Skip to content
Snippets Groups Projects
Commit cb6f23d9 authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Merge pull request #2771 from aternatik/api_rest 

Add new core module : REST API
parents a94121a8 125a34cb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3582 additions and 153 deletions
composer.json
+ 2
1
View file @ cb6f23d9
......@@ -13,7 +13,8 @@
"require": {
"php": ">=5.3.0",
"ext-gd": "*",
"ext-curl": "*"
"ext-curl": "*",
"restler/framework": "3.0.*"
},
"suggest": {
"ext-mysqli": "*",
......
dev/skeletons/build_api_class.php 0 → 100755
+ 123
0
View file @ cb6f23d9
#!/usr/bin/php
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file dev/skeletons/build_api_class.php
* \ingroup core
* \brief Create a complete API class file from existant class file
*/
$sapi_type = php_sapi_name();
$script_file = basename(__FILE__);
$path=dirname(__FILE__).'/';
// Test if batch mode
if (substr($sapi_type, 0, 3) == 'cgi') {
echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n";
exit;
}
// Include Dolibarr environment
require_once($path."../../htdocs/master.inc.php");
// After this $db is a defined handler to database.
// Main
$version='1';
@set_time_limit(0);
$error=0;
$langs->load("main");
print "***** $script_file ($version) *****\n";
// -------------------- START OF BUILD_API_FROM_CLASS --------------------
// Check parameters
if (! isset($argv[1]) && ! isset($argv[2]))
{
print "Usage: $script_file phpClassFile phpClassName\n";
exit;
}
// Show parameters
print 'Classfile='.$argv[1]."\n";
print 'Classname='.$argv[2]."\n";
$classfile=$argv[1];
$classname=$argv[2];
$classmin=strtolower($classname);
$classnameApi = $classname.'Api';
$property=array();
$targetcontent='';
// Load the class and read properties
require_once($classfile);
$property=array();
$class = new $classname($db);
$values=get_class_vars($classname);
unset($values['db']);
unset($values['error']);
unset($values['errors']);
unset($values['element']);
unset($values['table_element']);
unset($values['table_element_line']);
unset($values['fk_element']);
unset($values['ismultientitymanaged']);
// Read skeleton_api_class.class.php file
$skeletonfile=$path.'skeleton_api_class.class.php';
$sourcecontent=file_get_contents($skeletonfile);
if (! $sourcecontent)
{
print "\n";
print "Error: Failed to read skeleton sample '".$skeletonfile."'\n";
print "Try to run script from skeletons directory.\n";
exit;
}
// Define output variables
$outfile='out.api_'.$classmin.'.class.php';
$targetcontent=$sourcecontent;
// Substitute class name
$targetcontent=preg_replace('/skeleton_api_class\.class\.php/', 'api_'.$classmin.'.class.php', $targetcontent);
$targetcontent=preg_replace('/skeleton/', $classmin, $targetcontent);
//$targetcontent=preg_replace('/\$table_element=\'skeleton\'/', '\$table_element=\''.$tablenoprefix.'\'', $targetcontent);
$targetcontent=preg_replace('/SkeletonApi/', $classnameApi, $targetcontent);
$targetcontent=preg_replace('/Skeleton/', $classname, $targetcontent);
// Build file
$fp=fopen($outfile,"w");
if ($fp)
{
fputs($fp, $targetcontent);
fclose($fp);
print "\n";
print "File '".$outfile."' has been built in current directory.\n";
}
else $error++;
// -------------------- END OF BUILD_CLASS_FROM_TABLE SCRIPT --------------------
print "You can now rename generated files by removing the 'out.' prefix in their name and store them into directory /module/class.\n";
return $error;
dev/skeletons/skeleton_api_class.class.php 0 → 100644
+ 288
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use Luracast\Restler\RestException;
/**
* API class for skeleton object
*
* @smart-auto-routing false
* @access protected
* @class DolibarrApiAccess {@requires user,external}
*
*
*/
class SkeletonApi extends DolibarrApi
{
/**
* @var array $FIELDS Mandatory fields, checked when create and update object
*/
static $FIELDS = array(
'name'
);
/**
* @var Skeleton $skeleton {@type Skeleton}
*/
public $skeleton;
/**
* Constructor
*
* @url GET skeleton/
*
*/
function __construct()
{
global $db, $conf;
$this->db = $db;
$this->skeleton = new Skeleton($this->db);
}
/**
* Get properties of a skeleton object
*
* Return an array with skeleton informations
*
* @param int $id ID of skeleton
* @return array|mixed data without useless information
*
* @url GET skeleton/{id}
* @throws RestException
*/
function get($id)
{
if(! DolibarrApiAccess::$user->rights->skeleton->read) {
throw new RestException(401);
}
$result = $this->skeleton->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Skeleton not found');
}
if( ! DolibarrApi::_checkAccessToResource('skeleton',$this->skeleton->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
return $this->_cleanObjectDatas($this->skeleton);
}
/**
* List skeletons
*
* Get a list of skeletons
*
* @param int $mode Use this param to filter list
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
*
* @return array Array of skeleton objects
*
* @url GET /skeletons/
*/
function getList($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
global $db, $conf;
