From 154d5c876c08bc4b0cb33f13b809b7e33637927d Mon Sep 17 00:00:00 2001 From: Neil Orley Date: Wed, 27 Sep 2017 12:24:19 +0200 Subject: [PATCH 1/5] NEW Get the list of payments terms Adds the ability to get the list of payments terms using the REST API. --- htdocs/api/class/api_dictionary.class.php | 90 ++++++++++++++++++++--- 1 file changed, 79 insertions(+), 11 deletions(-) diff --git a/htdocs/api/class/api_dictionary.class.php b/htdocs/api/class/api_dictionary.class.php index 93f16d44377..e65bac7c670 100644 --- a/htdocs/api/class/api_dictionary.class.php +++ b/htdocs/api/class/api_dictionary.class.php @@ -1,5 +1,9 @@ +/* Copyright (C) 2016 Xebax Christy + * Copyright (C) 2016 Laurent Destailleur + * Copyright (C) 2017 Regis Houssin + * Copyright (C) 2017 Neil Orley + * * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,7 +25,7 @@ require_once DOL_DOCUMENT_ROOT.'/main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/ccountry.class.php'; /** - * API class for payment type (content of the paiement dictionary) + * API class for dictionaries * * @access protected * @class DolibarrApiAccess {@requires user,external} @@ -47,13 +51,14 @@ class Dictionary extends DolibarrApi * @param int $limit Number of items per page * @param int $page Page number {@min 0} * @param int $active Payment type is active or not {@min 0} {@max 1} - * @param string $sqlfilters SQL criteria to filter. Syntax example "(t.code:=:'CHQ')" + * @param string $sqlfilters SQL criteria to filter with. Syntax example "(t.code:=:'CHQ')" * - * @url GET payments + * @url GET payment/types * - * @return List of payment types - * - * @throws RestException + * @return array [List of payment types] + * + * @throws 400 RestException + * @throws 200 OK */ function getPaymentTypes($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') { @@ -62,14 +67,15 @@ class Dictionary extends DolibarrApi $sql = "SELECT id, code, type, libelle as label, module"; $sql.= " FROM ".MAIN_DB_PREFIX."c_paiement as t"; $sql.= " WHERE t.active = ".$active; + // Add sql filters if ($sqlfilters) { if (! DolibarrApi::_checkFilters($sqlfilters)) { - throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + throw new RestException(400, 'error when validating parameter sqlfilters '.$sqlfilters); } - $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } @@ -94,7 +100,7 @@ class Dictionary extends DolibarrApi $list[] = $this->db->fetch_object($result); } } else { - throw new RestException(503, 'Error when retrieving list of payment types : '.$this->db->lasterror()); + throw new RestException(400, $this->db->lasterror()); } return $list; @@ -447,6 +453,68 @@ class Dictionary extends DolibarrApi } return $list; - } + } + + /** + * Get the list of payments terms. + * + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Number of items per page + * @param int $page Page number {@min 0} + * @param int $active Payment term is active or not {@min 0} {@max 1} + * @param string $sqlfilters SQL criteria to filter. Syntax example "(t.code:=:'CHQ')" + * + * @url GET payment/terms + * + * @return array List of payment terms + * + * @throws 400 RestException + * @throws 200 OK + */ + function getPaymentTerms($sortfield = "sortorder", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') + { + $list = array(); + + $sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module"; + $sql.= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; + $sql.= " WHERE t.active = ".$active; + // Add sql filters + if ($sqlfilters) + { + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(400, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; + } + + + $sql.= $this->db->order($sortfield, $sortorder); + + if ($limit) { + if ($page < 0) { + $page = 0; + } + $offset = $limit * $page; + + $sql .