forked from Wavyzz/dolibarr
Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop
This commit is contained in:
Laurent Destailleur
@@ -116,16 +116,13 @@ class DolibarrApiAccess implements iAuthenticate
|
||||
else
|
||||
{
|
||||
throw new RestException(401, "Failed to login to API. No parameter 'api_key' provided");
|
||||
//dol_syslog("Failed to login to API. No parameter key provided", LOG_DEBUG);
|
||||
//return false;
|
||||
}
|
||||
|
||||
$userClass::setCacheIdentifier(static::$role);
|
||||
Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
|
||||
|
||||
$requirefortest = static::$requires;
|
||||
if (! is_array($requirefortest)) $requirefortest=explode(',',$requirefortest);
|
||||
return in_array(static::$role, (array) static::$requirefortest) || static::$role == 'admin';
|
||||
return in_array(static::$role, (array) $requirefortest) || static::$role == 'admin';
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -208,7 +208,7 @@ class CommandeApi extends DolibarrApi
|
||||
function post($request_data = NULL)
|
||||
{
|
||||
if(! DolibarrApiAccess::$user->rights->commande->creer) {
|
||||
throw new RestException(401);
|
||||
throw new RestException(401, "Insuffisant rights");
|
||||
}
|
||||
// Check mandatory fields
|
||||
$result = $this->_validate($request_data);
|
||||
@@ -224,7 +224,7 @@ class CommandeApi extends DolibarrApi
|
||||
$this->commande->lines = $lines;
|
||||
}
|
||||
if(! $this->commande->create(DolibarrApiAccess::$user) ) {
|
||||
throw new RestException(401);
|
||||
throw new RestException(500, "Error while creating order");
|
||||
}
|
||||
|
||||
return $this->commande->id;
|
||||
|
||||
@@ -1009,7 +1009,12 @@ class DolibarrModules // Can not be abstract, because we need to insta
|
||||
|
||||
if (! $err)
|
||||
{
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."cronjob (module_name, datec, datestart, label, jobtype, classesname, objectname, methodename, command, params, note, frequency, unitfrequency, priority, status, entity, test)";
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."cronjob (module_name, datec, datestart, label, jobtype, classesname, objectname, methodename, command, params, note,";
|
||||
if(is_int($frequency)){ $sql.= ' frequency,'; }
|
||||
if(is_int($unitfrequency)){ $sql.= ' unitfrequency,'; }
|
||||
if(is_int($priority)){ $sql.= ' priority,'; }
|
||||
if(is_int($status)){ $sql.= ' status,'; }
|
||||
$sql.= " entity, test)";
|
||||
$sql.= " VALUES (";
|
||||
$sql.= "'".$this->db->escape($this->rights_class)."', ";
|
||||
$sql.= "'".$this->db->idate($now)."', ";
|
||||
@@ -1022,10 +1027,10 @@ class DolibarrModules // Can not be abstract, because we need to insta
|
||||
$sql.= ($command?"'".$this->db->escape($command)."'":"null").",";
|
||||
$sql.= ($parameters?"'".$this->db->escape($parameters)."'":"null").",";
|
||||
$sql.= ($comment?"'".$this->db->escape($comment)."'":"null").",";
|
||||
$sql.= "'".$this->db->escape($frequency)."', ";
|
||||
$sql.= "'".$this->db->escape($unitfrequency)."', ";
|
||||
$sql.= "'".$this->db->escape($priority)."', ";
|
||||
$sql.= "'".$this->db->escape($status)."', ";
|
||||
if(is_int($frequency)){ $sql.= "'".$this->db->escape($frequency)."', "; }
|
||||
if(is_int($unitfrequency)){ $sql.= "'".$this->db->escape($unitfrequency)."', "; }
|
||||
if(is_int($priority)) {$sql.= "'".$this->db->escape($priority)."', ";}
|
||||
if(is_int($status)){ $sql.= "'".$this->db->escape($status)."', "; }
|
||||
$sql.= $conf->entity.",";
|
||||
$sql.= "'".$this->db->escape($test)."'";
|
||||
$sql.= ")";
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
use Luracast\Restler\RestException;
|
||||
|
||||
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
|
||||
|
||||
/**
|
||||
* API class for product object
|
||||
@@ -166,6 +167,91 @@ class ProductApi extends DolibarrApi
|
||||
