From db8d27f0fe89821cc99d20fbfc88710def29471c Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 3 Oct 2017 12:08:25 +0200 Subject: [PATCH 1/4] Fix: wrong type value --- htdocs/categories/viewcat.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 75a9215e18d..a3ca8053281 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -319,7 +319,7 @@ else // List of products or services (type is type of category) -if ($object->type == Categorie::TYPE_PRODUCT) +if ($type == Categorie::TYPE_PRODUCT) { $prods = $object->getObjectsInCateg("product"); if ($prods < 0) @@ -391,7 +391,7 @@ if ($object->type == Categorie::TYPE_PRODUCT) } } -if ($object->type == Categorie::TYPE_SUPPLIER) +if ($type == Categorie::TYPE_SUPPLIER) { $socs = $object->getObjectsInCateg("supplier"); if ($socs < 0) @@ -440,7 +440,7 @@ if ($object->type == Categorie::TYPE_SUPPLIER) } } -if($object->type == Categorie::TYPE_CUSTOMER) +if($type == Categorie::TYPE_CUSTOMER) { $socs = $object->getObjectsInCateg("customer"); if ($socs < 0) @@ -494,7 +494,7 @@ if($object->type == Categorie::TYPE_CUSTOMER) } // List of members -if ($object->type == Categorie::TYPE_MEMBER) +if ($type == Categorie::TYPE_MEMBER) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; @@ -547,7 +547,7 @@ if ($object->type == Categorie::TYPE_MEMBER) } // Categorie contact -if($object->type == Categorie::TYPE_CONTACT) +if ($type == Categorie::TYPE_CONTACT) { $contacts = $object->getObjectsInCateg("contact"); if ($contacts < 0) @@ -600,7 +600,7 @@ if($object->type == Categorie::TYPE_CONTACT) } // List of accounts -if ($object->type == Categorie::TYPE_ACCOUNT) +if ($type == Categorie::TYPE_ACCOUNT) { require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; @@ -653,7 +653,7 @@ if ($object->type == Categorie::TYPE_ACCOUNT) } // List of Project -if ($object->type == Categorie::TYPE_PROJECT) +if ($type == Categorie::TYPE_PROJECT) { require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; From f8f4ff6d2149a63b1c08601024fca7402d03506f Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 3 Oct 2017 13:07:07 +0200 Subject: [PATCH 2/4] Fix: missing include api_categories class --- htdocs/adherents/class/api_members.class.php | 25 +++++- .../categories/class/api_categories.class.php | 76 ++++++++--------- htdocs/product/class/api_products.class.php | 84 ++++++++++--------- htdocs/societe/class/api_contacts.class.php | 6 +- .../societe/class/api_thirdparties.class.php | 76 +++++++++-------- 5 files changed, 151 insertions(+), 116 deletions(-) diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index 4d13b6347ec..571c77d91f7 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -1,5 +1,6 @@ +/* Copyright (C) 2016 Xebax Christy + * Copyright (C) 2017 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -357,4 +358,26 @@ class Members extends DolibarrApi return $member->subscription($start_date, $amount, 0, '', $label, '', '', '', $end_date); } + /** + * Get categories for a member + * + * @param int $id ID of member + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Limit for list + * @param int $page Page number + * + * @return mixed + * + * @url GET {id}/categories + */ + function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) + { + require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + + $categories = new Categories(); + + return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'member', $id); + } + } diff --git a/htdocs/categories/class/api_categories.class.php b/htdocs/categories/class/api_categories.class.php index ed10e337f7b..a43ccbd180b 100644 --- a/htdocs/categories/class/api_categories.class.php +++ b/htdocs/categories/class/api_categories.class.php @@ -23,13 +23,13 @@ /** * API class for categories * - * @access protected + * @access protected * @class DolibarrApiAccess {@requires user,external} */ class Categories extends DolibarrApi { /** - * @var array $FIELDS Mandatory fields, checked when create and update object + * @var array $FIELDS Mandatory fields, checked when create and update object */ static $FIELDS = array( 'label', @@ -44,7 +44,7 @@ class Categories extends DolibarrApi 4 => 'contact', 5 => 'account', ); - + /** * @var Categorie $category {@type Categorie} */ @@ -67,20 +67,20 @@ class Categories extends DolibarrApi * * @param int $id ID of category * @return array|mixed data without useless information - * + * * @throws RestException */ function get($id) - { + { if(! DolibarrApiAccess::$user->rights->categorie->lire) { throw new RestException(401); } - + $result = $this->category->fetch($id); if( ! $result ) { throw new RestException(404, 'category not found'); } - + if( ! DolibarrApi::_checkAccessToResource('category',$this->category->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } @@ -90,7 +90,7 @@ class Categories extends DolibarrApi /** * List categories - * + * * Get a list of categories * * @param string $sortfield Sort field @@ -105,13 +105,13 @@ class Categories extends DolibarrApi */ function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $type = '', $sqlfilters = '') { global $db, $conf; - + $obj_ret = array(); - + if(! DolibarrApiAccess::$user->rights->categorie->lire) { throw new RestException(401); } - + $sql = "SELECT t.