From 4547de8d4a30473fa671dcb7c9a173baa76b5ff4 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 27 Aug 2021 12:16:59 +0200 Subject: [PATCH 1/2] New : api for knowledgemanagement --- .../class/api_knowledgemanagement.class.php | 393 ++++++++++++++++++ 1 file changed, 393 insertions(+) create mode 100644 htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php new file mode 100644 index 00000000000..fefc4e8f73c --- /dev/null +++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php @@ -0,0 +1,393 @@ + + * Copyright (C) 2021 SuperAdmin + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +use Luracast\Restler\RestException; + +dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); + + + +/** + * \file knowledgemanagement/class/api_knowledgemanagement.class.php + * \ingroup knowledgemanagement + * \brief File for API management of knowledgerecord. + */ + +/** + * API class for knowledgemanagement knowledgerecord + * + * @access protected + * @class DolibarrApiAccess {@requires user,external} + */ +class KnowledgeManagement extends DolibarrApi +{ + /** + * @var KnowledgeRecord $knowledgerecord {@type KnowledgeRecord} + */ + public $knowledgerecord; + + /** + * Constructor + * + * @url GET / + * + */ + public function __construct() + { + global $db, $conf; + $this->db = $db; + $this->knowledgerecord = new KnowledgeRecord($this->db); + } + + /** + * Get properties of a knowledgerecord object + * + * Return an array with knowledgerecord informations + * + * @param int $id ID of knowledgerecord + * @return array|mixed data without useless information + * + * @url GET knowledgerecords/{id} + * + * @throws RestException 401 Not allowed + * @throws RestException 404 Not found + */ + public function get($id) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->read) { + throw new RestException(401); + } + + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + return $this->_cleanObjectDatas($this->knowledgerecord); + } + + + /** + * List knowledgerecords + * + * Get a list of knowledgerecords + * + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Limit for list + * @param int $page Page number + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of order objects + * + * @throws RestException + * + * @url GET /knowledgerecords/ + */ + public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '') + { + global $db, $conf; + + $obj_ret = array(); + $tmpobject = new KnowledgeRecord($this->db); + + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) { + throw new RestException(401); + } + + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + + $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object + + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + $search_sale = DolibarrApiAccess::$user->id; + } + + $sql = "SELECT t.rowid"; + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." as t"; + + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + } + $sql .= " WHERE 1 = 1"; + + // Example of use $mode + //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; + //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; + + if ($tmpobject->ismultientitymanaged) { + $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; + } + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= " AND t.fk_soc = sc.fk_soc"; + } + if ($restrictonsocid && $socid) { + $sql .= " AND t.fk_soc = ".((int) $socid); + } + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + } + // Insert sale filter + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND sc.fk_user = ".((int) $search_sale); + } + if ($sqlfilters) { + if (!DolibarrApi::_checkFilters($sqlfilters)) { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)'; + $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; + } + + $sql .= $this->db->order($sortfield, $sortorder); + if ($limit) { + if ($page < 0) { + $page = 0; + } + $offset = $limit * $page; + + $sql .= $this->db->plimit($limit + 1, $offset); + } + + $result = $this->db->query($sql); + $i = 0; + if ($result) { + $num = $this->db->num_rows($result); + while ($i < $num) { + $obj = $this->db->fetch_object($result); + $tmp_object = new KnowledgeRecord($this->db); + if ($tmp_object->fetch($obj->rowid)) { + $obj_ret[] = $this->_cleanObjectDatas($tmp_object); + } + $i++; + } + } else { + throw new RestException(503, 'Error when retrieving knowledgerecord list: '.$this->db->lasterror()); + } + if (!count($obj_ret)) { + throw new RestException(404, 'No knowledgerecord found'); + } + return $obj_ret; + } + + /** + * Create knowledgerecord object + * + * @param array $request_data Request datas + * @return int ID of knowledgerecord + * + * @throws RestException + * + * @url POST knowledgerecords/ + */ + public function post($request_data = null) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + throw new RestException(401); + } + + // Check mandatory fields + $result = $this->_validate($request_data); + + foreach ($request_data as $field => $value) { + $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord); + } + + // Clean data + // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); + + if ($this->knowledgerecord->create(DolibarrApiAccess::$user)<0) { + throw new RestException(500, "Error