Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move 401 to 403

Browse Source
This commit is contained in:
Laurent Destailleur 2024-02-01 19:16:58 +01:00
parent cbe1b75332
commit c9823f2b8d
29 changed files with 382 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/adherents/class/api_members.class.php
View File

@ -545,14 +545,14 @@ class Members extends DolibarrApi
*
* @url GET {id}/categories
*
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 404 Category not found
* @throws RestException 503 Error when retrieving Category list
*/
public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
{
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
if (!DolibarrApiAccess::$user->hasRight('categorie', 'lire')) {
throw new RestException(403);
}
$categories = new Categorie($this->db);

68
htdocs/api/class/api_documents.class.php
View File

@ -63,7 +63,7 @@ class Documents extends DolibarrApi
* @url GET /download
*
* @throws RestException 400 Bad value for parameter modulepart or original_file
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 404 File not found
*/
public function index($modulepart, $original_file = '')
@ -97,10 +97,10 @@ class Documents extends DolibarrApi
$original_file = $check_access['original_file'];
if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
throw new RestException(401);
throw new RestException(403);
}
if (!$accessallowed) {
throw new RestException(401);
throw new RestException(403);
}
$filename = basename($original_file);
@ -132,8 +132,7 @@ class Documents extends DolibarrApi
* @url PUT /builddoc
*
* @throws RestException 400 Bad value for parameter modulepart or original_file
* @throws RestException 401 Access denied
* @throws RestException 403 Generation not available for this modulepart
* @throws RestException 403 Access denied
* @throws RestException 404 Invoice, Order, Proposal, Contract or Shipment not found
* @throws RestException 500 Error generating document
* @throws RestException 501 File not found
@ -175,10 +174,10 @@ class Documents extends DolibarrApi
$original_file = $check_access['original_file'];
if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
throw new RestException(401);
throw new RestException(403);
}
if (!$accessallowed) {
throw new RestException(401);
throw new RestException(403);
}
// --- Generates the document
@ -300,8 +299,7 @@ class Documents extends DolibarrApi
* @url GET /
*
* @throws RestException 400 Bad value for parameter modulepart, id or ref
* @throws RestException 401 Access denied
* @throws RestException 403 Generation not available for this modulepart
* @throws RestException 403 Access denied
* @throws RestException 404 Thirdparty, User, Member, Order, Invoice or Proposal not found
* @throws RestException 500 Error while fetching object
* @throws RestException 503 Error when retrieve ecm list
@ -326,7 +324,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
@ -341,7 +339,7 @@ class Documents extends DolibarrApi
// Can get doc if has permission to read all user or if it is user itself
if (!DolibarrApiAccess::$user->rights->user->user->lire && DolibarrApiAccess::$user->id != $id) {
throw new RestException(401);
throw new RestException(403);
}
$object = new User($this->db);
@ -355,7 +353,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Adherent($this->db);
@ -369,7 +367,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Propal($this->db);
@ -383,7 +381,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
if (!DolibarrApiAccess::$user->rights->supplier_proposal->read) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Propal($this->db);
@ -397,7 +395,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Commande($this->db);
@ -413,7 +411,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->lire) && empty(DolibarrApiAccess::$user->rights->supplier_order->lire)) {
throw new RestException(401);
throw new RestException(403);
}
$object = new CommandeFournisseur($this->db);
@ -427,7 +425,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
if (!DolibarrApiAccess::$user->rights->expedition->lire) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Expedition($this->db);
@ -441,7 +439,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Facture($this->db);
@ -456,8 +454,8 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
if (empty(DolibarrApiAccess::$user->rights->fournisseur->facture->lire) && empty(DolibarrApiAccess::$user->rights->supplier_invoice->lire)) {
throw new RestException(401);
if (!DolibarrApiAccess::$user->hasRight('fournisseur', 'facture', 'lire') && !DolibarrApiAccess::$user->hasRight('supplier_invoice', 'lire')) {
throw new RestException(403);
}
$object = new FactureFournisseur($this->db);
@ -471,7 +469,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Product($this->db);
@ -487,7 +485,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) {
throw new RestException(401);
throw new RestException(403);
}
$object = new ActionComm($this->db);
@ -501,7 +499,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
throw new RestException(401);
throw new RestException(403);
}
$object = new ExpenseReport($this->db);
@ -515,7 +513,7 @@ class Documents extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php';
if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read') && !DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new KnowledgeRecord($this->db);
@ -528,8 +526,8 @@ class Documents extends DolibarrApi
} elseif ($modulepart == 'categorie' || $modulepart == 'category') {
require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
if (!DolibarrApiAccess::$user->hasRight('categorie', 'lire')) {
throw new RestException(403);
}
$object = new Categorie($this->db);
@ -544,7 +542,7 @@ class Documents extends DolibarrApi
// require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
// if (!DolibarrApiAccess::$user->rights->ecm->read) {
// throw new RestException(401);
// throw new RestException(403);
// }
// // $object = new EcmDirectory($this->db);
@ -647,7 +645,7 @@ class Documents extends DolibarrApi
* @url POST /upload
*
* @throws RestException 400 Bad Request
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 404 Object not found
* @throws RestException 500 Error on file operationw
*/
@ -793,7 +791,7 @@ class Documents extends DolibarrApi
$upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
} else {
if (!DolibarrApiAccess::$user->hasRight('ecm', 'upload')) {
throw new RestException(401, 'Missing permission to upload files in ECM module');
throw new RestException(403, 'Missing permission to upload files in ECM module');
}
$upload_dir = $conf->medias->multidir_output[$conf->entity];
}
@ -816,14 +814,14 @@ class Documents extends DolibarrApi
$upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
} else {
if (!DolibarrApiAccess::$user->hasRight('ecm', 'upload')) {
throw new RestException(401, 'Missing permission to upload files in ECM module');
throw new RestException(403, 'Missing permission to upload files in ECM module');
}
$upload_dir = $conf->medias->multidir_output[$conf->entity];
}
if (empty($upload_dir) || $upload_dir == '/') {
if (!empty($tmp['error'])) {
throw new RestException(401, 'Error returned by dol_check_secure_access_document: '.$tmp['error']);
throw new RestException(403, 'Error returned by dol_check_secure_access_document: '.$tmp['error']);
} else {
throw new RestException(400, 'This value of modulepart ('.$modulepart.') is not allowed with this value of subdir ('.$relativefile.')');
}
@ -935,7 +933,7 @@ class Documents extends DolibarrApi
*
* @throws RestException 400 Bad value for parameter modulepart
* @throws RestException 400 Bad value for parameter original_file
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 404 File not found
* @throws RestException 500 Error on file operation
*/
@ -970,10 +968,10 @@ class Documents extends DolibarrApi
$original_file = $check_access['original_file'];
if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
throw new RestException(401);
throw new RestException(403);
}
if (!$accessallowed) {
throw new RestException(401);
throw new RestException(403);
}
$filename = basename($original_file);
@ -993,7 +991,7 @@ class Documents extends DolibarrApi
);
}
throw new RestException(401);
throw new RestException(403);
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName

