diff --git a/dev/skeletons/skeleton_api_class.class.php b/dev/skeletons/skeleton_api_class.class.php index 9cc8de2bc5e..b0029ef02fb 100644 --- a/dev/skeletons/skeleton_api_class.class.php +++ b/dev/skeletons/skeleton_api_class.class.php @@ -92,13 +92,13 @@ class SkeletonApi extends DolibarrApi * @param string $sortfield Sort field * @param string $sortorder Sort order * @param int $limit Limit for list + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" * @param int $page Page number - * * @return array Array of skeleton objects * * @url GET /skeletons/ */ - function getList($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) { + function index($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -124,18 +124,19 @@ class SkeletonApi extends DolibarrApi if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc"; if ($socid) $sql.= " AND s.fk_soc = ".$socid; if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - // Insert sale filter if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } $sql.= $db->order($sortfield, $sortorder); diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index d18bbdbc106..4ab32e7788f 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -84,13 +84,12 @@ class Members extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $typeid ID of the type of member - * @param string $login To filter the members by login - * @param string $name To filter the members by name (firstname, lastname or company name matching the filter) - * @return array Array of member objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of member objects * * @throws RestException */ - function index($sortfield = "a.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $typeid = '', $login = '', $name = '') { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $typeid = '', $login = '', $name = '', $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -99,27 +98,24 @@ class Members extends DolibarrApi throw new RestException(401); } - $sql = "SELECT a.rowid"; - $sql.= " FROM ".MAIN_DB_PREFIX."adherent as a"; - $sql.= ' WHERE a.entity IN ('.getEntity('adherent', 1).')'; + $sql = "SELECT t.rowid"; + $sql.= " FROM ".MAIN_DB_PREFIX."adherent as t"; + $sql.= ' WHERE t.entity IN ('.getEntity('adherent', 1).')'; if (!empty($typeid)) { - $sql.= ' AND a.fk_adherent_type='.$typeid; + $sql.= ' AND t.fk_adherent_type='.$typeid; } - if (!empty($login)) { - $sql .= " AND a.login LIKE '%".$login."%'"; - } - if (!empty($name)) { - $sql .= " AND (a.firstname LIKE '%".$name."%' OR a.lastname LIKE '%".$name."%' OR a.societe LIKE '%".$name."%')"; - } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/adherents/class/api_subscriptions.class.php b/htdocs/adherents/class/api_subscriptions.class.php index 4f8435c3a1d..13eaf4dfb10 100644 --- a/htdocs/adherents/class/api_subscriptions.class.php +++ b/htdocs/adherents/class/api_subscriptions.class.php @@ -80,11 +80,12 @@ class Subscriptions extends DolibarrApi * @param string $sortorder Sort order * @param int $limit Limit for list * @param int $page Page number + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.import_key:<:'20160101')" * @return array Array of subscription objects * * @throws RestException */ - function index($sortfield = "dateadh", $sortorder = 'ASC', $limit = 0, $page = 0) { + function index($sortfield = "dateadh", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -94,15 +95,19 @@ class Subscriptions extends DolibarrApi } $sql = "SELECT rowid"; - $sql.= " FROM ".MAIN_DB_PREFIX."subscription"; - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + $sql.= " FROM ".MAIN_DB_PREFIX."subscription as t"; + $sql.= ' WHERE 1 = 1'; + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index a1660be133d..1eacdffa167 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -162,4 +162,60 @@ class DolibarrApi return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray,$resource_id,$dbtablename,$feature2,$dbt_keyfield,$dbt_select); } + + /** + * Return if a $sqlfilters parameter is valid + * + * @param string $sqlfilters sqlfilter string + * @return boolean True if valid, False if not valid + */ + function _checkFilters($sqlfilters) + { + //$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + //$tmp=preg_replace_all('/'.$regexstring.'/', '', $sqlfilters); + $tmp=$sqlfilters; + $ok=0; + $i=0; $nb=count($tmp); + $counter=0; + while ($i < $nb) + { + if ($tmp[$i]=='(') $counter++; + if ($tmp[$i]==')') $counter--; + if ($counter < 0) + { + $error="Bad sqlfilters=".$sqlfilters; + dol_syslog($error, LOG_WARNING); + return false; + } + $i++; + } + return true; + } + + /** + * Function to forge a SQL criteria + * + * @param array $matches Array of found string by regex search + * @return string Forged criteria. Example: "t.field like 'abc%'" + */ + protected static function _forge_criteria_callback($matches) + { + global $db; + + //dol_syslog("Convert matches ".