From 9fc4055af315696c22c13ec0eecf837c324b51c5 Mon Sep 17 00:00:00 2001
From: Alexandre Boin <contact@alexandre-boin.fr>
Date: Thu, 20 Apr 2023 17:32:22 +0200
Subject: [PATCH 1/2] NEW: Multicurrency REST API to create, update, delete,
 update rate... - Add permissions for currencies and their rates - Fix invalid
 SQL syntax in Currency update request

---
 .../core/modules/modMultiCurrency.class.php   |  24 ++
 htdocs/langs/fr_FR/admin.lang                 |   3 +
 .../class/api_multicurrencies.class.php       | 255 +++++++++++++++++-
 .../class/multicurrency.class.php             |   2 +-
 4 files changed, 280 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/modules/modMultiCurrency.class.php b/htdocs/core/modules/modMultiCurrency.class.php
index f08c9a4b021..e865588cb55 100644
--- a/htdocs/core/modules/modMultiCurrency.class.php
+++ b/htdocs/core/modules/modMultiCurrency.class.php
@@ -156,6 +156,30 @@ class modMultiCurrency extends DolibarrModules
 		// $this->rights[$r][5] = 'level2';				// In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
 		// $r++;
 
+		$this->rights[$r][0] = 40001;
+		$this->rights[$r][1] = 'Read currencies and their rates';
+		$this->rights[$r][2] = 'r';
+		$this->rights[$r][3] = 1;
+		$this->rights[$r][4] = 'currency';
+		$this->rights[$r][5] = 'read';
+		$r++;
+
+		$this->rights[$r][0] = 40002;
+		$this->rights[$r][1] = 'Create/Update currencies and their rates';
+		$this->rights[$r][2] = 'w';
+		$this->rights[$r][3] = 0;
+		$this->rights[$r][4] = 'currency';
+		$this->rights[$r][5] = 'write';
+		$r++;
+
+		$this->rights[$r][0] = 40003;
+		$this->rights[$r][1] = 'Delete currencies and their rates';
+		$this->rights[$r][2] = 'w';
+		$this->rights[$r][3] = 0;
+		$this->rights[$r][4] = 'currency';
+		$this->rights[$r][5] = 'delete';
+		$r++;
+
 		// Main menu entries
 		$this->menu = array(); // List of menus to add
 		$r = 0;
diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang
index 6b97695d8e9..4fc55bfd30b 100644
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -1004,6 +1004,9 @@ Permission23001=Voir les travaux planifiés
 Permission23002=Créer/Modifier des travaux planifiées
 Permission23003=Effacer travail planifié
 Permission23004=Exécuter travail planifié
+Permission40001=Consulter les devises et leurs taux de change
+Permission40002=Créer/modifier les devises et leurs taux de change
+Permission40003=Supprimer les devises et leurs taux de change
 Permission50101=Utiliser le Point De Vente (SimplePOS)
 Permission50151=Utiliser le Point de Vente (TakePOS)
 Permission50152=Modifier les lignes de vente
diff --git a/htdocs/multicurrency/class/api_multicurrencies.class.php b/htdocs/multicurrency/class/api_multicurrencies.class.php
index e88f936c571..8fa1b0c6e9f 100644
--- a/htdocs/multicurrency/class/api_multicurrencies.class.php
+++ b/htdocs/multicurrency/class/api_multicurrencies.class.php
@@ -39,7 +39,9 @@ class MultiCurrencies extends DolibarrApi
 	}
 
 	/**
-	 * Get a list of currencies
+	 * List Currencies
+	 *
+	 * Get a list of Currencies
 	 *
 	 * @param string	$sortfield	Sort field
 	 * @param string	$sortorder	Sort order
@@ -100,6 +102,232 @@ class MultiCurrencies extends DolibarrApi
 		return $obj_ret;
 	}
 
