NEW: API setup delete extrafields from name and elementtype v2 (#29269)

* NEW: API delete extrafields from name and elementtype * 401 came back, but was 403'ed again * Fix sql injection --------- Co-authored-by: Jon Bendtsen <xcodeauthor@jonb.dk> Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
2024-04-08 11:11:53 +02:00
parent fcabb3d37f
commit 1207ce21cc
2 changed files with 39 additions and 2 deletions
--- a/htdocs/api/class/api_setup.class.php
+++ b/htdocs/api/class/api_setup.class.php
@@ -1197,6 +1197,40 @@ class Setup extends DolibarrApi
 		return $list;
 	}

+	/**
+	 * Delete extrafield
+	 *
+	 * @param   string     $attrname         extrafield attrname
+	 * @param   string     $elementtype      extrafield elementtype
+	 * @return  array
+	 *
+	 * @url     DELETE extrafields/{elementtype}/{attrname}
+	 *
+	 */
+	public function deleteExtrafieldsFromNames($attrname, $elementtype)
+	{
+		if (!DolibarrApiAccess::$user->admin) {
+			throw new RestException(403, 'Only an admin user can delete an extrafield by attrname and elementtype');
+		}
+
+		$extrafields = new ExtraFields($this->db);
+
+		$result = $extrafields->fetch_name_optionals_label($elementtype, false, $attrname);
+		if (!$result) {
+			throw new RestException(404, 'Extrafield not found from attrname and elementtype');
+		}
+
+		if (!$extrafields->delete($attrname, $elementtype)) {
+			throw new RestException(500, 'Error when delete extrafield : '.$extrafields->error);
+		}
+
+		return array(
+			'success' => array(
+				'code' => 200,
+				'message' => 'Extrafield deleted from attrname and elementtype'
+			)
+		);
+	}

 	/**
 	 * Get the list of towns.