From f1678b75246ec7cc432cd74273d4bd6ec2edc854 Mon Sep 17 00:00:00 2001
From: Jon Bendtsen <github@jonb.dk>
Date: Sun, 11 Aug 2024 00:06:00 +0200
Subject: [PATCH] NEW: API_LOGINS_ALLOWED_FOR_GET_EXTRAFIELD (#30562)

* introducing new global variable API_LOGINS_ALLOWED_FOR_GET_EXTRAFIELDS, code copied and modified from public function getModules()

* trying to use a different method to read the variable

---------

Co-authored-by: Jon Bendtsen <xcodeauthor@jonb.dk>
---
 htdocs/api/class/api_setup.class.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php
index aa1a6fb045c..8f57c121108 100644
--- a/htdocs/api/class/api_setup.class.php
+++ b/htdocs/api/class/api_setup.class.php
@@ -1199,8 +1199,9 @@ class Setup extends DolibarrApi
 	{
 		$list = array();
 
-		if (!DolibarrApiAccess::$user->admin) {
-			throw new RestException(403, 'Only an admin user can get list of extrafields');
+		if (!DolibarrApiAccess::$user->admin
+			&& (!getDolGlobalString('API_LOGINS_ALLOWED_FOR_GET_EXTRAFIELDS') || DolibarrApiAccess::$user->login != getDolGlobalString('API_LOGINS_ALLOWED_FOR_GET_EXTRAFIELDS'))) {
+			throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGINS_ALLOWED_FOR_GET_EXTRAFIELDS');
 		}
 
 		if ($elementtype == 'thirdparty') {