= $this->db->plimit($limit, $offset); + } + + $result = $this->db->query($sql); + + if ($result) { + $num = $this->db->num_rows($result); + $min = min($num, ($limit <= 0 ? $num : $limit)); + for ($i = 0; $i < $min; $i++) { + $list[] = $this->db->fetch_object($result); + } + } else { + throw new RestException(400, $this->db->lasterror()); + } + + return $list; + } } From b8afabfd0bacfb332a11bd6568be6d9e3737b811 Mon Sep 17 00:00:00 2001 From: Neil Orley Date: Wed, 27 Sep 2017 12:27:47 +0200 Subject: [PATCH 2/5] Change RestException return code 503 to 400 (Bad request) when the request is incorrect : SQL error or wrong sqlfilter Add comment to getPaymentTypes function Change the "API class for" description from "payment type" to "dictionaries" Change Copyright to add all previous devs --- htdocs/api/class/api_dictionary.class.php | 62 ----------------------- 1 file changed, 62 deletions(-) diff --git a/htdocs/api/class/api_dictionary.class.php b/htdocs/api/class/api_dictionary.class.php index e65bac7c670..ac15f3dec3f 100644 --- a/htdocs/api/class/api_dictionary.class.php +++ b/htdocs/api/class/api_dictionary.class.php @@ -455,66 +455,4 @@ class Dictionary extends DolibarrApi return $list; } - /** - * Get the list of payments terms. - * - * @param string $sortfield Sort field - * @param string $sortorder Sort order - * @param int $limit Number of items per page - * @param int $page Page number {@min 0} - * @param int $active Payment term is active or not {@min 0} {@max 1} - * @param string $sqlfilters SQL criteria to filter. Syntax example "(t.code:=:'CHQ')" - * - * @url GET payment/terms - * - * @return array List of payment terms - * - * @throws 400 RestException - * @throws 200 OK - */ - function getPaymentTerms($sortfield = "sortorder", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') - { - $list = array(); - - $sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module"; - $sql.= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; - $sql.= " WHERE t.active = ".$active; - // Add sql filters - if ($sqlfilters) - { - if (! DolibarrApi::_checkFilters($sqlfilters)) - { - throw new RestException(400, 'Error when validating parameter sqlfilters '.$sqlfilters); - } - $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; - $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; - } - - - $sql.= $this->db->order($sortfield, $sortorder); - - if ($limit) { - if ($page < 0) { - $page = 0; - } - $offset = $limit * $page; - - $sql .= $this->db->plimit($limit, $offset); - } - - $result = $this->db->query($sql); - - if ($result) { - $num = $this->db->num_rows($result); - $min = min($num, ($limit <= 0 ? $num : $limit)); - for ($i = 0; $i < $min; $i++) { - $list[] = $this->db->fetch_object($result); - } - } else { - throw new RestException(400, $this->db->lasterror()); - } - - return $list; - } - } From 8c8868d76d5d6f841ce69d3e935f4067170a29f4 Mon Sep 17 00:00:00 2001 From: Neil Orley Date: Wed, 27 Sep 2017 12:32:18 +0200 Subject: [PATCH 3/5] Remove spaces --- htdocs/api/class/api_dictionary.class.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/htdocs/api/class/api_dictionary.class.php b/htdocs/api/class/api_dictionary.class.php index ac15f3dec3f..30e6138b1a2 100644 --- a/htdocs/api/class/api_dictionary.class.php +++ b/htdocs/api/class/api_dictionary.class.php @@ -67,7 +67,6 @@ class Dictionary extends DolibarrApi $sql = "SELECT id, code, type, libelle as label, module"; $sql.= " FROM ".MAIN_DB_PREFIX."c_paiement as t"; $sql.= " WHERE t.active = ".$active; - // Add sql filters if ($sqlfilters) { @@ -454,5 +453,4 @@ class Dictionary extends DolibarrApi return $list; } - } From bb4b2c5d881625938e68f200777c59afc75655da Mon Sep 17 00:00:00 2001 From: Neil Orley Date: Wed, 27 Sep 2017 12:34:41 +0200 Subject: [PATCH 4/5] NEW Get the list of payments terms Adds the ability to get the list of payments terms using the REST API. --- htdocs/api/class/api_dictionary.class.php | 63 +++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/htdocs/api/class/api_dictionary.class.php b/htdocs/api/class/api_dictionary.class.php index 30e6138b1a2..b0d5bb00b0a 100644 --- a/htdocs/api/class/api_dictionary.class.php +++ b/htdocs/api/class/api_dictionary.class.php @@ -453,4 +453,67 @@ class Dictionary extends DolibarrApi return $list; } + + /** + * Get the list of payments terms. + * + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Number