creating KnowledgeRecord", array_merge(array($this->knowledgerecord->error), $this->knowledgerecord->errors)); + } + return $this->knowledgerecord->id; + } + + /** + * Update knowledgerecord + * + * @param int $id Id of knowledgerecord to update + * @param array $request_data Datas + * @return int + * + * @throws RestException + * + * @url PUT knowledgerecords/{id} + */ + public function put($id, $request_data = null) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + throw new RestException(401); + } + + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + foreach ($request_data as $field => $value) { + if ($field == 'id') { + continue; + } + $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord); + } + + // Clean data + // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); + + if ($this->knowledgerecord->update(DolibarrApiAccess::$user, false) > 0) { + return $this->get($id); + } else { + throw new RestException(500, $this->knowledgerecord->error); + } + } + + /** + * Delete knowledgerecord + * + * @param int $id KnowledgeRecord ID + * @return array + * + * @throws RestException + * + * @url DELETE knowledgerecords/{id} + */ + public function delete($id) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->delete) { + throw new RestException(401); + } + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + if (!$this->knowledgerecord->delete(DolibarrApiAccess::$user)) { + throw new RestException(500, 'Error when deleting KnowledgeRecord : '.$this->knowledgerecord->error); + } + + return array( + 'success' => array( + 'code' => 200, + 'message' => 'KnowledgeRecord deleted' + ) + ); + } + + + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore + /** + * Clean sensible object datas + * + * @param Object $object Object to clean + * @return Object Object with cleaned properties + */ + protected function _cleanObjectDatas($object) + { + // phpcs:enable + $object = parent::_cleanObjectDatas($object); + + unset($object->rowid); + unset($object->canvas); + + /*unset($object->name); + unset($object->lastname); + unset($object->firstname); + unset($object->civility_id); + unset($object->statut); + unset($object->state); + unset($object->state_id); + unset($object->state_code); + unset($object->region); + unset($object->region_code); + unset($object->country); + unset($object->country_id); + unset($object->country_code); + unset($object->barcode_type); + unset($object->barcode_type_code); + unset($object->barcode_type_label); + unset($object->barcode_type_coder); + unset($object->total_ht); + unset($object->total_tva); + unset($object->total_localtax1); + unset($object->total_localtax2); + unset($object->total_ttc); + unset($object->fk_account); + unset($object->comments); + unset($object->note); + unset($object->mode_reglement_id); + unset($object->cond_reglement_id); + unset($object->cond_reglement); + unset($object->shipping_method_id); + unset($object->fk_incoterms); + unset($object->label_incoterms); + unset($object->location_incoterms); + */ + + // If object has lines, remove $db property + if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) { + $nboflines = count($object->lines); + for ($i = 0; $i < $nboflines; $i++) { + $this->_cleanObjectDatas($object->lines[$i]); + + unset($object->lines[$i]->lines); + unset($object->lines[$i]->note); + } + } + + return $object; + } + + /** + * Validate fields before create or update object + * + * @param array $data Array of data to validate + * @return array + * + * @throws RestException + */ + private function _validate($data) + { + $knowledgerecord = array(); + foreach ($this->knowledgerecord->fields as $field => $propfield) { + if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) { + continue; // Not a mandatory field + } + if (!isset($data[$field])) { + throw new RestException(400, "$field field missing"); + } + $knowledgerecord[$field] = $data[$field]; + } + return $knowledgerecord; + } +} From 1bdfad9c299203354478239b64b3b870b12cde72 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 27 Aug 2021 12:19:28 +0200 Subject: [PATCH 2/2] fix permissions api for knowledgemanagement --- .../class/api_knowledgemanagement.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php index fefc4e8f73c..16429060a17 100644 --- a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php +++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php @@ -69,7 +69,7 @@ class KnowledgeManagement extends DolibarrApi */ public function get($id) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->read) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) { throw new RestException(401); } @@ -205,7 +205,7 @@ class KnowledgeManagement extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) { throw new RestException(401); } @@ -238,7 +238,7 @@ class KnowledgeManagement extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) { throw new RestException(401); } @@ -280,7 +280,7 @@ class KnowledgeManagement extends DolibarrApi */ public function delete($id) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->delete) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->delete) { throw new RestException(401); } $result = $this->knowledgerecord->fetch($id);