$obj_ret = array();
$socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : '';
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT s.rowid";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
$sql.= " FROM ".MAIN_DB_PREFIX."skeleton as s";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
$sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st";
$sql.= " WHERE s.fk_stcomm = st.id";
// Example of use $mode
//if ($mode == 1) $sql.= " AND s.client IN (1, 3)";
//if ($mode == 2) $sql.= " AND s.client IN (2, 3)";
$sql.= ' AND s.entity IN ('.getEntity('skeleton', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
if ($socid) $sql.= " AND s.fk_soc = ".$socid;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
$page = 0;
}
$offset = $limit * $page;
$sql.= $db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$skeleton_static = new Skeleton($db);
if($skeleton_static->fetch($obj->rowid)) {
$obj_ret[] = parent::_cleanObjectDatas($skeleton_static);
}
$i++;
}
}
else {
throw new RestException(503, 'Error when retrieve skeleton list');
}
if( ! count($obj_ret)) {
throw new RestException(404, 'No skeleton found');
}
return $obj_ret;
}
/**
* Create skeleton object
*
* @param array $request_data Request datas
* @return int ID of skeleton
*
* @url POST skeleton/
*/
function post($request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->skeleton->create) {
throw new RestException(401);
}
// Check mandatory fields
$result = $this->_validate($request_data);
foreach($request_data as $field => $value) {
$this->skeleton->$field = $value;
}
if( ! $this->skeleton->create(DolibarrApiAccess::$user)) {
throw new RestException(500);
}
return $this->skeleton->id;
}
/**
* Update skeleton
*
* @param int $id Id of skeleton to update
* @param array $request_data Datas
* @return int
*
* @url PUT skeleton/{id}
*/
function put($id, $request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->skeleton->create) {
throw new RestException(401);
}
$result = $this->skeleton->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Skeleton not found');
}
if( ! DolibarrApi::_checkAccessToResource('skeleton',$this->skeleton->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
foreach($request_data as $field => $value) {
$this->skeleton->$field = $value;
}
if($this->skeleton->update($id, DolibarrApiAccess::$user))
return $this->get ($id);
return false;
}
/**
* Delete skeleton
*
* @param int $id Skeleton ID
* @return array
*
* @url DELETE skeleton/{id}
*/
function delete($id)
{
if(! DolibarrApiAccess::$user->rights->skeleton->supprimer) {
throw new RestException(401);
}
$result = $this->skeleton->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Skeleton not found');
}
if( ! DolibarrApi::_checkAccessToResource('skeleton',$this->skeleton->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
if( !$this->skeleton->delete($id))
{
throw new RestException(500);
}
return array(
'success' => array(
'code' => 200,
'message' => 'Skeleton deleted'
)
);
}
/**
* Validate fields before create or update object
*
* @param array $data Data to validate
* @return array
*
* @throws RestException
*/
function _validate($data)
{
$skeleton = array();
foreach (SkeletonApi::$FIELDS as $field) {
if (!isset($data[$field]))
throw new RestException(400, "$field field missing");
$skeleton[$field] = $data[$field];
}
return $skeleton;
}
}
htdocs/api/admin/api.php 0 → 100644
+ 138
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.org>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2015 Regis Houssin <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/api/admin/api.php
* \ingroup api
* \brief Page to setup api module
*/
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
$langs->load("admin");
if (! $user->admin)
accessforbidden();
$actionsave=GETPOST("save");
// Sauvegardes parametres
if ($actionsave)
{
$i=0;
$db->begin();
$i+=dolibarr_set_const($db,'API_KEY',trim(GETPOST("API_KEY")),'chaine',0,'',$conf->entity);
if ($i >= 1)
{
$db->commit();
setEventMessage($langs->trans("SetupSaved"));
}
else
{
$db->rollback();
setEventMessage($langs->trans("Error"), 'errors');
}
}
/*
* View
*/
llxHeader();
$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToModuleList").'</a>';
print_fiche_titre($langs->trans("ApiSetup"),$linkback,'title_setup');
print $langs->trans("ApiDesc")."<br>\n";
print "<br>\n";
print '<form name="apisetupform" action="'.$_SERVER["PHP_SELF"].'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
print "<td>".$langs->trans("Parameter")."</td>";
print "<td>".$langs->trans("Value")."</td>";
print "<td>&nbsp;</td>";
print "</tr>";
print '<tr class="impair">';
print '<td class="fieldrequired">'.$langs->trans("KeyForApiAccess").'</td>';
print '<td><input type="text" class="flat" id="API_KEY" name="API_KEY" value="'. (GETPOST('API_KEY')?GETPOST('API_KEY'):(! empty($conf->global->API_KEY)?$conf->global->API_KEY:'')) . '" size="40">';
if (! empty($conf->use_javascript_ajax))
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"');
print '</td>';
print '<td>&nbsp;</td>';