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."categorie as t"; $sql.= ' WHERE t.entity IN ('.getEntity('category').')'; @@ -120,7 +120,7 @@ class Categories extends DolibarrApi $sql.= ' AND t.type='.array_search($type,Categories::$TYPES); } // Add sql filters - if ($sqlfilters) + if ($sqlfilters) { if (! DolibarrApi::_checkFilters($sqlfilters)) { @@ -129,7 +129,7 @@ class Categories extends DolibarrApi $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) @@ -168,7 +168,7 @@ class Categories extends DolibarrApi /** * List categories of an entity - * + * * Note: This method is not directly exposed in the API, it is used * in the GET /xxx/{id}/categories requests. * @@ -184,9 +184,9 @@ class Categories extends DolibarrApi */ function getListForItem($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $type='customer', $item = 0) { global $db, $conf; - + $obj_ret = array(); - + if(! DolibarrApiAccess::$user->rights->categorie->lire) { throw new RestException(401); } @@ -250,13 +250,13 @@ class Categories extends DolibarrApi if( ! count($obj_ret)) { throw new RestException(404, 'No category found'); } - + return $obj_ret; } /** * Create category object - * + * * @param array $request_data Request data * @return int ID of category */ @@ -268,7 +268,7 @@ class Categories extends DolibarrApi // Check mandatory fields $result = $this->_validate($request_data); - + foreach($request_data as $field => $value) { $this->category->$field = $value; } @@ -280,22 +280,22 @@ class Categories extends DolibarrApi /** * Update category - * + * * @param int $id Id of category to update - * @param array $request_data Datas - * @return int + * @param array $request_data Datas + * @return int */ function put($id, $request_data = NULL) { if(! DolibarrApiAccess::$user->rights->categorie->creer) { throw new RestException(401); } - + $result = $this->category->fetch($id); if( ! $result ) { throw new RestException(404, 'category not found'); } - + if( ! DolibarrApi::_checkAccessToResource('category',$this->category->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } @@ -304,13 +304,13 @@ class Categories extends DolibarrApi if ($field == 'id') continue; $this->category->$field = $value; } - + if($this->category->update(DolibarrApiAccess::$user)) return $this->get ($id); - + return false; } - + /** * Delete category * @@ -326,15 +326,15 @@ class Categories extends DolibarrApi if( ! $result ) { throw new RestException(404, 'category not found'); } - + if( ! DolibarrApi::_checkAccessToResource('category',$this->category->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } - + if (! $this->category->delete(DolibarrApiAccess::$user)) { throw new RestException(401,'error when delete category'); } - + return array( 'success' => array( 'code' => 200, @@ -342,8 +342,8 @@ class Categories extends DolibarrApi ) ); } - - + + /** * Clean sensible object datas * @@ -351,9 +351,9 @@ class Categories extends DolibarrApi * @return array Array of cleaned object properties */ function _cleanObjectDatas($object) { - + $object = parent::_cleanObjectDatas($object); - + // Remove fields not relevent to categories unset($object->country); unset($object->country_id); @@ -394,16 +394,16 @@ class Categories extends DolibarrApi unset($object->fk_project); unset($object->note); unset($object->statut); - + return $object; } - + /** * Validate fields before create or update object - * + * * @param array|null $data Data to validate * @return array - * + * * @throws RestException */ function _validate($data) diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index 0d6694ac569..a16022ea047 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -16,24 +16,24 @@ */ use Luracast\Restler\RestException; - + require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; /** * API class for products * - * @access protected + * @access protected * @class DolibarrApiAccess {@requires user,external} */ class Products extends DolibarrApi { /** - * @var array $FIELDS Mandatory fields, checked when create and