From 1e5fe3f31c831bf1e840d7f41480075978b1cb1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric?= <35066297+c3do@users.noreply.github.com>
Date: Sat, 9 Nov 2019 00:47:03 +0100
Subject: [PATCH] API New delete document

---
 htdocs/api/class/api_documents.class.php | 61 ++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index 5977dbb8b28..77fc62680d4 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -602,6 +602,67 @@ class Documents extends DolibarrApi
 
 		return dol_basename($destfile);
 	}
+	
+	/**
+	 * Delete a document.
+	 *
+	 * @param   string  $modulepart     Name of module or area concerned by file download ('product', ...)
+	 * @param   string  $original_file  Relative path with filename, relative to modulepart (for example: PRODUCT-REF-999/IMAGE-999.jpg)
+	 * @return  array                   List of documents
+	 *
+	 * @throws 400
+	 * @throws 401
+	 * @throws 404
+	 * @throws 200
+	 *
+	 * @url DELETE /delete
+	 */
+	public function delete($modulepart, $original_file = '')
+	{
+	    global $conf, $langs;
+	    
+	    if (empty($modulepart)) {
+	        throw new RestException(400, 'bad value for parameter modulepart');
+	    }
+	    if (empty($original_file)) {
+	        throw new RestException(400, 'bad value for parameter original_file');
+	    }
+	    
+	    //--- Finds and returns the document
+	    $entity=$conf->entity;
+	    
+	    $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, DolibarrApiAccess::$user, '', 'read');
+	    $accessallowed = $check_access['accessallowed'];
+	    $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
+	    $original_file = $check_access['original_file'];
+	    
+	    if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
+	        throw new RestException(401);
+	    }
+	    if (!$accessallowed) {
+	        throw new RestException(401);
+	    }
+	    
+	    $filename = basename($original_file);
+	    $original_file_osencoded=dol_osencode($original_file);	// New file name encoded in OS encoding charset
+	    
+	    if (! file_exists($original_file_osencoded))
+	    {
+	        dol_syslog("Try to download not found file ".$original_file_osencoded, LOG_WARNING);
+	        throw new RestException(404, 'File not found');
+	    }
+	    
+	    if (@unlink($original_file_osencoded)) {
+    	    return array(
+    	        'success' => array(
+    	            'code' => 200,
+    	            'message' => 'Document deleted'
+    	        )
+    	    );
+	    }
+	    
+	    throw new RestException(401);
+	}
 
     // phpcs:disable PEAR.NamingConventions.ValidFunctionName
 	/**