print '</tr>';
print '</table>';
print '<br><div class="center">';
print '<input type="submit" name="save" class="button" value="'.$langs->trans("Save").'">';
print '</div>';
print '</form>';
print '<br><br>';
// API endpoint
print '<u>'.$langs->trans("ApiEndPointIs").':</u><br>';
$url=DOL_MAIN_URL_ROOT.'/public/api/';
print img_picto('','object_globe.png').' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
$url=DOL_MAIN_URL_ROOT.'/public/api/.json';
print img_picto('','object_globe.png').' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
// Explorer
print '<u>'.$langs->trans("ApiExporerIs").':</u><br>';
$url=DOL_MAIN_URL_ROOT.'/public/api/explorer/index.html';
print img_picto('','object_globe.png').' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
print '<br>';
print '<br>';
print $langs->trans("OnlyActiveElementsAreExposed", DOL_URL_ROOT.'/admin/modules.php');
if (! empty($conf->use_javascript_ajax))
{
print "\n".'<script type="text/javascript">';
print '$(document).ready(function () {
$("#generate_token").click(function() {
$.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
action: \'getrandompassword\',
generic: true
},
function(token) {
$("#API_KEY").val(token);
});
});
});';
print '</script>';
}
llxFooter();
$db->close();
htdocs/api/class/api.class.php 0 → 100644
+ 215
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use Luracast\Restler\Restler;
use Luracast\Restler\RestException;
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
/**
* Class for API
*
*/
class DolibarrApi
{
/**
* @var DoliDb $db Database object
*/
static protected $db;
/**
* @var Restler $r Restler object
*/
var $r;
/**
* Constructor
*
* @param DoliDb $db Database handler
*/
function __construct($db) {
$this->db = $db;
$this->r = new Restler();
}
/**
* Executed method when API is called without parameter
*
* Display a short message an return a http code 200
*
* @return array
*/
function index()
{
return array(
'success' => array(
'code' => 200,
'message' => __class__.' is up and running!'
)
);
}
/**
* Clean sensible object datas
*
* @param object $object Object to clean
* @return array Array of cleaned object properties
*
* @todo use an array for properties to clean
*
*/
function _cleanObjectDatas($object) {
// Remove $db object property for object
unset($object->db);
// If object has lines, remove $db property
if(isset($object->lines) && count($object->lines) > 0) {
for($i=0; $i < count($object->lines); $i++) {
$this->_cleanObjectDatas($object->lines[$i]);
}
}
// If object has linked objects, remove $db property
if(isset($object->linkedObjects) && count($object->linkedObjects) > 0) {
foreach($object->linkedObjects as $type_object => $linked_object) {
foreach($linked_object as $object2clean) {
$this->_cleanObjectDatas($object2clean);
}
}
}
return $object;
}
/**
* Check user access to a resource
*
* Check access by user to a given resource
*
* @param string $resource element to check
* @param int $resource_id Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param type $dbtablename 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @throws RestException
*/
static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') {
// Features/modules to check
$featuresarray = array($resource);
if (preg_match('/&/', $resource)) {
$featuresarray = explode("&", $resource);
}
else if (preg_match('/\|/', $resource)) {
$featuresarray = explode("|", $resource);
}
// More subfeatures to check
if (! empty($feature2)) {
$feature2 = explode("|", $feature2);
}
return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray,$resource_id,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
}
/**
* API init
*
*/
class DolibarrApiInit extends DolibarrApi
{
function __construct() {
global $db;
$this->db = $db;
}
/**
* Login
*
* Log user with username and password
*
* @param string $login Username
* @param string $password User password
* @param int $entity User entity
* @return array Response status and user token
*
* @throws RestException
*/
public function login($login, $password, $entity = 0) {
// Authentication mode
if (empty($dolibarr_main_authentication))
$dolibarr_main_authentication = 'http,dolibarr';
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user))
$dolibarr_auto_user = 'auto';
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($login, $password, $entity, $authmode);
if (empty($login))
{
throw new RestException(403, 'Access denied');
}
// Generate token for user
$token = dol_hash($login.uniqid().$conf->global->MAIN_API_KEY,1);
// We store API token into database
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET api_key = '".$this->db->escape($token)."'";
$sql.= " WHERE login = '".$this->db->escape($login)."'";
dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
$result = $this->db->query($sql);
if (!$result)
{
throw new RestException(500, 'Error when updating user :'.$this->db->error_msg);
}
//return token
return array(
'success' => array(
'code' => 200,
'token' => $token,
'message' => 'Welcome ' . $login
)
);
}
/**
