Fix return code of some API

2020-03-17 13:50:20 +01:00 · 2020-03-17 13:50:20 +01:00 · 9525289488
commit 9525289488
parent 76fc722638
5 changed files with 17 additions and 9 deletions
--- a/htdocs/api/class/api_setup.class.php
+++ b/htdocs/api/class/api_setup.class.php
@ -1411,7 +1411,9 @@ class Setup extends DolibarrApi
     *
     * @param	string			$confname	Name of conf variable to get
     * @return  array|mixed 				Data without useless information
-     * @throws  RestException	500			Error Bad or unknown value for constname
+     *
+     * @throws RestException 403 Forbidden
+	 * @throws RestException 500 Error Bad or unknown value for constname
     */
    public function getConf($confname)
    {
@ -1419,14 +1421,14 @@ class Setup extends DolibarrApi

    	if (!DolibarrApiAccess::$user->admin
    		&& (empty($conf->global->API_LOGIN_ALLOWED_FOR_ADMIN_CHECK) || DolibarrApiAccess::$user->login != $conf->global->API_LOGIN_ALLOWED_FOR_ADMIN_CHECK)) {
-    		throw new RestException(503, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK');
+    		throw new RestException(403, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK');
    	}

    	if (! preg_match('/[^a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) {
    		throw new RestException(500, 'Error Bad or unknown value for constname');
    	}
    	if (preg_match('/(_pass|password|secret|_key|key$)/i', $confname)) {
-    		throw new RestException(503, 'Forbidden');
+    		throw new RestException(403, 'Forbidden');
    	}

    	return $conf->global->$confname;
@ -1440,7 +1442,9 @@ class Setup extends DolibarrApi
     *
     * @url     GET checkintegrity
     *
-     * @throws RestException
+     * @throws RestException 404 Signature file not found
+     * @throws RestException 500 Technical error
+     * @throws RestException 503 Forbidden
     */
    public function getCheckIntegrity($target)
    {
--- a/htdocs/commande/class/api_orders.class.php
+++ b/htdocs/commande/class/api_orders.class.php
@ -150,7 +150,8 @@ class Orders extends DolibarrApi
     * @param string           $sqlfilters          Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
     * @return  array                               Array of order objects
     *
-     * @throws RestException
+     * @throws RestException 404 Not found
+     * @throws RestException 503 Error
     */
    public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '')
    {
--- a/htdocs/compta/facture/class/api_invoices.class.php
+++ b/htdocs/compta/facture/class/api_invoices.class.php
@ -158,7 +158,8 @@ class Invoices extends DolibarrApi
     * @param string    $sqlfilters       Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
     * @return array                      Array of invoice objects
     *
-	 * @throws RestException
+	 * @throws RestException 404 Not found
+	 * @throws RestException 503 Error
     */
    public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $status = '', $sqlfilters = '')
    {
--- a/htdocs/contrat/class/api_contracts.class.php
+++ b/htdocs/contrat/class/api_contracts.class.php
@ -99,7 +99,8 @@ class Contracts extends DolibarrApi
     * @param string           $sqlfilters          Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
     * @return  array                               Array of contract objects
     *
-     * @throws RestException
+     * @throws RestException 404 Not found
+     * @throws RestException 503 Error
     */
    public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '')
    {
--- a/htdocs/user/class/api_users.class.php
+++ b/htdocs/user/class/api_users.class.php
@ -290,7 +290,8 @@ class Users extends DolibarrApi
 	 * @param int $id     Id of user
 	 * @return array      Array of group objects
 	 *
-	 * @throws RestException
+	 * @throws RestException 403 Not allowed
+     * @throws RestException 404 Not found
 	 *
 	 * @url GET {id}/groups
 	 */
@ -299,7 +300,7 @@ class Users extends DolibarrApi
 		$obj_ret = array();

 		if (!DolibarrApiAccess::$user->rights->user->user->lire) {
-			throw new RestException(401);
+			throw new RestException(403);
 		}

 		$user = new User($this->db);