19
htdocs/api/class/api_setup.class.php
View File

@ -64,7 +64,7 @@ class Setup extends DolibarrApi
* @return array [List of ordering methods]
*
* @throws RestException 400 Bad value for sqlfilters
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 503 Error retrieving list of ordering methods
*/
public function getOrderingMethods($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '')
@ -72,7 +72,7 @@ class Setup extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid, code, libelle as label, module";
@ -128,7 +128,7 @@ class Setup extends DolibarrApi
* @url GET dictionary/ordering_origins
*
* @throws RestException 400 Bad value for sqlfilters
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 503 Error retrieving list of ordering origins
*/
public function getOrderingOrigins($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '')
@ -136,7 +136,7 @@ class Setup extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid, code, label, module";
@ -193,7 +193,7 @@ class Setup extends DolibarrApi
* @return array [List of payment types]
*
* @throws RestException 400 Bad value for sqlfilters
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 503 Error retrieving list of payment types
*/
public function getPaymentTypes($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '')
@ -201,7 +201,7 @@ class Setup extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire') && !DolibarrApiAccess::$user->hasRight('commande', 'lire') && !DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT id, code, type, libelle as label, module";
@ -671,7 +671,7 @@ class Setup extends DolibarrApi
* @return array [List of availability]
*
* @throws RestException 400 Bad value for sqlfilters
* @throws RestException 401 Access denied
* @throws RestException 403 Access denied
* @throws RestException 503 Error when retrieving list of availabilities
*/
public function getAvailability($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '')
@ -679,7 +679,7 @@ class Setup extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid, code, label";
@ -1266,6 +1266,7 @@ class Setup extends DolibarrApi
* @return array List of payment terms
*
* @throws RestException 400 Bad value for sqlfilters
* @throws RestException 403 Access denied
* @throws RestException 503 Error when retrieving list of payments terms
*/
public function getPaymentTerms($sortfield = "sortorder", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '')
@ -1273,7 +1274,7 @@ class Setup extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire') && !DolibarrApiAccess::$user->hasRight('commande', 'lire') && !DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module";

92
htdocs/categories/class/api_categories.class.php
View File

@ -90,7 +90,7 @@ class Categories extends DolibarrApi
public function get($id, $include_childs = false)
{
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->category->fetch($id);
@ -137,7 +137,7 @@ class Categories extends DolibarrApi
$obj_ret = array();
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT t.rowid";
@ -194,7 +194,7 @@ class Categories extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->categorie->creer) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields (throw an exception if wrong)
@ -225,7 +225,7 @@ class Categories extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->categorie->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->category->fetch($id);
@ -266,7 +266,7 @@ class Categories extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->categorie->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->category->fetch($id);
if (!$result) {
@ -317,23 +317,23 @@ class Categories extends DolibarrApi
Categorie::TYPE_PROJECT,
Categorie::TYPE_KNOWLEDGEMANAGEMENT
])) {
throw new RestException(401);
throw new RestException(403);
}
if ($type == Categorie::TYPE_PRODUCT && !(DolibarrApiAccess::$user->rights->produit->lire || DolibarrApiAccess::$user->rights->service->lire)) {
throw new RestException(401);
throw new RestException(403);
} elseif ($type == Categorie::TYPE_CONTACT && !DolibarrApiAccess::$user->rights->contact->lire) {
throw new RestException(401);
throw new RestException(403);
} elseif ($type == Categorie::TYPE_CUSTOMER && !DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
} elseif ($type == Categorie::TYPE_SUPPLIER && !DolibarrApiAccess::$user->rights->fournisseur->lire) {
throw new RestException(401);
throw new RestException(403);
} elseif ($type == Categorie::TYPE_MEMBER && !DolibarrApiAccess::$user->rights->adherent->lire) {
throw new RestException(401);
throw new RestException(403);
} elseif ($type == Categorie::TYPE_PROJECT && !DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
} elseif ($type == Categorie::TYPE_KNOWLEDGEMANAGEMENT && !DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$categories = $this->category->getListForItem($id, $type, $sortfield, $sortorder, $limit, $page);
@ -359,11 +359,11 @@ class Categories extends DolibarrApi
public function linkObjectById($id, $type, $object_id)
{
if (empty($type) || empty($object_id)) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->category->fetch($id);
@ -373,27 +373,27 @@ class Categories extends DolibarrApi
if ($type === Categorie::TYPE_PRODUCT) {
if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Product($this->db);
} elseif ($type === Categorie::TYPE_CUSTOMER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_SUPPLIER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_CONTACT) {
if (!DolibarrApiAccess::$user->rights->societe->contact->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Contact($this->db);
} elseif ($type === Categorie::TYPE_MEMBER) {
if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Adherent($this->db);
} else {
@ -421,7 +421,7 @@ class Categories extends DolibarrApi
);
}
throw new RestException(401);
throw new RestException(403);
}
/**
@ -439,11 +439,11 @@ class Categories extends DolibarrApi
public function linkObjectByRef($id, $type, $object_ref)
{
if (empty($type) || empty($object_ref)) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->category->fetch($id);
@ -453,27 +453,27 @@ class Categories extends DolibarrApi
if ($type === Categorie::TYPE_PRODUCT) {
if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Product($this->db);
} elseif ($type === Categorie::TYPE_CUSTOMER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_SUPPLIER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_CONTACT) {
if (!DolibarrApiAccess::$user->rights->societe->contact->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Contact($this->db);
} elseif ($type === Categorie::TYPE_MEMBER) {
if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Adherent($this->db);
} else {
@ -501,7 +501,7 @@ class Categories extends DolibarrApi
);
}
throw new RestException(401);
throw new RestException(403);
}
/**
@ -519,11 +519,11 @@ class Categories extends DolibarrApi
public function unlinkObjectById($id, $type, $object_id)
{
if (empty($type) || empty($object_id)) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->category->fetch($id);
@ -533,27 +533,27 @@ class Categories extends DolibarrApi
if ($type === Categorie::TYPE_PRODUCT) {
if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Product($this->db);
} elseif ($type === Categorie::TYPE_CUSTOMER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_SUPPLIER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_CONTACT) {
if (!DolibarrApiAccess::$user->rights->societe->contact->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Contact($this->db);
} elseif ($type === Categorie::TYPE_MEMBER) {
if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Adherent($this->db);
} else {
@ -579,7 +579,7 @@ class Categories extends DolibarrApi
);
}
throw new RestException(401);
throw new RestException(403);
}
/**
@ -597,11 +597,11 @@ class Categories extends DolibarrApi
public function unlinkObjectByRef($id, $type, $object_ref)
{
if (empty($type) || empty($object_ref)) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->category->fetch($id);
@ -611,27 +611,27 @@ class Categories extends DolibarrApi
if ($type === Categorie::TYPE_PRODUCT) {
if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Product($this->db);
} elseif ($type === Categorie::TYPE_CUSTOMER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_SUPPLIER) {
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Societe($this->db);
} elseif ($type === Categorie::TYPE_CONTACT) {
if (!DolibarrApiAccess::$user->rights->societe->contact->creer) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Contact($this->db);
} elseif ($type === Categorie::TYPE_MEMBER) {
if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) {
throw new RestException(401);
throw new RestException(403);
}
$object = new Adherent($this->db);
} else {
@ -657,7 +657,7 @@ class Categories extends DolibarrApi
);
}
throw new RestException(401);
throw new RestException(403);
}
@ -754,7 +754,7 @@ class Categories extends DolibarrApi
dol_syslog("getObjects($id, $type, $onlyids)", LOG_DEBUG);
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($type)) {

