diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index 053f1eb34ab..a47017446bb 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -545,14 +545,14 @@ class Members extends DolibarrApi * * @url GET {id}/categories * - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 404 Category not found * @throws RestException 503 Error when retrieving Category list */ public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { - if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + if (!DolibarrApiAccess::$user->hasRight('categorie', 'lire')) { + throw new RestException(403); } $categories = new Categorie($this->db); diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index d1b1a16bd22..715bfab4b8e 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -63,7 +63,7 @@ class Documents extends DolibarrApi * @url GET /download * * @throws RestException 400 Bad value for parameter modulepart or original_file - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 404 File not found */ public function index($modulepart, $original_file = '') @@ -97,10 +97,10 @@ class Documents extends DolibarrApi $original_file = $check_access['original_file']; if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) { - throw new RestException(401); + throw new RestException(403); } if (!$accessallowed) { - throw new RestException(401); + throw new RestException(403); } $filename = basename($original_file); @@ -132,8 +132,7 @@ class Documents extends DolibarrApi * @url PUT /builddoc * * @throws RestException 400 Bad value for parameter modulepart or original_file - * @throws RestException 401 Access denied - * @throws RestException 403 Generation not available for this modulepart + * @throws RestException 403 Access denied * @throws RestException 404 Invoice, Order, Proposal, Contract or Shipment not found * @throws RestException 500 Error generating document * @throws RestException 501 File not found @@ -175,10 +174,10 @@ class Documents extends DolibarrApi $original_file = $check_access['original_file']; if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) { - throw new RestException(401); + throw new RestException(403); } if (!$accessallowed) { - throw new RestException(401); + throw new RestException(403); } // --- Generates the document @@ -300,8 +299,7 @@ class Documents extends DolibarrApi * @url GET / * * @throws RestException 400 Bad value for parameter modulepart, id or ref - * @throws RestException 401 Access denied - * @throws RestException 403 Generation not available for this modulepart + * @throws RestException 403 Access denied * @throws RestException 404 Thirdparty, User, Member, Order, Invoice or Proposal not found * @throws RestException 500 Error while fetching object * @throws RestException 503 Error when retrieve ecm list @@ -326,7 +324,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); @@ -341,7 +339,7 @@ class Documents extends DolibarrApi // Can get doc if has permission to read all user or if it is user itself if (!DolibarrApiAccess::$user->rights->user->user->lire && DolibarrApiAccess::$user->id != $id) { - throw new RestException(401); + throw new RestException(403); } $object = new User($this->db); @@ -355,7 +353,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; if (!DolibarrApiAccess::$user->rights->adherent->lire) { - throw new RestException(401); + throw new RestException(403); } $object = new Adherent($this->db); @@ -369,7 +367,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $object = new Propal($this->db); @@ -383,7 +381,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; if (!DolibarrApiAccess::$user->rights->supplier_proposal->read) { - throw new RestException(401); + throw new RestException(403); } $object = new Propal($this->db); @@ -397,7 +395,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $object = new Commande($this->db); @@ -413,7 +411,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->lire) && empty(DolibarrApiAccess::$user->rights->supplier_order->lire)) { - throw new RestException(401); + throw new RestException(403); } $object = new CommandeFournisseur($this->db); @@ -427,7 +425,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; if (!DolibarrApiAccess::$user->rights->expedition->lire) { - throw new RestException(401); + throw new RestException(403); } $object = new Expedition($this->db); @@ -441,7 +439,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $object = new Facture($this->db); @@ -456,8 +454,8 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'; - if (empty(DolibarrApiAccess::$user->rights->fournisseur->facture->lire) && empty(DolibarrApiAccess::$user->rights->supplier_invoice->lire)) { - throw new RestException(401); + if (!DolibarrApiAccess::$user->hasRight('fournisseur', 'facture', 'lire') && !DolibarrApiAccess::$user->hasRight('supplier_invoice', 'lire')) { + throw new RestException(403); } $object = new FactureFournisseur($this->db); @@ -471,7 +469,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $object = new Product($this->db); @@ -487,7 +485,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) { - throw new RestException(401); + throw new RestException(403); } $object = new ActionComm($this->db); @@ -501,7 +499,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) { - throw new RestException(401); + throw new RestException(403); } $object = new ExpenseReport($this->db); @@ -515,7 +513,7 @@ class Documents extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php'; if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read') && !DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) { - throw new RestException(401); + throw new RestException(403); } $object = new KnowledgeRecord($this->db); @@ -528,8 +526,8 @@ class Documents extends DolibarrApi } elseif ($modulepart == 'categorie' || $modulepart == 'category') { require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; - if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + if (!DolibarrApiAccess::$user->hasRight('categorie', 'lire')) { + throw new RestException(403); } $object = new Categorie($this->db); @@ -544,7 +542,7 @@ class Documents extends DolibarrApi // require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; // if (!DolibarrApiAccess::$user->rights->ecm->read) { - // throw new RestException(401); + // throw new RestException(403); // } // // $object = new EcmDirectory($this->db); @@ -647,7 +645,7 @@ class Documents extends DolibarrApi * @url POST /upload * * @throws RestException 400 Bad Request - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 404 Object not found * @throws RestException 500 Error on file operationw */ @@ -793,7 +791,7 @@ class Documents extends DolibarrApi $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir } else { if (!DolibarrApiAccess::$user->hasRight('ecm', 'upload')) { - throw new RestException(401, 'Missing permission to upload files in ECM module'); + throw new RestException(403, 'Missing permission to upload files in ECM module'); } $upload_dir = $conf->medias->multidir_output[$conf->entity]; } @@ -816,14 +814,14 @@ class Documents extends DolibarrApi $upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir } else { if (!DolibarrApiAccess::$user->hasRight('ecm', 'upload')) { - throw new RestException(401, 'Missing permission to upload files in ECM module'); + throw new RestException(403, 'Missing permission to upload files in ECM module'); } $upload_dir = $conf->medias->multidir_output[$conf->entity]; } if (empty($upload_dir) || $upload_dir == '/') { if (!empty($tmp['error'])) { - throw new RestException(401, 'Error returned by dol_check_secure_access_document: '.$tmp['error']); + throw new RestException(403, 'Error returned by dol_check_secure_access_document: '.$tmp['error']); } else { throw new RestException(400, 'This value of modulepart ('.$modulepart.') is not allowed with this value of subdir ('.$relativefile.')'); } @@ -935,7 +933,7 @@ class Documents extends DolibarrApi * * @throws RestException 400 Bad value for parameter modulepart * @throws RestException 400 Bad value for parameter original_file - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 404 File not found * @throws RestException 500 Error on file operation */ @@ -970,10 +968,10 @@ class Documents extends DolibarrApi $original_file = $check_access['original_file']; if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) { - throw new RestException(401); + throw new RestException(403); } if (!$accessallowed) { - throw new RestException(401); + throw new RestException(403); } $filename = basename($original_file); @@ -993,7 +991,7 @@ class Documents extends DolibarrApi ); } - throw new RestException(401); + throw new RestException(403); } // phpcs:disable PEAR.NamingConventions.ValidFunctionName diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 3bb8c08e892..93fdcdd0da5 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -64,7 +64,7 @@ class Setup extends DolibarrApi * @return array [List of ordering methods] * * @throws RestException 400 Bad value for sqlfilters - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 503 Error retrieving list of ordering methods */ public function getOrderingMethods($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') @@ -72,7 +72,7 @@ class Setup extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid, code, libelle as label, module"; @@ -128,7 +128,7 @@ class Setup extends DolibarrApi * @url GET dictionary/ordering_origins * * @throws RestException 400 Bad value for sqlfilters - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 503 Error retrieving list of ordering origins */ public function getOrderingOrigins($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') @@ -136,7 +136,7 @@ class Setup extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid, code, label, module"; @@ -193,7 +193,7 @@ class Setup extends DolibarrApi * @return array [List of payment types] * * @throws RestException 400 Bad value for sqlfilters - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 503 Error retrieving list of payment types */ public function getPaymentTypes($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') @@ -201,7 +201,7 @@ class Setup extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->hasRight('propal', 'lire') && !DolibarrApiAccess::$user->hasRight('commande', 'lire') && !DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT id, code, type, libelle as label, module"; @@ -671,7 +671,7 @@ class Setup extends DolibarrApi * @return array [List of availability] * * @throws RestException 400 Bad value for sqlfilters - * @throws RestException 401 Access denied + * @throws RestException 403 Access denied * @throws RestException 503 Error when retrieving list of availabilities */ public function getAvailability($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') @@ -679,7 +679,7 @@ class Setup extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid, code, label"; @@ -1266,6 +1266,7 @@ class Setup extends DolibarrApi * @return array List of payment terms * * @throws RestException 400 Bad value for sqlfilters + * @throws RestException 403 Access denied * @throws RestException 503 Error when retrieving list of payments terms */ public function getPaymentTerms($sortfield = "sortorder", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') @@ -1273,7 +1274,7 @@ class Setup extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->hasRight('propal', 'lire') && !DolibarrApiAccess::$user->hasRight('commande', 'lire') && !DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module"; diff --git a/htdocs/categories/class/api_categories.class.php b/htdocs/categories/class/api_categories.class.php index 12d8cd01284..1f3f114124c 100644 --- a/htdocs/categories/class/api_categories.class.php +++ b/htdocs/categories/class/api_categories.class.php @@ -90,7 +90,7 @@ class Categories extends DolibarrApi public function get($id, $include_childs = false) { if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->category->fetch($id); @@ -137,7 +137,7 @@ class Categories extends DolibarrApi $obj_ret = array(); if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT t.rowid"; @@ -194,7 +194,7 @@ class Categories extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->categorie->creer) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields (throw an exception if wrong) @@ -225,7 +225,7 @@ class Categories extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->categorie->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->category->fetch($id); @@ -266,7 +266,7 @@ class Categories extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->categorie->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->category->fetch($id); if (!$result) { @@ -317,23 +317,23 @@ class Categories extends DolibarrApi Categorie::TYPE_PROJECT, Categorie::TYPE_KNOWLEDGEMANAGEMENT ])) { - throw new RestException(401); + throw new RestException(403); } if ($type == Categorie::TYPE_PRODUCT && !(DolibarrApiAccess::$user->rights->produit->lire || DolibarrApiAccess::$user->rights->service->lire)) { - throw new RestException(401); + throw new RestException(403); } elseif ($type == Categorie::TYPE_CONTACT && !DolibarrApiAccess::$user->rights->contact->lire) { - throw new RestException(401); + throw new RestException(403); } elseif ($type == Categorie::TYPE_CUSTOMER && !DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } elseif ($type == Categorie::TYPE_SUPPLIER && !DolibarrApiAccess::$user->rights->fournisseur->lire) { - throw new RestException(401); + throw new RestException(403); } elseif ($type == Categorie::TYPE_MEMBER && !DolibarrApiAccess::$user->rights->adherent->lire) { - throw new RestException(401); + throw new RestException(403); } elseif ($type == Categorie::TYPE_PROJECT && !DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } elseif ($type == Categorie::TYPE_KNOWLEDGEMANAGEMENT && !DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) { - throw new RestException(401); + throw new RestException(403); } $categories = $this->category->getListForItem($id, $type, $sortfield, $sortorder, $limit, $page); @@ -359,11 +359,11 @@ class Categories extends DolibarrApi public function linkObjectById($id, $type, $object_id) { if (empty($type) || empty($object_id)) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->category->fetch($id); @@ -373,27 +373,27 @@ class Categories extends DolibarrApi if ($type === Categorie::TYPE_PRODUCT) { if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) { - throw new RestException(401); + throw new RestException(403); } $object = new Product($this->db); } elseif ($type === Categorie::TYPE_CUSTOMER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_SUPPLIER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_CONTACT) { if (!DolibarrApiAccess::$user->rights->societe->contact->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { - throw new RestException(401); + throw new RestException(403); } $object = new Adherent($this->db); } else { @@ -421,7 +421,7 @@ class Categories extends DolibarrApi ); } - throw new RestException(401); + throw new RestException(403); } /** @@ -439,11 +439,11 @@ class Categories extends DolibarrApi public function linkObjectByRef($id, $type, $object_ref) { if (empty($type) || empty($object_ref)) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->category->fetch($id); @@ -453,27 +453,27 @@ class Categories extends DolibarrApi if ($type === Categorie::TYPE_PRODUCT) { if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) { - throw new RestException(401); + throw new RestException(403); } $object = new Product($this->db); } elseif ($type === Categorie::TYPE_CUSTOMER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_SUPPLIER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_CONTACT) { if (!DolibarrApiAccess::$user->rights->societe->contact->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { - throw new RestException(401); + throw new RestException(403); } $object = new Adherent($this->db); } else { @@ -501,7 +501,7 @@ class Categories extends DolibarrApi ); } - throw new RestException(401); + throw new RestException(403); } /** @@ -519,11 +519,11 @@ class Categories extends DolibarrApi public function unlinkObjectById($id, $type, $object_id) { if (empty($type) || empty($object_id)) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->category->fetch($id); @@ -533,27 +533,27 @@ class Categories extends DolibarrApi if ($type === Categorie::TYPE_PRODUCT) { if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) { - throw new RestException(401); + throw new RestException(403); } $object = new Product($this->db); } elseif ($type === Categorie::TYPE_CUSTOMER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_SUPPLIER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_CONTACT) { if (!DolibarrApiAccess::$user->rights->societe->contact->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { - throw new RestException(401); + throw new RestException(403); } $object = new Adherent($this->db); } else { @@ -579,7 +579,7 @@ class Categories extends DolibarrApi ); } - throw new RestException(401); + throw new RestException(403); } /** @@ -597,11 +597,11 @@ class Categories extends DolibarrApi public function unlinkObjectByRef($id, $type, $object_ref) { if (empty($type) || empty($object_ref)) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->category->fetch($id); @@ -611,27 +611,27 @@ class Categories extends DolibarrApi if ($type === Categorie::TYPE_PRODUCT) { if (!(DolibarrApiAccess::$user->rights->produit->creer || DolibarrApiAccess::$user->rights->service->creer)) { - throw new RestException(401); + throw new RestException(403); } $object = new Product($this->db); } elseif ($type === Categorie::TYPE_CUSTOMER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_SUPPLIER) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Societe($this->db); } elseif ($type === Categorie::TYPE_CONTACT) { if (!DolibarrApiAccess::$user->rights->societe->contact->creer) { - throw new RestException(401); + throw new RestException(403); } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { - throw new RestException(401); + throw new RestException(403); } $object = new Adherent($this->db); } else { @@ -657,7 +657,7 @@ class Categories extends DolibarrApi ); } - throw new RestException(401); + throw new RestException(403); } @@ -754,7 +754,7 @@ class Categories extends DolibarrApi dol_syslog("getObjects($id, $type, $onlyids)", LOG_DEBUG); if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } if (empty($type)) { diff --git a/htdocs/comm/propal/class/api_proposals.class.php b/htdocs/comm/propal/class/api_proposals.class.php index 27408b28a79..f280a7657a3 100644 --- a/htdocs/comm/propal/class/api_proposals.class.php +++ b/htdocs/comm/propal/class/api_proposals.class.php @@ -122,7 +122,7 @@ class Proposals extends DolibarrApi private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = 1) { if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id, $ref, $ref_ext); @@ -164,7 +164,7 @@ class Proposals extends DolibarrApi global $db, $conf; if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -289,7 +289,7 @@ class Proposals extends DolibarrApi public function getLines($id, $sqlfilters = '') { if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -331,7 +331,7 @@ class Proposals extends DolibarrApi public function postLine($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -397,7 +397,7 @@ class Proposals extends DolibarrApi public function postLines($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -477,7 +477,7 @@ class Proposals extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -555,7 +555,7 @@ class Proposals extends DolibarrApi public function deleteLine($id, $lineid) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -591,7 +591,7 @@ class Proposals extends DolibarrApi public function postContact($id, $contactid, $type) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -639,7 +639,7 @@ class Proposals extends DolibarrApi public function deleteContact($id, $contactid, $type) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -677,7 +677,7 @@ class Proposals extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); @@ -727,7 +727,7 @@ class Proposals extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->propal->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); if (!