lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NEW Can use any filter on all REST API to list.

Browse Source
This commit is contained in:
Laurent Destailleur 2016-10-25 18:33:45 +02:00
parent 5d655d47fe
commit f67863e1aa
19 changed files with 328 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
dev/skeletons/skeleton_api_class.class.php
View File

@ -92,13 +92,13 @@ class SkeletonApi extends DolibarrApi
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @param int $page Page number
*
* @return array Array of skeleton objects
*
* @url GET /skeletons/
*/
function getList($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
function index($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -124,18 +124,19 @@ class SkeletonApi extends DolibarrApi
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
if ($socid) $sql.= " AND s.fk_soc = ".$socid;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);

36
htdocs/adherents/class/api_members.class.php
View File

@ -84,13 +84,12 @@ class Members extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param string $typeid ID of the type of member
* @param string $login To filter the members by login
* @param string $name To filter the members by name (firstname, lastname or company name matching the filter)
* @return array Array of member objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of member objects
*
* @throws RestException
*/
function index($sortfield = "a.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $typeid = '', $login = '', $name = '') {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $typeid = '', $login = '', $name = '', $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -99,27 +98,24 @@ class Members extends DolibarrApi
throw new RestException(401);
}
$sql = "SELECT a.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as a";
$sql.= ' WHERE a.entity IN ('.getEntity('adherent', 1).')';
$sql = "SELECT t.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as t";
$sql.= ' WHERE t.entity IN ('.getEntity('adherent', 1).')';
if (!empty($typeid))
{
$sql.= ' AND a.fk_adherent_type='.$typeid;
$sql.= ' AND t.fk_adherent_type='.$typeid;
}
if (!empty($login)) {
$sql .= " AND a.login LIKE '%".$login."%'";
}
if (!empty($name)) {
$sql .= " AND (a.firstname LIKE '%".$name."%' OR a.lastname LIKE '%".$name."%' OR a.societe LIKE '%".$name."%')";
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

21
htdocs/adherents/class/api_subscriptions.class.php
View File

@ -80,11 +80,12 @@ class Subscriptions extends DolibarrApi
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.import_key:<:'20160101')"
* @return array Array of subscription objects
*
* @throws RestException
*/
function index($sortfield = "dateadh", $sortorder = 'ASC', $limit = 0, $page = 0) {
function index($sortfield = "dateadh", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -94,15 +95,19 @@ class Subscriptions extends DolibarrApi
}
$sql = "SELECT rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."subscription";
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
$sql.= " FROM ".MAIN_DB_PREFIX."subscription as t";
$sql.= ' WHERE 1 = 1';
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

56
htdocs/api/class/api.class.php
View File

@ -162,4 +162,60 @@ class DolibarrApi
return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray,$resource_id,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
/**
* Return if a $sqlfilters parameter is valid
*
* @param string $sqlfilters sqlfilter string
* @return boolean True if valid, False if not valid
*/
function _checkFilters($sqlfilters)
{
//$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
//$tmp=preg_replace_all('/'.$regexstring.'/', '', $sqlfilters);
$tmp=$sqlfilters;
$ok=0;
$i=0; $nb=count($tmp);
$counter=0;
while ($i < $nb)
{
if ($tmp[$i]=='(') $counter++;
if ($tmp[$i]==')') $counter--;
if ($counter < 0)
{
$error="Bad sqlfilters=".$sqlfilters;
dol_syslog($error, LOG_WARNING);
return false;
}
$i++;
}
return true;
}
/**
* Function to forge a SQL criteria
*
* @param array $matches Array of found string by regex search
* @return string Forged criteria. Example: "t.field like 'abc%'"
*/
protected static function _forge_criteria_callback($matches)
{
global $db;
//dol_syslog("Convert matches ".$matches[1]);
if (empty($matches[1])) return '';
$tmp=explode(':',$matches[1]);
if (count($tmp) < 3) return '';
$tmpescaped=$tmp[2];
if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis))
{
$tmpescaped = "'".$db->escape($regbis[1])."'";
}
else
{
$tmpescaped = $db->escape($tmpescaped);
}
return $db->escape($tmp[0]).' '.strtoupper($db->escape($tmp[1]))." ".$tmpescaped;
}
}

