join ( ',' , $checkvirusarray ), LOG_WARNING );
throw new RestException ( 500 , 'ErrorFileIsInfectedWithAVirus: ' . join ( ',' , $checkvirusarray ));
}
}
// Security:
// Disallow file with some extensions. We rename them.
// Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
2023-10-24 17:00:13 +02:00
if ( isAFileWithExecutableContent ( $dest_file ) && ! getDolGlobalString ( 'MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED' )) {
2023-07-12 22:56:27 +02:00
// $upload_dir ends with a slash, so be must be sure the medias dir to compare to ends with slash too.
$publicmediasdirwithslash = $conf -> medias -> multidir_output [ $conf -> entity ];
if ( ! preg_match ( '/\/$/' , $publicmediasdirwithslash )) {
$publicmediasdirwithslash .= '/' ;
}
if ( strpos ( $upload_dir , $publicmediasdirwithslash ) !== 0 || ! getDolGlobalInt ( " MAIN_DOCUMENT_DISABLE_NOEXE_IN_MEDIAS_DIR " )) { // We never add .noexe on files into media directory
$dest_file .= '.noexe' ;
}
}
// Security:
// We refuse cache files/dirs, upload using .. and pipes into filenames.
if ( preg_match ( '/^\./' , basename ( $src_file )) || preg_match ( '/\.\./' , $src_file ) || preg_match ( '/[<>|]/' , $src_file )) {
dol_syslog ( " Refused to deliver file " . $src_file , LOG_WARNING );
throw new RestException ( 500 , " Refused to deliver file " . $src_file );
}
// Security:
// We refuse cache files/dirs, upload using .. and pipes into filenames.
if ( preg_match ( '/^\./' , basename ( $dest_file )) || preg_match ( '/\.\./' , $dest_file ) || preg_match ( '/[<>|]/' , $dest_file )) {
dol_syslog ( " Refused to deliver file " . $dest_file , LOG_WARNING );
throw new RestException ( 500 , " Refused to deliver file " . $dest_file );
}
2023-10-31 00:46:53 +01:00
$moreinfo = array ( 'note_private' => 'File uploaded using API /documents from IP ' . getUserRemoteIP ());
if ( ! empty ( $object ) && is_object ( $object ) && $object -> id > 0 ) {
2023-10-31 10:44:58 +01:00
$moreinfo [ 'src_object_type' ] = $object -> table_element ;
2023-10-31 00:46:53 +01:00
$moreinfo [ 'src_object_id' ] = $object -> id ;
}
// Move the temporary file at its final emplacement
$result = dol_move ( $destfiletmp , $dest_file , 0 , $overwriteifexists , 1 , 1 , $moreinfo );
2020-10-31 09:08:07 +01:00
if ( ! $result ) {
2017-12-27 15:48:20 +01:00
throw new RestException ( 500 , " Failed to move file into ' " . $destfile . " ' " );
}
2017-10-06 02:42:32 +02:00
2017-12-27 15:48:20 +01:00
return dol_basename ( $destfile );
2017-10-06 02:42:32 +02:00
}
2019-11-09 00:48:46 +01:00
2019-11-09 00:47:03 +01:00
/**
* Delete a document .
*
* @ param string $modulepart Name of module or area concerned by file download ( 'product' , ... )
* @ param string $original_file Relative path with filename , relative to modulepart ( for example : PRODUCT - REF - 999 / IMAGE - 999. jpg )
* @ return array List of documents
*
2019-11-09 11:52:03 +01:00
* @ url DELETE /
2024-01-13 19:34:51 +01:00
*
* @ throws RestException 400 Bad value for parameter modulepart
* @ throws RestException 400 Bad value for parameter original_file
* @ throws RestException 401 Access denied
* @ throws RestException 404 File not found
* @ throws RestException 500 Error on file operation
2019-11-09 00:47:03 +01:00
*/
2019-11-09 19:01:03 +01:00
public function delete ( $modulepart , $original_file )
2019-11-09 00:47:03 +01:00
{
2020-10-31 14:32:18 +01:00
global $conf , $langs ;
2019-11-09 00:48:46 +01:00
2020-10-31 14:32:18 +01:00
if ( empty ( $modulepart )) {
throw new RestException ( 400 , 'bad value for parameter modulepart' );
}
if ( empty ( $original_file )) {
throw new RestException ( 400 , 'bad value for parameter original_file' );
}
2019-11-09 00:48:46 +01:00
2020-10-31 14:32:18 +01:00
//--- Finds and returns the document
$entity = $conf -> entity ;
2019-11-09 00:48:46 +01:00
2020-10-31 14:32:18 +01:00
// Special cases that need to use get_exdir to get real dir of object
// If future, all object should use this to define path of documents.