$matches[1]); + if (empty($matches[1])) return ''; + $tmp=explode(':',$matches[1]); + if (count($tmp) < 3) return ''; + + $tmpescaped=$tmp[2]; + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) + { + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } + else + { + $tmpescaped = $db->escape($tmpescaped); + } + return $db->escape($tmp[0]).' '.strtoupper($db->escape($tmp[1]))." ".$tmpescaped; + } } diff --git a/htdocs/api/class/api_dictionnarycountries.class.php b/htdocs/api/class/api_dictionnarycountries.class.php index 0243d27c81b..9b7b409ef19 100644 --- a/htdocs/api/class/api_dictionnarycountries.class.php +++ b/htdocs/api/class/api_dictionnarycountries.class.php @@ -54,27 +54,31 @@ class DictionnaryCountries extends DolibarrApi * @param int $page Page number (starting from zero) * @param string $filter To filter the countries by name * @param string $lang Code of the language the label of the countries must be translated to + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" * @return List of countries * * @throws RestException */ - function index($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $filter = '', $lang = '') + function index($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $filter = '', $lang = '', $sqlfilters = '') { $list = array(); // Note: The filter is not applied in the SQL request because it must // be applied to the translated names, not to the names in database. - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."c_country"; - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."c_country as t"; + $sql.=" WHERE 1 = 1"; + // Add sql filters + if ($sqlfilters) { - $result = $this->db->query($sql); - $nbtotalofrecords = $this->db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } $sql.= $this->db->order($sortfield, $sortorder); - if ($limit) { if ($page < 0) { diff --git a/htdocs/api/class/api_dictionnarytowns.class.php b/htdocs/api/class/api_dictionnarytowns.class.php index b028ff4af03..b5813d07792 100644 --- a/htdocs/api/class/api_dictionnarytowns.class.php +++ b/htdocs/api/class/api_dictionnarytowns.class.php @@ -47,27 +47,32 @@ class DictionnaryTowns extends DolibarrApi * @param int $page Page number (starting from zero) * @param string $zipcode To filter on zipcode * @param string $town To filter on city name + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" * @return List of towns * * @throws RestException */ - function index($sortfield = "zip,town", $sortorder = 'ASC', $limit = 100, $page = 0, $zipcode = '', $town = '') + function index($sortfield = "zip,town", $sortorder = 'ASC', $limit = 100, $page = 0, $zipcode = '', $town = '', $sqlfilters = '') { $list = array(); $sql = "SELECT rowid AS id, zip, town, fk_county, fk_pays AS fk_country"; - $sql.= " FROM ".MAIN_DB_PREFIX."c_ziptown"; - $sql.= " WHERE active = 1"; - if ($zipcode) $sql.=" AND zip LIKE '%" . $this->db->escape($zipcode) . "%'"; - if ($town) $sql.=" AND town LIKE '%" . $this->db->escape($town) . "%'"; - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + $sql.= " FROM ".MAIN_DB_PREFIX."c_ziptown as t"; + $sql.= " WHERE t.active = 1"; + if ($zipcode) $sql.=" AND t.zip LIKE '%" . $this->db->escape($zipcode) . "%'"; + if ($town) $sql.=" AND t.town LIKE '%" . $this->db->escape($town) . "%'"; + // Add sql filters + if ($sqlfilters) { - $result = $this->db->query($sql); - $nbtotalofrecords = $this->db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } + $sql.= $this->db->order($sortfield, $sortorder); if ($limit) { diff --git a/htdocs/categories/class/api_categories.class.php b/htdocs/categories/class/api_categories.class.php index bea6061e0fe..76c7a9dc794 100644 --- a/htdocs/categories/class/api_categories.class.php +++ b/htdocs/categories/class/api_categories.class.php @@ -98,11 +98,12 @@ class Categories extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $type Type of category ('member', 'customer', 'supplier', 'product', 'contact') - * @return array Array of category objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of category objects * * @throws RestException */ - function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $type = '') { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $type = '', $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -111,21 +112,24 @@ class Categories extends DolibarrApi throw new RestException(401); } - $sql = "SELECT s.rowid"; - $sql.= " FROM ".MAIN_DB_PREFIX."categorie as s"; - $sql.= ' WHERE s.entity IN ('.getEntity('categorie', 1).')'; + $sql = "SELECT t.rowid"; + $sql.= " FROM ".MAIN_DB_PREFIX."categorie as t"; + $sql.= ' WHERE t.entity IN ('.getEntity('categorie', 1).')'; if (!empty($type)) { - $sql.= ' AND s.type='.array_search($type,Categories::$TYPES); + $sql.