$result) { @@ -761,7 +761,7 @@ class Proposals extends DolibarrApi public function settodraft($id) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); if (!$result) { @@ -817,7 +817,7 @@ class Proposals extends DolibarrApi public function validate($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); if (!$result) { @@ -864,7 +864,7 @@ class Proposals extends DolibarrApi public function close($id, $status, $note_private = '', $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); if (!$result) { @@ -908,7 +908,7 @@ class Proposals extends DolibarrApi public function setinvoiced($id) { if (!DolibarrApiAccess::$user->rights->propal->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->propal->fetch($id); if (!$result) { diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index d3952d1db1f..8fd80322c00 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -119,7 +119,7 @@ class Orders extends DolibarrApi private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = 1) { if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id, $ref, $ref_ext); @@ -166,7 +166,7 @@ class Orders extends DolibarrApi public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $sqlfilterlines = '', $properties = '') { if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -306,7 +306,7 @@ class Orders extends DolibarrApi public function getLines($id) { if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -338,7 +338,7 @@ class Orders extends DolibarrApi public function postLine($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -405,7 +405,7 @@ class Orders extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -473,7 +473,7 @@ class Orders extends DolibarrApi public function deleteLine($id, $lineid) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -509,7 +509,7 @@ class Orders extends DolibarrApi public function getContacts($id, $type = '') { if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -542,7 +542,7 @@ class Orders extends DolibarrApi public function postContact($id, $contactid, $type) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -590,7 +590,7 @@ class Orders extends DolibarrApi public function deleteContact($id, $contactid, $type) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -632,7 +632,7 @@ class Orders extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); @@ -679,7 +679,7 @@ class Orders extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->commande->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); if (!$result) { @@ -727,7 +727,7 @@ class Orders extends DolibarrApi public function validate($id, $idwarehouse = 0, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); if (!$result) { @@ -778,7 +778,7 @@ class Orders extends DolibarrApi public function reopen($id) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Order ID is mandatory'); @@ -814,7 +814,7 @@ class Orders extends DolibarrApi public function setinvoiced($id) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Order ID is mandatory'); @@ -855,7 +855,7 @@ class Orders extends DolibarrApi public function close($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); if (!$result) { @@ -900,7 +900,7 @@ class Orders extends DolibarrApi public function settodraft($id, $idwarehouse = -1) { if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->commande->fetch($id); if (!$result) { @@ -952,10 +952,10 @@ class Orders extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($proposalid)) { throw new RestException(400, 'Proposal ID is mandatory'); @@ -993,7 +993,7 @@ class Orders extends DolibarrApi { require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; if (!DolibarrApiAccess::$user->rights->expedition->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); $sql = "SELECT e.rowid"; @@ -1049,7 +1049,7 @@ class Orders extends DolibarrApi { require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; if (!DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } if ($warehouse_id <= 0) { throw new RestException(404, 'Warehouse not found'); diff --git a/htdocs/compta/bank/class/api_bankaccounts.class.php b/htdocs/compta/bank/class/api_bankaccounts.class.php index 570eae80e46..b8f9f208e5a 100644 --- a/htdocs/compta/bank/class/api_bankaccounts.class.php +++ b/htdocs/compta/bank/class/api_bankaccounts.class.php @@ -68,7 +68,7 @@ class BankAccounts extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->rights->banque->lire) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT t.rowid FROM ".MAIN_DB_PREFIX."bank_account AS t LEFT JOIN ".MAIN_DB_PREFIX."bank_account_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields @@ -130,7 +130,7 @@ class BankAccounts extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->banque->lire) { - throw new RestException(401); + throw new RestException(403); } $account = new Account($this->db); @@ -151,7 +151,7 @@ class BankAccounts extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->banque->configurer) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields $result = $this->_validate($request_data); @@ -202,7 +202,7 @@ class BankAccounts extends DolibarrApi public function transfer($bankaccount_from_id = 0, $bankaccount_to_id = 0, $date = null, $description = "", $amount = 0.0, $amount_to = 0.0) { if (!DolibarrApiAccess::$user->rights->banque->configurer) { - throw new RestException(401); + throw new RestException(403); } require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; @@ -326,7 +326,7 @@ class BankAccounts extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->banque->configurer) { - throw new RestException(401); + throw new RestException(403); } $account = new Account($this->db); @@ -364,7 +364,7 @@ class BankAccounts extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->banque->configurer) { - throw new RestException(401); + throw new RestException(403); } $account = new Account($this->db); $result = $account->fetch($id); @@ -437,7 +437,7 @@ class BankAccounts extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->rights->banque->lire) { - throw new RestException(401); + throw new RestException(403); } $account = new Account($this->db); @@ -500,7 +500,7 @@ class BankAccounts extends DolibarrApi public function addLine($id, $date, $type, $label, $amount, $category = 0, $cheque_number = '', $cheque_writer = '', $cheque_bank = '', $accountancycode = '', $datev = null, $num_releve = '') { if (!DolibarrApiAccess::$user->rights->banque->modifier) { - throw new RestException(401); + throw new RestException(403); } $account = new Account($this->db); @@ -553,7 +553,7 @@ class BankAccounts extends DolibarrApi public function addLink($id, $line_id, $url_id, $url, $label, $type) { if (!DolibarrApiAccess::$user->rights->banque->modifier) { - throw new RestException(401); + throw new RestException(403); } $account = new Account($this->db); @@ -596,7 +596,7 @@ class BankAccounts extends DolibarrApi $list = array(); if (!DolibarrApiAccess::$user->rights->banque->lire) { - throw new RestException(401); + throw new RestException(403); } $account = new Account($this->db); diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index e7df4ff4342..602ea69f691 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -128,7 +128,7 @@ class Invoices extends DolibarrApi private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = 1) { if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id, $ref, $ref_ext); @@ -182,7 +182,7 @@ class Invoices extends DolibarrApi global $db, $conf; if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -333,10 +333,10 @@ class Invoices extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; if (!DolibarrApiAccess::$user->hasRight('commande', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($orderid)) { throw new RestException(400, 'Order ID is mandatory'); @@ -374,10 +374,10 @@ class Invoices extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; if (!DolibarrApiAccess::$user->hasRight('contrat', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($contractid)) { throw new RestException(400, 'Contract ID is mandatory'); @@ -408,7 +408,7 @@ class Invoices extends DolibarrApi public function getLines($id) { if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -444,7 +444,7 @@ class Invoices extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -515,7 +515,7 @@ class Invoices extends DolibarrApi public function postContact($id, $contactid, $type) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -563,7 +563,7 @@ class Invoices extends DolibarrApi public function deleteContact($id, $contactid, $type) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -608,7 +608,7 @@ class Invoices extends DolibarrApi public function deleteLine($id, $lineid) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($lineid)) { throw new RestException(400, 'Line ID is mandatory'); @@ -641,7 +641,7 @@ class Invoices extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -694,7 +694,7 @@ class Invoices extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->hasRight('facture', 'supprimer')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); if (!$result) { @@ -746,7 +746,7 @@ class Invoices extends DolibarrApi public function postLine($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -834,7 +834,7 @@ class Invoices extends DolibarrApi public function addContact($id, $fk_socpeople, $type_contact, $source, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); if (!$result) { @@ -882,7 +882,7 @@ class Invoices extends DolibarrApi public function settodraft($id, $idwarehouse = -1) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); if (!$result) { @@ -933,7 +933,7 @@ class Invoices extends DolibarrApi public function validate($id, $idwarehouse = 0, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); if (!$result) { @@ -982,7 +982,7 @@ class Invoices extends DolibarrApi public function settopaid($id, $close_code = '', $close_note = '') { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); if (!$result) { @@ -1031,7 +1031,7 @@ class Invoices extends DolibarrApi public function settounpaid($id) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); if (!