update object + * @var array $FIELDS Mandatory fields, checked when create and update object */ static $FIELDS = array( 'ref', - 'label' + 'label' ); /** @@ -53,30 +53,30 @@ class Products extends DolibarrApi /** * Get properties of a product object - * + * * Return an array with product informations * * @param int $id ID of product * @return array|mixed data without useless information - * + * * @throws RestException * TODO implement getting a product by ref or by $ref_ext */ function get($id) - { + { if(! DolibarrApiAccess::$user->rights->produit->lire) { throw new RestException(401); } - + $result = $this->product->fetch($id); if( ! $result ) { throw new RestException(404, 'Product not found'); } - + if( ! DolibarrApi::_checkAccessToResource('product',$this->product->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } - + $this->product->load_stock(); return $this->_cleanObjectDatas($this->product); @@ -84,9 +84,9 @@ class Products extends DolibarrApi /** * List products - * + * * Get a list of products - * + * * @param string $sortfield Sort field * @param string $sortorder Sort order * @param int $limit Limit for list @@ -98,9 +98,9 @@ class Products extends DolibarrApi */ function index($sortfield = "t.ref", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $category=0, $sqlfilters = '') { global $db, $conf; - + $obj_ret = array(); - + $socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : ''; $sql = "SELECT t.rowid, t.ref, t.ref_ext"; @@ -121,7 +121,7 @@ class Products extends DolibarrApi // Show services if ($mode == 2) $sql.= " AND t.fk_product_type = 1"; // Add sql filters - if ($sqlfilters) + if ($sqlfilters) { if (! DolibarrApi::_checkFilters($sqlfilters)) { @@ -130,7 +130,7 @@ class Products extends DolibarrApi $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) @@ -165,10 +165,10 @@ class Products extends DolibarrApi } return $obj_ret; } - + /** * Create product object - * + * * @param array $request_data Request data * @return int ID of product */ @@ -179,35 +179,35 @@ class Products extends DolibarrApi } // Check mandatory fields $result = $this->_validate($request_data); - + foreach($request_data as $field => $value) { $this->product->$field = $value; } if ($this->product->create(DolibarrApiAccess::$user) < 0) { throw new RestException(500, "Error creating product", array_merge(array($this->product->error), $this->product->errors)); } - + return $this->product->id; } /** * Update product - * + * * @param int $id Id of product to update - * @param array $request_data Datas - * @return int + * @param array $request_data Datas + * @return int */ function put($id, $request_data = NULL) { if(! DolibarrApiAccess::$user->rights->produit->creer) { throw new RestException(401); } - + $result = $this->product->fetch($id); if( ! $result ) { throw new RestException(404, 'Product not found'); } - + if( ! DolibarrApi::_checkAccessToResource('product',$this->product->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } @@ -216,16 +216,16 @@ class Products extends DolibarrApi if ($field == 'id') continue; $this->product->$field = $value; } - + if($this->product->update($id, DolibarrApiAccess::$user,1,'update')) return $this->get ($id); - + return false; } - + /** * Delete product - * + * * @param int $id Product ID * @return array */ @@ -238,18 +238,18 @@ class Products extends DolibarrApi if( ! $result ) { throw new RestException(404, 'Product not found'); } - + if( ! DolibarrApi::_checkAccessToResource('product',$this->product->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } - + // The Product::delete() method uses the global variable $user. global $user; $user = DolibarrApiAccess::$user; return $this->product->delete(DolibarrApiAccess::$user); } - + /** * Get categories for a product * @@ -263,9 +263,13 @@ class Products extends DolibarrApi * * @url GET {id}/categories */ - function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { - $categories = new Categories(); - return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'product', $id); + function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) + { + require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + + $categories = new Categories(); + + return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'product', $id); } /** @@ -275,17 +279,17 @@ class Products extends DolibarrApi * @return array Array of cleaned object properties */ function _cleanObjectDatas($object) { - + $object = parent::_cleanObjectDatas($object); - + unset($object->regeximgext); - + return $object; } - + /** * Validate fields before create or update object - * + * * @param