20
htdocs/api/class/api_dictionnarycountries.class.php
View File

@ -54,27 +54,31 @@ class DictionnaryCountries extends DolibarrApi
* @param int $page Page number (starting from zero)
* @param string $filter To filter the countries by name
* @param string $lang Code of the language the label of the countries must be translated to
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return List of countries
*
* @throws RestException
*/
function index($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $filter = '', $lang = '')
function index($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $filter = '', $lang = '', $sqlfilters = '')
{
$list = array();
// Note: The filter is not applied in the SQL request because it must
// be applied to the translated names, not to the names in database.
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."c_country";
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."c_country as t";
$sql.=" WHERE 1 = 1";
// Add sql filters
if ($sqlfilters)
{
$result = $this->db->query($sql);
$nbtotalofrecords = $this->db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {

25
htdocs/api/class/api_dictionnarytowns.class.php
View File

@ -47,27 +47,32 @@ class DictionnaryTowns extends DolibarrApi
* @param int $page Page number (starting from zero)
* @param string $zipcode To filter on zipcode
* @param string $town To filter on city name
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return List of towns
*
* @throws RestException
*/
function index($sortfield = "zip,town", $sortorder = 'ASC', $limit = 100, $page = 0, $zipcode = '', $town = '')
function index($sortfield = "zip,town", $sortorder = 'ASC', $limit = 100, $page = 0, $zipcode = '', $town = '', $sqlfilters = '')
{
$list = array();
$sql = "SELECT rowid AS id, zip, town, fk_county, fk_pays AS fk_country";
$sql.= " FROM ".MAIN_DB_PREFIX."c_ziptown";
$sql.= " WHERE active = 1";
if ($zipcode) $sql.=" AND zip LIKE '%" . $this->db->escape($zipcode) . "%'";
if ($town) $sql.=" AND town LIKE '%" . $this->db->escape($town) . "%'";
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
$sql.= " FROM ".MAIN_DB_PREFIX."c_ziptown as t";
$sql.= " WHERE t.active = 1";
if ($zipcode) $sql.=" AND t.zip LIKE '%" . $this->db->escape($zipcode) . "%'";
if ($town) $sql.=" AND t.town LIKE '%" . $this->db->escape($town) . "%'";
// Add sql filters
if ($sqlfilters)
{
$result = $this->db->query($sql);
$nbtotalofrecords = $this->db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $this->db->order($sortfield, $sortorder);
if ($limit) {

28
htdocs/categories/class/api_categories.class.php
View File

@ -98,11 +98,12 @@ class Categories extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param string $type Type of category ('member', 'customer', 'supplier', 'product', 'contact')
* @return array Array of category objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of category objects
*
* @throws RestException
*/
function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $type = '') {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $type = '', $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -111,21 +112,24 @@ class Categories extends DolibarrApi
throw new RestException(401);
}
$sql = "SELECT s.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."categorie as s";
$sql.= ' WHERE s.entity IN ('.getEntity('categorie', 1).')';
$sql = "SELECT t.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."categorie as t";
$sql.= ' WHERE t.entity IN ('.getEntity('categorie', 1).')';
if (!empty($type))
{
$sql.= ' AND s.type='.array_search($type,Categories::$TYPES);
$sql.= ' AND t.type='.array_search($type,Categories::$TYPES);
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

24
htdocs/comm/action/class/api_agendaevents.class.php
View File

@ -94,10 +94,10 @@ class AgendaEvents extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param string $user_ids User ids filter field (owners of event). Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i}
*
* @return array Array of Agenda Events objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of Agenda Events objects
*/
function index($sortfield = "t.id", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0) {
function index($sortfield = "t.id", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -108,21 +108,23 @@ class AgendaEvents extends DolibarrApi
$sql = "SELECT t.id as rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."actioncomm as t";
$sql.= ' WHERE t.entity IN ('.getEntity('actioncomm', 1).')';
if ($user_ids) $sql.=" AND ar.fk_user_action IN (".$user_ids.")";
if ($user_ids) $sql.=" AND t.fk_user_action IN (".$user_ids.")";
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

