Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-13 19:25:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

code syntax api directory

Browse Source
This commit is contained in:
Frédéric FRANCE
2021-02-23 17:44:43 +01:00
parent 2642e1d1b3
commit 9b48e1a649
7 changed files with 251 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
htdocs/api/class/api_access.class.php
View File

@@ -35,7 +35,6 @@ use \Luracast\Restler\Resources;
use \Luracast\Restler\Defaults;
use \Luracast\Restler\RestException;
/**
* Dolibarr API access class
*
@@ -90,28 +89,24 @@ class DolibarrApiAccess implements iAuthenticate
/*foreach ($_SERVER as $key => $val)
{
dol_syslog($key.' - '.$val);
dol_syslog($key.' - '.$val);
}*/
// api key can be provided in url with parameter api_key=xxx or ni header with header DOLAPIKEY:xxx
$api_key = '';
if (isset($_GET['api_key'])) // For backward compatibility
{
if (isset($_GET['api_key'])) { // For backward compatibility
// TODO Add option to disable use of api key on url. Return errors if used.
$api_key = $_GET['api_key'];
}
if (isset($_GET['DOLAPIKEY']))
{
if (isset($_GET['DOLAPIKEY'])) {
// TODO Add option to disable use of api key on url. Return errors if used.
$api_key = $_GET['DOLAPIKEY']; // With GET method
}
if (isset($_SERVER['HTTP_DOLAPIKEY'])) // Param DOLAPIKEY in header can be read with HTTP_DOLAPIKEY
{
if (isset($_SERVER['HTTP_DOLAPIKEY'])) { // Param DOLAPIKEY in header can be read with HTTP_DOLAPIKEY
$api_key = $_SERVER['HTTP_DOLAPIKEY']; // With header method (recommanded)
}
if ($api_key)
{
if ($api_key) {
$userentity = 0;
$sql = "SELECT u.login, u.datec, u.api_key, ";
@@ -121,17 +116,14 @@ class DolibarrApiAccess implements iAuthenticate
// TODO Check if 2 users has same API key.
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->num_rows($result))
{
if ($result) {
if ($this->db->num_rows($result)) {
$obj = $this->db->fetch_object($result);
$login = $obj->login;
$stored_key = $obj->api_key;
$userentity = $obj->entity;
if (!defined("DOLENTITY") && $conf->entity != ($obj->entity ? $obj->entity : 1)) // If API was not forced with HTTP_DOLENTITY, and user is on another entity, so we reset entity to entity of user
{
if (!defined("DOLENTITY") && $conf->entity != ($obj->entity ? $obj->entity : 1)) { // If API was not forced with HTTP_DOLENTITY, and user is on another entity, so we reset entity to entity of user
$conf->entity = ($obj->entity ? $obj->entity : 1);
// We must also reload global conf to get params from the entity
dol_syslog("Entity was not set on http header with HTTP_DOLAPIENTITY (recommanded for performance purpose), so we switch now on entity of user (".$conf->entity.") and we have to reload configuration.", LOG_WARNING);
@@ -147,8 +139,7 @@ class DolibarrApiAccess implements iAuthenticate
return false;
}
if (!$login)
{
if (!$login) {
throw new RestException(503, 'Error when searching login user from api key');
}
$fuser = new User($this->db);
@@ -173,7 +164,9 @@ class DolibarrApiAccess implements iAuthenticate
$userClass::setCacheIdentifier(static::$role);
Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
$requirefortest = static::$requires;
if (!is_array($requirefortest)) $requirefortest = explode(',', $requirefortest);
if (!is_array($requirefortest)) {
$requirefortest = explode(',', $requirefortest);
}
return in_array(static::$role, (array) $requirefortest) || static::$role == 'admin';
}