array $data Datas to validate * @return array * @throws RestException diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index fcfdf4ad084..6d3a5970c9b 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -333,8 +333,12 @@ class Contacts extends DolibarrApi * * @url GET {id}/categories */ - function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { + function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) + { + require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + $categories = new Categories(); + return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'contact', $id); } diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index f25fda9a5fb..88492779bda 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -21,15 +21,15 @@ /** * API class for thirdparties * - * @access protected + * @access protected * @class DolibarrApiAccess {@requires user,external} - * + * */ class Thirdparties extends DolibarrApi { /** * - * @var array $FIELDS Mandatory fields, checked when create and update object + * @var array $FIELDS Mandatory fields, checked when create and update object */ static $FIELDS = array( 'name' @@ -48,7 +48,7 @@ class Thirdparties extends DolibarrApi global $db, $conf; $this->db = $db; $this->company = new Societe($this->db); - + if (! empty($conf->global->SOCIETE_EMAIL_MANDATORY)) { static::$FIELDS[] = 'email'; } @@ -61,20 +61,20 @@ class Thirdparties extends DolibarrApi * * @param int $id ID of thirdparty * @return array|mixed data without useless information - * + * * @throws RestException */ function get($id) - { + { if(! DolibarrApiAccess::$user->rights->societe->lire) { throw new RestException(401); } - + $result = $this->company->fetch($id); if( ! $result ) { throw new RestException(404, 'Thirdparty not found'); } - + if( ! DolibarrApi::_checkAccessToResource('societe',$this->company->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } @@ -84,14 +84,14 @@ class Thirdparties extends DolibarrApi /** * List thirdparties - * + * * Get a list of thirdparties - * + * * @param string $sortfield Sort field * @param string $sortorder Sort order * @param int $limit Limit for list * @param int $page Page number - * @param int $mode Set to 1 to show only customers + * @param int $mode Set to 1 to show only customers * Set to 2 to show only prospects * Set to 3 to show only those are not customer neither prospect * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" @@ -99,12 +99,12 @@ class Thirdparties extends DolibarrApi */ function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $sqlfilters = '') { global $db, $conf; - + $obj_ret = array(); - + // case of external user, we force socids $socids = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : ''; - + // If the internal user must only see his customers, force searching by him $search_sale = 0; if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) $search_sale = DolibarrApiAccess::$user->id; @@ -112,7 +112,7 @@ class Thirdparties extends DolibarrApi $sql = "SELECT t.rowid"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) $sql.= " FROM ".MAIN_DB_PREFIX."societe as t"; - + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; $sql.= " WHERE t.fk_stcomm = st.id"; @@ -130,7 +130,7 @@ class Thirdparties extends DolibarrApi $sql .= " AND sc.fk_user = ".$search_sale; } // Add sql filters - if ($sqlfilters) + if ($sqlfilters) { if (! DolibarrApi::_checkFilters($sqlfilters)) { @@ -139,7 +139,7 @@ class Thirdparties extends DolibarrApi $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { @@ -175,7 +175,7 @@ class Thirdparties extends DolibarrApi } return $obj_ret; } - + /** * Create thirdparty object * @@ -189,13 +189,13 @@ class Thirdparties extends DolibarrApi } // Check mandatory fields $result = $this->_validate($request_data); - + foreach($request_data as $field => $value) { $this->company->$field = $value; } if ($this->company->create(DolibarrApiAccess::$user) < 0) throw new RestException(500, 'Error creating thirdparty', array_merge(array($this->company->error), $this->company->errors)); - + return $this->company->id; } @@ -203,20 +203,20 @@ class Thirdparties extends DolibarrApi * Update thirdparty * * @param int $id Id of thirdparty to update - * @param array $request_data Datas - * @return int + * @param array $request_data Datas + * @return int */ function put($id, $request_data = NULL) { if(! DolibarrApiAccess::$user->rights->societe->creer) { throw new RestException(401); } - + $result = $this->company->fetch($id); if( ! $result ) { throw new RestException(404, 'Thirdparty not