30
htdocs/comm/propal/class/api_proposals.class.php
View File

@ -122,7 +122,7 @@ class Proposals extends DolibarrApi
private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = 1)
{
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id, $ref, $ref_ext);
@ -164,7 +164,7 @@ class Proposals extends DolibarrApi
global $db, $conf;
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -289,7 +289,7 @@ class Proposals extends DolibarrApi
public function getLines($id, $sqlfilters = '')
{
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -331,7 +331,7 @@ class Proposals extends DolibarrApi
public function postLine($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -397,7 +397,7 @@ class Proposals extends DolibarrApi
public function postLines($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -477,7 +477,7 @@ class Proposals extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -555,7 +555,7 @@ class Proposals extends DolibarrApi
public function deleteLine($id, $lineid)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -591,7 +591,7 @@ class Proposals extends DolibarrApi
public function postContact($id, $contactid, $type)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -639,7 +639,7 @@ class Proposals extends DolibarrApi
public function deleteContact($id, $contactid, $type)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -677,7 +677,7 @@ class Proposals extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
@ -727,7 +727,7 @@ class Proposals extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->propal->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
if (!$result) {
@ -761,7 +761,7 @@ class Proposals extends DolibarrApi
public function settodraft($id)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
if (!$result) {
@ -817,7 +817,7 @@ class Proposals extends DolibarrApi
public function validate($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
if (!$result) {
@ -864,7 +864,7 @@ class Proposals extends DolibarrApi
public function close($id, $status, $note_private = '', $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
if (!$result) {
@ -908,7 +908,7 @@ class Proposals extends DolibarrApi
public function setinvoiced($id)
{
if (!DolibarrApiAccess::$user->rights->propal->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->propal->fetch($id);
if (!$result) {

40
htdocs/commande/class/api_orders.class.php
View File

@ -119,7 +119,7 @@ class Orders extends DolibarrApi
private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = 1)
{
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id, $ref, $ref_ext);
@ -166,7 +166,7 @@ class Orders extends DolibarrApi
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $sqlfilterlines = '', $properties = '')
{
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -306,7 +306,7 @@ class Orders extends DolibarrApi
public function getLines($id)
{
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -338,7 +338,7 @@ class Orders extends DolibarrApi
public function postLine($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -405,7 +405,7 @@ class Orders extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -473,7 +473,7 @@ class Orders extends DolibarrApi
public function deleteLine($id, $lineid)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -509,7 +509,7 @@ class Orders extends DolibarrApi
public function getContacts($id, $type = '')
{
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -542,7 +542,7 @@ class Orders extends DolibarrApi
public function postContact($id, $contactid, $type)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -590,7 +590,7 @@ class Orders extends DolibarrApi
public function deleteContact($id, $contactid, $type)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -632,7 +632,7 @@ class Orders extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
@ -679,7 +679,7 @@ class Orders extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->commande->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
if (!$result) {
@ -727,7 +727,7 @@ class Orders extends DolibarrApi
public function validate($id, $idwarehouse = 0, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
if (!$result) {
@ -778,7 +778,7 @@ class Orders extends DolibarrApi
public function reopen($id)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Order ID is mandatory');
@ -814,7 +814,7 @@ class Orders extends DolibarrApi
public function setinvoiced($id)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Order ID is mandatory');
@ -855,7 +855,7 @@ class Orders extends DolibarrApi
public function close($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
if (!$result) {
@ -900,7 +900,7 @@ class Orders extends DolibarrApi
public function settodraft($id, $idwarehouse = -1)
{
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->commande->fetch($id);
if (!$result) {
@ -952,10 +952,10 @@ class Orders extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($proposalid)) {
throw new RestException(400, 'Proposal ID is mandatory');
@ -993,7 +993,7 @@ class Orders extends DolibarrApi
{
require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
if (!DolibarrApiAccess::$user->rights->expedition->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
$sql = "SELECT e.rowid";
@ -1049,7 +1049,7 @@ class Orders extends DolibarrApi
{
require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
if (!DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
if ($warehouse_id <= 0) {
throw new RestException(404, 'Warehouse not found');

20
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@ -68,7 +68,7 @@ class BankAccounts extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->rights->banque->lire) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT t.rowid FROM ".MAIN_DB_PREFIX."bank_account AS t LEFT JOIN ".MAIN_DB_PREFIX."bank_account_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields
@ -130,7 +130,7 @@ class BankAccounts extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->banque->lire) {
throw new RestException(401);
throw new RestException(403);
}
$account = new Account($this->db);
@ -151,7 +151,7 @@ class BankAccounts extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->banque->configurer) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
$result = $this->_validate($request_data);
@ -202,7 +202,7 @@ class BankAccounts extends DolibarrApi
public function transfer($bankaccount_from_id = 0, $bankaccount_to_id = 0, $date = null, $description = "", $amount = 0.0, $amount_to = 0.0)
{
if (!DolibarrApiAccess::$user->rights->banque->configurer) {
throw new RestException(401);
throw new RestException(403);
}
require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
@ -326,7 +326,7 @@ class BankAccounts extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->banque->configurer) {
throw new RestException(401);
throw new RestException(403);
}
$account = new Account($this->db);
@ -364,7 +364,7 @@ class BankAccounts extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->banque->configurer) {
throw new RestException(401);
throw new RestException(403);
}
$account = new Account($this->db);
$result = $account->fetch($id);
@ -437,7 +437,7 @@ class BankAccounts extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->rights->banque->lire) {
throw new RestException(401);
throw new RestException(403);
}
$account = new Account($this->db);
@ -500,7 +500,7 @@ class BankAccounts extends DolibarrApi
public function addLine($id, $date, $type, $label, $amount, $category = 0, $cheque_number = '', $cheque_writer = '', $cheque_bank = '', $accountancycode = '', $datev = null, $num_releve = '')
{
if (!DolibarrApiAccess::$user->rights->banque->modifier) {
throw new RestException(401);
throw new RestException(403);
}
$account = new Account($this->db);
@ -553,7 +553,7 @@ class BankAccounts extends DolibarrApi
public function addLink($id, $line_id, $url_id, $url, $label, $type)
{
if (!DolibarrApiAccess::$user->rights->banque->modifier) {
throw new RestException(401);
throw new RestException(403);
}
$account = new Account($this->db);
@ -596,7 +596,7 @@ class BankAccounts extends DolibarrApi
$list = array();
if (!DolibarrApiAccess::$user->rights->banque->lire) {
throw new RestException(401);
throw new RestException(403);
}
$account = new Account($this->db);