= ' AND t.type='.array_search($type,Categories::$TYPES); } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/comm/action/class/api_agendaevents.class.php b/htdocs/comm/action/class/api_agendaevents.class.php index c245476bdcc..db828656966 100644 --- a/htdocs/comm/action/class/api_agendaevents.class.php +++ b/htdocs/comm/action/class/api_agendaevents.class.php @@ -94,10 +94,10 @@ class AgendaEvents extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $user_ids User ids filter field (owners of event). Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i} - * - * @return array Array of Agenda Events objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of Agenda Events objects */ - function index($sortfield = "t.id", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0) { + function index($sortfield = "t.id", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -108,21 +108,23 @@ class AgendaEvents extends DolibarrApi $sql = "SELECT t.id as rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."actioncomm as t"; $sql.= ' WHERE t.entity IN ('.getEntity('actioncomm', 1).')'; - if ($user_ids) $sql.=" AND ar.fk_user_action IN (".$user_ids.")"; - + if ($user_ids) $sql.=" AND t.fk_user_action IN (".$user_ids.")"; // Insert sale filter if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/comm/propal/class/api_proposals.class.php b/htdocs/comm/propal/class/api_proposals.class.php index 95698154870..84a7a1a1a1c 100644 --- a/htdocs/comm/propal/class/api_proposals.class.php +++ b/htdocs/comm/propal/class/api_proposals.class.php @@ -90,10 +90,10 @@ class Proposals extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $thirdparty_ids Thirdparty ids to filter commercial proposal of. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i} - * - * @return array Array of order objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of order objects */ - function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $thirdparty_ids = '') { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $thirdparty_ids = '', $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -103,30 +103,32 @@ class Proposals extends DolibarrApi // If the internal user must only see his customers, force searching by him if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) $search_sale = DolibarrApiAccess::$user->id; - $sql = "SELECT s.rowid"; + $sql = "SELECT t.rowid"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - $sql.= " FROM ".MAIN_DB_PREFIX."propal as s"; + $sql.= " FROM ".MAIN_DB_PREFIX."propal as t"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - $sql.= ' WHERE s.entity IN ('.getEntity('propal', 1).')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc"; - if ($socids) $sql.= " AND s.fk_soc IN (".$socids.")"; - if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - + $sql.= ' WHERE t.entity IN ('.getEntity('propal', 1).')'; + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND t.fk_soc = sc.fk_soc"; + if ($socids) $sql.= " AND t.fk_soc IN (".$socids.")"; + if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale // Insert sale filter if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 6ba66a78013..f000e4ce201 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -80,20 +80,22 @@ class Orders extends DolibarrApi return $this->_cleanObjectDatas($this->commande); } + + /** * List orders * * Get a list of orders * - * @param string $sortfield Sort field - * @param string $sortorder Sort order - * @param int $limit Limit for list - * @param int $page Page number - * @param string $thirdparty_ids Thirdparty ids to filter orders of. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i} - * - * @return array Array of order objects + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Limit for list + * @param int $page Page number + * @param string $thirdparty_ids Thirdparty ids to filter orders of. {@example '1' or '1,2,3'} {@pattern /^[0-9,]*$/i} + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of order objects */ - function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '') { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -103,30 +105,32 @@ class Orders extends DolibarrApi // If the internal user must only see his customers, force searching by him if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) $search_sale = DolibarrApiAccess::$user->id; - $sql = "SELECT s.rowid"; + $sql = "SELECT t.rowid"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - $sql.= " FROM ".MAIN_DB_PREFIX."commande as s"; + $sql.= " FROM ".MAIN_DB_PREFIX."commande as t"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - $sql.= ' WHERE s.entity IN ('.getEntity('commande', 1).')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc"; - if ($socids) $sql.= " AND s.fk_soc IN (".$socids.")"; - if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - + $sql.