From cd5c2c324959eb12569c077788cfe8d5b2363733 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Fri, 14 Jun 2019 18:39:05 +0200 Subject: [PATCH 1/3] Update llx_bom_bom.sql --- htdocs/install/mysql/tables/llx_bom_bom.sql | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/install/mysql/tables/llx_bom_bom.sql b/htdocs/install/mysql/tables/llx_bom_bom.sql index 4e559566817..9c6e014586d 100644 --- a/htdocs/install/mysql/tables/llx_bom_bom.sql +++ b/htdocs/install/mysql/tables/llx_bom_bom.sql @@ -26,7 +26,8 @@ CREATE TABLE llx_bom_bom( fk_product integer, qty double(24,8), efficiency double(8,4) DEFAULT 1, - date_creation datetime NOT NULL, + date_creation datetime NOT NULL, + date_valid datetime NOT NULL, tms timestamp, date_valid datetime, fk_user_creat integer NOT NULL, @@ -35,4 +36,4 @@ CREATE TABLE llx_bom_bom( import_key varchar(14), status integer NOT NULL -- END MODULEBUILDER FIELDS -) ENGINE=innodb; \ No newline at end of file +) ENGINE=innodb; From d838ced12e568acb58c23fc4b5b48d736832578b Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Fri, 14 Jun 2019 18:41:38 +0200 Subject: [PATCH 2/3] Update 9.0.0-10.0.0.sql --- htdocs/install/mysql/migration/9.0.0-10.0.0.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/install/mysql/migration/9.0.0-10.0.0.sql b/htdocs/install/mysql/migration/9.0.0-10.0.0.sql index e353f317b45..385b740a685 100644 --- a/htdocs/install/mysql/migration/9.0.0-10.0.0.sql +++ b/htdocs/install/mysql/migration/9.0.0-10.0.0.sql @@ -228,6 +228,7 @@ CREATE TABLE llx_bom_bom( ALTER TABLE llx_bom_bom ADD COLUMN efficiency double(8,4) DEFAULT 1; ALTER TABLE llx_bom_bom ADD COLUMN entity integer DEFAULT 1 NOT NULL; +ALTER TABLE llx_bom_bom ADD COLUMN date_valid datetime NOT NULL; create table llx_bom_bom_extrafields ( From 651f4158ac6c4b122d544adb50df49fb90a00f97 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sun, 16 Jun 2019 14:18:26 +0200 Subject: [PATCH 3/3] Fix add / delete contact access --- htdocs/commande/class/api_orders.class.php | 34 +++++++++------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 27b55f9e57f..36df0c0eacb 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -415,21 +415,16 @@ class Orders extends DolibarrApi */ public function postContact($id, $contactid, $type) { - if(!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); - } - - $result = $this->commande->fetch($id); - - if(!$result) { - throw new RestException(404, 'Order not found'); + if (! DolibarrApiAccess::$user->rights->commande->creer) { + throw new RestException(401); } - if (!in_array($type, array('BILLING', 'SHIPPING', 'CUSTOMER'), true)) { - throw new RestException(500, 'Availables types: BILLING, SHIPPING OR CUSTOMER'); + $result = $this->commande->fetch($id); + if (! $result) { + throw new RestException(404, 'Order not found'); } - if(!DolibarrApi::_checkAccessToResource('order', $this->commande->id)) { + if (! DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } @@ -457,17 +452,16 @@ class Orders extends DolibarrApi */ public function deleteContact($id, $rowid) { - if(!DolibarrApiAccess::$user->rights->commande->creer) { - throw new RestException(401); - } - - $result = $this->commande->fetch($id); - - if(!$result) { - throw new RestException(404, 'Order not found'); + if (! DolibarrApiAccess::$user->rights->commande->creer) { + throw new RestException(401); } - if(!DolibarrApi::_checkAccessToResource('order', $this->commande->id)) { + $result = $this->commande->fetch($id); + if (! $result) { + throw new RestException(404, 'Order not found'); + } + + if (! DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); }