52
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -128,7 +128,7 @@ class Invoices extends DolibarrApi
private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = 1)
{
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id, $ref, $ref_ext);
@ -182,7 +182,7 @@ class Invoices extends DolibarrApi
global $db, $conf;
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -333,10 +333,10 @@ class Invoices extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($orderid)) {
throw new RestException(400, 'Order ID is mandatory');
@ -374,10 +374,10 @@ class Invoices extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
if (!DolibarrApiAccess::$user->hasRight('contrat', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($contractid)) {
throw new RestException(400, 'Contract ID is mandatory');
@ -408,7 +408,7 @@ class Invoices extends DolibarrApi
public function getLines($id)
{
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -444,7 +444,7 @@ class Invoices extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -515,7 +515,7 @@ class Invoices extends DolibarrApi
public function postContact($id, $contactid, $type)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -563,7 +563,7 @@ class Invoices extends DolibarrApi
public function deleteContact($id, $contactid, $type)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -608,7 +608,7 @@ class Invoices extends DolibarrApi
public function deleteLine($id, $lineid)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($lineid)) {
throw new RestException(400, 'Line ID is mandatory');
@ -641,7 +641,7 @@ class Invoices extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -694,7 +694,7 @@ class Invoices extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->hasRight('facture', 'supprimer')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
if (!$result) {
@ -746,7 +746,7 @@ class Invoices extends DolibarrApi
public function postLine($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -834,7 +834,7 @@ class Invoices extends DolibarrApi
public function addContact($id, $fk_socpeople, $type_contact, $source, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
if (!$result) {
@ -882,7 +882,7 @@ class Invoices extends DolibarrApi
public function settodraft($id, $idwarehouse = -1)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
if (!$result) {
@ -933,7 +933,7 @@ class Invoices extends DolibarrApi
public function validate($id, $idwarehouse = 0, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
if (!$result) {
@ -982,7 +982,7 @@ class Invoices extends DolibarrApi
public function settopaid($id, $close_code = '', $close_note = '')
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
if (!$result) {
@ -1031,7 +1031,7 @@ class Invoices extends DolibarrApi
public function settounpaid($id)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
if (!$result) {
@ -1076,7 +1076,7 @@ class Invoices extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -1119,7 +1119,7 @@ class Invoices extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->invoice->fetch($id);
@ -1288,7 +1288,7 @@ class Invoices extends DolibarrApi
public function useDiscount($id, $discountid)
{
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Invoice ID is mandatory');
@ -1335,7 +1335,7 @@ class Invoices extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Invoice ID is mandatory');
@ -1377,7 +1377,7 @@ class Invoices extends DolibarrApi
public function getPayments($id)
{
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Invoice ID is mandatory');
@ -1681,7 +1681,7 @@ class Invoices extends DolibarrApi
require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php';
if (!DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Payment ID is mandatory');
@ -1787,7 +1787,7 @@ class Invoices extends DolibarrApi
private function _fetchTemplateInvoice($id, $ref = '', $ref_ext = '', $contact_list = 1)
{
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->template_invoice->fetch($id, $ref, $ref_ext);

20
htdocs/contrat/class/api_contracts.class.php
View File

@ -66,7 +66,7 @@ class Contracts extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->contrat->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -106,7 +106,7 @@ class Contracts extends DolibarrApi
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->contrat->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -224,7 +224,7 @@ class Contracts extends DolibarrApi
public function getLines($id)
{
if (!DolibarrApiAccess::$user->rights->contrat->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -256,7 +256,7 @@ class Contracts extends DolibarrApi
public function postLine($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->contrat->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -314,7 +314,7 @@ class Contracts extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->contrat->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -377,7 +377,7 @@ class Contracts extends DolibarrApi
public function activateLine($id, $lineid, $datestart, $dateend = null, $comment = null)
{
if (!DolibarrApiAccess::$user->rights->contrat->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -415,7 +415,7 @@ class Contracts extends DolibarrApi
public function unactivateLine($id, $lineid, $datestart, $comment = null)
{
if (!DolibarrApiAccess::$user->rights->contrat->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -455,7 +455,7 @@ class Contracts extends DolibarrApi
public function deleteLine($id, $lineid)
{
if (!DolibarrApiAccess::$user->rights->contrat->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -488,7 +488,7 @@ class Contracts extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->contrat->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
@ -617,7 +617,7 @@ class Contracts extends DolibarrApi
public function close($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->contrat->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->contract->fetch($id);
if (!$result) {

14
htdocs/don/class/api_donations.class.php
View File

@ -63,7 +63,7 @@ class Donations extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->don->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->don->fetch($id);
@ -101,10 +101,8 @@ class Donations extends DolibarrApi
*/
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '')
{
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->don->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -219,7 +217,7 @@ class Donations extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->don->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->don->fetch($id);
@ -259,7 +257,7 @@ class Donations extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->don->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->don->fetch($id);
@ -299,7 +297,7 @@ class Donations extends DolibarrApi
* @url POST {id}/validate
*
* @throws RestException 304
* @throws RestException 401
* @throws RestException 403
* @throws RestException 404
* @throws RestException 500 System error
*
@ -308,7 +306,7 @@ class Donations extends DolibarrApi
public function validate($id, $idwarehouse = 0, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->don->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->don->fetch($id);

26
htdocs/expedition/class/api_shipments.class.php
View File

@ -65,7 +65,7 @@ class Shipments extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->expedition->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
@ -104,7 +104,7 @@ class Shipments extends DolibarrApi
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->expedition->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -225,7 +225,7 @@ class Shipments extends DolibarrApi
public function getLines($id)
{
if(! DolibarrApiAccess::$user->rights->expedition->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
@ -259,7 +259,7 @@ class Shipments extends DolibarrApi
public function postLine($id, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
@ -327,7 +327,7 @@ class Shipments extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if (! DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
@ -394,7 +394,7 @@ class Shipments extends DolibarrApi
public function deleteLine($id, $lineid)
{
if (!DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
@ -427,7 +427,7 @@ class Shipments extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
@ -468,7 +468,7 @@ class Shipments extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->expedition->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
if (!$result) {
@ -513,7 +513,7 @@ class Shipments extends DolibarrApi
public function validate($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);
if (!$result) {
@ -559,7 +559,7 @@ class Shipments extends DolibarrApi
{
if(! DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
if(empty($id)) {
throw new RestException(400, 'Shipment ID is mandatory');
@ -598,10 +598,10 @@ class Shipments extends DolibarrApi
require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php';
if(! DolibarrApiAccess::$user->rights->expedition->lire) {
throw new RestException(401);
throw new RestException(403);
}
if(! DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
if(empty($proposalid)) {
throw new RestException(400, 'Order ID is mandatory');
@ -635,7 +635,7 @@ class Shipments extends DolibarrApi
public function close($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->expedition->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->shipment->fetch($id);

18
htdocs/expensereport/class/api_expensereports.class.php
View File

@ -65,7 +65,7 @@ class ExpenseReports extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->expensereport->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);
@ -100,7 +100,7 @@ class ExpenseReports extends DolibarrApi
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->expensereport->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -206,7 +206,7 @@ class ExpenseReports extends DolibarrApi
public function getLines($id)
{
if(! DolibarrApiAccess::$user->rights->expensereport->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);
@ -240,7 +240,7 @@ class ExpenseReports extends DolibarrApi
public function postLine($id, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);
@ -308,7 +308,7 @@ class ExpenseReports extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);
@ -372,7 +372,7 @@ class ExpenseReports extends DolibarrApi
public function deleteLine($id, $lineid)
{
if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);
@ -409,7 +409,7 @@ class ExpenseReports extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->expensereport->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);
@ -450,7 +450,7 @@ class ExpenseReports extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->expensereport->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);
@ -493,7 +493,7 @@ class ExpenseReports extends DolibarrApi
public function validate($id, $idwarehouse=0)
{
if(! DolibarrApiAccess::$user->rights->expensereport->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->expensereport->fetch($id);