= ' WHERE t.entity IN ('.getEntity('commande', 1).')'; + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql.= " AND t.fk_soc = sc.fk_soc"; + if ($socids) $sql.= " AND t.fk_soc IN (".$socids.")"; + if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale // Insert sale filter if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) @@ -138,6 +142,7 @@ class Orders extends DolibarrApi $sql.= $db->plimit($limit + 1, $offset); } + dol_syslog("API Rest request"); $result = $db->query($sql); if ($result) diff --git a/htdocs/compta/bank/class/api_bankaccounts.class.php b/htdocs/compta/bank/class/api_bankaccounts.class.php index 250faea5a5d..0350e2b28a0 100644 --- a/htdocs/compta/bank/class/api_bankaccounts.class.php +++ b/htdocs/compta/bank/class/api_bankaccounts.class.php @@ -56,11 +56,12 @@ class BankAccounts extends DolibarrApi * @param string $sortorder Sort order * @param int $limit Limit for list * @param int $page Page number - * @return array List of account objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.import_key:<:'20160101')" + * @return array List of account objects * * @throws RestException */ - function index($sortfield = "rowid", $sortorder = 'ASC', $limit = 0, $page = 0) + function index($sortfield = "rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '') { $list = array(); @@ -68,13 +69,17 @@ class BankAccounts extends DolibarrApi throw new RestException(401); } - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank_account"; - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank_account as t"; + $sql.= ' WHERE t.entity IN ('.getEntity('banque', 1).')'; + // Add sql filters + if ($sqlfilters) { - $result = $this->db->query($sql); - $nbtotalofrecords = $this->db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } $sql.= $this->db->order($sortfield, $sortorder); @@ -88,6 +93,7 @@ class BankAccounts extends DolibarrApi $sql.= $this->db->plimit($limit + 1, $offset); } + dol_syslog("API Rest request"); $result = $this->db->query($sql); if ($result) { @@ -100,7 +106,7 @@ class BankAccounts extends DolibarrApi } } } else { - throw new RestException(503, 'Error when retrieving list of accounts: ' . $account->error); + throw new RestException(503, 'Error when retrieving list of accounts: ' . $this->db->lasterror()); } return $list; diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index e3951b4dca7..97bd64f35ee 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -89,11 +89,12 @@ class Invoices extends DolibarrApi * @param int $page Page number * @param int $socid Filter list with thirdparty ID * @param string $status Filter by invoice status : draft | unpaid | paid | cancelled - * @return array Array of invoice objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of invoice objects * * @throws RestException */ - function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid=0, $status='') { + function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid=0, $status='', $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -103,38 +104,38 @@ class Invoices extends DolibarrApi // If the internal user must only see his customers, force searching by him if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id; - $sql = "SELECT s.rowid"; + $sql = "SELECT t.rowid"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - $sql.= " FROM ".MAIN_DB_PREFIX."facture as s"; + $sql.= " FROM ".MAIN_DB_PREFIX."facture as t"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - $sql.= ' WHERE s.entity IN ('.getEntity('facture', 1).')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc"; - if ($socid) $sql.= " AND s.fk_soc = ".$socid; - if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - + $sql.= ' WHERE t.entity IN ('.getEntity('facture', 1).')'; + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND t.fk_soc = sc.fk_soc"; + if ($socid) $sql.= " AND t.fk_soc = ".$socid; + if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale // Filter by status - if ($status == 'draft') $sql.= " AND s.fk_statut IN (0)"; - if ($status == 'unpaid') $sql.= " AND s.fk_statut IN (1)"; - if ($status == 'paid') $sql.= " AND s.fk_statut IN (2)"; - if ($status == 'cancelled') $sql.= " AND s.fk_statut IN (3)"; - + if ($status == 'draft') $sql.= " AND t.fk_statut IN (0)"; + if ($status == 'unpaid') $sql.= " AND t.fk_statut IN (1)"; + if ($status == 'paid') $sql.= " AND t.fk_statut IN (2)"; + if ($status == 'cancelled') $sql.= " AND t.fk_statut IN (3)"; // Insert sale filter if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - - // TODO remove this, useless for WS - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/expensereport/class/api_expensereports.class.php b/htdocs/expensereport/class/api_expensereports.class.php index 298a178f00c..1e4a3d50008 100644 --- a/htdocs/expensereport/class/api_expensereports.class.php +++ b/htdocs/expensereport/class/api_expensereports.class.php @@ -91,10 +91,10 @@ class ExpenseReports extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $user_ids User ids filter field. