diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php index 92a13c26c62..5c6acfb9a84 100644 --- a/htdocs/api/class/api_access.class.php +++ b/htdocs/api/class/api_access.class.php @@ -107,7 +107,7 @@ class DolibarrApiAccess implements iAuthenticate $sql.= " FROM ".MAIN_DB_PREFIX."user as u"; $sql.= " WHERE u.api_key = '".$db->escape($api_key)."'"; // TODO Check if 2 users has same API key. - + $result = $db->query($sql); if ($result) { @@ -118,9 +118,12 @@ class DolibarrApiAccess implements iAuthenticate $stored_key = $obj->api_key; $userentity = $obj->entity; - if (! defined("DOLENTITY")) // If API was not forced with HTTP_DOLENTITY, we set entity to entity of user + if (! defined("DOLENTITY") && $conf->entity != $obj->entity) // If API was not forced with HTTP_DOLENTITY, and user is on another entity, so we reset entity to entity of user { $conf->entity = ($obj->entity?$obj->entity:1); + // We must also reload global conf to get params from the entity + dol_syslog("Entity was not set on http header with HTTP_DOLAPIENTITY (recommanded for performance purpose), so we switch now on entity of user (".$conf->entity .") and we have to reload configuration.", LOG_WARNING); + $conf->setValues($db); } } } diff --git a/htdocs/api/index.php b/htdocs/api/index.php index 9f734c9e24d..d34a97ed298 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -37,6 +37,10 @@ if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not lo if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session) +// Force entity if a value is provided into HTTP header. Otherwise, will use the entity of user of token used. +if (! empty($_SERVER['HTTP_DOLAPIENTITY'])) define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']); + + $res=0; if (! $res && file_exists("../main.inc.php")) $res=include '../main.inc.php'; if (! $res) die("Include of main fails");