forked from Wavyzz/dolibarr
Some API HTTP return code were moved from 401 to 403 to better follow
REST specification.
This commit is contained in:
Laurent Destailleur
@@ -128,7 +128,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
// Add external contacts ids
|
||||
@@ -315,7 +315,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
$this->commande->getLinesArray();
|
||||
$result = array();
|
||||
@@ -347,7 +347,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$request_data = (object) $request_data;
|
||||
@@ -414,7 +414,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$request_data = (object) $request_data;
|
||||
@@ -482,7 +482,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$updateRes = $this->commande->deleteLine(DolibarrApiAccess::$user, $lineid, $id);
|
||||
@@ -518,7 +518,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$contacts = $this->commande->liste_contact(-1, 'external', 0, $type);
|
||||
@@ -551,7 +551,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$result = $this->commande->add_contact($contactid, $type, 'external');
|
||||
@@ -599,7 +599,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$contacts = $this->commande->liste_contact();
|
||||
@@ -641,7 +641,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
foreach ($request_data as $field => $value) {
|
||||
if ($field == 'id') {
|
||||
@@ -693,7 +693,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
if (!$this->commande->delete(DolibarrApiAccess::$user)) {
|
||||
@@ -743,7 +743,7 @@ class Orders extends DolibarrApi
|
||||
$result = $this->commande->fetch_thirdparty(); // do not check result, as failure is not fatal (used only for mail notification substitutes)
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$result = $this->commande->valid(DolibarrApiAccess::$user, $idwarehouse, $notrigger);
|
||||
@@ -841,7 +841,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$this->commande->fetchObjectLinked();
|
||||
@@ -869,7 +869,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$result = $this->commande->cloture(DolibarrApiAccess::$user, $notrigger);
|
||||
@@ -886,7 +886,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$this->commande->fetchObjectLinked();
|
||||
@@ -914,7 +914,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$result = $this->commande->setDraft(DolibarrApiAccess::$user, $idwarehouse);
|
||||
@@ -931,7 +931,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$this->commande->fetchObjectLinked();
|
||||
|
||||
Reference in New Issue
Block a user