* Get status (Dolibarr version)
*
* @access protected
* @class DolibarrApiAccess {@requires admin}
*/
function status() {
require_once DOL_DOCUMENT_ROOT . '/core/lib/functions.lib.php';
return array(
'success' => array(
'code' => 200,
'dolibarr_version' => DOL_VERSION
)
);
}
}
htdocs/api/class/api_access.class.php 0 → 100644
+ 144
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use \Luracast\Restler\iAuthenticate;
use \Luracast\Restler\Resources;
use \Luracast\Restler\Defaults;
use Luracast\Restler\RestException;
/**
* Dolibarr API access class
*
*/
class DolibarrApiAccess implements iAuthenticate
{
const REALM = 'Restricted Dolibarr API';
/**
* @var array $requires role required by API method user / external / admin
*/
public static $requires = array('user','external','admin');
/**
* @var string $role user role
*/
public static $role = 'user';
/**
* @var User $user Loggued user
*/
public static $user = '';
// @codingStandardsIgnoreStart
/**
* @return string string to be used with WWW-Authenticate header
* @example Basic
* @example Digest
* @example OAuth
*/
public function __getWWWAuthenticateString();
/**
* Check access
*
* @return boolean
*/
public function _isAllowed()
{
// @codingStandardsIgnoreEnd
global $db;
$stored_key = '';
$userClass = Defaults::$userIdentifierClass;
if (isset($_GET['api_key'])) {
$sql = "SELECT u.login, u.datec, u.api_key, ";
$sql.= " u.tms as date_modification, u.entity";
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
$sql.= " WHERE u.api_key = '".$db->escape($_GET['api_key'])."'";
if ($db->query($sql))
{
if ($db->num_rows($result))
{
$obj = $db->fetch_object($result);
$login = $obj->login;
$stored_key = $obj->api_key;
}
}
else {
throw new RestException(503, 'Error when fetching user api_key :'.$db->error_msg);
}
if ( $stored_key != $_GET['api_key']) {
$userClass::setCacheIdentifier($_GET['api_key']);
return false;
}
$fuser = new User($db);
if(! $fuser->fetch('',$login)) {
throw new RestException(503, 'Error when fetching user :'.$fuser->error);
}
$fuser->getrights();
static::$user = $fuser;
if($fuser->societe_id)
static::$role = 'external';
if($fuser->admin)
static::$role = 'admin';
}
else
{
return false;
}
$userClass::setCacheIdentifier(static::$role);
Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
return in_array(static::$role, (array) static::$requires) || static::$role == 'admin';
}
// @codingStandardsIgnoreStart
public function __getWWWAuthenticateString()
{
return '';
}
// @codingStandardsIgnoreEnd
/**
* Verify access
*
* @param array $m Properties of method
*
* @access private
*/
public static function verifyAccess(array $m)
{
$requires = isset($m['class']['DolibarrApiAccess']['properties']['requires'])
? $m['class']['DolibarrApiAccess']['properties']['requires']
: false;
return $requires
? static::$role == 'admin' || in_array(static::$role, (array) $requires)
: true;
}
}
htdocs/api/index.php 0 → 100644
+ 8
0
View file @ cb6f23d9
<?php
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
htdocs/api/readme.md 0 → 100644
+ 50
0
View file @ cb6f23d9
API howto
=========
Explore the api
---------------
You can explore API method by using web interface : https://**yourdolibarr.tld**/htdocs/public/api/explorer/index.html (replace **yourdolibarr.tld** by real hostname of your Dolibarr installation)
Access to the API
---------------
> **Warning : access to the API should (or better : must!) be secured with SSL connection**
To access to the API you need a token to identify. When you access the API for the first time, you need to log in with user name and password to get a token. **Only** this token will allow to access API with.
To log in with the API, use this uri : https://**yourdolibarr.tld**/htdocs/public/api/login?login=**username**&password=**password** (replace bold strings with real values)
The token will be saved by Dolibarr for next user accesses to the API and it **must** be put into request uri as **api_key** parameter.
Develop the API
--------------
The API uses Lucarast Restler framework. Please check documentation https://www.luracast.com/products/restler and examples http://help.luracast.com/restler/examples/
Github contains also usefull informations : https://github.com/Luracast/Restler
To implement it into Dolibarr, we need to create a specific class for object we want to use. A skeleton file is available into /dev directory : *skeleton_api_class.class.php*
The API class file must be put into object class directory, with specific file name. By example, API class file for '*myobject*' must be put as : /htdocs/*myobject*/class/api_*myobject*.class.php. Class must be named **MyobjectApi**.
If a module provide several object, use a different name for '*myobject*' and put the file into the same directory.
**Define url for methods**
It is possible to specify url for API methods by simply use the PHPDoc tag **@url**. See examples :
/**
* List contacts
*
* Get a list of contacts
*
* @url GET /contact/list
* @url GET /contact/list/{socid}
* @url GET /thirdparty/{socid}/contacts
* [...]