34
htdocs/comm/propal/class/api_proposals.class.php
View File

@ -90,10 +90,10 @@ class Proposals extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param string $thirdparty_ids Thirdparty ids to filter commercial proposal of. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i}
*
* @return array Array of order objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of order objects
*/
function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $thirdparty_ids = '') {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $thirdparty_ids = '', $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -103,30 +103,32 @@ class Proposals extends DolibarrApi
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) $search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT s.rowid";
$sql = "SELECT t.rowid";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
$sql.= " FROM ".MAIN_DB_PREFIX."propal as s";
$sql.= " FROM ".MAIN_DB_PREFIX."propal as t";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
$sql.= ' WHERE s.entity IN ('.getEntity('propal', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
if ($socids) $sql.= " AND s.fk_soc IN (".$socids.")";
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
$sql.= ' WHERE t.entity IN ('.getEntity('propal', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND t.fk_soc = sc.fk_soc";
if ($socids) $sql.= " AND t.fk_soc IN (".$socids.")";
if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

47
htdocs/commande/class/api_orders.class.php
View File

@ -80,20 +80,22 @@ class Orders extends DolibarrApi
return $this->_cleanObjectDatas($this->commande);
}
/**
* List orders
*
* Get a list of orders
*
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @param string $thirdparty_ids Thirdparty ids to filter orders of. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i}
*
* @return array Array of order objects
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @param string $thirdparty_ids Thirdparty ids to filter orders of. {@example '1' or '1,2,3'} {@pattern /^[0-9,]*$/i}
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of order objects
*/
function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '') {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -103,30 +105,32 @@ class Orders extends DolibarrApi
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) $search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT s.rowid";
$sql = "SELECT t.rowid";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
$sql.= " FROM ".MAIN_DB_PREFIX."commande as s";
$sql.= " FROM ".MAIN_DB_PREFIX."commande as t";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
$sql.= ' WHERE s.entity IN ('.getEntity('commande', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
if ($socids) $sql.= " AND s.fk_soc IN (".$socids.")";
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
$sql.= ' WHERE t.entity IN ('.getEntity('commande', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND t.fk_soc = sc.fk_soc";
if ($socids) $sql.= " AND t.fk_soc IN (".$socids.")";
if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
@ -138,6 +142,7 @@ class Orders extends DolibarrApi
$sql.= $db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
if ($result)

24
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@ -56,11 +56,12 @@ class BankAccounts extends DolibarrApi
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @return array List of account objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.import_key:<:'20160101')"
* @return array List of account objects
*
* @throws RestException
*/
function index($sortfield = "rowid", $sortorder = 'ASC', $limit = 0, $page = 0)
function index($sortfield = "rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '')
{
$list = array();
@ -68,13 +69,17 @@ class BankAccounts extends DolibarrApi
throw new RestException(401);
}
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank_account";
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank_account as t";
$sql.= ' WHERE t.entity IN ('.getEntity('banque', 1).')';
// Add sql filters
if ($sqlfilters)
{
$result = $this->db->query($sql);
$nbtotalofrecords = $this->db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $this->db->order($sortfield, $sortorder);
@ -88,6 +93,7 @@ class BankAccounts extends DolibarrApi
$sql.= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $this->db->query($sql);
if ($result) {
@ -100,7 +106,7 @@ class BankAccounts extends DolibarrApi
}
}
} else {
throw new RestException(503, 'Error when retrieving list of accounts: ' . $account->error);
throw new RestException(503, 'Error when retrieving list of accounts: ' . $this->db->lasterror());
}
return $list;

