REST API: fix deleting a product/service.

Add a User parameter to the Product::delete() method to explicitly set the user that performs the action instead of using a global variable. In the calls to Product::delete() with a fetched object, remove the deprecated parameter $id.
2016-06-17 00:50:07 +02:00 · 2016-06-17 00:50:07 +02:00 · d7c8a466b1
commit d7c8a466b1
parent 58c25ff665
5 changed files with 7 additions and 11 deletions
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@ -553,7 +553,7 @@ if (empty($reshook))
    {
        if (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer))
        {
-            $result = $object->delete($object->id);
+            $result = $object->delete($user);
        }

        if ($result > 0)
--- a/htdocs/product/class/api_products.class.php
+++ b/htdocs/product/class/api_products.class.php
@ -306,7 +306,6 @@ class Products extends DolibarrApi
     * 
     * @param   int     $id   Product ID
     * @return  array
-     * FIXME Deleting a product/service does not work because the Product::delete() method uses a global $user but it is not set.
     */
    function delete($id)
    {
@ -322,7 +321,7 @@ class Products extends DolibarrApi
 			throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
 		}
        
-        return $this->product->delete($id);
+        return $this->product->delete(DolibarrApiAccess::$user);
    }
    
    /**
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@ -878,18 +878,19 @@ class Product extends CommonObject
 	/**
 	 *  Delete a product from database (if not used)
 	 *
+	 * 	@param	    User	$user		Object user that ask to delete
 	 *	@param      int		$id         Product id (usage of this is deprecated, delete should be called without parameters on a fetched object)
 	 *  @param      int     $notrigger  Do not execute trigger
 	 * 	@return		int					< 0 if KO, 0 = Not possible, > 0 if OK
 	 */
-	function delete($id=0, $notrigger=0)
+	function delete($user, $id=0, $notrigger=0)
 	{
 		// Deprecation warning
 		if ($id > 0) {
 			dol_syslog(__METHOD__ . " with parameter is deprecated", LOG_WARNING);
 		}

-		global $conf,$user,$langs;
+		global $conf,$langs;
 		require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';

 		$error=0;
--- a/htdocs/webservices/server_productorservice.php
+++ b/htdocs/webservices/server_productorservice.php
@ -841,10 +841,6 @@ function deleteProductOrService($authentication,$listofidstring)
    $error=0;
    $fuser=check_authentication($authentication,$error,$errorcode,$errorlabel);

-	// User must be defined to user authenticated
-    global $user;
-    $user=$fuser;
-
    $listofid=explode(',',trim($listofidstring));
    $listofiddeleted=array();

@ -873,7 +869,7 @@ function deleteProductOrService($authentication,$listofidstring)
 	        }
 	        else
 			{
-		        $result=$newobject->delete();
+		        $result=$newobject->delete($fuser);
 		        if ($result <= 0)
 		        {
 		            $error++;
--- a/test/phpunit/ProductTest.php
+++ b/test/phpunit/ProductTest.php
@ -232,7 +232,7 @@ class ProductTest extends PHPUnit_Framework_TestCase
        $localobject=new Product($this->savdb);
        $result=$localobject->fetch($id);

-        $result=$localobject->delete($id);
+        $result=$localobject->delete($user);
        print __METHOD__." id=".$id." result=".$result."\n";
        $this->assertLessThan($result, 0);