return $obj_ret;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* List products in a category
|
||||
*
|
||||
* Get a list of products
|
||||
*
|
||||
* @param int $mode Use this param to filter list (0 for all, 1 for only product, 2 for only service)
|
||||
* @param int $category Use this param to filter list by category
|
||||
* @param mixed $to_sell Filter products to sell (1) or not to sell (0)
|
||||
* @param mixed $to_buy Filter products to nuy (1) or not to buy (0)
|
||||
* @param string $sortfield Sort field
|
||||
* @param string $sortorder Sort order
|
||||
* @param int $limit Limit for list
|
||||
* @param int $page Page number
|
||||
*
|
||||
* @return array Array of product objects
|
||||
*
|
||||
* @url GET /product/list/category/{category}
|
||||
*/
|
||||
function getByCategory($mode=0, $category=0, $to_sell='', $to_buy='', $sortfield = "p.ref", $sortorder = 'ASC', $limit = 0, $page = 0) {
|
||||
global $db, $conf;
|
||||
|
||||
$obj_ret = array();
|
||||
|
||||
$socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : '';
|
||||
|
||||
$sql = "SELECT rowid, ref, ref_ext";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."product as p, ";
|
||||
$sql.= MAIN_DB_PREFIX."categorie_product as c";
|
||||
$sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
|
||||
|
||||
// Select products of given category
|
||||
$sql.= " AND c.fk_categorie = ".$db->escape($category);
|
||||
$sql.= " AND c.fk_product = p.rowid ";
|
||||
|
||||
// Show products
|
||||
if ($mode == 1) $sql.= " AND p.fk_product_type = 0";
|
||||
// Show services
|
||||
if ($mode == 2) $sql.= " AND p.fk_product_type = 1";
|
||||
// Show product on sell
|
||||
if ($to_sell) $sql.= " AND p.to_sell = ".$db->escape($to_sell);
|
||||
// Show product on buy
|
||||
if ($to_buy) $sql.= " AND p.to_nuy = ".$db->escape($to_nuy);
|
||||
|
||||
$nbtotalofrecords = 0;
|
||||
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
|
||||
{
|
||||
$result = $db->query($sql);
|
||||
$nbtotalofrecords = $db->num_rows($result);
|
||||
}
|
||||
|
||||
$sql.= $db->order($sortfield, $sortorder);
|
||||
if ($limit) {
|
||||
if ($page < 0)
|
||||
{
|
||||
$page = 0;
|
||||
}
|
||||
$offset = $limit * $page;
|
||||
|
||||
$sql.= $db->plimit($limit + 1, $offset);
|
||||
}
|
||||
|
||||
$result = $db->query($sql);
|
||||
if ($result)
|
||||
{
|
||||
$num = $db->num_rows($result);
|
||||
while ($i < $num)
|
||||
{
|
||||
$obj = $db->fetch_object($result);
|
||||
$product_static = new Product($db);
|
||||
if($product_static->fetch($obj->rowid)) {
|
||||
$obj_ret[] = parent::_cleanObjectDatas($product_static);
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
else {
|
||||
throw new RestException(503, 'Error when retrieve product list');
|
||||
}
|
||||
if( ! count($obj_ret)) {
|
||||
throw new RestException(404, 'No product found');
|
||||
}
|
||||
return $obj_ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create product object
|
||||
*
|
||||
|
||||
@@ -162,6 +162,33 @@ class UserApi extends DolibarrApi
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* add user to group
|
||||
*
|
||||
* @param int $id User ID
|
||||
* @param int $group Group ID
|
||||
* @return int
|
||||
*
|
||||
* @url GET user/{id}/setGroup/{group}
|
||||
*/
|
||||
function setGroup($id,$group) {
|
||||
//if (!DolibarrApiAccess::$user->rights->user->user->supprimer) {
|
||||
//throw new RestException(401);
|
||||
//}
|
||||
$result = $this->useraccount->fetch($id);
|
||||
if (!$result)
|
||||
{
|
||||
throw new RestException(404, 'User not found');
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('user', $this->useraccount->id, 'user'))
|
||||
{
|
||||
throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
return $this->useraccount->SetInGroup($group,1);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete account
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user