forked from Wavyzz/dolibarr
Merge pull request #2924 from aternatik/api_rest
Allow modify API key from user card
This commit is contained in:
Laurent Destailleur
@@ -1567,6 +1567,7 @@ KeyForApiAccess=Key to use API (parameter "api_key")
|
||||
ApiEndPointIs=You can access to the API at url
|
||||
ApiExporerIs=You can explore the API at url
|
||||
OnlyActiveElementsAreExposed=Only elements from enabled modules are exposed
|
||||
ApiKey=Key for API
|
||||
##### Bank #####
|
||||
BankSetupModule=Bank module setup
|
||||
FreeLegalTextOnChequeReceipts=Free text on cheque receipts
|
||||
|
||||
@@ -9,6 +9,7 @@
|
||||
* Copyright (C) 2012 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
|
||||
* Copyright (C) 2013-2015 Alexandre Spangaro <alexandre.spangaro@gmail.com>
|
||||
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -82,6 +83,7 @@ if ($user->id <> $id && ! $canreaduser) accessforbidden();
|
||||
$langs->load("users");
|
||||
$langs->load("companies");
|
||||
$langs->load("ldap");
|
||||
$langs->load("admin");
|
||||
|
||||
$object = new User($db);
|
||||
$extrafields = new ExtraFields($db);
|
||||
@@ -189,6 +191,7 @@ if ($action == 'add' && $canadduser)
|
||||
$object->lastname = GETPOST("lastname",'alpha');
|
||||
$object->firstname = GETPOST("firstname",'alpha');
|
||||
$object->login = GETPOST("login",'alpha');
|
||||
$object->api_key = GETPOST("api_key",'alpha');
|
||||
$object->gender = GETPOST("gender",'alpha');
|
||||
$object->admin = GETPOST("admin",'alpha');
|
||||
$object->office_phone = GETPOST("office_phone",'alpha');
|
||||
@@ -343,6 +346,7 @@ if ($action == 'update' && ! $_POST["cancel"])
|
||||
$object->login = GETPOST("login",'alpha');
|
||||
$object->gender = GETPOST("gender",'alpha');
|
||||
$object->pass = GETPOST("password");
|
||||
$object->api_key = GETPOST("api_key");
|
||||
$object->admin = empty($user->admin)?0:GETPOST("admin"); // A user can only be set admin by an admin
|
||||
$object->office_phone=GETPOST("office_phone",'alpha');
|
||||
$object->office_fax = GETPOST("office_fax",'alpha');
|
||||
@@ -820,49 +824,62 @@ if (($action == 'create') || ($action == 'adduserldap'))
|
||||
}
|
||||
}
|
||||
print '</td></tr>';
|
||||
|
||||
// Administrator
|
||||
if (! empty($user->admin))
|
||||
{
|
||||
print '<tr><td>'.$langs->trans("Administrator").'</td>';
|
||||
|
||||
if(! empty($conf->api->enabled)) {
|
||||
// API key
|
||||
$generated_api_key = '';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
||||
$generated_password=getRandomPassword(false);
|
||||
print '<tr><td>'.$langs->trans("ApiKey").'</td>';
|
||||
print '<td>';
|
||||
print $form->selectyesno('admin',GETPOST('admin'),1);
|
||||
print '<input size="30" maxsize="32" type="text" id="api_key" name="api_key" value="'.$api_key.'" autocomplete="off">';
|
||||
if (! empty($conf->use_javascript_ajax))
|
||||
print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"');
|
||||
print '</td></tr>';
|
||||
|
||||
if (! empty($conf->multicompany->enabled) && ! $user->entity && empty($conf->multicompany->transverse_mode))
|
||||
// Administrator
|
||||
if (! empty($user->admin))
|
||||
{
|
||||
if (! empty($conf->use_javascript_ajax))
