From 21454aa597d45728b3f24e2d2672092bcbf5cc5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric?= <35066297+c3do@users.noreply.github.com> Date: Fri, 8 Nov 2019 19:54:38 +0100 Subject: [PATCH 1/5] API New link documents to products (pictures) --- htdocs/api/class/api_documents.class.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index 1360d2657b7..cf039e22747 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -505,6 +505,11 @@ class Documents extends DolibarrApi throw new RestException(500, 'Error while fetching Task '.$ref); } } + elseif ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service' || $modulepart == 'produit|service') + { + require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; + $object = new Product($this->db); + } // TODO Implement additional moduleparts else { @@ -557,6 +562,11 @@ class Documents extends DolibarrApi // $original_file here is still value of filename without any dir. $upload_dir = dol_sanitizePathName($upload_dir); + + if (dol_mkdir($upload_dir) < 0) // needed by products + { + throw new RestException(500, 'Error while trying to create directory.'); + } $destfile = $upload_dir . '/' . $original_file; $destfiletmp = DOL_DATA_ROOT.'/admin/temp/' . $original_file; From 8dc67d95308a4a5dbc6946614e2aa1280d5f2e85 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Fri, 8 Nov 2019 18:58:49 +0000 Subject: [PATCH 2/5] Fixing style errors. --- htdocs/api/class/api_documents.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index cf039e22747..5977dbb8b28 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -562,7 +562,7 @@ class Documents extends DolibarrApi // $original_file here is still value of filename without any dir. $upload_dir = dol_sanitizePathName($upload_dir); - + if (dol_mkdir($upload_dir) < 0) // needed by products { throw new RestException(500, 'Error while trying to create directory.'); From 1e5fe3f31c831bf1e840d7f41480075978b1cb1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric?= <35066297+c3do@users.noreply.github.com> Date: Sat, 9 Nov 2019 00:47:03 +0100 Subject: [PATCH 3/5] API New delete document --- htdocs/api/class/api_documents.class.php | 61 ++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index 5977dbb8b28..77fc62680d4 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -602,6 +602,67 @@ class Documents extends DolibarrApi return dol_basename($destfile); } + + /** + * Delete a document. + * + * @param string $modulepart Name of module or area concerned by file download ('product', ...) + * @param string $original_file Relative path with filename, relative to modulepart (for example: PRODUCT-REF-999/IMAGE-999.jpg) + * @return array List of documents + * + * @throws 400 + * @throws 401 + * @throws 404 + * @throws 200 + * + * @url DELETE /delete + */ + public function delete($modulepart, $original_file = '') + { + global $conf, $langs; + + if (empty($modulepart)) { + throw new RestException(400, 'bad value for parameter modulepart'); + } + if (empty($original_file)) { + throw new RestException(400, 'bad value for parameter original_file'); + } + + //--- Finds and returns the document + $entity=$conf->entity; + + $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, DolibarrApiAccess::$user, '', 'read'); + $accessallowed = $check_access['accessallowed']; + $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals']; + $original_file = $check_access['original_file']; + + if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) { + throw new RestException(401); + } + if (!$accessallowed) { + throw new RestException(401); + } + + $filename = basename($original_file); + $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset + + if (! file_exists($original_file_osencoded)) + { + dol_syslog("Try to download not found file ".$original_file_osencoded, LOG_WARNING); + throw new RestException(404, 'File not found'); + } + + if (@unlink($original_file_osencoded)) { + return array( + 'success' => array( + 'code' => 200, + 'message' => 'Document deleted' + ) + ); + } + + throw new RestException(401); + } // phpcs:disable PEAR.NamingConventions.ValidFunctionName /** From e53ce81f239c5330ce8cc82c039f1e417b003739 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Fri, 8 Nov 2019 23:48:46 +0000 Subject: [PATCH 4/5] Fixing style errors. --- htdocs/api/class/api_documents.class.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index 77fc62680d4..2e831f04da9 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -602,7 +602,7 @@ class Documents extends DolibarrApi return dol_basename($destfile); } - + /** * Delete a document. * @@ -620,38 +620,38 @@ class Documents extends DolibarrApi public function delete($modulepart, $original_file = '') { global $conf, $langs; - + if (empty($modulepart)) { throw new RestException(400, 'bad value for parameter modulepart'); } if (empty($original_file)) { throw new RestException(400, 'bad value for parameter original_file'); } - + //--- Finds and returns the document $entity=$conf->entity; - + $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, DolibarrApiAccess::$user, '', 'read'); $accessallowed = $check_access['accessallowed']; $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals']; $original_file = $check_access['original_file']; - + if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) { throw new RestException(401); } if (!$accessallowed) { throw new RestException(401); } - + $filename = basename($original_file); $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset - + if (! file_exists($original_file_osencoded)) { dol_syslog("Try to download not found file ".$original_file_osencoded, LOG_WARNING); throw new RestException(404, 'File not found'); } - + if (@unlink($original_file_osencoded)) { return array( 'success' => array( @@ -660,7 +660,7 @@ class Documents extends DolibarrApi ) ); } - + throw new RestException(401); } From 9cc1f1db75a3306e6cc6c82b4aa4b61053ee28fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric?= <35066297+c3do@users.noreply.github.com> Date: Sat, 9 Nov 2019 11:52:03 +0100 Subject: [PATCH 5/5] replace "/delete" by "/" --- htdocs/api/class/api_documents.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index 2e831f04da9..1c6dcb9d1e3 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -615,7 +615,7 @@ class Documents extends DolibarrApi * @throws 404 * @throws 200 * - * @url DELETE /delete + * @url DELETE / */ public function delete($modulepart, $original_file = '') {