**Other Annotations**
Other annotations are used, you are encouraged to read them : https://github.com/Luracast/Restler/blob/master/ANNOTATIONS.md
PHPDoc tags can also be used to specify variables informations for API. Again, rtfm : https://github.com/Luracast/Restler/blob/master/PARAM.md
htdocs/categories/class/api_category.class.php 0 → 100644
+ 355
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use Luracast\Restler\RestException;
require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
/**
* API class for category object
*
* @smart-auto-routing false
* @access protected
* @class DolibarrApiAccess {@requires user,external}
*
*
*/
class CategoryApi extends DolibarrApi
{
/**
* @var array $FIELDS Mandatory fields, checked when create and update object
*/
static $FIELDS = array(
'label',
'type'
);
static $TYPES = array(
0 => 'product',
1 => 'supplier',
2 => 'customer',
3 => 'member',
4 => 'contact',
);
/**
* @var Categorie $category {@type Categorie}
*/
public $category;
/**
* Constructor
*
* @url GET category/
*
*/
function __construct()
{
global $db, $conf;
$this->db = $db;
$this->category = new Categorie($this->db);
}
/**
* Get properties of a category object
*
* Return an array with category informations
*
* @param int $id ID of category
* @return array|mixed data without useless information
*
* @url GET category/{id}
* @throws RestException
*/
function get($id)
{
if(! DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
}
$result = $this->category->fetch($id);
if( ! $result ) {
throw new RestException(404, 'category not found');
}
if( ! DolibarrApi::_checkAccessToResource('category',$this->category->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
return $this->_cleanObjectDatas($this->category);
}
/**
* List categories
*
* Get a list of categories
*
* @param string $type Type of category ('member', 'customer', 'supplier', 'product', 'contact')
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @return array Array of category objects
*
* @url GET /category/list
*/
function getList($type='product', $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
global $db, $conf;
$obj_ret = array();
if(! DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
}
$sql = "SELECT s.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."categorie as s";
$sql.= ' WHERE s.entity IN ('.getEntity('categorie', 1).')';
$sql.= ' AND s.type='.array_search($type,CategoryApi::$TYPES);
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
$page = 0;
}
$offset = $limit * $page;
$sql.= $db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$category_static = new Categorie($db);
if($category_static->fetch($obj->rowid)) {
$obj_ret[] = parent::_cleanObjectDatas($category_static);
}
$i++;
}
}
else {
throw new RestException(503, 'Error when retrieve category list : '.$category_static->error);
}
if( ! count($obj_ret)) {
throw new RestException(404, 'No category found');
}
return $obj_ret;
}
/**
* Get member categories list
*
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @return mixed
*
* @url GET /category/list/member
*/
function getListCategoryMember($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
return $this->getList('member', $sortfield, $sortorder, $limit, $page);
}
/**
* Get customer categories list
*
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
*
* @return mixed
*
* @url GET /category/list/customer
*/
function getListCategoryCustomer($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
return $this->getList('customer', $sortfield, $sortorder, $limit, $page);
}
/**
* Get supplier categories list
*
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
*
* @return mixed
*
* @url GET /category/list/supplier
*/
function getListCategorySupplier($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
return $this->getList('supplier', $sortfield, $sortorder, $limit, $page);
}
/**
* Get product categories list
*
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
*
* @return mixed
*
* @url GET /category/list/product
*/
function getListCategoryProduct($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
return $this->getList('product', $sortfield, $sortorder, $limit, $page);
}
/**
* Get contact categories list
*
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
* @return mixed
*
* @url GET /category/list/contact
*/
function getListCategoryContact($sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
return $this->getList('contact', $sortfield, $sortorder, $limit, $page);
}
/**
* Create category object
*
* @param array $request_data Request data
* @return int ID of category
*
* @url POST category/
*/
function post($request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->categorie->creer) {
throw new RestException(401);
}
// Check mandatory fields
$result = $this->_validate($request_data);
foreach($request_data as $field => $value) {
$this->category->$field = $value;
}
if($this->category->create(DolibarrApiAccess::$user) < 0) {
throw new RestException(503, 'Error when create category : '.$this->category->error);
}
return $this->category->id;
}
/**
* Update category
*
* @param int $id Id of category to update
* @param array $request_data Datas
* @return int
*
* @url PUT category/{id}
*/
function put($id, $request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->categorie->creer) {
throw new RestException(401);
}
$result = $this->category->fetch($id);
if( ! $result ) {
throw new RestException(404, 'category not found');
}
if( ! DolibarrApi::_checkAccessToResource('category',$this->category->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
foreach($request_data as $field => $value) {
$this->category->$field = $value;
}
if($this->category->update(DolibarrApiAccess::$user))
return $this->get ($id);
return false;
}
/**
* Delete category
*
* @param int $id Category ID
* @return array
*
* @url DELETE category/{id}
*/
function delete($id)
{
if(! DolibarrApiAccess::$user->rights->categorie->supprimer) {
throw new RestException(401);
}
$result = $this->category->fetch($id);
if( ! $result ) {
throw new RestException(404, 'category not found');
}
if( ! DolibarrApi::_checkAccessToResource('category',$this->category->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
