From da0fac2ac6147d28b4bde3b7fceb8f62aff973ab Mon Sep 17 00:00:00 2001 From: jfefe Date: Mon, 15 Jun 2015 13:25:02 +0200 Subject: [PATCH 1/3] Minor fix into rest API : use implemented method name --- htdocs/api/class/api_access.class.php | 4 ++-- htdocs/public/api/index.php | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php index 9cd40f56498..027c9dcf5f4 100644 --- a/htdocs/api/class/api_access.class.php +++ b/htdocs/api/class/api_access.class.php @@ -52,7 +52,7 @@ class DolibarrApiAccess implements iAuthenticate * @return bool * @throws RestException */ - public function _isAllowed() + public function __isAllowed() { global $db; @@ -114,7 +114,7 @@ class DolibarrApiAccess implements iAuthenticate * @example Digest * @example OAuth */ - public function _getWWWAuthenticateString() + public function __getWWWAuthenticateString() { return ''; } diff --git a/htdocs/public/api/index.php b/htdocs/public/api/index.php index 17b691675c5..73be0c76b78 100644 --- a/htdocs/public/api/index.php +++ b/htdocs/public/api/index.php @@ -48,7 +48,6 @@ if (empty($conf->global->MAIN_MODULE_API)) } use \Luracast\Restler\Defaults; -Defaults::setProperty('authenticationMethod','_isAllowed'); $api = new DolibarrApi($db); @@ -113,12 +112,12 @@ foreach ($modulesdir as $dir) $classname=$reg[1]; $classname = str_replace('Api_','',ucwords($reg[1])).'Api'; require_once $dir_part.$file_searched; - if(class_exists($classname)) + if(class_exists($classname)) { $api->r->addAPIClass($classname,''); + } } } } - } } } From 00125d1060cb8c61e8adb021d2358e9083585042 Mon Sep 17 00:00:00 2001 From: jfefe Date: Mon, 15 Jun 2015 14:11:43 +0200 Subject: [PATCH 2/3] Add option to set production mode to API --- htdocs/api/admin/api.php | 79 +++++++++++++--------------------- htdocs/api/class/api.class.php | 4 +- htdocs/langs/en_US/admin.lang | 1 + htdocs/public/api/index.php | 3 +- 4 files changed, 34 insertions(+), 53 deletions(-) diff --git a/htdocs/api/admin/api.php b/htdocs/api/admin/api.php index 0e1673715d2..740d3eb7e8d 100644 --- a/htdocs/api/admin/api.php +++ b/htdocs/api/admin/api.php @@ -3,7 +3,7 @@ * Copyright (C) 2005-2010 Laurent Destailleur * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2015 Regis Houssin + * Copyright (C) 2015 Jean-François Ferry * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,27 +33,22 @@ $langs->load("admin"); if (! $user->admin) accessforbidden(); -$actionsave=GETPOST("save"); +$action=GETPOST("action"); -// Sauvegardes parametres -if ($actionsave) +//Activate ProfId +if ($action == 'setproductionmode') { - $i=0; + $status = GETPOST('status','alpha'); - $db->begin(); - - $i+=dolibarr_set_const($db,'API_KEY',trim(GETPOST("API_KEY")),'chaine',0,'',$conf->entity); - - if ($i >= 1) - { - $db->commit(); - setEventMessage($langs->trans("SetupSaved")); - } - else - { - $db->rollback(); - setEventMessage($langs->trans("Error"), 'errors'); - } + if (dolibarr_set_const($db, 'API_PRODUCTION_MODE', $status, 'chaine', 0, '', $conf->entity) > 0) + { + header("Location: ".$_SERVER["PHP_SELF"]); + exit; + } + else + { + dol_print_error($db); + } } @@ -69,7 +64,7 @@ print_fiche_titre($langs->trans("ApiSetup"),$linkback,'title_setup'); print $langs->trans("ApiDesc")."