$result) { @@ -1076,7 +1076,7 @@ class Invoices extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php'; if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -1119,7 +1119,7 @@ class Invoices extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php'; if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->invoice->fetch($id); @@ -1288,7 +1288,7 @@ class Invoices extends DolibarrApi public function useDiscount($id, $discountid) { if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Invoice ID is mandatory'); @@ -1335,7 +1335,7 @@ class Invoices extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php'; if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Invoice ID is mandatory'); @@ -1377,7 +1377,7 @@ class Invoices extends DolibarrApi public function getPayments($id) { if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Invoice ID is mandatory'); @@ -1681,7 +1681,7 @@ class Invoices extends DolibarrApi require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; if (!DolibarrApiAccess::$user->rights->facture->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Payment ID is mandatory'); @@ -1787,7 +1787,7 @@ class Invoices extends DolibarrApi private function _fetchTemplateInvoice($id, $ref = '', $ref_ext = '', $contact_list = 1) { if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->template_invoice->fetch($id, $ref, $ref_ext); diff --git a/htdocs/contrat/class/api_contracts.class.php b/htdocs/contrat/class/api_contracts.class.php index 4509aa4599a..64989ffb8a0 100644 --- a/htdocs/contrat/class/api_contracts.class.php +++ b/htdocs/contrat/class/api_contracts.class.php @@ -66,7 +66,7 @@ class Contracts extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->contrat->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -106,7 +106,7 @@ class Contracts extends DolibarrApi global $db, $conf; if (!DolibarrApiAccess::$user->rights->contrat->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -224,7 +224,7 @@ class Contracts extends DolibarrApi public function getLines($id) { if (!DolibarrApiAccess::$user->rights->contrat->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -256,7 +256,7 @@ class Contracts extends DolibarrApi public function postLine($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->contrat->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -314,7 +314,7 @@ class Contracts extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if (!DolibarrApiAccess::$user->rights->contrat->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -377,7 +377,7 @@ class Contracts extends DolibarrApi public function activateLine($id, $lineid, $datestart, $dateend = null, $comment = null) { if (!DolibarrApiAccess::$user->rights->contrat->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -415,7 +415,7 @@ class Contracts extends DolibarrApi public function unactivateLine($id, $lineid, $datestart, $comment = null) { if (!DolibarrApiAccess::$user->rights->contrat->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -455,7 +455,7 @@ class Contracts extends DolibarrApi public function deleteLine($id, $lineid) { if (!DolibarrApiAccess::$user->rights->contrat->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -488,7 +488,7 @@ class Contracts extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->contrat->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); @@ -617,7 +617,7 @@ class Contracts extends DolibarrApi public function close($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->contrat->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->contract->fetch($id); if (!$result) { diff --git a/htdocs/don/class/api_donations.class.php b/htdocs/don/class/api_donations.class.php index e43515e9161..b6ca758906b 100644 --- a/htdocs/don/class/api_donations.class.php +++ b/htdocs/don/class/api_donations.class.php @@ -63,7 +63,7 @@ class Donations extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->don->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->don->fetch($id); @@ -101,10 +101,8 @@ class Donations extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '') { - global $db, $conf; - if (!DolibarrApiAccess::$user->rights->don->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -219,7 +217,7 @@ class Donations extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->don->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->don->fetch($id); @@ -259,7 +257,7 @@ class Donations extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->don->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->don->fetch($id); @@ -299,7 +297,7 @@ class Donations extends DolibarrApi * @url POST {id}/validate * * @throws RestException 304 - * @throws RestException 401 + * @throws RestException 403 * @throws RestException 404 * @throws RestException 500 System error * @@ -308,7 +306,7 @@ class Donations extends DolibarrApi public function validate($id, $idwarehouse = 0, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->don->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->don->fetch($id); diff --git a/htdocs/expedition/class/api_shipments.class.php b/htdocs/expedition/class/api_shipments.class.php index bd7a7f495cd..e5cf55742c1 100644 --- a/htdocs/expedition/class/api_shipments.class.php +++ b/htdocs/expedition/class/api_shipments.class.php @@ -65,7 +65,7 @@ class Shipments extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->expedition->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); @@ -104,7 +104,7 @@ class Shipments extends DolibarrApi global $db, $conf; if (!DolibarrApiAccess::$user->rights->expedition->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -225,7 +225,7 @@ class Shipments extends DolibarrApi public function getLines($id) { if(! DolibarrApiAccess::$user->rights->expedition->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); @@ -259,7 +259,7 @@ class Shipments extends DolibarrApi public function postLine($id, $request_data = null) { if(! DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); @@ -327,7 +327,7 @@ class Shipments extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if (! DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); @@ -394,7 +394,7 @@ class Shipments extends DolibarrApi public function deleteLine($id, $lineid) { if (!DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); @@ -427,7 +427,7 @@ class Shipments extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); @@ -468,7 +468,7 @@ class Shipments extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->expedition->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); if (!$result) { @@ -513,7 +513,7 @@ class Shipments extends DolibarrApi public function validate($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); if (!$result) { @@ -559,7 +559,7 @@ class Shipments extends DolibarrApi { if(! DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } if(empty($id)) { throw new RestException(400, 'Shipment ID is mandatory'); @@ -598,10 +598,10 @@ class Shipments extends DolibarrApi require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php'; if(! DolibarrApiAccess::$user->rights->expedition->lire) { - throw new RestException(401); + throw new RestException(403); } if(! DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } if(empty($proposalid)) { throw new RestException(400, 'Order ID is mandatory'); @@ -635,7 +635,7 @@ class Shipments extends DolibarrApi public function close($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->expedition->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->shipment->fetch($id); diff --git a/htdocs/expensereport/class/api_expensereports.class.php b/htdocs/expensereport/class/api_expensereports.class.php index 124e591a97f..3fb000275bb 100644 --- a/htdocs/expensereport/class/api_expensereports.class.php +++ b/htdocs/expensereport/class/api_expensereports.class.php @@ -65,7 +65,7 @@ class ExpenseReports extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->expensereport->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); @@ -100,7 +100,7 @@ class ExpenseReports extends DolibarrApi global $db, $conf; if (!DolibarrApiAccess::$user->rights->expensereport->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -206,7 +206,7 @@ class ExpenseReports extends DolibarrApi public function getLines($id) { if(! DolibarrApiAccess::$user->rights->expensereport->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); @@ -240,7 +240,7 @@ class ExpenseReports extends DolibarrApi public function postLine($id, $request_data = null) { if(! DolibarrApiAccess::$user->rights->expensereport->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); @@ -308,7 +308,7 @@ class ExpenseReports extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if(! DolibarrApiAccess::$user->rights->expensereport->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); @@ -372,7 +372,7 @@ class ExpenseReports extends DolibarrApi public function deleteLine($id, $lineid) { if(! DolibarrApiAccess::$user->rights->expensereport->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); @@ -409,7 +409,7 @@ class ExpenseReports extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->expensereport->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); @@ -450,7 +450,7 @@ class ExpenseReports extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->expensereport->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); @@ -493,7 +493,7 @@ class ExpenseReports extends DolibarrApi public function validate($id, $idwarehouse=0) { if(! DolibarrApiAccess::$user->rights->expensereport->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->expensereport->fetch($id); diff --git a/htdocs/fichinter/class/api_interventions.class.php b/htdocs/fichinter/class/api_interventions.class.php index f3a6a96f1cc..1b8fe55f45a 100644 --- a/htdocs/fichinter/class/api_interventions.class.php +++ b/htdocs/fichinter/class/api_interventions.class.php @@ -79,7 +79,7 @@ class Interventions extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->ficheinter->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->fichinter->fetch($id); @@ -99,23 +99,21 @@ class Interventions extends DolibarrApi * List of interventions * Return a list of interventions * - * @param string $sortfield Sort field - * @param string $sortorder Sort order - * @param int $limit Limit for list - * @param int $page Page number - * @param string $thirdparty_ids Thirdparty ids to filter orders of (example '1' or '1,2,3') {@pattern /^[0-9,]*$/i} - * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" - * @param string $properties Restrict the data returned to these properties. Ignored if empty. Comma separated list of properties names - * @return array Array of order objects + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Limit for list + * @param int $page Page number + * @param string $thirdparty_ids Thirdparty ids to filter orders of (example '1' or '1,2,3') {@pattern /^[0-9,]*$/i} + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @param string $properties Restrict the data returned to these properties. Ignored if empty. Comma separated list of properties names + * @return array Array of order objects * * @throws RestException */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '') { - global $db, $conf; - if (!DolibarrApiAccess::$user->rights->ficheinter->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -228,7 +226,7 @@ class Interventions extends DolibarrApi public function getLines($id) { if(! DolibarrApiAccess::$user->rights->ficheinter->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->fichinter->fetch($id); @@ -308,7 +306,7 @@ class Interventions extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->ficheinter->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->fichinter->fetch($id); if (!$result) { diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index c878b910159..bcc657c5a7f 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -64,7 +64,7 @@ class SupplierOrders extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "lire")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); @@ -102,7 +102,7 @@ class SupplierOrders extends DolibarrApi public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $product_ids = '', $status = '', $sqlfilters = '', $sqlfilterlines = '', $properties = '') { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "lire")) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -264,7 +264,7 @@ class SupplierOrders extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); @@ -313,7 +313,7 @@ class SupplierOrders extends DolibarrApi public function getContacts($id, $source, $type = '') { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "lire")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); @@ -356,7 +356,7 @@ class SupplierOrders extends DolibarrApi public function postContact($id, $contactid, $type, $source) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); @@ -405,7 +405,7 @@ class SupplierOrders extends DolibarrApi public function deleteContact($id, $contactid, $type, $source) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); @@ -454,7 +454,7 @@ class SupplierOrders extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "supprimer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); if (!$result) { @@ -499,7 +499,7 @@ class SupplierOrders extends DolibarrApi public function validate($id, $idwarehouse = 0, $notrigger = 0) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); if (!$result) { @@ -547,7 +547,7 @@ class SupplierOrders extends DolibarrApi public function approve($id, $idwarehouse = 0, $secondlevel = 0) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); if (!$result) { @@ -598,7 +598,7 @@ class SupplierOrders extends DolibarrApi public function makeOrder($id, $date, $method, $comment = '') { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); if (!$result) { @@ -661,7 +661,7 @@ class SupplierOrders extends DolibarrApi public function receiveOrder($id, $closeopenorder, $comment, $lines) { if (!DolibarrApiAccess::$user->hasRight("fournisseur", "commande", "creer") && !DolibarrApiAccess::$user->hasRight("supplier_order", "creer")) { - throw new RestException(401); + throw new RestException(403); } $result = $this->order->fetch($id); if (!$result) { diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php index 0a93db98404..ceae56fd3fd 100644 --- a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php +++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php @@ -65,13 +65,13 @@ class KnowledgeManagement extends DolibarrApi * * @url GET knowledgerecords/{id} * - * @throws RestException 401 Not allowed + * @throws RestException 403 Not allowed * @throws RestException 404 Not found */ public function get($id) { if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->knowledgerecord->fetch($id); @@ -80,7 +80,7 @@ class KnowledgeManagement extends DolibarrApi } if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { - throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + throw new RestException(403, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); } return $this->_cleanObjectDatas($this->knowledgerecord); @@ -102,7 +102,7 @@ class KnowledgeManagement extends DolibarrApi public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $categories = new Categorie($this->db); @@ -140,7 +140,7 @@ class KnowledgeManagement extends DolibarrApi $tmpobject = new KnowledgeRecord($this->db); if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) { - throw new RestException(401); + throw new RestException(403); } $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; @@ -229,7 +229,7 @@ class KnowledgeManagement extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'write')) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields @@ -268,7 +268,7 @@ class KnowledgeManagement extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'write')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->knowledgerecord->fetch($id); @@ -316,7 +316,7 @@ class KnowledgeManagement extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->hasRight('knowledgemanagement', 'knowledgerecord', 'delete')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->knowledgerecord->fetch($id); if (!$result) { diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index 1c8435d65cf..a339ecad597 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -64,7 +64,7 @@ class Mos extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->mrp->read) { - throw new RestException(401); + throw new RestException(403); } $result = $this->mo->fetch($id); @@ -73,7 +73,7 @@ class Mos extends DolibarrApi } if (!DolibarrApi::_checkAccessToResource('mrp', $this->mo->id, 'mrp_mo')) { - throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); + throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } return $this->_cleanObjectDatas($this->mo); @@ -97,10 +97,8 @@ class Mos extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - if (!DolibarrApiAccess::$user->rights->mrp->read) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -180,7 +178,7 @@ class Mos extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->mrp->write) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields $result = $this->_validate($request_data); @@ -214,7 +212,7 @@ class Mos extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->mrp->write) { - throw new RestException(401); + throw new RestException(403); } $result = $this->mo->fetch($id); @@ -257,7 +255,7 @@ class Mos extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->mrp->delete) { - throw new RestException(401); + throw new RestException(403); } $result = $this->mo->fetch($id); if (!$result) { diff --git a/htdocs/partnership/class/api_partnerships.class.php b/htdocs/partnership/class/api_partnerships.class.php index 4ac8c70dba3..e161f5b154f 100644 --- a/htdocs/partnership/class/api_partnerships.class.php +++ b/htdocs/partnership/class/api_partnerships.class.php @@ -63,13 +63,13 @@ class Partnerships extends DolibarrApi * * @url GET partnerships/{id} * - * @throws RestException 401 Not allowed + * @throws RestException 403 Not allowed * @throws RestException 404 Not found */ public function get($id) { if (!DolibarrApiAccess::$user->rights->partnership->read) { - throw new RestException(401); + throw new RestException(403); } $result = $this->partnership->fetch($id); @@ -104,13 +104,11 @@ class Partnerships extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - $obj_ret = array(); $tmpobject = new Partnership($this->db); if (!DolibarrApiAccess::$user->rights->partnership->read) { - throw new RestException(401); + throw new RestException(403); } $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; @@ -191,7 +189,7 @@ class Partnerships extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->partnership->write) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields @@ -230,7 +228,7 @@ class Partnerships extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->partnership->write) { - throw new RestException(401); + throw new RestException(403); } $result = $this->partnership->fetch($id); @@ -278,7 +276,7 @@ class Partnerships extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->partnership->delete) { - throw new RestException(401); + throw new RestException(403); } $result = $this->partnership->fetch($id); if (!$result) { diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index 7ff9f8403d4..ced1acc3509 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -307,7 +307,7 @@ class Products extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields $result = $this->_validate($request_data); @@ -344,7 +344,7 @@ class Products extends DolibarrApi global $conf; if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->product->fetch($id); @@ -447,7 +447,7 @@ class Products extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->produit->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->product->fetch($id); if (!