26
htdocs/fichinter/class/api_interventions.class.php
View File

@ -79,7 +79,7 @@ class Interventions extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->ficheinter->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->fichinter->fetch($id);
@ -99,23 +99,21 @@ class Interventions extends DolibarrApi
* List of interventions
* Return a list of interventions
*
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @param string $thirdparty_ids Thirdparty ids to filter orders of (example '1' or '1,2,3') {@pattern /^[0-9,]*$/i}
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @param string $properties Restrict the data returned to these properties. Ignored if empty. Comma separated list of properties names
* @return array Array of order objects
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @param string $thirdparty_ids Thirdparty ids to filter orders of (example '1' or '1,2,3') {@pattern /^[0-9,]*$/i}
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @param string $properties Restrict the data returned to these properties. Ignored if empty. Comma separated list of properties names
* @return array Array of order objects
*
* @throws RestException
*/
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '')
{
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->ficheinter->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -228,7 +226,7 @@ class Interventions extends DolibarrApi
public function getLines($id)
{
if(! DolibarrApiAccess::$user->rights->ficheinter->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->fichinter->fetch($id);
@ -308,7 +306,7 @@ class Interventions extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->ficheinter->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->fichinter->fetch($id);
if (!$result) {

22
htdocs/fourn/class/api_supplier_orders.class.php
View File

@ -64,7 +64,7 @@ class SupplierOrders extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "lire")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
@ -102,7 +102,7 @@ class SupplierOrders extends DolibarrApi
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $product_ids = '', $status = '', $sqlfilters = '', $sqlfilterlines = '', $properties = '')
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "lire")) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -264,7 +264,7 @@ class SupplierOrders extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
@ -313,7 +313,7 @@ class SupplierOrders extends DolibarrApi
public function getContacts($id, $source, $type = '')
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "lire")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
@ -356,7 +356,7 @@ class SupplierOrders extends DolibarrApi
public function postContact($id, $contactid, $type, $source)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
@ -405,7 +405,7 @@ class SupplierOrders extends DolibarrApi
public function deleteContact($id, $contactid, $type, $source)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
@ -454,7 +454,7 @@ class SupplierOrders extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "supprimer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
if (!$result) {
@ -499,7 +499,7 @@ class SupplierOrders extends DolibarrApi
public function validate($id, $idwarehouse = 0, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
if (!$result) {
@ -547,7 +547,7 @@ class SupplierOrders extends DolibarrApi
public function approve($id, $idwarehouse = 0, $secondlevel = 0)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
if (!$result) {
@ -598,7 +598,7 @@ class SupplierOrders extends DolibarrApi
public function makeOrder($id, $date, $method, $comment = '')
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
if (!$result) {
@ -661,7 +661,7 @@ class SupplierOrders extends DolibarrApi
public function receiveOrder($id, $closeopenorder, $comment, $lines)
{
if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->order->fetch($id);
if (!$result) {

16
htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
View File

@ -65,13 +65,13 @@ class KnowledgeManagement extends DolibarrApi
*
* @url GET knowledgerecords/{id}
*
* @throws RestException 401 Not allowed
* @throws RestException 403 Not allowed
* @throws RestException 404 Not found
*/
public function get($id)
{
if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->knowledgerecord->fetch($id);
@ -80,7 +80,7 @@ class KnowledgeManagement extends DolibarrApi
}
if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) {
throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
throw new RestException(403, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
}
return $this->_cleanObjectDatas($this->knowledgerecord);
@ -102,7 +102,7 @@ class KnowledgeManagement extends DolibarrApi
public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
{
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$categories = new Categorie($this->db);
@ -140,7 +140,7 @@ class KnowledgeManagement extends DolibarrApi
$tmpobject = new KnowledgeRecord($this->db);
if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0;
@ -229,7 +229,7 @@ class KnowledgeManagement extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'write')) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
@ -268,7 +268,7 @@ class KnowledgeManagement extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'write')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->knowledgerecord->fetch($id);
@ -316,7 +316,7 @@ class KnowledgeManagement extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'delete')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->knowledgerecord->fetch($id);
if (!$result) {

14
htdocs/mrp/class/api_mos.class.php
View File

@ -64,7 +64,7 @@ class Mos extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->mrp->read) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->mo->fetch($id);
@ -73,7 +73,7 @@ class Mos extends DolibarrApi
}
if (!DolibarrApi::_checkAccessToResource('mrp', $this->mo->id, 'mrp_mo')) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
return $this->_cleanObjectDatas($this->mo);
@ -97,10 +97,8 @@ class Mos extends DolibarrApi
*/
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '')
{
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->mrp->read) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -180,7 +178,7 @@ class Mos extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->mrp->write) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
$result = $this->_validate($request_data);
@ -214,7 +212,7 @@ class Mos extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->mrp->write) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->mo->fetch($id);
@ -257,7 +255,7 @@ class Mos extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->mrp->delete) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->mo->fetch($id);
if (!$result) {

14
htdocs/partnership/class/api_partnerships.class.php
View File

@ -63,13 +63,13 @@ class Partnerships extends DolibarrApi
*
* @url GET partnerships/{id}
*
* @throws RestException 401 Not allowed
* @throws RestException 403 Not allowed
* @throws RestException 404 Not found
*/
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->partnership->read) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->partnership->fetch($id);
@ -104,13 +104,11 @@ class Partnerships extends DolibarrApi
*/
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '')
{
global $db, $conf;
$obj_ret = array();
$tmpobject = new Partnership($this->db);
if (!DolibarrApiAccess::$user->rights->partnership->read) {
throw new RestException(401);
throw new RestException(403);
}
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0;
@ -191,7 +189,7 @@ class Partnerships extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->partnership->write) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
@ -230,7 +228,7 @@ class Partnerships extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->partnership->write) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->partnership->fetch($id);
@ -278,7 +276,7 @@ class Partnerships extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->partnership->delete) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->partnership->fetch($id);
if (!$result) {