\n"; print "
\n"; -print '
'; +//print ''; print ''; print ''; @@ -80,22 +75,24 @@ print ""; print ""; print ''; -print ''; -print ''; +print ''; +$production_mode=(empty($conf->global->API_PRODUCTION_MODE)?false:true); +if ($production_mode) +{ + print ''; +} +else +{ + print ''; +} print ''; print ''; print '
 
'.$langs->trans("KeyForApiAccess").''; -if (! empty($conf->use_javascript_ajax)) - print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"'); -print ''.$langs->trans("ApiProductionMode").''; + print img_picto($langs->trans("Activated"),'switch_on'); + print ''; + print img_picto($langs->trans("Disabled"),'switch_off'); + print ' 
'; - -print '
'; -print ''; -print '
'; - -print '
'; - print '

'; // API endpoint @@ -111,27 +108,9 @@ $url=DOL_MAIN_URL_ROOT.'/public/api/explorer/index.html'; print img_picto('','object_globe.png').' '.$url."
\n"; print '
'; - - print '
'; print $langs->trans("OnlyActiveElementsAreExposed", DOL_URL_ROOT.'/admin/modules.php'); -if (! empty($conf->use_javascript_ajax)) -{ - print "\n".''; -} llxFooter(); diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index fc892b8d412..33bbe56e0a1 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -43,8 +43,10 @@ class DolibarrApi * @param DoliDb $db Database handler */ function __construct($db) { + global $conf; $this->db = $db; - $this->r = new Restler(); + $production_mode = ( empty($conf->global->API_PRODUCTION_MODE) ? false : true ); + $this->r = new Restler($production_mode); } /** diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 163267ff52f..2ae1e67ca87 100755 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1564,6 +1564,7 @@ EndPointIs=SOAP clients must send their requests to the Dolibarr endpoint availa ApiSetup=API module setup ApiDesc=By enabling this module, Dolibarr become a REST server to provide miscellaneous web services. KeyForApiAccess=Key to use API (parameter "api_key") +ApiProductionMode=Enable production mode ApiEndPointIs=You can access to the API at url ApiExporerIs=You can explore the API at url OnlyActiveElementsAreExposed=Only elements from enabled modules are exposed diff --git a/htdocs/public/api/index.php b/htdocs/public/api/index.php index 73be0c76b78..f78424ce6a9 100644 --- a/htdocs/public/api/index.php +++ b/htdocs/public/api/index.php @@ -28,8 +28,7 @@ if (! defined("NOLOGIN")) define("NOLOGIN",'1'); $res=0; -if (! $res && file_exists("../../main.inc.php")) $res=@include '../../main.inc.php'; -if (! $res && file_exists("../../../dolibarr/htdocs/main.inc.php")) $res=@include '../../../dolibarr/htdocs/main.inc.php'; // For custom directory +if (! $res && file_exists("../../main.inc.php")) $res=include '../../main.inc.php'; if (! $res) die("Include of main fails"); require_once DOL_DOCUMENT_ROOT.'/includes/restler/vendor/autoload.php'; From 80a6afc577bb496b74149cb20fe4e39d33695c05 Mon Sep 17 00:00:00 2001 From: jfefe Date: Mon, 15 Jun 2015 14:11:53 +0200 Subject: [PATCH 3/3] Add htaccess example for API usage --- htdocs/public/api/htaccess.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 htdocs/public/api/htaccess.txt diff --git a/htdocs/public/api/htaccess.txt b/htdocs/public/api/htaccess.txt new file mode 100644 index 00000000000..a8106809018 --- /dev/null +++ b/htdocs/public/api/htaccess.txt @@ -0,0 +1,15 @@ +# +# Apache configuration file to use API +# + +DirectoryIndex index.php + + RewriteEngine On + RewriteRule ^$ index.php [QSA,L] + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php [QSA,L] + + + php_flag display_errors On + \ No newline at end of file