From 9e9e224c4634f20a4fc764d8e2394d9b96d3aaa6 Mon Sep 17 00:00:00 2001 From: Xebax Date: Tue, 21 Jun 2016 23:08:22 +0200 Subject: [PATCH] REST API: fix deleting a product/service. The global variable $user must be set before calling the Product::delete() method else the check of permissions fails. --- htdocs/product/class/api_products.class.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index bd5b37194c3..d6dc8770b23 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -232,7 +232,6 @@ class Products extends DolibarrApi * * @param int $id Product ID * @return array - * FIXME Deleting a product/service does not work because the Product::delete() method uses a global $user but it is not set. */ function delete($id) { @@ -248,6 +247,10 @@ class Products extends DolibarrApi throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } + // The Product::delete() method uses the global variable $user. + global $user; + $user = DolibarrApiAccess::$user; + return $this->product->delete($id); }