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i} - * - * @return array Array of Expense Report objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of Expense Report objects */ - function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0) { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -112,14 +112,17 @@ class ExpenseReports extends DolibarrApi { $sql .= " AND sc.fk_user = ".$search_sale; } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/install/mysql/migration/4.0.0-5.0.0.sql b/htdocs/install/mysql/migration/4.0.0-5.0.0.sql index 74527f33aa1..0f77a358e84 100644 --- a/htdocs/install/mysql/migration/4.0.0-5.0.0.sql +++ b/htdocs/install/mysql/migration/4.0.0-5.0.0.sql @@ -166,3 +166,9 @@ create table llx_resource_extrafields ALTER TABLE llx_resource_extrafields ADD INDEX idx_resource_extrafields (fk_object); INSERT INTO llx_const (name, value, type, note, visible) values ('MAIN_SIZE_SHORTLIST_LIMIT','3','chaine','Max length for small lists (tabs)',0); + + +ALTER TABLE llx_bank_account ADD COLUMN note_public text; +ALTER TABLE llx_bank_account ADD COLUMN model_pdf varchar(255); +ALTER TABLE llx_bank_account ADD COLUMN import_key varchar(14); + diff --git a/htdocs/install/mysql/tables/llx_bank_account.sql b/htdocs/install/mysql/tables/llx_bank_account.sql index 0261bf70b56..7730ab79ef6 100644 --- a/htdocs/install/mysql/tables/llx_bank_account.sql +++ b/htdocs/install/mysql/tables/llx_bank_account.sql @@ -55,5 +55,8 @@ create table llx_bank_account currency_code varchar(3) NOT NULL, min_allowed integer DEFAULT 0, min_desired integer DEFAULT 0, - comment text + comment text, -- TODO rename in note_private + note_public text, + model_pdf varchar(255), + import_key varchar(14) )ENGINE=innodb; diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index 210ea09d3d3..290d011d09c 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -93,49 +93,44 @@ class Products extends DolibarrApi * @param int $page Page number * @param int $mode Use this param to filter list (0 for all, 1 for only product, 2 for only service) * @param int $category Use this param to filter list by category - * @param mixed $to_sell Filter products to sell (1) or not to sell (0) - * @param mixed $to_buy Filter products to buy (1) or not to buy (0) - * - * @return array Array of product objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.tobuy:=:0) and (t.tosell:=:1)" + * @return array Array of product objects */ - function index($sortfield = "p.ref", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $category=0, $to_sell='', $to_buy='') { + function index($sortfield = "t.ref", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $category=0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); $socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : ''; - $sql = "SELECT rowid, ref, ref_ext"; - $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; + $sql = "SELECT t.rowid, t.ref, t.ref_ext"; + $sql.= " FROM ".MAIN_DB_PREFIX."product as t"; if ($category > 0) { $sql.= ", ".MAIN_DB_PREFIX."categorie_product as c"; } - $sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')'; - + $sql.= ' WHERE t.entity IN ('.getEntity('product', 1).')'; // Select products of given category if ($category > 0) { $sql.= " AND c.fk_categorie = ".$db->escape($category); - $sql.= " AND c.fk_product = p.rowid "; + $sql.= " AND c.fk_product = t.rowid "; } - // Show products - if ($mode == 1) $sql.= " AND p.fk_product_type = 0"; + if ($mode == 1) $sql.= " AND t.fk_product_type = 0"; // Show services - if ($mode == 2) $sql.= " AND p.fk_product_type = 1"; - // Show product on sell - if ($to_sell !== '') $sql.= " AND p.tosell = ".$db->escape($to_sell); - // Show product on buy - if ($to_buy !== '') $sql.= " AND p.tobuy = ".$db->escape($to_buy); - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + if ($mode == 2) $sql.= " AND t.fk_product_type = 1"; + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0) diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index 8431f294469..13b31db59a4 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -89,11 +89,12 @@ class Contacts extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param int $socid ID of thirdparty to filter list - * @return array Array of contact objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of contact objects * * @throws RestException */ - function index($sortfield = "c.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid = 0) { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $socid = 0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -107,37 +108,36 @@ class Contacts extends DolibarrApi if (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id; - $sql = "SELECT c.rowid"; - $sql.