/*
2021-02-23 17:44:43 +01:00
$tmpreldir = '' ;
if ( $modulepart == 'supplier_invoice' ) {
$tmpreldir = get_exdir ( $object -> id , 2 , 0 , 0 , $object , 'invoice_supplier' );
}
2020-02-25 14:59:47 +01:00
2021-02-23 17:44:43 +01:00
$relativefile = $tmpreldir . dol_sanitizeFileName ( $object -> ref ); */
2020-10-31 14:32:18 +01:00
$relativefile = $original_file ;
2020-02-25 14:59:47 +01:00
2020-10-31 14:32:18 +01:00
$check_access = dol_check_secure_access_document ( $modulepart , $relativefile , $entity , DolibarrApiAccess :: $user , '' , 'read' );
$accessallowed = $check_access [ 'accessallowed' ];
$sqlprotectagainstexternals = $check_access [ 'sqlprotectagainstexternals' ];
$original_file = $check_access [ 'original_file' ];
2019-11-09 00:48:46 +01:00
2020-10-31 14:32:18 +01:00
if ( preg_match ( '/\.\./' , $original_file ) || preg_match ( '/[<>|]/' , $original_file )) {
throw new RestException ( 401 );
}
if ( ! $accessallowed ) {
throw new RestException ( 401 );
}
2019-11-09 00:48:46 +01:00
2020-10-31 14:32:18 +01:00
$filename = basename ( $original_file );
$original_file_osencoded = dol_osencode ( $original_file ); // New file name encoded in OS encoding charset
2019-11-09 00:48:46 +01:00
2021-02-23 17:44:43 +01:00
if ( ! file_exists ( $original_file_osencoded )) {
2020-10-31 14:32:18 +01:00
dol_syslog ( " Try to download not found file " . $original_file_osencoded , LOG_WARNING );
throw new RestException ( 404 , 'File not found' );
}
2019-11-09 00:48:46 +01:00
2020-10-31 14:32:18 +01:00
if ( @ unlink ( $original_file_osencoded )) {
return array (
'success' => array (
'code' => 200 ,
'message' => 'Document deleted'
)
);
}
2019-11-09 00:48:46 +01:00
2020-10-31 14:32:18 +01:00
throw new RestException ( 401 );
2019-11-09 00:47:03 +01:00
}
2017-10-06 02:42:32 +02:00
2020-10-31 14:32:18 +01:00
// phpcs:disable PEAR.NamingConventions.ValidFunctionName
2017-10-06 02:42:32 +02:00
/**
* Validate fields before create or update object
*
* @ param array $data Array with data to verify
* @ return array
* @ throws RestException
*/
2020-10-31 14:32:18 +01:00
private function _validate_file ( $data )
{
// phpcs:enable
2017-10-06 02:42:32 +02:00
$result = array ();
foreach ( Documents :: $DOCUMENT_FIELDS as $field ) {
2021-02-23 17:44:43 +01:00
if ( ! isset ( $data [ $field ])) {
2017-10-06 02:42:32 +02:00
throw new RestException ( 400 , " $field field missing " );
2021-02-23 17:44:43 +01:00
}
2017-10-06 02:42:32 +02:00
$result [ $field ] = $data [ $field ];
}
return $result ;
}
2016-12-12 15:19:47 +01:00
}
