From 0b7c768f2997fb77047ddefb52af323820b2c690 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 25 Jun 2017 18:18:17 +0200
Subject: [PATCH] FIX Usage of production mode with REST Api.

---
 htdocs/api/class/api.class.php                | 17 +++---
 htdocs/api/index.php                          | 55 +++++++++++++------
 .../modulebuilder/template/myobject_list.php  |  2 +-
 3 files changed, 48 insertions(+), 26 deletions(-)

diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php
index 190e24d326c..40e00d01ffd 100644
--- a/htdocs/api/class/api.class.php
+++ b/htdocs/api/class/api.class.php
@@ -42,10 +42,11 @@ class DolibarrApi
     /**
      * Constructor
      *
-     * @param	DoliDb	$db		      Database handler
-     * @param   string  $cachedir     Cache dir
+     * @param	DoliDb	$db		        Database handler
+     * @param   string  $cachedir       Cache dir
+     * @param   boolean $refreshCache   Update cache
      */
-    function __construct($db, $cachedir='')
+    function __construct($db, $cachedir='', $refreshCache=false)
     {
         global $conf;
 
@@ -54,7 +55,7 @@ class DolibarrApi
 
         $this->db = $db;
         $production_mode = ( empty($conf->global->API_PRODUCTION_MODE) ? false : true );
-        $this->r = new Restler($production_mode);
+        $this->r = new Restler($production_mode, $refreshCache);
 
         $this->r->setAPIVersion(1);
     }
@@ -66,7 +67,7 @@ class DolibarrApi
      *
      * @return array
      */
-    /* Disabled, most APIs does not share same signature for method index 
+    /* Disabled, most APIs does not share same signature for method index
     function index()
     {
         return array(
@@ -93,9 +94,9 @@ class DolibarrApi
         unset($object->linkedObjects);
 
         unset($object->lines); // should be ->lines
-        
+
         unset($object->fields);
-        
+
         unset($object->oldline);
 
         unset($object->error);
@@ -175,7 +176,7 @@ class DolibarrApi
 	 * @throws RestException
 	 */
 	static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') {
-        
+
 		// Features/modules to check
 		$featuresarray = array($resource);
 		if (preg_match('/&/', $resource)) {
diff --git a/htdocs/api/index.php b/htdocs/api/index.php
index 7a99490a48f..0e54d0cb8af 100644
--- a/htdocs/api/index.php
+++ b/htdocs/api/index.php
@@ -24,8 +24,18 @@
  *  \file       htdocs/api/index.php
  */
 
-if (! defined("NOLOGIN"))        define("NOLOGIN",'1');
-if (! defined("NOCSRFCHECK"))    define("NOCSRFCHECK",'1');
+//if (! defined('NOREQUIREUSER'))  define('NOREQUIREUSER','1');
+//if (! defined('NOREQUIREDB'))    define('NOREQUIREDB','1');
+//if (! defined('NOREQUIRESOC'))   define('NOREQUIRESOC','1');
+//if (! defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN','1');
+if (! defined('NOCSRFCHECK'))    define('NOCSRFCHECK','1');			// Do not check anti CSRF attack test
+//if (! defined('NOSTYLECHECK'))   define('NOSTYLECHECK','1');		// Do not check style html tag into posted data
+if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1');		// Do not check anti POST attack test
+if (! defined('NOREQUIREMENU'))  define('NOREQUIREMENU','1');		// If there is no need to load and show top and left menu
+if (! defined('NOREQUIREHTML'))  define('NOREQUIREHTML','1');		// If we don't need to load the html.form.class.php
+if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX','1');       // Do not load ajax.lib.php library
+if (! defined("NOLOGIN"))        define("NOLOGIN",'1');				// If this page is public (can be called outside logged session)
+
 
 $res=0;
 if (! $res && file_exists("../main.inc.php")) $res=include '../main.inc.php';
@@ -65,17 +75,6 @@ if (preg_match('/api\/index\.php\/explorer/', $_SERVER["PHP_SELF"]) && ! empty($
 }
 
 
-$api = new DolibarrApi($db);
-
-// Enable the Restler API Explorer.
-// See https://github.com/Luracast/Restler-API-Explorer for more info.
-$api->r->addAPIClass('Luracast\\Restler\\Explorer');
-
-$api->r->setSupportedFormats('JsonFormat', 'XmlFormat', 'UploadFormat');
-$api->r->addAuthenticationClass('DolibarrApiAccess','');
-
-// Define accepted mime types
-UploadFormat::$allowedMimeTypes = array('image/jpeg', 'image/png', 'text/plain', 'application/octet-stream');
 
 
 // Analyze URLs
@@ -91,6 +90,29 @@ preg_match('/index\.php\/([^\/]+)(.*)$/', $_SERVER["PHP_SELF"], $reg);
 // .../index.php/categories?sortfield=t.rowid&sortorder=ASC
 
 
+// Set the flag to say to refresh (when we reload the explorer, production must be for API call only)
+$refreshcache=false;
+if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
+{
+    $refreshcache=true;
+}
+
+
+$api = new DolibarrApi($db, '', $refreshcache);
+//var_dump($api->r->apiVersionMap);
+
+// Enable the Restler API Explorer.
+// See https://github.com/Luracast/Restler-API-Explorer for more info.
+$api->r->addAPIClass('Luracast\\Restler\\Explorer');
+
+$api->r->setSupportedFormats('JsonFormat', 'XmlFormat', 'UploadFormat');
+$api->r->addAuthenticationClass('DolibarrApiAccess','');
+
+// Define accepted mime types
+UploadFormat::$allowedMimeTypes = array('image/jpeg', 'image/png', 'text/plain', 'application/octet-stream');
+
+
+
 // Call Explorer file for all APIs definitions
 if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
 {
@@ -174,10 +196,9 @@ if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/resources.json' |
         }
     }
 
-    // Sort the classes before adding them to Restler. The Restler API Explorer
-    // shows the classes in the order they are added and it's a mess if they are not sorted.
+    // Sort the classes before adding them to Restler.
+    // The Restler API Explorer shows the classes in the order they are added and it's a mess if they are not sorted.
     sort($listofapis);
-    //var_dump($listofapis);
     foreach ($listofapis as $classname)
     {
         $api->r->addAPIClass($classname);
@@ -226,7 +247,7 @@ if (! empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/resources.json'
 }
 
 // TODO If not found, redirect to explorer
-//var_dump($api);
+//var_dump($api->r->apiVersionMap);
 //exit;
 
 // Call API (we suppose we found it)
diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php
index 2cfc4f293fe..a578a683131 100644
--- a/htdocs/modulebuilder/template/myobject_list.php
+++ b/htdocs/modulebuilder/template/myobject_list.php
@@ -32,7 +32,7 @@
 //if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1');		// Do not check anti POST attack test
 //if (! defined('NOREQUIREMENU'))  define('NOREQUIREMENU','1');			// If there is no need to load and show top and left menu
 //if (! defined('NOREQUIREHTML'))  define('NOREQUIREHTML','1');			// If we don't need to load the html.form.class.php
-//if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX','1');
+//if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX','1');         // Do not load ajax.lib.php library
 //if (! defined("NOLOGIN"))        define("NOLOGIN",'1');				// If this page is public (can be called outside logged session)
 
 // Load Dolibarr environment