|
||||
print '<tr><td>'.$langs->trans("Administrator").'</td>';
|
||||
print '<td>';
|
||||
print $form->selectyesno('admin',GETPOST('admin'),1);
|
||||
|
||||
if (! empty($conf->multicompany->enabled) && ! $user->entity && empty($conf->multicompany->transverse_mode))
|
||||
{
|
||||
print '<script type="text/javascript">
|
||||
$(function() {
|
||||
$("select[name=admin]").change(function() {
|
||||
if ( $(this).val() == 0 ) {
|
||||
$("input[name=superadmin]")
|
||||
.prop("disabled", true)
|
||||
.prop("checked", false);
|
||||
$("select[name=entity]")
|
||||
.prop("disabled", false);
|
||||
} else {
|
||||
$("input[name=superadmin]")
|
||||
.prop("disabled", false);
|
||||
}
|
||||
});
|
||||
$("input[name=superadmin]").change(function() {
|
||||
if ( $(this).is(":checked") ) {
|
||||
$("select[name=entity]")
|
||||
.prop("disabled", true);
|
||||
} else {
|
||||
$("select[name=entity]")
|
||||
.prop("disabled", false);
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>';
|
||||
if (! empty($conf->use_javascript_ajax))
|
||||
{
|
||||
print '<script type="text/javascript">
|
||||
$(function() {
|
||||
$("select[name=admin]").change(function() {
|
||||
if ( $(this).val() == 0 ) {
|
||||
$("input[name=superadmin]")
|
||||
.prop("disabled", true)
|
||||
.prop("checked", false);
|
||||
$("select[name=entity]")
|
||||
.prop("disabled", false);
|
||||
} else {
|
||||
$("input[name=superadmin]")
|
||||
.prop("disabled", false);
|
||||
}
|
||||
});
|
||||
$("input[name=superadmin]").change(function() {
|
||||
if ( $(this).is(":checked") ) {
|
||||
$("select[name=entity]")
|
||||
.prop("disabled", true);
|
||||
} else {
|
||||
$("select[name=entity]")
|
||||
.prop("disabled", false);
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>';
|
||||
}
|
||||
$checked=($_POST["superadmin"]?' checked':'');
|
||||
$disabled=($_POST["superadmin"]?'':' disabled');
|
||||
print '<input type="checkbox" name="superadmin" value="1"'.$checked.$disabled.' /> '.$langs->trans("SuperAdministrator");
|
||||
}
|
||||
$checked=($_POST["superadmin"]?' checked':'');
|
||||
$disabled=($_POST["superadmin"]?'':' disabled');
|
||||
print '<input type="checkbox" name="superadmin" value="1"'.$checked.$disabled.' /> '.$langs->trans("SuperAdministrator");
|
||||
print "</td></tr>\n";
|
||||
}
|
||||
print "</td></tr>\n";
|
||||
}
|
||||
|
||||
// Type
|
||||
@@ -1254,7 +1271,16 @@ else
|
||||
print "</td>";
|
||||
}
|
||||
print '</tr>'."\n";
|
||||
|
||||
|
||||
// API key
|
||||
if(! empty($conf->api->enabled) && $user->admin) {
|
||||
print '<tr><td>'.$langs->trans("ApiKey").'</td>';
|
||||
print '<td colspan="2">';
|
||||
if (! empty($object->api_key))
|
||||
print $langs->trans("Hidden");
|
||||
print '<td>';
|
||||
}
|
||||
|
||||
// Administrator
|
||||
print '<tr><td>'.$langs->trans("Administrator").'</td><td colspan="2">';
|
||||
if (! empty($conf->multicompany->enabled) && $object->admin && ! $object->entity)
|
||||
@@ -1824,6 +1850,16 @@ else
|
||||
}
|
||||
print $text;
|
||||
print "</td></tr>\n";
|
||||
|
||||
// API key
|
||||
if(! empty($conf->api->enabled) && $user->admin) {
|
||||
print '<tr><td>'.$langs->trans("ApiKey").'</td>';