80
htdocs/product/class/api_products.class.php
View File

@ -307,7 +307,7 @@ class Products extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
$result = $this->_validate($request_data);
@ -344,7 +344,7 @@ class Products extends DolibarrApi
global $conf;
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->product->fetch($id);
@ -447,7 +447,7 @@ class Products extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->produit->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->product->fetch($id);
if (!$result) {
@ -492,7 +492,7 @@ class Products extends DolibarrApi
public function getSubproducts($id)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApi::_checkAccessToResource('product', $id)) {
@ -530,7 +530,7 @@ class Products extends DolibarrApi
public function addSubproducts($id, $subproduct_id, $qty, $incdec = 1)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApi::_checkAccessToResource('product', $id)) {
@ -560,7 +560,7 @@ class Products extends DolibarrApi
public function delSubproducts($id, $subproduct_id)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApi::_checkAccessToResource('product', $id)) {
@ -591,7 +591,7 @@ class Products extends DolibarrApi
public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
{
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$categories = new Categorie($this->db);
@ -619,7 +619,7 @@ class Products extends DolibarrApi
global $conf;
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
if (!getDolGlobalString('PRODUIT_MULTIPRICES')) {
@ -661,7 +661,7 @@ class Products extends DolibarrApi
global $conf;
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
if (!getDolGlobalString('PRODUIT_CUSTOMER_PRICES')) {
@ -710,7 +710,7 @@ class Products extends DolibarrApi
global $conf;
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
if (!getDolGlobalString('PRODUIT_CUSTOMER_PRICES_BY_QTY')) {
@ -768,7 +768,7 @@ class Products extends DolibarrApi
public function addPurchasePrice($id, $qty, $buyprice, $price_base_type, $fourn_id, $availability, $ref_fourn, $tva_tx, $charges = 0, $remise_percent = 0, $remise = 0, $newnpr = 0, $delivery_time_days = 0, $supplier_reputation = '', $localtaxes_array = array(), $newdefaultvatcode = '', $multicurrency_buyprice = 0, $multicurrency_price_base_type = 'HT', $multicurrency_tx = 1, $multicurrency_code = '', $desc_fourn = '', $barcode = '', $fk_barcode_type = null)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->productsupplier->fetch($id);
@ -826,7 +826,7 @@ class Products extends DolibarrApi
public function deletePurchasePrice($id, $priceid)
{
if (!DolibarrApiAccess::$user->rights->produit->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->productsupplier->fetch($id);
if (!$result) {
@ -865,7 +865,7 @@ class Products extends DolibarrApi
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -1026,7 +1026,7 @@ class Products extends DolibarrApi
public function getAttributes($sortfield = "t.ref", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '')
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT t.rowid, t.ref, t.ref_ext, t.label, t.position, t.entity";
@ -1088,7 +1088,7 @@ class Products extends DolibarrApi
public function getAttributeById($id)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$prodattr = new ProductAttribute($this->db);
@ -1131,7 +1131,7 @@ class Products extends DolibarrApi
public function getAttributesByRef($ref)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$ref = trim($ref);
@ -1181,7 +1181,7 @@ class Products extends DolibarrApi
public function getAttributesByRefExt($ref_ext)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$ref_ext = trim($ref_ext);
@ -1233,7 +1233,7 @@ class Products extends DolibarrApi
public function addAttributes($ref, $label, $ref_ext = '')
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
$prodattr = new ProductAttribute($this->db);
@ -1265,7 +1265,7 @@ class Products extends DolibarrApi
public function putAttributes($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
$prodattr = new ProductAttribute($this->db);
@ -1317,7 +1317,7 @@ class Products extends DolibarrApi
public function deleteAttributes($id)
{
if (!DolibarrApiAccess::$user->rights->produit->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$prodattr = new ProductAttribute($this->db);
@ -1345,7 +1345,7 @@ class Products extends DolibarrApi
public function getAttributeValueById($id)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid, fk_product_attribute, ref, value FROM ".$this->db->prefix()."product_attribute_value WHERE rowid = ".(int) $id." AND entity IN (".getEntity('product').")";
@ -1353,7 +1353,7 @@ class Products extends DolibarrApi
$query = $this->db->query($sql);
if (!$query) {
throw new RestException(401);
throw new RestException(403);
}
if (!$this->db->num_rows($query)) {
@ -1386,7 +1386,7 @@ class Products extends DolibarrApi
public function getAttributeValueByRef($id, $ref)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$ref = trim($ref);
@ -1397,7 +1397,7 @@ class Products extends DolibarrApi
$query = $this->db->query($sql);
if (!$query) {
throw new RestException(401);
throw new RestException(403);
}
if (!$this->db->num_rows($query)) {
@ -1429,7 +1429,7 @@ class Products extends DolibarrApi
public function deleteAttributeValueByRef($id, $ref)
{
if (!DolibarrApiAccess::$user->rights->produit->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$ref = trim($ref);
@ -1439,7 +1439,7 @@ class Products extends DolibarrApi
$query = $this->db->query($sql);
if (!$query) {
throw new RestException(401);
throw new RestException(403);
}
if (!$this->db->num_rows($query)) {
@ -1472,7 +1472,7 @@ class Products extends DolibarrApi
public function getAttributeValues($id)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$objectval = new ProductAttributeValue($this->db);
@ -1503,7 +1503,7 @@ class Products extends DolibarrApi
public function getAttributeValuesByRef($ref)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$ref = trim($ref);
@ -1545,11 +1545,11 @@ class Products extends DolibarrApi
public function addAttributeValue($id, $ref, $value)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($ref) || empty($value)) {
throw new RestException(401);
throw new RestException(403);
}
$objectval = new ProductAttributeValue($this->db);
@ -1578,7 +1578,7 @@ class Products extends DolibarrApi
public function putAttributeValue($id, $request_data)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
$objectval = new ProductAttributeValue($this->db);
@ -1630,7 +1630,7 @@ class Products extends DolibarrApi
public function deleteAttributeValueById($id)
{
if (!DolibarrApiAccess::$user->rights->produit->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$objectval = new ProductAttributeValue($this->db);
@ -1657,7 +1657,7 @@ class Products extends DolibarrApi
public function getVariants($id, $includestock = 0)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$prodcomb = new ProductCombination($this->db);
@ -1693,7 +1693,7 @@ class Products extends DolibarrApi
public function getVariantsByProdRef($ref)
{
if (!DolibarrApiAccess::$user->rights->produit->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->product->fetch('', $ref);
@ -1736,7 +1736,7 @@ class Products extends DolibarrApi
public function addVariant($id, $weight_impact, $price_impact, $price_impact_is_percent, $features, $reference = '', $ref_ext = '')
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
@ -1797,11 +1797,11 @@ class Products extends DolibarrApi
public function addVariantByProductRef($ref, $weight_impact, $price_impact, $price_impact_is_percent, $features)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($ref) || empty($features) || !is_array($features)) {
throw new RestException(401);
throw new RestException(403);
}
$weight_impact = price2num($weight_impact);
@ -1851,7 +1851,7 @@ class Products extends DolibarrApi
public function putVariant($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->produit->creer) {
throw new RestException(401);
throw new RestException(403);
}
$prodcomb = new ProductCombination($this->db);
@ -1891,7 +1891,7 @@ class Products extends DolibarrApi
public function deleteVariant($id)
{
if (!DolibarrApiAccess::$user->rights->produit->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$prodcomb = new ProductCombination($this->db);
@ -1920,7 +1920,7 @@ class Products extends DolibarrApi
public function getStock($id, $selected_warehouse_id = null)
{
if (!DolibarrApiAccess::$user->rights->produit->lire || !DolibarrApiAccess::$user->rights->stock->lire) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApi::_checkAccessToResource('product', $id)) {

10
htdocs/product/stock/class/api_stockmovements.class.php
View File

@ -66,7 +66,7 @@ class StockMovements extends DolibarrApi
public function get($id)
{
if(! DolibarrApiAccess::$user->rights->stock->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->stockmovement->fetch($id);
@ -101,7 +101,7 @@ class StockMovements extends DolibarrApi
$obj_ret = array();
if (!DolibarrApiAccess::$user->rights->stock->lire) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT t.rowid";
@ -176,7 +176,7 @@ class StockMovements extends DolibarrApi
public function post($product_id, $warehouse_id, $qty, $type = 2, $lot = '', $movementcode = '', $movementlabel = '', $price = '', $datem = '', $dlc = '', $dluo = '', $origin_type = '', $origin_id = 0)
{
if (!DolibarrApiAccess::$user->rights->stock->creer) {
throw new RestException(401);
throw new RestException(403);
}
if ($qty == 0) {
@ -219,7 +219,7 @@ class StockMovements extends DolibarrApi
public function put($id, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->stock->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->stockmovement->fetch($id);
@ -252,7 +252,7 @@ class StockMovements extends DolibarrApi
public function delete($id)
{
if(! DolibarrApiAccess::$user->rights->stock->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->stockmovement->fetch($id);
if( ! $result ) {

10
htdocs/product/stock/class/api_warehouses.class.php
View File

@ -63,7 +63,7 @@ class Warehouses extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->stock->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->warehouse->fetch($id);
@ -101,7 +101,7 @@ class Warehouses extends DolibarrApi
$obj_ret = array();
if (!DolibarrApiAccess::$user->rights->stock->lire) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT t.rowid";
@ -164,7 +164,7 @@ class Warehouses extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->stock->creer) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
@ -195,7 +195,7 @@ class Warehouses extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->stock->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->warehouse->fetch($id);
@ -236,7 +236,7 @@ class Warehouses extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->stock->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->warehouse->fetch($id);
if (!$result) {