43
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -89,11 +89,12 @@ class Invoices extends DolibarrApi
* @param int $page Page number
* @param int $socid Filter list with thirdparty ID
* @param string $status Filter by invoice status : draft | unpaid | paid | cancelled
* @return array Array of invoice objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of invoice objects
*
* @throws RestException
*/
function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid=0, $status='') {
function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid=0, $status='', $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -103,38 +104,38 @@ class Invoices extends DolibarrApi
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT s.rowid";
$sql = "SELECT t.rowid";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
$sql.= " FROM ".MAIN_DB_PREFIX."facture as s";
$sql.= " FROM ".MAIN_DB_PREFIX."facture as t";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
$sql.= ' WHERE s.entity IN ('.getEntity('facture', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
if ($socid) $sql.= " AND s.fk_soc = ".$socid;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
$sql.= ' WHERE t.entity IN ('.getEntity('facture', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND t.fk_soc = sc.fk_soc";
if ($socid) $sql.= " AND t.fk_soc = ".$socid;
if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Filter by status
if ($status == 'draft') $sql.= " AND s.fk_statut IN (0)";
if ($status == 'unpaid') $sql.= " AND s.fk_statut IN (1)";
if ($status == 'paid') $sql.= " AND s.fk_statut IN (2)";
if ($status == 'cancelled') $sql.= " AND s.fk_statut IN (3)";
if ($status == 'draft') $sql.= " AND t.fk_statut IN (0)";
if ($status == 'unpaid') $sql.= " AND t.fk_statut IN (1)";
if ($status == 'paid') $sql.= " AND t.fk_statut IN (2)";
if ($status == 'cancelled') $sql.= " AND t.fk_statut IN (3)";
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
// TODO remove this, useless for WS
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

21
htdocs/expensereport/class/api_expensereports.class.php
View File

@ -91,10 +91,10 @@ class ExpenseReports extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param string $user_ids User ids filter field. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i}
*
* @return array Array of Expense Report objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of Expense Report objects
*/
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0) {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -112,14 +112,17 @@ class ExpenseReports extends DolibarrApi
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

6
htdocs/install/mysql/migration/4.0.0-5.0.0.sql
View File

@ -166,3 +166,9 @@ create table llx_resource_extrafields
ALTER TABLE llx_resource_extrafields ADD INDEX idx_resource_extrafields (fk_object);
INSERT INTO llx_const (name, value, type, note, visible) values ('MAIN_SIZE_SHORTLIST_LIMIT','3','chaine','Max length for small lists (tabs)',0);
ALTER TABLE llx_bank_account ADD COLUMN note_public text;
ALTER TABLE llx_bank_account ADD COLUMN model_pdf varchar(255);
ALTER TABLE llx_bank_account ADD COLUMN import_key varchar(14);

5
htdocs/install/mysql/tables/llx_bank_account.sql
View File

@ -55,5 +55,8 @@ create table llx_bank_account
currency_code varchar(3) NOT NULL,
min_allowed integer DEFAULT 0,
min_desired integer DEFAULT 0,
comment text
comment text, -- TODO rename in note_private
note_public text,
model_pdf varchar(255),
import_key varchar(14)
)ENGINE=innodb;

41
htdocs/product/class/api_products.class.php
View File

@ -93,49 +93,44 @@ class Products extends DolibarrApi
* @param int $page Page number
* @param int $mode Use this param to filter list (0 for all, 1 for only product, 2 for only service)
* @param int $category Use this param to filter list by category
* @param mixed $to_sell Filter products to sell (1) or not to sell (0)
* @param mixed $to_buy Filter products to buy (1) or not to buy (0)
*
* @return array Array of product objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.tobuy:=:0) and (t.tosell:=:1)"
* @return array Array of product objects
*/
function index($sortfield = "p.ref", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $category=0, $to_sell='', $to_buy='') {
function index($sortfield = "t.ref", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $category=0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
$socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : '';
$sql = "SELECT rowid, ref, ref_ext";
$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
$sql = "SELECT t.rowid, t.ref, t.ref_ext";
$sql.= " FROM ".MAIN_DB_PREFIX."product as t";
if ($category > 0)
{
$sql.= ", ".MAIN_DB_PREFIX."categorie_product as c";
}
$sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
$sql.= ' WHERE t.entity IN ('.getEntity('product', 1).')';
// Select products of given category
if ($category > 0)
{
$sql.= " AND c.fk_categorie = ".$db->escape($category);
$sql.= " AND c.fk_product = p.rowid ";
$sql.= " AND c.fk_product = t.rowid ";
}
// Show products
if ($mode == 1) $sql.= " AND p.fk_product_type = 0";
if ($mode == 1) $sql.= " AND t.fk_product_type = 0";
// Show services
if ($mode == 2) $sql.= " AND p.fk_product_type = 1";
// Show product on sell
if ($to_sell !== '') $sql.= " AND p.tosell = ".$db->escape($to_sell);
// Show product on buy
if ($to_buy !== '') $sql.= " AND p.tobuy = ".$db->escape($to_buy);
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
if ($mode == 2) $sql.= " AND t.fk_product_type = 1";
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)