|
||||
print '<td>';
|
||||
print '<input size="30" maxsize="32" type="text" id="api_key" name="api_key" value="'.$object->api_key.'" autocomplete="off">';
|
||||
if (! empty($conf->use_javascript_ajax))
|
||||
print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"');
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
// Administrator
|
||||
print '<tr><td>'.$langs->trans("Administrator").'</td>';
|
||||
@@ -2197,6 +2233,22 @@ else
|
||||
}
|
||||
}
|
||||
|
||||
if (! empty($conf->api->enabled) && ! empty($conf->use_javascript_ajax))
|
||||
{
|
||||
print "\n".'<script type="text/javascript">';
|
||||
print '$(document).ready(function () {
|
||||
$("#generate_api_key").click(function() {
|
||||
$.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
|
||||
action: \'getrandompassword\',
|
||||
generic: true
|
||||
},
|
||||
function(token) {
|
||||
$("#api_key").val(token);
|
||||
});
|
||||
});
|
||||
});';
|
||||
print '</script>';
|
||||
}
|
||||
|
||||
llxFooter();
|
||||
$db->close();
|
||||
|
||||
@@ -61,6 +61,7 @@ class User extends CommonObject
|
||||
var $user_mobile;
|
||||
var $admin;
|
||||
var $login;
|
||||
var $api_key;
|
||||
var $entity;
|
||||
|
||||
//! Clear password in memory
|
||||
@@ -162,7 +163,7 @@ class User extends CommonObject
|
||||
// Get user
|
||||
$sql = "SELECT u.rowid, u.lastname, u.firstname, u.gender, u.email, u.job, u.skype, u.signature, u.office_phone, u.office_fax, u.user_mobile,";
|
||||
$sql.= " u.admin, u.login, u.note,";
|
||||
$sql.= " u.pass, u.pass_crypted, u.pass_temp,";
|
||||
$sql.= " u.pass, u.pass_crypted, u.pass_temp, u.api_key,";
|
||||
$sql.= " u.fk_soc, u.fk_socpeople, u.fk_member, u.fk_user, u.ldap_sid,";
|
||||
$sql.= " u.statut, u.lang, u.entity,";
|
||||
$sql.= " u.datec as datec,";
|
||||
@@ -226,6 +227,7 @@ class User extends CommonObject
|
||||
$this->pass_indatabase_crypted = $obj->pass_crypted;
|
||||
$this->pass = $obj->pass;
|
||||
$this->pass_temp = $obj->pass_temp;
|
||||
$this->api_key = $obj->api_key;
|
||||
$this->office_phone = $obj->office_phone;
|
||||
$this->office_fax = $obj->office_fax;
|
||||
$this->user_mobile = $obj->user_mobile;
|
||||
@@ -1143,6 +1145,7 @@ class User extends CommonObject
|
||||
$this->login = trim($this->login);
|
||||
$this->gender = trim($this->gender);
|
||||
$this->pass = trim($this->pass);
|
||||
$this->api_key = trim($this->api_key);
|
||||
$this->office_phone = trim($this->office_phone);
|
||||
$this->office_fax = trim($this->office_fax);
|
||||
$this->user_mobile = trim($this->user_mobile);
|
||||
@@ -1174,6 +1177,7 @@ class User extends CommonObject
|
||||
$sql.= " lastname = '".$this->db->escape($this->lastname)."'";
|
||||
$sql.= ", firstname = '".$this->db->escape($this->firstname)."'";
|
||||
$sql.= ", login = '".$this->db->escape($this->login)."'";
|
||||
$sql.= ", api_key = '".$this->db->escape($this->api_key)."'";
|
||||
$sql.= ", gender = ".($this->gender != -1 ? "'".$this->db->escape($this->gender)."'" : "null"); // 'man' or 'woman'
|
||||
$sql.= ", admin = ".$this->admin;
|
||||
$sql.= ", address = '".$this->db->escape($this->address)."'";
|
||||
|
||||
Reference in New Issue
Block a user