18
htdocs/projet/class/api_projects.class.php
View File

@ -72,7 +72,7 @@ class Projects extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -108,7 +108,7 @@ class Projects extends DolibarrApi
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $category = 0, $sqlfilters = '', $properties = '')
{
if (!DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -235,7 +235,7 @@ class Projects extends DolibarrApi
public function getLines($id, $includetimespent = 0)
{
if (!DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -275,7 +275,7 @@ class Projects extends DolibarrApi
global $db;
if (!DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -318,7 +318,7 @@ class Projects extends DolibarrApi
public function postLine($id, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -385,7 +385,7 @@ class Projects extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -446,7 +446,7 @@ class Projects extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -487,7 +487,7 @@ class Projects extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->projet->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
if (!$result) {
@ -531,7 +531,7 @@ class Projects extends DolibarrApi
public function validate($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
if (!$result) {

22
htdocs/projet/class/api_tasks.class.php
View File

@ -68,7 +68,7 @@ class Tasks extends DolibarrApi
public function get($id, $includetimespent = 0)
{
if (!DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->task->fetch($id);
@ -110,7 +110,7 @@ class Tasks extends DolibarrApi
global $db, $conf;
if (!DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -230,7 +230,7 @@ class Tasks extends DolibarrApi
public function getLines($id, $includetimespent=0)
{
if(! DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -275,7 +275,7 @@ class Tasks extends DolibarrApi
global $db;
if (!DolibarrApiAccess::$user->rights->projet->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->task->fetch($id);
@ -316,7 +316,7 @@ class Tasks extends DolibarrApi
public function postLine($id, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -383,7 +383,7 @@ class Tasks extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->project->fetch($id);
@ -443,7 +443,7 @@ class Tasks extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->task->fetch($id);
@ -484,7 +484,7 @@ class Tasks extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->projet->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->task->fetch($id);
if (!$result) {
@ -527,7 +527,7 @@ class Tasks extends DolibarrApi
public function addTimeSpent($id, $date, $duration, $user_id = 0, $note = '')
{
if (!DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->task->fetch($id);
if ($result <= 0) {
@ -586,7 +586,7 @@ class Tasks extends DolibarrApi
public function putTimeSpent($id, $timespent_id, $date, $duration, $user_id = 0, $note = '')
{
if (!DolibarrApiAccess::$user->rights->projet->creer) {
throw new RestException(401);
throw new RestException(403);
}
$this->timespentRecordChecks($id, $timespent_id);
@ -631,7 +631,7 @@ class Tasks extends DolibarrApi
public function deleteTimeSpent($id, $timespent_id)
{
if (!DolibarrApiAccess::$user->rights->projet->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$this->timespentRecordChecks($id, $timespent_id);

26
htdocs/reception/class/api_receptions.class.php
View File

@ -64,7 +64,7 @@ class Receptions extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->reception->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
@ -101,7 +101,7 @@ class Receptions extends DolibarrApi
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '')
{
if (!DolibarrApiAccess::$user->rights->reception->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -222,7 +222,7 @@ class Receptions extends DolibarrApi
public function getLines($id)
{
if(! DolibarrApiAccess::$user->rights->reception->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
@ -256,7 +256,7 @@ class Receptions extends DolibarrApi
public function postLine($id, $request_data = null)
{
if(! DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
@ -324,7 +324,7 @@ class Receptions extends DolibarrApi
public function putLine($id, $lineid, $request_data = null)
{
if (! DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
@ -389,7 +389,7 @@ class Receptions extends DolibarrApi
public function deleteLine($id, $lineid)
{
if (!DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
@ -426,7 +426,7 @@ class Receptions extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
@ -466,7 +466,7 @@ class Receptions extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->reception->supprimer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
if (!$result) {
@ -511,7 +511,7 @@ class Receptions extends DolibarrApi
public function validate($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);
if (!$result) {
@ -557,7 +557,7 @@ class Receptions extends DolibarrApi
{
if(! DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
if(empty($id)) {
throw new RestException(400, 'Reception ID is mandatory');
@ -596,10 +596,10 @@ class Receptions extends DolibarrApi
require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php';
if(! DolibarrApiAccess::$user->rights->reception->lire) {
throw new RestException(401);
throw new RestException(403);
}
if(! DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
if(empty($proposalid)) {
throw new RestException(400, 'Order ID is mandatory');
@ -633,7 +633,7 @@ class Receptions extends DolibarrApi
public function close($id, $notrigger = 0)
{
if (!DolibarrApiAccess::$user->rights->reception->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->reception->fetch($id);

20
htdocs/recruitment/class/api_recruitments.class.php
View File

@ -77,7 +77,7 @@ class Recruitments extends DolibarrApi
public function getJobPosition($id)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->jobposition->fetch($id);
@ -108,7 +108,7 @@ class Recruitments extends DolibarrApi
public function getCandidature($id)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->candidature->fetch($id);
@ -147,7 +147,7 @@ class Recruitments extends DolibarrApi
$tmpobject = new RecruitmentJobPosition($this->db);
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0;
@ -239,7 +239,7 @@ class Recruitments extends DolibarrApi
$tmpobject = new RecruitmentCandidature($this->db);
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) {
throw new RestException(401);
throw new RestException(403);
}
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0;
@ -320,7 +320,7 @@ class Recruitments extends DolibarrApi
public function postJobPosition($request_data = null)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
@ -358,7 +358,7 @@ class Recruitments extends DolibarrApi
public function postCandidature($request_data = null)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
@ -397,7 +397,7 @@ class Recruitments extends DolibarrApi
public function putJobPosition($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->jobposition->fetch($id);
@ -446,7 +446,7 @@ class Recruitments extends DolibarrApi
public function putCandidature($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->candidature->fetch($id);
@ -495,7 +495,7 @@ class Recruitments extends DolibarrApi
public function deleteJobPosition($id)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'delete')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->jobposition->fetch($id);
if (!$result) {
@ -531,7 +531,7 @@ class Recruitments extends DolibarrApi
public function deleteCandidature($id)
{
if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'delete')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->candidature->fetch($id);
if (!$result) {

4
htdocs/societe/class/api_contacts.class.php
View File

@ -393,7 +393,7 @@ class Contacts extends DolibarrApi
public function createUser($id, $request_data = null)
{
//if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'creer')) {
//throw new RestException(401);
//throw new RestException(403);
//}
if (!isset($request_data["login"])) {
@ -450,7 +450,7 @@ class Contacts extends DolibarrApi
public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
{
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$categories = new Categorie($this->db);