40
htdocs/societe/class/api_contacts.class.php
View File

@ -89,11 +89,12 @@ class Contacts extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param int $socid ID of thirdparty to filter list
* @return array Array of contact objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of contact objects
*
* @throws RestException
*/
function index($sortfield = "c.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid = 0) {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid = 0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -107,37 +108,36 @@ class Contacts extends DolibarrApi
if (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid)
$search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT c.rowid";
$sql.= " FROM " . MAIN_DB_PREFIX . "socpeople as c";
$sql = "SELECT t.rowid";
$sql.= " FROM " . MAIN_DB_PREFIX . "socpeople as t";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) {
// We need this table joined to the select in order to filter by sale
$sql.= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc";
}
$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "societe as s ON c.fk_soc = s.rowid";
$sql.= ' WHERE c.entity IN (' . getEntity('contact', 1) . ')';
if ($socid)
$sql.= " AND c.fk_soc = " . $socid;
$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "societe as s ON t.fk_soc = s.rowid";
$sql.= ' WHERE t.entity IN (' . getEntity('contact', 1) . ')';
if ($socid) $sql.= " AND t.fk_soc = " . $socid;
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0)
$sql.= " AND c.fk_soc = sc.fk_soc";
$sql.= " AND t.fk_soc = sc.fk_soc";
if ($search_sale > 0)
$sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = " . $search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
}
// Add sql filters
if ($sqlfilters)
{
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit)

44
htdocs/societe/class/api_thirdparties.class.php
View File

@ -94,10 +94,10 @@ class Thirdparties extends DolibarrApi
* @param int $mode Set to 1 to show only customers
* Set to 2 to show only prospects
* Set to 3 to show only those are not customer neither prospect
* @param string $email Search by email filter
* @return array Array of thirdparty objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of thirdparty objects
*/
function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $email=NULL) {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -107,35 +107,37 @@ class Thirdparties extends DolibarrApi
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT s.rowid";
$sql = "SELECT t.rowid";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as t";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
$sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st";
$sql.= " WHERE s.fk_stcomm = st.id";
if ($mode == 1) $sql.= " AND s.client IN (1, 3)";
if ($mode == 2) $sql.= " AND s.client IN (2, 3)";
if ($mode == 3) $sql.= " AND s.client IN (0)";
$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc";
if ($email != NULL) $sql.= " AND s.email = \"".$email."\"";
if ($socid) $sql.= " AND s.rowid = ".$socid;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
$sql.= " WHERE t.fk_stcomm = st.id";
if ($mode == 1) $sql.= " AND t.client IN (1, 3)";
if ($mode == 2) $sql.= " AND t.client IN (2, 3)";
if ($mode == 3) $sql.= " AND t.client IN (0)";
$sql.= ' AND t.entity IN ('.getEntity('societe', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc";
//if ($email != NULL) $sql.= " AND s.email = \"".$email."\"";
if ($socid) $sql.= " AND t.rowid = ".$socid;
if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
// Add sql filters
if ($sqlfilters)
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {

25
htdocs/user/class/api_users.class.php
View File

@ -60,10 +60,10 @@ class Users extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param string $user_ids User ids filter field. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i}
*
* @return array Array of User objects
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of User objects
*/
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0) {
function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0, $sqlfilters = '') {
global $db, $conf;
$obj_ret = array();
@ -79,14 +79,17 @@ class Users extends DolibarrApi
$sql.= " FROM ".MAIN_DB_PREFIX."user as t";
$sql.= ' WHERE t.entity IN ('.getEntity('user', 1).')';
if ($user_ids) $sql.=" AND t.rowid IN (".$user_ids.")";
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
}
// Add sql filters
if ($sqlfilters)
{
if (! DolibarrApi::_checkFilters($sqlfilters))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
}
$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)