if (! $this->category->delete(DolibarrApiAccess::$user)) {
throw new RestException(401,'error when delete category');
}
return array(
'success' => array(
'code' => 200,
'message' => 'Category deleted'
)
);
}
/**
* Validate fields before create or update object
*
* @param array $data Data to validate
* @return array
*
* @throws RestException
*/
function _validate($data)
{
$category = array();
foreach (CategoryApi::$FIELDS as $field) {
if (!isset($data[$field]))
throw new RestException(400, "$field field missing");
$category[$field] = $data[$field];
}
return $category;
}
}
htdocs/commande/class/api_commande.class.php 0 → 100644
+ 335
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use Luracast\Restler\RestException;
require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
/**
* API class for commande object
*
* @smart-auto-routing false
* @access protected
* @class DolibarrApiAccess {@requires user,external}
*
* @category Api
* @package Api
*
*
*/
class CommandeApi extends DolibarrApi
{
/**
* @var array $FIELDS Mandatory fields, checked when create and update object
*/
static $FIELDS = array(
'socid'
);
/**
* @var Commande $commande {@type Commande}
*/
public $commande;
/**
* Constructor
*
* @url GET order/
*
*/
function __construct()
{
global $db, $conf;
$this->db = $db;
$this->commande = new Commande($this->db);
}
/**
* Get properties of a commande object
*
* Return an array with commande informations
*
* @param int $id ID of order
* @param string $ref Ref of object
* @param string $ref_ext External reference of object
* @param string $ref_int Internal reference of other object
* @return array|mixed data without useless information
*
* @url GET order/{id}
* @throws RestException
*/
function get($id='',$ref='', $ref_ext='', $ref_int='')
{
if(! DolibarrApiAccess::$user->rights->commande->lire) {
throw new RestException(401);
}
$result = $this->commande->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Order not found');
}
if( ! DolibarrApi::_checkAccessToResource('commande',$this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$this->commande->fetchObjectLinked();
return $this->_cleanObjectDatas($this->commande);
}
/**
* List orders
*
* Get a list of orders
*
* @param int $mode Use this param to filter list
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
*
* @url GET /order/list
* @return array Array of order objects
*/
function getList($mode=0, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
global $db, $conf;
$obj_ret = array();
$socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : '';
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT s.rowid";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
$sql.= " FROM ".MAIN_DB_PREFIX."commande as s";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
// Example of use $mode
//if ($mode == 1) $sql.= " AND s.client IN (1, 3)";
//if ($mode == 2) $sql.= " AND s.client IN (2, 3)";
$sql.= ' WHERE s.entity IN ('.getEntity('commande', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
if ($socid) $sql.= " AND s.fk_soc = ".$socid;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
$page = 0;
}
$offset = $limit * $page;
$sql.= $db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$commande_static = new Commande($db);
if($commande_static->fetch($obj->rowid)) {
$obj_ret[] = parent::_cleanObjectDatas($commande_static);
}
$i++;
}
}
else {
throw new RestException(503, 'Error when retrieve commande list');
}
if( ! count($obj_ret)) {
throw new RestException(404, 'No commande found');
}
return $obj_ret;
}
/**
* Create order object
*
* @param array $request_data Request datas
*
* @url POST order/
*
* @return int ID of commande
*/
function post($request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
}
// Check mandatory fields
$result = $this->_validate($request_data);
foreach($request_data as $field => $value) {
$this->commande->$field = $value;
}
if(! $this->commande->create(DolibarrApiAccess::$user) ) {
throw new RestException(401);
}
return $this->commande->ref;
}
/**
* Update order
*
* @param int $id Id of commande to update
* @param array $request_data Datas
*
* @url PUT order/{id}
*
* @return int
*/
function put($id, $request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
}
$result = $this->commande->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Commande not found');
}
if( ! DolibarrApi::_checkAccessToResource('commande',$this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
foreach($request_data as $field => $value) {
$this->commande->$field = $value;
}
if($this->commande->update($id, DolibarrApiAccess::$user,1,'','','update'))
return $this->get ($id);
return false;
}
/**
* Delete order
*
* @param int $id Order ID
*
* @url DELETE order/{id}
*
* @return array
*/
function delete($id)
{
if(! DolibarrApiAccess::$user->rights->commande->supprimer) {
throw new RestException(401);
}
$result = $this->commande->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Order not found');
}
if( ! DolibarrApi::_checkAccessToResource('commande',$this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
if( ! $this->commande->delete(DolibarrApiAccess::$user)) {
throw new RestException(500, 'Error when delete order : '.$this->commande->error);
}
return array(
'success' => array(
'code' => 200,
'message' => 'Order deleted'
)
);
}
/**
* Validate an order
*
* @param int $id Order ID
* @param int $idwarehouse Warehouse ID
*
* @url GET order/{id}/validate
* @url POST order/{id}/validate
*
* @return array
*
*/
function validOrder($id, $idwarehouse=0)
{
if(! DolibarrApiAccess::$user->rights->commande->creer) {
throw new RestException(401);
}
$result = $this->commande->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Order not found');
}
if( ! DolibarrApi::_checkAccessToResource('commande',$this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
if( ! $this->commande->valid(DolibarrApiAccess::$user, $idwarehouse)) {
throw new RestException(500, 'Error when validate order');
}
return array(
'success' => array(
'code' => 200,
'message' => 'Order validated'
)
);
}
/**
* Validate fields before create or update object
*