+	/**
+	 * Get properties of a Currency object
+	 *
+	 * Return an array with Currency informations
+	 *
+	 * @param 	int 		$id 	ID of Currency
+	 * @return 	array|mixed 		Data without useless information
+	 *
+	 * @throws RestException
+	 */
+	public function get($id)
+	{
+		$multicurrency = new MultiCurrency($this->db);
+		if (!$multicurrency->fetch($id)) {
+			throw new RestException(404, 'Currency not found');
+		}
+
+		if (!DolibarrApiAccess::$user->rights->multicurrency->currency->read) {
+			throw new RestException(401, "Insufficient rights to read currency");
+		}
+
+		return $this->_cleanObjectDatas($multicurrency);
+	}
+
+	/**
+	 * Get properties of a Currency object by code
+	 *
+	 * Return an array with Currency informations
+	 * @url GET /bycode/{code}
+	 *
+	 * @param 	string 		$code 	Code of Currency (ex: EUR)
+	 * @return 	array|mixed 		Data without useless information
+	 *
+	 * @throws RestException
+	 */
+	public function getByCode($code)
+	{
+		$multicurrency = new MultiCurrency($this->db);
+		if (!$multicurrency->fetch('', $code)) {
+			throw new RestException(404, 'Currency not found');
+		}
+
+		if (!DolibarrApiAccess::$user->rights->multicurrency->currency->read) {
+			throw new RestException(401, "Insufficient rights to read currency");
+		}
+
+		return $this->_cleanObjectDatas($multicurrency);
+	}
+
+	/**
+	 * List Currency rates
+	 *
+	 * Get a list of Currency rates
+	 *
+	 * @url GET {id}/rates
+	 * @param	int 	$id		ID of Currency
+	 * @return 	array|mixed 	Data without useless information
+	 *
+	 * @throws RestException
+	 */
+	public function getRates($id)
+	{
+		$multicurrency = new MultiCurrency($this->db);
+		if (!$multicurrency->fetch($id)) {
+			throw new RestException(404, 'Currency not found');
+		}
+
+		if (!DolibarrApiAccess::$user->rights->multicurrency->currency->read) {
+			throw new RestException(401, "Insufficient rights to read currency rates");
+		}
+
+		if ($multicurrency->fetchAllCurrencyRate() < 0) {
+			throw new RestException(500, "Error when fetching currency rates");
+		}
+
+		// Clean object datas
+		foreach ($multicurrency->rates as $key => $obj) {
+			$multicurrency->rates[$key] = $this->_cleanObjectDatasRate($obj);
+		}
+
+		return $multicurrency->rates;
+	}
+
+	/**
+	 * Create Currency object
+	 *
+	 * @param array $request_data	Request data
+	 * @return int  				ID of Currency
+	 *
+	 * @throws RestException
+	 */
+	public function post($request_data = null)
+	{
+		if (!DolibarrApiAccess::$user->rights->multicurrency->currency->create) {
+			throw new RestException(401, "Insufficient rights to create currency");
+		}
+
+		// Check parameters
+		if (!isset($request_data['code'])) {
+			throw new RestException(400, "code field missing");
+		}
+		if (!isset($request_data['name'])) {
+			throw new RestException(400, "name field missing");
+		}
+
+		$multicurrency = new MultiCurrency($this->db);
+		$multicurrency->code = $request_data['code'];
+		$multicurrency->name = $request_data['name'];
+
+		// Create Currency
+		if ($multicurrency->create(DolibarrApiAccess::$user) < 0) {
+			throw new RestException(500, "Error creating currency", array_merge(array($multicurrency->error), $multicurrency->errors));
+		}
+
+		// Add default rate if defined
+		if (isset($request_data['rate']) && $request_data['rate'] > 0) {
+			if ($multicurrency->addRate(DolibarrApiAccess::$user, $request_data['rate']) < 0) {
+				throw new RestException(500, "Error adding currency rate", array_merge(array($multicurrency->error), $multicurrency->errors));
+			}
+
+			return $multicurrency->id;
+		}
+
+		return $multicurrency->id;
+	}
+
+	/**
+	 * Update Currency
+	 *
+	 * @param int   $id             Id of Currency to update
+	 * @param array $request_data   Datas
+	 * @return array 				The updated Currency
+	 *
+	 * @throws RestException
+	 */
+	public function put($id, $request_data = null)
+	{
+		if (!DolibarrApiAccess::$user->rights->multicurrency->currency->create) {
+			throw new RestException(401, "Insufficient rights to update currency");
+		}
+
+		$multicurrency = new MultiCurrency($this->db);
+		if (!$multicurrency->fetch($id)) {
+			throw new RestException(404, 'Currency not found');
+		}
+
+		foreach ($request_data as $field => $value) {
+			if ($field == 'id') {
+				continue;
+			}
+			$multicurrency->$field = $value;
+		}
+
+		if ($multicurrency->update(DolibarrApiAccess::$user) < 0) {
+			throw new RestException(500, "Error updating currency", array_merge(array($multicurrency->error), $multicurrency->errors));
+		}
+
+		return $this->get($id);
+	}
+
+	/**
+	 * Delete Currency
+	 *
+	 * @param   int     $id	Currency ID
+	 * @return  array
+	 *
+	 * @throws RestException
+	 */
+	public function delete($id)
+	{
+		if (!DolibarrApiAccess::$user->rights->multicurrency->currency->delete) {
+			throw new RestException(401, "Insufficient rights to delete currency");
+		}
+
+		$multicurrency = new MultiCurrency($this->db);
+		if (!$multicurrency->fetch($id)) {
+			throw new RestException(404, 'Currency not found');
+		}
+
+		if (!$multicurrency->delete(DolibarrApiAccess::$user)) {
+			throw new RestException(500, "Error deleting currency", array_merge(array($multicurrency->error), $multicurrency->errors));
+		}
+
+		return array(
+			'success' => array(
+				'code' => 200,
+				'message' => 'Currency deleted'
+			)
+		);
+	}
+
+
+	/**
+	 * Update Currency rate
+	 * @url PUT {id}/rates
+	 *
+	 * @param	int		$id				Currency ID
+	 * @param	array	$request_data	Request data
+	 * @return	array					The currency with the new rate
+	 *
+	 * @throws RestException
+	 */
+	public function updateRate($id, $request_data = null)
+	{
+		if (!DolibarrApiAccess::$user->rights->multicurrency->currency->create) {
+			throw new RestException(401, "Insufficient rights to update currency rate");
+		}
+
+		// Check parameters
+		if (!isset($request_data['rate'])) {
+			throw new RestException(400, "rate field missing");
+		}
+
+		$multicurrency = new MultiCurrency($this->db);
+		if (!$multicurrency->fetch($id)) {
+			throw new RestException(404, 'Currency not found');
+		}
+
+		// Add rate
+		if ($multicurrency->addRate($request_data['rate']) < 0) {
+			throw new RestException(500, "Error updating currency rate", array_merge(array($multicurrency->error), $multicurrency->errors));
+		}
+
+		return $this->_cleanObjectDatas($multicurrency);
+	}
+
 	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
 	/**
 	 * Clean sensible object datas
@@ -114,8 +342,29 @@ class MultiCurrencies extends DolibarrApi
 