$result) { @@ -492,7 +492,7 @@ class Products extends DolibarrApi public function getSubproducts($id) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApi::_checkAccessToResource('product', $id)) { @@ -530,7 +530,7 @@ class Products extends DolibarrApi public function addSubproducts($id, $subproduct_id, $qty, $incdec = 1) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApi::_checkAccessToResource('product', $id)) { @@ -560,7 +560,7 @@ class Products extends DolibarrApi public function delSubproducts($id, $subproduct_id) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApi::_checkAccessToResource('product', $id)) { @@ -591,7 +591,7 @@ class Products extends DolibarrApi public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $categories = new Categorie($this->db); @@ -619,7 +619,7 @@ class Products extends DolibarrApi global $conf; if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } if (!getDolGlobalString('PRODUIT_MULTIPRICES')) { @@ -661,7 +661,7 @@ class Products extends DolibarrApi global $conf; if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } if (!getDolGlobalString('PRODUIT_CUSTOMER_PRICES')) { @@ -710,7 +710,7 @@ class Products extends DolibarrApi global $conf; if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } if (!getDolGlobalString('PRODUIT_CUSTOMER_PRICES_BY_QTY')) { @@ -768,7 +768,7 @@ class Products extends DolibarrApi public function addPurchasePrice($id, $qty, $buyprice, $price_base_type, $fourn_id, $availability, $ref_fourn, $tva_tx, $charges = 0, $remise_percent = 0, $remise = 0, $newnpr = 0, $delivery_time_days = 0, $supplier_reputation = '', $localtaxes_array = array(), $newdefaultvatcode = '', $multicurrency_buyprice = 0, $multicurrency_price_base_type = 'HT', $multicurrency_tx = 1, $multicurrency_code = '', $desc_fourn = '', $barcode = '', $fk_barcode_type = null) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->productsupplier->fetch($id); @@ -826,7 +826,7 @@ class Products extends DolibarrApi public function deletePurchasePrice($id, $priceid) { if (!DolibarrApiAccess::$user->rights->produit->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->productsupplier->fetch($id); if (!$result) { @@ -865,7 +865,7 @@ class Products extends DolibarrApi global $db, $conf; if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -1026,7 +1026,7 @@ class Products extends DolibarrApi public function getAttributes($sortfield = "t.ref", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT t.rowid, t.ref, t.ref_ext, t.label, t.position, t.entity"; @@ -1088,7 +1088,7 @@ class Products extends DolibarrApi public function getAttributeById($id) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $prodattr = new ProductAttribute($this->db); @@ -1131,7 +1131,7 @@ class Products extends DolibarrApi public function getAttributesByRef($ref) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $ref = trim($ref); @@ -1181,7 +1181,7 @@ class Products extends DolibarrApi public function getAttributesByRefExt($ref_ext) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $ref_ext = trim($ref_ext); @@ -1233,7 +1233,7 @@ class Products extends DolibarrApi public function addAttributes($ref, $label, $ref_ext = '') { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } $prodattr = new ProductAttribute($this->db); @@ -1265,7 +1265,7 @@ class Products extends DolibarrApi public function putAttributes($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } $prodattr = new ProductAttribute($this->db); @@ -1317,7 +1317,7 @@ class Products extends DolibarrApi public function deleteAttributes($id) { if (!DolibarrApiAccess::$user->rights->produit->supprimer) { - throw new RestException(401); + throw new RestException(403); } $prodattr = new ProductAttribute($this->db); @@ -1345,7 +1345,7 @@ class Products extends DolibarrApi public function getAttributeValueById($id) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid, fk_product_attribute, ref, value FROM ".$this->db->prefix()."product_attribute_value WHERE rowid = ".(int) $id." AND entity IN (".getEntity('product').")"; @@ -1353,7 +1353,7 @@ class Products extends DolibarrApi $query = $this->db->query($sql); if (!$query) { - throw new RestException(401); + throw new RestException(403); } if (!$this->db->num_rows($query)) { @@ -1386,7 +1386,7 @@ class Products extends DolibarrApi public function getAttributeValueByRef($id, $ref) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $ref = trim($ref); @@ -1397,7 +1397,7 @@ class Products extends DolibarrApi $query = $this->db->query($sql); if (!$query) { - throw new RestException(401); + throw new RestException(403); } if (!$this->db->num_rows($query)) { @@ -1429,7 +1429,7 @@ class Products extends DolibarrApi public function deleteAttributeValueByRef($id, $ref) { if (!DolibarrApiAccess::$user->rights->produit->supprimer) { - throw new RestException(401); + throw new RestException(403); } $ref = trim($ref); @@ -1439,7 +1439,7 @@ class Products extends DolibarrApi $query = $this->db->query($sql); if (!$query) { - throw new RestException(401); + throw new RestException(403); } if (!$this->db->num_rows($query)) { @@ -1472,7 +1472,7 @@ class Products extends DolibarrApi public function getAttributeValues($id) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $objectval = new ProductAttributeValue($this->db); @@ -1503,7 +1503,7 @@ class Products extends DolibarrApi public function getAttributeValuesByRef($ref) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $ref = trim($ref); @@ -1545,11 +1545,11 @@ class Products extends DolibarrApi public function addAttributeValue($id, $ref, $value) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($ref) || empty($value)) { - throw new RestException(401); + throw new RestException(403); } $objectval = new ProductAttributeValue($this->db); @@ -1578,7 +1578,7 @@ class Products extends DolibarrApi public function putAttributeValue($id, $request_data) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } $objectval = new ProductAttributeValue($this->db); @@ -1630,7 +1630,7 @@ class Products extends DolibarrApi public function deleteAttributeValueById($id) { if (!DolibarrApiAccess::$user->rights->produit->supprimer) { - throw new RestException(401); + throw new RestException(403); } $objectval = new ProductAttributeValue($this->db); @@ -1657,7 +1657,7 @@ class Products extends DolibarrApi public function getVariants($id, $includestock = 0) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $prodcomb = new ProductCombination($this->db); @@ -1693,7 +1693,7 @@ class Products extends DolibarrApi public function getVariantsByProdRef($ref) { if (!DolibarrApiAccess::$user->rights->produit->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->product->fetch('', $ref); @@ -1736,7 +1736,7 @@ class Products extends DolibarrApi public function addVariant($id, $weight_impact, $price_impact, $price_impact_is_percent, $features, $reference = '', $ref_ext = '') { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { @@ -1797,11 +1797,11 @@ class Products extends DolibarrApi public function addVariantByProductRef($ref, $weight_impact, $price_impact, $price_impact_is_percent, $features) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } if (empty($ref) || empty($features) || !is_array($features)) { - throw new RestException(401); + throw new RestException(403); } $weight_impact = price2num($weight_impact); @@ -1851,7 +1851,7 @@ class Products extends DolibarrApi public function putVariant($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->produit->creer) { - throw new RestException(401); + throw new RestException(403); } $prodcomb = new ProductCombination($this->db); @@ -1891,7 +1891,7 @@ class Products extends DolibarrApi public function deleteVariant($id) { if (!DolibarrApiAccess::$user->rights->produit->supprimer) { - throw new RestException(401); + throw new RestException(403); } $prodcomb = new ProductCombination($this->db); @@ -1920,7 +1920,7 @@ class Products extends DolibarrApi public function getStock($id, $selected_warehouse_id = null) { if (!DolibarrApiAccess::$user->rights->produit->lire || !DolibarrApiAccess::$user->rights->stock->lire) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApi::_checkAccessToResource('product', $id)) { diff --git a/htdocs/product/stock/class/api_stockmovements.class.php b/htdocs/product/stock/class/api_stockmovements.class.php index 2fcead94fbb..38e0ba177b2 100644 --- a/htdocs/product/stock/class/api_stockmovements.class.php +++ b/htdocs/product/stock/class/api_stockmovements.class.php @@ -66,7 +66,7 @@ class StockMovements extends DolibarrApi public function get($id) { if(! DolibarrApiAccess::$user->rights->stock->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->stockmovement->fetch($id); @@ -101,7 +101,7 @@ class StockMovements extends DolibarrApi $obj_ret = array(); if (!DolibarrApiAccess::$user->rights->stock->lire) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT t.rowid"; @@ -176,7 +176,7 @@ class StockMovements extends DolibarrApi public function post($product_id, $warehouse_id, $qty, $type = 2, $lot = '', $movementcode = '', $movementlabel = '', $price = '', $datem = '', $dlc = '', $dluo = '', $origin_type = '', $origin_id = 0) { if (!DolibarrApiAccess::$user->rights->stock->creer) { - throw new RestException(401); + throw new RestException(403); } if ($qty == 0) { @@ -219,7 +219,7 @@ class StockMovements extends DolibarrApi public function put($id, $request_data = null) { if(! DolibarrApiAccess::$user->rights->stock->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->stockmovement->fetch($id); @@ -252,7 +252,7 @@ class StockMovements extends DolibarrApi public function delete($id) { if(! DolibarrApiAccess::$user->rights->stock->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->stockmovement->fetch($id); if( ! $result ) { diff --git a/htdocs/product/stock/class/api_warehouses.class.php b/htdocs/product/stock/class/api_warehouses.class.php index 37f0d39065f..a8ef5480eee 100644 --- a/htdocs/product/stock/class/api_warehouses.class.php +++ b/htdocs/product/stock/class/api_warehouses.class.php @@ -63,7 +63,7 @@ class Warehouses extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->stock->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->warehouse->fetch($id); @@ -101,7 +101,7 @@ class Warehouses extends DolibarrApi $obj_ret = array(); if (!DolibarrApiAccess::$user->rights->stock->lire) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT t.rowid"; @@ -164,7 +164,7 @@ class Warehouses extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->stock->creer) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields @@ -195,7 +195,7 @@ class Warehouses extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->stock->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->warehouse->fetch($id); @@ -236,7 +236,7 @@ class Warehouses extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->stock->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->warehouse->fetch($id); if (!