* @param array $data Array with data to verify
* @return array
* @throws RestException
*/
function _validate($data)
{
$commande = array();
foreach (CommandeApi::$FIELDS as $field) {
if (!isset($data[$field]))
throw new RestException(400, "$field field missing");
$commande[$field] = $data[$field];
}
return $commande;
}
}
htdocs/compta/facture/class/api_invoice.class.php 0 → 100644
+ 297
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use Luracast\Restler\RestException;
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
/**
* API class for invoice object
*
* @smart-auto-routing false
* @access protected
* @class DolibarrApiAccess {@requires user,external}
*
*/
class InvoiceApi extends DolibarrApi
{
/**
*
* @var array $FIELDS Mandatory fields, checked when create and update object
*/
static $FIELDS = array(
'socid'
);
/**
* @var Facture $invoice {@type Facture}
*/
public $invoice;
/**
* Constructor
*
* @url GET invoice/
*
*/
function __construct()
{
global $db, $conf;
$this->db = $db;
$this->invoice = new Facture($this->db);
}
/**
* Get properties of a invoice object
*
* Return an array with invoice informations
*
* @param int $id ID of invoice
* @return array|mixed data without useless information
*
* @url GET invoice/{id}
* @throws RestException
*/
function get($id)
{
if(! DolibarrApiAccess::$user->rights->facture->lire) {
throw new RestException(401);
}
$result = $this->invoice->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Facture not found');
}
if( ! DolibarrApi::_checkAccessToResource('facture',$this->invoice->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
return $this->_cleanObjectDatas($this->invoice);
}
/**
* List invoices
*
* Get a list of invoices
*
* @param int $socid Filter list with thirdparty ID
* @param string $mode Filter by invoice status : draft | unpaid | paid | cancelled
* @param string $sortfield Sort field
* @param string $sortorder Sort order
* @param int $limit Limit for list
* @param int $page Page number
*
* @return array Array of invoice objects
*
* @url GET invoice/list
* @url GET invoice/list/{mode}
* @url GET thirdparty/{socid}/invoice/list
* @url GET thirdparty/{socid}/invoice/list/{mode}
*/
function getList($socid=0, $mode='', $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
global $db, $conf;
$obj_ret = array();
$socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : '';
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id;
$sql = "SELECT s.rowid";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
$sql.= " FROM ".MAIN_DB_PREFIX."facture as s";
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
$sql.= ' WHERE s.entity IN ('.getEntity('facture', 1).')';
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
if ($socid) $sql.= " AND s.fk_soc = ".$socid;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
// Example of use $mode
if ($mode == 'draft') $sql.= " AND s.fk_statut IN (0)";
if ($mode == 'unpaid') $sql.= " AND s.fk_statut IN (1)";
if ($mode == 'paid') $sql.= " AND s.fk_statut IN (2)";
if ($mode == 'cancelled') $sql.= " AND s.fk_statut IN (3)";
// Insert sale filter
if ($search_sale > 0)
{
$sql .= " AND sc.fk_user = ".$search_sale;
}
$nbtotalofrecords = 0;
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
{
$result = $db->query($sql);
$nbtotalofrecords = $db->num_rows($result);
}
$sql.= $db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
$page = 0;
}
$offset = $limit * $page;
$sql.= $db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$invoice_static = new Facture($db);
if($invoice_static->fetch($obj->rowid)) {
$obj_ret[] = parent::_cleanObjectDatas($invoice_static);
}
$i++;
}
}
else {
throw new RestException(503, 'Error when retrieve invoice list');
}
if( ! count($obj_ret)) {
throw new RestException(404, 'No invoice found');
}
return $obj_ret;
}
/**
* Create invoice object
*
* @param array $request_data Request datas
* @return int ID of invoice
*
* @url POST invoice/
*/
function post($request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
}
// Check mandatory fields
$result = $this->_validate($request_data);
foreach($request_data as $field => $value) {
$this->invoice->$field = $value;
}
if(! array_keys($request_data,'date')) {
$this->invoice->date = dol_now();
}
if( ! $this->invoice->create(DolibarrApiAccess::$user)) {
throw new RestException(500);
}
return $this->invoice->id;
}
/**
* Update invoice
*
* @param int $id Id of invoice to update
* @param array $request_data Datas
* @return int
*
* @url PUT invoice/{id}
*/
function put($id, $request_data = NULL)
{
if(! DolibarrApiAccess::$user->rights->facture->creer) {
throw new RestException(401);
}
$result = $this->invoice->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Facture not found');
}
if( ! DolibarrApi::_checkAccessToResource('facture',$this->invoice->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
foreach($request_data as $field => $value) {
$this->invoice->$field = $value;
}
if($this->invoice->update($id, DolibarrApiAccess::$user))
return $this->get ($id);
return false;
}
/**
* Delete invoice
*
* @param int $id Invoice ID
* @return type
*
* @url DELETE invoice/{id}
*/
function delete($id)
{
if(! DolibarrApiAccess::$user->rights->facture->supprimer) {
throw new RestException(401);
}
$result = $this->invoice->fetch($id);
if( ! $result ) {
throw new RestException(404, 'Facture not found');
}
if( ! DolibarrApi::_checkAccessToResource('facture',$this->facture->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
if( !$this->invoice->delete($id))
{
throw new RestException(500);
}
return array(
'success' => array(
'code' => 200,
'message' => 'Facture deleted'
)
);
}
/**
* Validate fields before create or update object
*
* @param array $data Datas to validate
* @return array
*
* @throws RestException
*/
function _validate($data)
{
$invoice = array();
foreach (InvoiceApi::$FIELDS as $field) {
if (!isset($data[$field]))
throw new RestException(400, "$field field missing");
$invoice[$field] = $data[$field];
}
return $invoice;
}
}
htdocs/core/lib/security.lib.php
+ 178
152
View file @ cb6f23d9
......@@ -331,163 +331,189 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
// is linked to a company allowed to $user.