 		// Clear all fields out of interrest
 		foreach ($object as $key => $value) {
-			if ($key == "rate") $object->$key = $this->_cleanObjectDatas($object->$key);
-			if ($key == "id" || $key == "code" || $key == "rate" || $key == "date_sync")
+			if ($key == "rate") $object->$key = $this->_cleanObjectDatasRate($object->$key);
+			if ($key == "id" || $key == "code" || $key == "rate" || $key == "name")
+				continue;
+			unset($object->$key);
+		}
+
+		return $object;
+	}
+
+	/**
+	 * Clean sensible object datas
+	 *
+	 * @param   MultiCurrencyRate $object     Object to clean
+	 * @return  Object                     Object with cleaned properties
+	 */
+	protected function _cleanObjectDatasRate($object)
+	{
+		// phpcs:enable
+		$object = parent::_cleanObjectDatas($object);
+
+		// Clear all fields out of interrest
+		foreach ($object as $key => $value) {
+			if ($key == "id" || $key == "rate" || $key == "date_sync")
 				continue;
 			unset($object->$key);
 		}
diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php
index da1b9f653b3..ad293b771db 100644
--- a/htdocs/multicurrency/class/multicurrency.class.php
+++ b/htdocs/multicurrency/class/multicurrency.class.php
@@ -299,7 +299,7 @@ class MultiCurrency extends CommonObject
 
 		// Update request
 		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET";
-		$sql .= " name = '".$this->db->escape($this->name)."'";
+		$sql .= " name = '".$this->db->escape($this->name)."',";
 		$sql .= " code = '".$this->db->escape($this->code)."'";
 		$sql .= " WHERE rowid = ".((int) $this->id);
 

From 0d41eb42967ee002cfe6c14fb605351d3b18276f Mon Sep 17 00:00:00 2001
From: Alexandre Boin <contact@alexandre-boin.fr>
Date: Sat, 22 Apr 2023 19:30:15 +0200
Subject: [PATCH 2/2] FIX: Add Multicurrency permissions translations and pass
 CI tests

---
 htdocs/langs/en_US/admin.lang                            | 3 +++
 htdocs/multicurrency/class/api_multicurrencies.class.php | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 2ef2a996f3b..4544a9f577f 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -1004,6 +1004,9 @@ Permission23001=Read Scheduled job
 Permission23002=Create/update Scheduled job
 Permission23003=Delete Scheduled job
 Permission23004=Execute Scheduled job
+Permission40001=Read currencies and their rates
+Permission40002=Create/Update currencies and their rates
+Permission40003=Delete currencies and their rates
 Permission50101=Use Point of Sale (SimplePOS)
 Permission50151=Use Point of Sale (TakePOS)
 Permission50152=Edit sales lines
diff --git a/htdocs/multicurrency/class/api_multicurrencies.class.php b/htdocs/multicurrency/class/api_multicurrencies.class.php
index 8fa1b0c6e9f..fed522c6e2e 100644
--- a/htdocs/multicurrency/class/api_multicurrencies.class.php
+++ b/htdocs/multicurrency/class/api_multicurrencies.class.php
@@ -351,8 +351,9 @@ class MultiCurrencies extends DolibarrApi
 		return $object;
 	}
 
+	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
 	/**
-	 * Clean sensible object datas
+	 * Clean sensible MultiCurrencyRate object datas
 	 *
 	 * @param   MultiCurrencyRate $object     Object to clean
 	 * @return  Object                     Object with cleaned properties