62
htdocs/societe/class/api_thirdparties.class.php
View File

@ -135,7 +135,7 @@ class Thirdparties extends DolibarrApi
$obj_ret = array();
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
// case of external user, we force socids
@ -245,7 +245,7 @@ class Thirdparties extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
$result = $this->_validate($request_data);
@ -280,7 +280,7 @@ class Thirdparties extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
@ -341,7 +341,7 @@ class Thirdparties extends DolibarrApi
}
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id); // include the fetch of extra fields
@ -381,7 +381,7 @@ class Thirdparties extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->hasRight('societe', 'supprimer')) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
if (!$result) {
@ -482,7 +482,7 @@ class Thirdparties extends DolibarrApi
public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
{
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
@ -517,7 +517,7 @@ class Thirdparties extends DolibarrApi
public function addCategory($id, $category_id)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
@ -555,7 +555,7 @@ class Thirdparties extends DolibarrApi
public function deleteCategory($id, $category_id)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
@ -596,7 +596,7 @@ class Thirdparties extends DolibarrApi
public function getSupplierCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
{
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
@ -632,7 +632,7 @@ class Thirdparties extends DolibarrApi
public function addSupplierCategory($id, $category_id)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
@ -670,7 +670,7 @@ class Thirdparties extends DolibarrApi
public function deleteSupplierCategory($id, $category_id)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->company->fetch($id);
@ -713,7 +713,7 @@ class Thirdparties extends DolibarrApi
public function getOutStandingProposals($id, $mode = 'customer')
{
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
@ -755,7 +755,7 @@ class Thirdparties extends DolibarrApi
public function getOutStandingOrder($id, $mode = 'customer')
{
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
@ -796,7 +796,7 @@ class Thirdparties extends DolibarrApi
public function getOutStandingInvoices($id, $mode = 'customer')
{
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
@ -837,7 +837,7 @@ class Thirdparties extends DolibarrApi
public function getSalesRepresentatives($id, $mode = 0)
{
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
@ -880,7 +880,7 @@ class Thirdparties extends DolibarrApi
$obj_ret = array();
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
@ -940,7 +940,7 @@ class Thirdparties extends DolibarrApi
public function getInvoicesQualifiedForReplacement($id)
{
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Thirdparty ID is mandatory');
@ -983,7 +983,7 @@ class Thirdparties extends DolibarrApi
public function getInvoicesQualifiedForCreditNote($id)
{
if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Thirdparty ID is mandatory');
@ -1019,7 +1019,7 @@ class Thirdparties extends DolibarrApi
public function getCompanyBankAccount($id)
{
if (!DolibarrApiAccess::$user->rights->societe->lire) {
throw new RestException(401);
throw new RestException(403);
}
if (empty($id)) {
throw new RestException(400, 'Thirdparty ID is mandatory');
@ -1094,7 +1094,7 @@ class Thirdparties extends DolibarrApi
public function createCompanyBankAccount($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
if ($this->company->fetch($id) <= 0) {
throw new RestException(404, 'Error creating Company Bank account, Company doesn\'t exists');
@ -1145,7 +1145,7 @@ class Thirdparties extends DolibarrApi
public function updateCompanyBankAccount($id, $bankaccount_id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
if ($this->company->fetch($id) <= 0) {
throw new RestException(404, 'Error creating Company Bank account, Company doesn\'t exists');
@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi
$account->fetch($bankaccount_id, $id, -1, '');
if ($account->socid != $id) {
throw new RestException(401);
throw new RestException(403);
}
@ -1196,7 +1196,7 @@ class Thirdparties extends DolibarrApi
public function deleteCompanyBankAccount($id, $bankaccount_id)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$account = new CompanyBankAccount($this->db);
@ -1204,7 +1204,7 @@ class Thirdparties extends DolibarrApi
$account->fetch($bankaccount_id);
if (!$account->socid == $id) {
throw new RestException(401);
throw new RestException(403);
}
return $account->delete(DolibarrApiAccess::$user);
@ -1231,7 +1231,7 @@ class Thirdparties extends DolibarrApi
}
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$this->company->setDocModel(DolibarrApiAccess::$user, $model);
@ -1316,7 +1316,7 @@ class Thirdparties extends DolibarrApi
public function getSocieteAccounts($id, $site = null)
{
if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) {
throw new RestException(401);
throw new RestException(403);
}
if (!DolibarrApi::_checkAccessToResource('societe', $id)) {
@ -1392,7 +1392,7 @@ class Thirdparties extends DolibarrApi
public function createSocieteAccount($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
if (!isset($request_data['site'])) {
@ -1456,7 +1456,7 @@ class Thirdparties extends DolibarrApi
public function putSocieteAccount($id, $site, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid, fk_user_creat, date_creation FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '".$this->db->escape($site)."'";
@ -1550,7 +1550,7 @@ class Thirdparties extends DolibarrApi
public function patchSocieteAccount($id, $site, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($site)."'";
@ -1609,7 +1609,7 @@ class Thirdparties extends DolibarrApi
public function deleteSocieteAccount($id, $site)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '".$this->db->escape($site)."'";
@ -1643,7 +1643,7 @@ class Thirdparties extends DolibarrApi
public function deleteSocieteAccounts($id)
{
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
throw new RestException(403);
}
/**

4
htdocs/supplier_proposal/class/api_supplier_proposals.class.php
View File

@ -64,7 +64,7 @@ class SupplierProposals extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->supplier_proposal->lire) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->supplier_proposal->fetch($id);
@ -97,7 +97,7 @@ class SupplierProposals extends DolibarrApi
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '')
{
if (!DolibarrApiAccess::$user->rights->supplier_proposal->lire) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();

8
htdocs/ticket/class/api_tickets.class.php
View File

@ -285,7 +285,7 @@ class Tickets extends DolibarrApi
{
$ticketstatic = new Ticket($this->db);
if (!DolibarrApiAccess::$user->rights->ticket->write) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
$result = $this->_validate($request_data);
@ -324,7 +324,7 @@ class Tickets extends DolibarrApi
{
$ticketstatic = new Ticket($this->db);
if (!DolibarrApiAccess::$user->rights->ticket->write) {
throw new RestException(401);
throw new RestException(403);
}
// Check mandatory fields
$result = $this->_validateMessage($request_data);
@ -361,7 +361,7 @@ class Tickets extends DolibarrApi
public function put($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->ticket->write) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->ticket->fetch($id);
@ -400,7 +400,7 @@ class Tickets extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->ticket->delete) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->ticket->fetch($id);
if (!$result) {

12
htdocs/zapier/class/api_zapier.class.php
View File

@ -76,7 +76,7 @@ class Zapier extends DolibarrApi
public function get($id)
{
if (!DolibarrApiAccess::$user->rights->zapier->read) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->hook->fetch($id);
@ -104,7 +104,7 @@ class Zapier extends DolibarrApi
public function getModulesChoices()
{
if (!DolibarrApiAccess::$user->rights->zapier->read) {
throw new RestException(401);
throw new RestException(403);
}
$arraychoices = array(
@ -146,7 +146,7 @@ class Zapier extends DolibarrApi
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '')
{
if (!DolibarrApiAccess::$user->rights->zapier->read) {
throw new RestException(401);
throw new RestException(403);
}
$obj_ret = array();
@ -228,7 +228,7 @@ class Zapier extends DolibarrApi
public function post($request_data = null)
{
if (!DolibarrApiAccess::$user->rights->zapier->write) {
throw new RestException(401);
throw new RestException(403);
}
dol_syslog("API Zapier create hook receive : ".print_r($request_data, true), LOG_DEBUG);
@ -271,7 +271,7 @@ class Zapier extends DolibarrApi
/*public function put($id, $request_data = null)
{
if (! DolibarrApiAccess::$user->rights->zapier->write) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->hook->fetch($id);
@ -308,7 +308,7 @@ class Zapier extends DolibarrApi
public function delete($id)
{
if (!DolibarrApiAccess::$user->rights->zapier->delete) {
throw new RestException(401);
throw new RestException(403);
}
$result = $this->hook->fetch($id);