$result) { diff --git a/htdocs/projet/class/api_projects.class.php b/htdocs/projet/class/api_projects.class.php index 8a7c4e6fed2..4c1dc29350d 100644 --- a/htdocs/projet/class/api_projects.class.php +++ b/htdocs/projet/class/api_projects.class.php @@ -72,7 +72,7 @@ class Projects extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -108,7 +108,7 @@ class Projects extends DolibarrApi public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $category = 0, $sqlfilters = '', $properties = '') { if (!DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -235,7 +235,7 @@ class Projects extends DolibarrApi public function getLines($id, $includetimespent = 0) { if (!DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -275,7 +275,7 @@ class Projects extends DolibarrApi global $db; if (!DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -318,7 +318,7 @@ class Projects extends DolibarrApi public function postLine($id, $request_data = null) { if(! DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -385,7 +385,7 @@ class Projects extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if(! DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -446,7 +446,7 @@ class Projects extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -487,7 +487,7 @@ class Projects extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->projet->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); if (!$result) { @@ -531,7 +531,7 @@ class Projects extends DolibarrApi public function validate($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); if (!$result) { diff --git a/htdocs/projet/class/api_tasks.class.php b/htdocs/projet/class/api_tasks.class.php index 2604bfc7aab..43f5973c6f8 100644 --- a/htdocs/projet/class/api_tasks.class.php +++ b/htdocs/projet/class/api_tasks.class.php @@ -68,7 +68,7 @@ class Tasks extends DolibarrApi public function get($id, $includetimespent = 0) { if (!DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->task->fetch($id); @@ -110,7 +110,7 @@ class Tasks extends DolibarrApi global $db, $conf; if (!DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -230,7 +230,7 @@ class Tasks extends DolibarrApi public function getLines($id, $includetimespent=0) { if(! DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -275,7 +275,7 @@ class Tasks extends DolibarrApi global $db; if (!DolibarrApiAccess::$user->rights->projet->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->task->fetch($id); @@ -316,7 +316,7 @@ class Tasks extends DolibarrApi public function postLine($id, $request_data = null) { if(! DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -383,7 +383,7 @@ class Tasks extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if(! DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->project->fetch($id); @@ -443,7 +443,7 @@ class Tasks extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->task->fetch($id); @@ -484,7 +484,7 @@ class Tasks extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->projet->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->task->fetch($id); if (!$result) { @@ -527,7 +527,7 @@ class Tasks extends DolibarrApi public function addTimeSpent($id, $date, $duration, $user_id = 0, $note = '') { if (!DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->task->fetch($id); if ($result <= 0) { @@ -586,7 +586,7 @@ class Tasks extends DolibarrApi public function putTimeSpent($id, $timespent_id, $date, $duration, $user_id = 0, $note = '') { if (!DolibarrApiAccess::$user->rights->projet->creer) { - throw new RestException(401); + throw new RestException(403); } $this->timespentRecordChecks($id, $timespent_id); @@ -631,7 +631,7 @@ class Tasks extends DolibarrApi public function deleteTimeSpent($id, $timespent_id) { if (!DolibarrApiAccess::$user->rights->projet->supprimer) { - throw new RestException(401); + throw new RestException(403); } $this->timespentRecordChecks($id, $timespent_id); diff --git a/htdocs/reception/class/api_receptions.class.php b/htdocs/reception/class/api_receptions.class.php index 6255b18d722..c587e97fd40 100644 --- a/htdocs/reception/class/api_receptions.class.php +++ b/htdocs/reception/class/api_receptions.class.php @@ -64,7 +64,7 @@ class Receptions extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->reception->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); @@ -101,7 +101,7 @@ class Receptions extends DolibarrApi public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '') { if (!DolibarrApiAccess::$user->rights->reception->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -222,7 +222,7 @@ class Receptions extends DolibarrApi public function getLines($id) { if(! DolibarrApiAccess::$user->rights->reception->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); @@ -256,7 +256,7 @@ class Receptions extends DolibarrApi public function postLine($id, $request_data = null) { if(! DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); @@ -324,7 +324,7 @@ class Receptions extends DolibarrApi public function putLine($id, $lineid, $request_data = null) { if (! DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); @@ -389,7 +389,7 @@ class Receptions extends DolibarrApi public function deleteLine($id, $lineid) { if (!DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); @@ -426,7 +426,7 @@ class Receptions extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); @@ -466,7 +466,7 @@ class Receptions extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->reception->supprimer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); if (!$result) { @@ -511,7 +511,7 @@ class Receptions extends DolibarrApi public function validate($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); if (!$result) { @@ -557,7 +557,7 @@ class Receptions extends DolibarrApi { if(! DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } if(empty($id)) { throw new RestException(400, 'Reception ID is mandatory'); @@ -596,10 +596,10 @@ class Receptions extends DolibarrApi require_once DOL_DOCUMENT_ROOT . '/commande/class/commande.class.php'; if(! DolibarrApiAccess::$user->rights->reception->lire) { - throw new RestException(401); + throw new RestException(403); } if(! DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } if(empty($proposalid)) { throw new RestException(400, 'Order ID is mandatory'); @@ -633,7 +633,7 @@ class Receptions extends DolibarrApi public function close($id, $notrigger = 0) { if (!DolibarrApiAccess::$user->rights->reception->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->reception->fetch($id); diff --git a/htdocs/recruitment/class/api_recruitments.class.php b/htdocs/recruitment/class/api_recruitments.class.php index 88c7c54488e..53245b17ef8 100644 --- a/htdocs/recruitment/class/api_recruitments.class.php +++ b/htdocs/recruitment/class/api_recruitments.class.php @@ -77,7 +77,7 @@ class Recruitments extends DolibarrApi public function getJobPosition($id) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->jobposition->fetch($id); @@ -108,7 +108,7 @@ class Recruitments extends DolibarrApi public function getCandidature($id) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->candidature->fetch($id); @@ -147,7 +147,7 @@ class Recruitments extends DolibarrApi $tmpobject = new RecruitmentJobPosition($this->db); if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) { - throw new RestException(401); + throw new RestException(403); } $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; @@ -239,7 +239,7 @@ class Recruitments extends DolibarrApi $tmpobject = new RecruitmentCandidature($this->db); if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'read')) { - throw new RestException(401); + throw new RestException(403); } $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; @@ -320,7 +320,7 @@ class Recruitments extends DolibarrApi public function postJobPosition($request_data = null) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields @@ -358,7 +358,7 @@ class Recruitments extends DolibarrApi public function postCandidature($request_data = null) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields @@ -397,7 +397,7 @@ class Recruitments extends DolibarrApi public function putJobPosition($id, $request_data = null) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->jobposition->fetch($id); @@ -446,7 +446,7 @@ class Recruitments extends DolibarrApi public function putCandidature($id, $request_data = null) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'write')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->candidature->fetch($id); @@ -495,7 +495,7 @@ class Recruitments extends DolibarrApi public function deleteJobPosition($id) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'delete')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->jobposition->fetch($id); if (!$result) { @@ -531,7 +531,7 @@ class Recruitments extends DolibarrApi public function deleteCandidature($id) { if (!DolibarrApiAccess::$user->hasRight('recruitment', 'recruitmentjobposition', 'delete')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->candidature->fetch($id); if (!