From 160eb194ea28e33f12953aa2b5bf5d64b1033537 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 24 May 2017 15:24:35 +0200
Subject: [PATCH] Clean REST response for user and third parties

---
 .../societe/class/api_thirdparties.class.php  | 21 ++++++++++++++++++-
 htdocs/user/class/api_users.class.php         | 20 ++++++++++++++----
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php
index df7965d6d8c..507fd62ec48 100644
--- a/htdocs/societe/class/api_thirdparties.class.php
+++ b/htdocs/societe/class/api_thirdparties.class.php
@@ -311,7 +311,26 @@ class Thirdparties extends DolibarrApi
       return $this->company;
     }
 
-    /**
+	/**
+	 * Clean sensible object datas
+	 *
+	 * @param   object  $object    Object to clean
+	 * @return    array    Array of cleaned object properties
+	 */
+	function _cleanObjectDatas($object) {
+	
+	    $object = parent::_cleanObjectDatas($object);
+	
+	    unset($object->total_ht);
+	    unset($object->total_tva);
+	    unset($object->total_localtax1);
+	    unset($object->total_localtax2);
+	    unset($object->total_ttc);
+	    
+	    return $object;
+	}	
+	
+	/**
      * Validate fields before create or update object
      * 
      * @param array $data   Datas to validate
diff --git a/htdocs/user/class/api_users.class.php b/htdocs/user/class/api_users.class.php
index aa2569fb3ca..af1b8441293 100644
--- a/htdocs/user/class/api_users.class.php
+++ b/htdocs/user/class/api_users.class.php
@@ -225,9 +225,9 @@ class Users extends DolibarrApi
     /**
 	 * add user to group
 	 *
-	 * @param   int     $id User ID
-	 * @param   int     $group Group ID
-	 * @return  int
+	 * @param   int     $id        User ID
+	 * @param   int     $group     Group ID
+	 * @return  int                1 if success
      * 
 	 * @url	GET {id}/setGroup/{group}
 	 */
@@ -246,7 +246,13 @@ class Users extends DolibarrApi
           throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
         }
     
-        return $this->useraccount->SetInGroup($group,1);
+        $result = $this->useraccount->SetInGroup($group,1);
+        if (! ($result > 0))
+        {
+            throw new RestException(500, $this->useraccount->error);
+        }
+                
+        return 1;
     }
 
 	/**
@@ -287,6 +293,12 @@ class Users extends DolibarrApi
 	    unset($object->lastsearch_values);
 	    unset($object->lastsearch_values_tmp);
 	     
+	    unset($object->total_ht);
+	    unset($object->total_tva);
+	    unset($object->total_localtax1);
+	    unset($object->total_localtax2);
+	    unset($object->total_ttc);
+	    
 	    return $object;
 	}