mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2026-02-08 00:52:01 +01:00
Move API HTTP code from 401 to 403
This commit is contained in:
Laurent Destailleur
@@ -66,13 +66,16 @@ class MyModuleApi extends DolibarrApi
|
||||
*
|
||||
* @url GET myobjects/{id}
|
||||
*
|
||||
* @throws RestException 401 Not allowed
|
||||
* @throws RestException 403 Not allowed
|
||||
* @throws RestException 404 Not found
|
||||
*/
|
||||
public function get($id)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->mymodule->myobject->read) {
|
||||
throw new RestException(401);
|
||||
throw new RestException(403);
|
||||
}
|
||||
if (!DolibarrApi::_checkAccessToResource('myobject', $id, 'mymodule_myobject')) {
|
||||
throw new RestException(403, 'Access to instance id='.$this->myobject->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$result = $this->myobject->fetch($id);
|
||||
@@ -80,10 +83,6 @@ class MyModuleApi extends DolibarrApi
|
||||
throw new RestException(404, 'MyObject not found');
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('myobject', $this->myobject->id, 'mymodule_myobject')) {
|
||||
throw new RestException(401, 'Access to instance id='.$this->myobject->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
return $this->_cleanObjectDatas($this->myobject);
|
||||
}
|
||||
|
||||
@@ -101,7 +100,8 @@ class MyModuleApi extends DolibarrApi
|
||||
* @param string $properties Restrict the data returned to these properties. Ignored if empty. Comma separated list of properties names
|
||||
* @return array Array of order objects
|
||||
*
|
||||
* @throws RestException
|
||||
* @throws RestException 403 Not allowed
|
||||
* @throws RestException 503 System error
|
||||
*
|
||||
* @url GET /myobjects/
|
||||
*/
|
||||
@@ -111,7 +111,7 @@ class MyModuleApi extends DolibarrApi
|
||||
$tmpobject = new MyObject($this->db);
|
||||
|
||||
if (!DolibarrApiAccess::$user->rights->mymodule->myobject->read) {
|
||||
throw new RestException(401);
|
||||
throw new RestException(403);
|
||||
}
|
||||
|
||||
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0;
|
||||
@@ -186,16 +186,17 @@ class MyModuleApi extends DolibarrApi
|
||||
* Create myobject object
|
||||
*
|
||||
* @param array $request_data Request datas
|
||||
* @return int ID of myobject
|
||||
* @return int ID of myobject
|
||||
*
|
||||
* @throws RestException
|
||||
* @throws RestException 403 Not allowed
|
||||
* @throws RestException 500 System error
|
||||
*
|
||||
* @url POST myobjects/
|
||||
*/
|
||||
public function post($request_data = null)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) {
|
||||
throw new RestException(401);
|
||||
throw new RestException(403);
|
||||
}
|
||||
|
||||
// Check mandatory fields
|
||||
@@ -227,14 +228,19 @@ class MyModuleApi extends DolibarrApi
|
||||
* @param array $request_data Datas
|
||||
* @return int
|
||||
*
|
||||
* @throws RestException
|
||||
* @throws RestException 403 Not allowed
|
||||
* @throws RestException 404 Not found
|
||||
* @throws RestException 500 System error
|
||||
*
|
||||
* @url PUT myobjects/{id}
|
||||
*/
|
||||
public function put($id, $request_data = null)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) {
|
||||
throw new RestException(401);
|
||||
throw new RestException(403);
|
||||
}
|
||||
if (!DolibarrApi::_checkAccessToResource('myobject', $id, 'mymodule_myobject')) {
|
||||
throw new RestException(403, 'Access to instance id='.$this->myobject->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$result = $this->myobject->fetch($id);
|
||||
@@ -242,10 +248,6 @@ class MyModuleApi extends DolibarrApi
|
||||
throw new RestException(404, 'MyObject not found');
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('myobject', $this->myobject->id, 'mymodule_myobject')) {
|
||||
throw new RestException(401, 'Access to instance id='.$this->myobject->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
foreach ($request_data as $field => $value) {
|
||||
if ($field == 'id') {
|
||||
continue;
|
||||
@@ -275,24 +277,27 @@ class MyModuleApi extends DolibarrApi
|
||||
* @param int $id MyObject ID
|
||||
* @return array
|
||||
*
|
||||
* @throws RestException
|
||||
* @throws RestException 403 Not allowed
|
||||
* @throws RestException 404 Not found
|
||||
* @throws RestException 409 Nothing to do
|
||||
* @throws RestException 500 System error
|
||||
*
|
||||
* @url DELETE myobjects/{id}
|
||||
*/
|
||||
public function delete($id)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->mymodule->myobject->delete) {
|
||||
throw new RestException(401);
|
||||
if (!DolibarrApiAccess::$user->hasRight('mymodule', 'myobject', 'delete')) {
|
||||
throw new RestException(403);
|
||||
}
|
||||
if (!DolibarrApi::_checkAccessToResource('myobject', $id, 'mymodule_myobject')) {
|
||||
throw new RestException(403, 'Access to instance id='.$this->myobject->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
$result = $this->myobject->fetch($id);
|
||||
if (!$result) {
|
||||
throw new RestException(404, 'MyObject not found');
|
||||
}
|
||||
|
||||
if (!DolibarrApi::_checkAccessToResource('myobject', $this->myobject->id, 'mymodule_myobject')) {
|
||||
throw new RestException(401, 'Access to instance id='.$this->myobject->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
if ($this->myobject->delete(DolibarrApiAccess::$user) == 0) {
|
||||
throw new RestException(409, 'Error when deleting MyObject : '.$this->myobject->error);
|
||||
} elseif ($this->myobject->delete(DolibarrApiAccess::$user) < 0) {
|
||||
@@ -348,40 +353,6 @@ class MyModuleApi extends DolibarrApi
|
||||
unset($object->rowid);
|
||||
unset($object->canvas);
|
||||
|
||||
/*unset($object->name);
|
||||
unset($object->lastname);
|
||||
unset($object->firstname);
|
||||
unset($object->civility_id);
|
||||
unset($object->statut);
|
||||
unset($object->state);
|
||||
unset($object->state_id);
|
||||
unset($object->state_code);
|
||||
unset($object->region);
|
||||
unset($object->region_code);
|
||||
unset($object->country);
|
||||
unset($object->country_id);
|
||||
unset($object->country_code);
|
||||
unset($object->barcode_type);
|
||||
unset($object->barcode_type_code);
|
||||
unset($object->barcode_type_label);
|
||||
unset($object->barcode_type_coder);
|
||||
unset($object->total_ht);
|
||||
unset($object->total_tva);
|
||||
unset($object->total_localtax1);
|
||||
unset($object->total_localtax2);
|
||||
unset($object->total_ttc);
|
||||
unset($object->fk_account);
|
||||
unset($object->comments);
|
||||
unset($object->note);
|
||||
unset($object->mode_reglement_id);
|
||||
unset($object->cond_reglement_id);
|
||||
unset($object->cond_reglement);
|
||||
unset($object->shipping_method_id);
|
||||
unset($object->fk_incoterms);
|
||||
unset($object->label_incoterms);
|
||||
unset($object->location_incoterms);
|
||||
*/
|
||||
|
||||
// If object has lines, remove $db property
|
||||
if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) {
|
||||
$nboflines = count($object->lines);
|
||||
|
||||
Reference in New Issue
Block a user