= " FROM " . MAIN_DB_PREFIX . "socpeople as c"; + $sql = "SELECT t.rowid"; + $sql.= " FROM " . MAIN_DB_PREFIX . "socpeople as t"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { // We need this table joined to the select in order to filter by sale $sql.= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc"; } - $sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "societe as s ON c.fk_soc = s.rowid"; - $sql.= ' WHERE c.entity IN (' . getEntity('contact', 1) . ')'; - if ($socid) - $sql.= " AND c.fk_soc = " . $socid; + $sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "societe as s ON t.fk_soc = s.rowid"; + $sql.= ' WHERE t.entity IN (' . getEntity('contact', 1) . ')'; + if ($socid) $sql.= " AND t.fk_soc = " . $socid; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) - $sql.= " AND c.fk_soc = sc.fk_soc"; + $sql.= " AND t.fk_soc = sc.fk_soc"; if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - - - // Insert sale filter if ($search_sale > 0) { $sql .= " AND sc.fk_user = " . $search_sale; } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) - { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); - } - + // Add sql filters + if ($sqlfilters) + { + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; + } + $sql.= $db->order($sortfield, $sortorder); if ($limit) diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index a520a7c8f83..de21e4fbbe0 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -94,10 +94,10 @@ class Thirdparties extends DolibarrApi * @param int $mode Set to 1 to show only customers * Set to 2 to show only prospects * Set to 3 to show only those are not customer neither prospect - * @param string $email Search by email filter - * @return array Array of thirdparty objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of thirdparty objects */ - function index($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $email=NULL) { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $mode=0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -107,35 +107,37 @@ class Thirdparties extends DolibarrApi // If the internal user must only see his customers, force searching by him if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id; - $sql = "SELECT s.rowid"; + $sql = "SELECT t.rowid"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; + $sql.= " FROM ".MAIN_DB_PREFIX."societe as t"; if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; - $sql.= " WHERE s.fk_stcomm = st.id"; - if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($mode == 3) $sql.= " AND s.client IN (0)"; - $sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; - if ($email != NULL) $sql.= " AND s.email = \"".$email."\""; - if ($socid) $sql.= " AND s.rowid = ".$socid; - if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - + $sql.= " WHERE t.fk_stcomm = st.id"; + if ($mode == 1) $sql.= " AND t.client IN (1, 3)"; + if ($mode == 2) $sql.= " AND t.client IN (2, 3)"; + if ($mode == 3) $sql.= " AND t.client IN (0)"; + $sql.= ' AND t.entity IN ('.getEntity('societe', 1).')'; + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; + //if ($email != NULL) $sql.= " AND s.email = \"".$email."\""; + if ($socid) $sql.= " AND t.rowid = ".$socid; + if ($search_sale > 0) $sql.= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale // Insert sale filter if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) + // Add sql filters + if ($sqlfilters) { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; } - + $sql.= $db->order($sortfield, $sortorder); if ($limit) { diff --git a/htdocs/user/class/api_users.class.php b/htdocs/user/class/api_users.class.php index c046c9869cf..f41e2d3ebca 100644 --- a/htdocs/user/class/api_users.class.php +++ b/htdocs/user/class/api_users.class.php @@ -60,10 +60,10 @@ class Users extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $user_ids User ids filter field. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i} - * - * @return array Array of User objects + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of User objects */ - function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0) { + function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $user_ids = 0, $sqlfilters = '') { global $db, $conf; $obj_ret = array(); @@ -79,14 +79,17 @@ class Users extends DolibarrApi $sql.= " FROM ".MAIN_DB_PREFIX."user as t"; $sql.= ' WHERE t.entity IN ('.getEntity('user', 1).')'; if ($user_ids) $sql.=" AND t.rowid IN (".$user_ids.")"; - - $nbtotalofrecords = 0; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) - { - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); - } - + // Add sql filters + if ($sqlfilters) + { + if (! DolibarrApi::_checkFilters($sqlfilters)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; + } + $sql.= $db->order($sortfield, $sortorder); if ($limit) { if ($page < 0)