$result) { diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index 0a47ebe25eb..3a05843410b 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -393,7 +393,7 @@ class Contacts extends DolibarrApi public function createUser($id, $request_data = null) { //if (!DolibarrApiAccess::$user->hasRight('user', 'user', 'creer')) { - //throw new RestException(401); + //throw new RestException(403); //} if (!isset($request_data["login"])) { @@ -450,7 +450,7 @@ class Contacts extends DolibarrApi public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $categories = new Categorie($this->db); diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index c9adc61efb5..d4f783470bd 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -135,7 +135,7 @@ class Thirdparties extends DolibarrApi $obj_ret = array(); if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } // case of external user, we force socids @@ -245,7 +245,7 @@ class Thirdparties extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields $result = $this->_validate($request_data); @@ -280,7 +280,7 @@ class Thirdparties extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); @@ -341,7 +341,7 @@ class Thirdparties extends DolibarrApi } if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); // include the fetch of extra fields @@ -381,7 +381,7 @@ class Thirdparties extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->hasRight('societe', 'supprimer')) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); if (!$result) { @@ -482,7 +482,7 @@ class Thirdparties extends DolibarrApi public function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); @@ -517,7 +517,7 @@ class Thirdparties extends DolibarrApi public function addCategory($id, $category_id) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); @@ -555,7 +555,7 @@ class Thirdparties extends DolibarrApi public function deleteCategory($id, $category_id) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); @@ -596,7 +596,7 @@ class Thirdparties extends DolibarrApi public function getSupplierCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { if (!DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); @@ -632,7 +632,7 @@ class Thirdparties extends DolibarrApi public function addSupplierCategory($id, $category_id) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); @@ -670,7 +670,7 @@ class Thirdparties extends DolibarrApi public function deleteSupplierCategory($id, $category_id) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $result = $this->company->fetch($id); @@ -713,7 +713,7 @@ class Thirdparties extends DolibarrApi public function getOutStandingProposals($id, $mode = 'customer') { if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { @@ -755,7 +755,7 @@ class Thirdparties extends DolibarrApi public function getOutStandingOrder($id, $mode = 'customer') { if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { @@ -796,7 +796,7 @@ class Thirdparties extends DolibarrApi public function getOutStandingInvoices($id, $mode = 'customer') { if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { @@ -837,7 +837,7 @@ class Thirdparties extends DolibarrApi public function getSalesRepresentatives($id, $mode = 0) { if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { @@ -880,7 +880,7 @@ class Thirdparties extends DolibarrApi $obj_ret = array(); if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { @@ -940,7 +940,7 @@ class Thirdparties extends DolibarrApi public function getInvoicesQualifiedForReplacement($id) { if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Thirdparty ID is mandatory'); @@ -983,7 +983,7 @@ class Thirdparties extends DolibarrApi public function getInvoicesQualifiedForCreditNote($id) { if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Thirdparty ID is mandatory'); @@ -1019,7 +1019,7 @@ class Thirdparties extends DolibarrApi public function getCompanyBankAccount($id) { if (!DolibarrApiAccess::$user->rights->societe->lire) { - throw new RestException(401); + throw new RestException(403); } if (empty($id)) { throw new RestException(400, 'Thirdparty ID is mandatory'); @@ -1094,7 +1094,7 @@ class Thirdparties extends DolibarrApi public function createCompanyBankAccount($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } if ($this->company->fetch($id) <= 0) { throw new RestException(404, 'Error creating Company Bank account, Company doesn\'t exists'); @@ -1145,7 +1145,7 @@ class Thirdparties extends DolibarrApi public function updateCompanyBankAccount($id, $bankaccount_id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } if ($this->company->fetch($id) <= 0) { throw new RestException(404, 'Error creating Company Bank account, Company doesn\'t exists'); @@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi $account->fetch($bankaccount_id, $id, -1, ''); if ($account->socid != $id) { - throw new RestException(401); + throw new RestException(403); } @@ -1196,7 +1196,7 @@ class Thirdparties extends DolibarrApi public function deleteCompanyBankAccount($id, $bankaccount_id) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $account = new CompanyBankAccount($this->db); @@ -1204,7 +1204,7 @@ class Thirdparties extends DolibarrApi $account->fetch($bankaccount_id); if (!$account->socid == $id) { - throw new RestException(401); + throw new RestException(403); } return $account->delete(DolibarrApiAccess::$user); @@ -1231,7 +1231,7 @@ class Thirdparties extends DolibarrApi } if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $this->company->setDocModel(DolibarrApiAccess::$user, $model); @@ -1316,7 +1316,7 @@ class Thirdparties extends DolibarrApi public function getSocieteAccounts($id, $site = null) { if (!DolibarrApiAccess::$user->hasRight('societe', 'lire')) { - throw new RestException(401); + throw new RestException(403); } if (!DolibarrApi::_checkAccessToResource('societe', $id)) { @@ -1392,7 +1392,7 @@ class Thirdparties extends DolibarrApi public function createSocieteAccount($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } if (!isset($request_data['site'])) { @@ -1456,7 +1456,7 @@ class Thirdparties extends DolibarrApi public function putSocieteAccount($id, $site, $request_data = null) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid, fk_user_creat, date_creation FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '".$this->db->escape($site)."'"; @@ -1550,7 +1550,7 @@ class Thirdparties extends DolibarrApi public function patchSocieteAccount($id, $site, $request_data = null) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($site)."'"; @@ -1609,7 +1609,7 @@ class Thirdparties extends DolibarrApi public function deleteSocieteAccount($id, $site) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '".$this->db->escape($site)."'"; @@ -1643,7 +1643,7 @@ class Thirdparties extends DolibarrApi public function deleteSocieteAccounts($id) { if (!DolibarrApiAccess::$user->rights->societe->creer) { - throw new RestException(401); + throw new RestException(403); } /** diff --git a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php index b89ca55d36c..be4140a8638 100644 --- a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php +++ b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php @@ -64,7 +64,7 @@ class SupplierProposals extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->supplier_proposal->lire) { - throw new RestException(401); + throw new RestException(403); } $result = $this->supplier_proposal->fetch($id); @@ -97,7 +97,7 @@ class SupplierProposals extends DolibarrApi public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '') { if (!DolibarrApiAccess::$user->rights->supplier_proposal->lire) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php index ea8b54d139e..e4641f65b4a 100644 --- a/htdocs/ticket/class/api_tickets.class.php +++ b/htdocs/ticket/class/api_tickets.class.php @@ -285,7 +285,7 @@ class Tickets extends DolibarrApi { $ticketstatic = new Ticket($this->db); if (!DolibarrApiAccess::$user->rights->ticket->write) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields $result = $this->_validate($request_data); @@ -324,7 +324,7 @@ class Tickets extends DolibarrApi { $ticketstatic = new Ticket($this->db); if (!DolibarrApiAccess::$user->rights->ticket->write) { - throw new RestException(401); + throw new RestException(403); } // Check mandatory fields $result = $this->_validateMessage($request_data); @@ -361,7 +361,7 @@ class Tickets extends DolibarrApi public function put($id, $request_data = null) { if (!DolibarrApiAccess::$user->rights->ticket->write) { - throw new RestException(401); + throw new RestException(403); } $result = $this->ticket->fetch($id); @@ -400,7 +400,7 @@ class Tickets extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->ticket->delete) { - throw new RestException(401); + throw new RestException(403); } $result = $this->ticket->fetch($id); if (!$result) { diff --git a/htdocs/zapier/class/api_zapier.class.php b/htdocs/zapier/class/api_zapier.class.php index a0ef0d7761b..5ad9cc9cb5a 100644 --- a/htdocs/zapier/class/api_zapier.class.php +++ b/htdocs/zapier/class/api_zapier.class.php @@ -76,7 +76,7 @@ class Zapier extends DolibarrApi public function get($id) { if (!DolibarrApiAccess::$user->rights->zapier->read) { - throw new RestException(401); + throw new RestException(403); } $result = $this->hook->fetch($id); @@ -104,7 +104,7 @@ class Zapier extends DolibarrApi public function getModulesChoices() { if (!DolibarrApiAccess::$user->rights->zapier->read) { - throw new RestException(401); + throw new RestException(403); } $arraychoices = array( @@ -146,7 +146,7 @@ class Zapier extends DolibarrApi public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { if (!DolibarrApiAccess::$user->rights->zapier->read) { - throw new RestException(401); + throw new RestException(403); } $obj_ret = array(); @@ -228,7 +228,7 @@ class Zapier extends DolibarrApi public function post($request_data = null) { if (!DolibarrApiAccess::$user->rights->zapier->write) { - throw new RestException(401); + throw new RestException(403); } dol_syslog("API Zapier create hook receive : ".print_r($request_data, true), LOG_DEBUG); @@ -271,7 +271,7 @@ class Zapier extends DolibarrApi /*public function put($id, $request_data = null) { if (! DolibarrApiAccess::$user->rights->zapier->write) { - throw new RestException(401); + throw new RestException(403); } $result = $this->hook->fetch($id); @@ -308,7 +308,7 @@ class Zapier extends DolibarrApi public function delete($id) { if (!DolibarrApiAccess::$user->rights->zapier->delete) { - throw new RestException(401); + throw new RestException(403); } $result = $this->hook->fetch($id);