found'); } - + if( ! DolibarrApi::_checkAccessToResource('societe',$this->company->id)) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } @@ -225,13 +225,13 @@ class Thirdparties extends DolibarrApi if ($field == 'id') continue; $this->company->$field = $value; } - + if($this->company->update($id, DolibarrApiAccess::$user,1,'','','update')) return $this->get ($id); - + return false; } - + /** * Delete thirdparty * @@ -252,7 +252,7 @@ class Thirdparties extends DolibarrApi } return $this->company->delete($id); } - + /** * Get categories for a thirdparty * @@ -266,8 +266,12 @@ class Thirdparties extends DolibarrApi * * @url GET {id}/categories */ - function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { + function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) + { + require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + $categories = new Categories(); + return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'customer', $id); } @@ -318,24 +322,24 @@ class Thirdparties extends DolibarrApi * @return array Array of cleaned object properties */ function _cleanObjectDatas($object) { - + $object = parent::_cleanObjectDatas($object); - + unset($object->total_ht); unset($object->total_tva); unset($object->total_localtax1); unset($object->total_localtax2); unset($object->total_ttc); - + return $object; - } - + } + /** * Validate fields before create or update object - * + * * @param array $data Datas to validate * @return array - * + * * @throws RestException */ function _validate($data) From 4537e5472b0bd7172476e7dfb7943483840aee3e Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 3 Oct 2017 19:01:54 +0200 Subject: [PATCH 3/4] Fix: refactorization of "getListForItem" function --- htdocs/adherents/class/api_members.class.php | 19 +++- .../categories/class/api_categories.class.php | 88 ----------------- htdocs/categories/class/categorie.class.php | 94 +++++++++++++++++++ htdocs/product/class/api_products.class.php | 14 ++- htdocs/societe/class/api_contacts.class.php | 15 ++- .../societe/class/api_thirdparties.class.php | 15 ++- 6 files changed, 143 insertions(+), 102 deletions(-) diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index 571c77d91f7..a4a888ae9a5 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -20,6 +20,7 @@ use Luracast\Restler\RestException; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/subscription.class.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; /** * API class for members @@ -362,8 +363,8 @@ class Members extends DolibarrApi * Get categories for a member * * @param int $id ID of member - * @param string $sortfield Sort field - * @param string $sortorder Sort order + * @param string $sortfield Sort field + * @param string $sortorder Sort order * @param int $limit Limit for list * @param int $page Page number * @@ -373,11 +374,19 @@ class Members extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { - require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + $categories = new Categorie($this->db); - $categories = new Categories(); + $result = $categories->getListForItem($id, 'member', $sortfield, $sortorder, $limit, $page); - return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'member', $id); + if (empty($result)) { + throw new RestException(404, 'No category found'); + } + + if ($result < 0) { + throw new RestException(503, 'Error when retrieve category list : '.$categories->error); + } + + return $result; } } diff --git a/htdocs/categories/class/api_categories.class.php b/htdocs/categories/class/api_categories.class.php index a43ccbd180b..1c8d9fcfe50 100644 --- a/htdocs/categories/class/api_categories.class.php +++ b/htdocs/categories/class/api_categories.class.php @@ -166,94 +166,6 @@ class Categories extends DolibarrApi return $obj_ret; } - /** - * List categories of an entity - * - * Note: This method is not directly exposed in the API, it is used - * in the GET /xxx/{id}/categories requests. - * - * @param string $sortfield Sort field - * @param string $sortorder Sort order - * @param int $limit Limit for list - * @param int $page Page number - * @param string $type Type of category ('member', 'customer', 'supplier', 'product', 'contact') - * @param int $item Id of the item to get categories for - * @return array Array of category objects - * - * @access private - */ - function getListForItem($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $type='customer', $item = 0) { - global $db, $conf; - - $obj_ret = array(); - - if(! DolibarrApiAccess::$user->rights->categorie->lire) { - throw new RestException(401); - } - //if ($type == "") { - //$type="product"; - //} - $sub_type = $type; - $subcol_name = "fk_".