of items per page + * @param int $page Page number {@min 0} + * @param int $active Payment term is active or not {@min 0} {@max 1} + * @param string $sqlfilters SQL criteria to filter. Syntax example "(t.code:=:'CHQ')" + * + * @url GET payment/terms + * + * @return array List of payment terms + * + * @throws 400 RestException + * @throws 200 OK + */ + function getPaymentTerms($sortfield = "sortorder", $sortorder = 'ASC', $limit = 100, $page = 0, $active = 1, $sqlfilters = '') + { + $list = array(); + + $sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module"; + $sql.= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; + $sql.= " WHERE t.active = ".$active; + // Add sql filters + if ($sqlfilters) + { + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(400, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; + } + + + $sql.= $this->db->order($sortfield, $sortorder); + + if ($limit) { + if ($page < 0) { + $page = 0; + } + $offset = $limit * $page; + + $sql .= $this->db->plimit($limit, $offset); + } + + $result = $this->db->query($sql); + + if ($result) { + $num = $this->db->num_rows($result); + $min = min($num, ($limit <= 0 ? $num : $limit)); + for ($i = 0; $i < $min; $i++) { + $list[] = $this->db->fetch_object($result); + } + } else { + throw new RestException(400, $this->db->lasterror()); + } + + return $list; + } + } From 7374a2accd5155a960828e155b79424248d450eb Mon Sep 17 00:00:00 2001 From: Neil Orley Date: Thu, 28 Sep 2017 12:14:49 +0200 Subject: [PATCH 5/5] NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } --- htdocs/api/class/api_documents.class.php | 51 ++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 3 deletions(-) diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index e26486981fa..4d0efb63d62 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -22,6 +22,7 @@ use Luracast\Restler\Format\UploadFormat; require_once DOL_DOCUMENT_ROOT.'/main.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; /** * API class for receive files @@ -54,13 +55,57 @@ class Documents extends DolibarrApi * * @param string $module_part Name of module or area concerned by file download ('facture', ...) * @param string $ref Reference of object (This will define subdir automatically) - * @param string $subdir Subdirectory (Only if ref not provided) + * @param string $subdir NOT YET AVAILABLE : Subdirectory (Only if ref not provided) * @return array List of documents * - * @throws RestException + * @throws 400 + * @throws 401 + * @throws 200 OK */ public function index($module_part, $ref='', $subdir='') { - return array('note'=>'FeatureNotYetAvailable'); + global $conf; + + if (empty($module_part)) { + throw new RestException(400, 'bad value for parameter modulepart'); + } + if (empty($ref) && empty($subdir)) { + throw new RestException(400, 'bad value for parameter ref or subdir'); + } + if (empty($ref)) { + throw new RestException(404, 'FeatureNotYetAvailable'); + } + if (!DolibarrApiAccess::$user->rights->ecm->read) { + throw new RestException(401); + } + + $original_file = str_replace("../","/", $ref.'/'.$ref.'.pdf'); + $refname=basename(dirname($original_file)."/"); + $entity=$conf->entity; + + $check_access = dol_check_secure_access_document($module_part,$original_file,$entity,DolibarrApiAccess::$user); + $accessallowed = $check_access['accessallowed']; + $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals']; + $original_file = $check_access['original_file']; + + if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file)) + { + throw new RestException(401); + } + if (!$accessallowed) { + throw new RestException(401); + } + + + $filename = basename($original_file); + $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset + + if (! file_exists($original_file_osencoded)) + { + throw new RestException(404, 'File not found'); + } + + $file_content=file_get_contents($original_file_osencoded); + return array('filename'=>$filename, 'content'=>base64_encode($file_content), 'encoding'=>'MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)' ); }