$type; - if ($type=="customer" || $type=="supplier") { - $sub_type="societe"; - $subcol_name="fk_soc"; - } - if ($type=="contact") { - $subcol_name="fk_socpeople"; - } - $sql = "SELECT s.rowid"; - $sql.= " FROM ".MAIN_DB_PREFIX."categorie as s"; - $sql.= " , ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub "; - $sql.= ' WHERE s.entity IN ('.getEntity('category').')'; - $sql.= ' AND s.type='.array_search($type,Categories::$TYPES); - $sql.= ' AND s.rowid = sub.fk_categorie'; - $sql.= ' AND sub.'.$subcol_name.' = '.$item; - - $nbtotalofrecords = ''; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) - { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); - } - - $sql.= $db->order($sortfield, $sortorder); - if ($limit) { - if ($page < 0) - { - $page = 0; - } - $offset = $limit * $page; - - $sql.= $db->plimit($limit + 1, $offset); - } - - $result = $db->query($sql); - if ($result) - { - $i=0; - $num = $db->num_rows($result); - $min = min($num, ($limit <= 0 ? $num : $limit)); - while ($i < $min) - { - $obj = $db->fetch_object($result); - $category_static = new Categorie($db); - if($category_static->fetch($obj->rowid)) { - $obj_ret[] = $this->_cleanObjectDatas($category_static); - } - $i++; - } - } - else { - throw new RestException(503, 'Error when retrieve category list : '.$db->lasterror()); - } - if( ! count($obj_ret)) { - throw new RestException(404, 'No category found'); - } - - return $obj_ret; - } - /** * Create category object * diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 5cbe56554dd..6027f76ec58 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -879,6 +879,100 @@ class Categorie extends CommonObject } } + /** + * List categories of an element id + * + * @param int $item Id of element + * @param string $type Type of category ('member', 'customer', 'supplier', 'product', 'contact') + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Limit for list + * @param int $page Page number + * @return array Array of categories + */ + function getListForItem($id, $type='customer', $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) + { + global $conf; + + $categories = array(); + + $sub_type = $type; + $subcol_name = "fk_".$type; + if ($type=="customer" || $type=="supplier") { + $sub_type="societe"; + $subcol_name="fk_soc"; + } + if ($type=="contact") { + $subcol_name="fk_socpeople"; + } + $sql = "SELECT s.rowid"; + $sql.= " FROM ".MAIN_DB_PREFIX."categorie as s"; + $sql.= " , ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub "; + $sql.= ' WHERE s.entity IN ('.getEntity('category').')'; + $sql.= ' AND s.type='.array_search($type, self::$MAP_ID_TO_CODE); + $sql.= ' AND s.rowid = sub.fk_categorie'; + $sql.= ' AND sub.'.$subcol_name.' = '.$id; + + $nbtotalofrecords = ''; + if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + { + $result = $this->db->query($sql); + $nbtotalofrecords = $this->db->num_rows($result); + } + + $sql.= $this->db->order($sortfield, $sortorder); + if ($limit) { + if ($page < 0) + { + $page = 0; + } + $offset = $limit * $page; + + $sql.= $this->db->plimit($limit + 1, $offset); + } + + $result = $this->db->query($sql); + if ($result) + { + $i=0; + $num = $this->db->num_rows($result); + $min = min($num, ($limit <= 0 ? $num : $limit)); + while ($i < $min) + { + $obj = $this->db->fetch_object($result); + $category_static = new Categorie($this->db); + if ($category_static->fetch($obj->rowid)) + { + $categories[$i]['id'] = $category_static->id; + $categories[$i]['fk_parent'] = $category_static->fk_parent; + $categories[$i]['label'] = $category_static->label; + $categories[$i]['description'] = $category_static->description; + $categories[$i]['color'] = $category_static->color; + $categories[$i]['socid'] = $category_static->socid; + $categories[$i]['visible'] = $category_static->visible; + $categories[$i]['type'] = $category_static->type; + $categories[$i]['entity'] = $category_static->entity; + $categories[$i]['array_options'] = $category_static->array_options; + + // multilangs + if (! empty($conf->global->MAIN_MULTILANGS)) { + $categories[$i]['multilangs'] = $category_static->multilangs; + } + } + $i++; + } + } + else { + $this->error = $this->db->lasterror(); + return -1; + } + if ( ! count($categories)) { + return 0; + } + + return $categories; + } + /** * Return childs of a category * diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index a16022ea047..809b8b160c3 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -265,11 +265,19 @@ class Products extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { - require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + $categories = new Categorie($this->db); - $categories = new Categories(); + $result = $categories->getListForItem($id, 'product', $sortfield, $sortorder, $limit, $page); - return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'product', $id); + if (empty($result)) { + throw new RestException(404, 'No category found'); + } + + if ($result < 0) { + throw new RestException(503, 'Error when retrieve category list : '.$categories->error); + } + + return $result; } /** diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index 6d3a5970c9b..29bb43d211d 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -18,6 +18,7 @@ use Luracast\Restler\RestException; //require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; /** * API class for contacts @@ -335,11 +336,19 @@ class Contacts extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { - require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + $categories = new Categorie($this->db); - $categories = new Categories(); + $result = $categories->getListForItem($id, 'contact', $sortfield, $sortorder, $limit, $page); - return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'contact', $id); + if (empty($result)) { + throw new RestException(404, 'No category found'); + } + + if ($result < 0) { + throw new RestException(503, 'Error when retrieve category list : '.$categories->error); + } + + return $result; } /** diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index 88492779bda..0fe5d5e706e 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -17,6 +17,7 @@ use Luracast\Restler\RestException; + require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; /** * API class for thirdparties @@ -268,11 +269,19 @@ class Thirdparties extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { - require_once DOL_DOCUMENT_ROOT.'/categories/class/api_categories.class.php'; + $categories = new Categorie($this->db); - $categories = new Categories(); + $result = $categories->getListForItem($id, 'customer', $sortfield, $sortorder, $limit, $page); - return $categories->getListForItem($sortfield, $sortorder, $limit, $page, 'customer', $id); + if (empty($result)) { + throw new RestException(404, 'No category found'); + } + + if ($result < 0) { + throw new RestException(503, 'Error when retrieve category list : '.$categories->error); + } + + return $result; } /** From 45de1ca21efdfc061ef931c8ad863fedd6bda90a Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 3 Oct 2017 19:09:46 +0200 Subject: [PATCH 4/4] Fix: check security --- htdocs/adherents/class/api_members.class.php | 4 ++++ htdocs/product/class/api_products.class.php | 4 ++++ htdocs/societe/class/api_contacts.class.php | 4 ++++ htdocs/societe/class/api_thirdparties.class.php | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index a4a888ae9a5..99a4f401171 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -374,6 +374,10 @@ class Members extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { + if (! DolibarrApiAccess::$user->rights->categorie->lire) { + throw new RestException(401); + } + $categories = new Categorie($this->db); $result = $categories->getListForItem($id, 'member', $sortfield, $sortorder, $limit, $page); diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index 809b8b160c3..25071801fe3 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -265,6 +265,10 @@ class Products extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { + if (! DolibarrApiAccess::$user->rights->categorie->lire) { + throw new RestException(401); + } + $categories = new Categorie($this->db); $result = $categories->getListForItem($id, 'product', $sortfield, $sortorder, $limit, $page); diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index 29bb43d211d..0e3c10ce726 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -336,6 +336,10 @@ class Contacts extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { + if (! DolibarrApiAccess::$user->rights->categorie->lire) { + throw new RestException(401); + } + $categories = new Categorie($this->db); $result = $categories->getListForItem($id, 'contact', $sortfield, $sortorder, $limit, $page); diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index 0fe5d5e706e..ab38f62b2ed 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -269,6 +269,10 @@ class Thirdparties extends DolibarrApi */ function getCategories($id, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { + if (! DolibarrApiAccess::$user->rights->categorie->lire) { + throw new RestException(401); + } + $categories = new Categorie($this->db); $result = $categories->getListForItem($id, 'customer', $sortfield, $sortorder, $limit, $page);