if (! empty($objectid) && $objectid > 0)
{
foreach ($featuresarray as $feature)
{
$sql='';
$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet'); // Test for project object
$nocheck = array('barcode','stock','fournisseur'); // No test
$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtable not defined, we use same name for table than module name
if (empty($dbtablename)) $dbtablename = $feature;
// Check permission for object with entity
if (in_array($feature,$check))
{
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
if (($feature == 'user' || $feature == 'usergroup') && ! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity)
{
$sql.= " AND dbt.entity IS NOT NULL";
}
else
{
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (in_array($feature,$checksoc)) // We check feature = checksoc
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
if ($user->societe_id <> $objectid) accessforbidden();
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
$sql = "SELECT sc.fk_soc";
$sql.= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= ", ".MAIN_DB_PREFIX."societe as s)";
$sql.= " WHERE sc.fk_soc = ".$objectid;
$sql.= " AND sc.fk_user = ".$user->id;
$sql.= " AND sc.fk_soc = s.rowid";
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT s.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql.= " WHERE s.rowid = ".$objectid;
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (in_array($feature,$checkother))
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.fk_soc = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (in_array($feature,$checkproject))
{
if (! empty($conf->projet->enabled) && ! $user->rights->projet->all->lire)
{
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
$projectstatic=new Project($db);
$tmps=$projectstatic->getProjectsAuthorizedForUser($user,0,1,0);
$tmparray=explode(',',$tmps);
if (! in_array($objectid,$tmparray)) accessforbidden();
}
else
{
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (! in_array($feature,$nocheck)) // By default we check with link to third party
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT dbt.".$dbt_keyfield;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT sc.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= ", ".MAIN_DB_PREFIX."societe as s";
$sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
$sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
$sql.= " AND sc.fk_user = ".$user->id;
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
//print "sql=".$sql."<br>";
if ($sql)
{
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows($resql) == 0) accessforbidden();
}
else
{
accessforbidden();
}
}
}
$ok = checkUserAccessToObject($user, $featuresarray,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
return $ok ? 1 : accessforbidden();
}
return 1;
}
/**
* Check access by user to object
*
* @param User $user User to check
* @param array $featuresarray Features/modules to check
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $dbtablename 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
*
* @return bool True if user has access, False otherwise
*/
function checkUserAccessToObject($user, $featuresarray, $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='', $dbt_select='')
{
global $db, $conf;
// More parameters
$params = explode('&', $dbtablename);
$dbtablename=(! empty($params[0]) ? $params[0] : '');
$sharedelement=(! empty($params[1]) ? $params[1] : $dbtablename);
foreach ($featuresarray as $feature)
{
$sql='';
$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet'); // Test for project object
$nocheck = array('barcode','stock','fournisseur'); // No test
$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtable not defined, we use same name for table than module name
if (empty($dbtablename)) $dbtablename = $feature;
// Check permission for object with entity
if (in_array($feature,$check))
{
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
if (($feature == 'user' || $feature == 'usergroup') && ! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity)
{
$sql.= " AND dbt.entity IS NOT NULL";
}
else
{
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (in_array($feature,$checksoc)) // We check feature = checksoc
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
if ($user->societe_id <> $objectid) return false;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
$sql = "SELECT sc.fk_soc";
$sql.= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= ", ".MAIN_DB_PREFIX."societe as s)";
$sql.= " WHERE sc.fk_soc = ".$objectid;
$sql.= " AND sc.fk_user = ".$user->id;
$sql.= " AND sc.fk_soc = s.rowid";
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT s.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql.= " WHERE s.rowid = ".$objectid;
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (in_array($feature,$checkother))
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.fk_soc = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (in_array($feature,$checkproject))
{
if (! empty($conf->projet->enabled) && ! $user->rights->projet->all->lire)
{
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
$projectstatic=new Project($db);
$tmps=$projectstatic->getProjectsAuthorizedForUser($user,0,1,0);
$tmparray=explode(',',$tmps);
if (! in_array($objectid,$tmparray)) return false;
}
else
{
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
else if (! in_array($feature,$nocheck)) // By default we check with link to third party
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT dbt.".$dbt_keyfield;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT sc.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= ", ".MAIN_DB_PREFIX."societe as s";
$sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
$sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
$sql.= " AND sc.fk_user = ".$user->id;
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
//print "sql=".$sql."<br>";
if ($sql)
{
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows($resql) == 0) return false;
}
else
{
return false;
}
}
}
return true;
}
/**
* Show a message to say access is forbidden and stop program
......
htdocs/core/modules/modApi.class.php 0 → 100644
+ 252
0
View file @ cb6f23d9
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \defgroup api Module Api
* \brief Descriptor file for Api modulee
* \file htdocs/api/core/modules/modApi.class.php
* \ingroup api
* \brief Description and activation file for module Api
*/
include_once DOL_DOCUMENT_ROOT .'/core/modules/DolibarrModules.class.php';
/**
* Description and activation class for module Api
*/
class modApi extends DolibarrModules
{
/**
* Constructor. Define names, constants, directories, boxes, permissions
*
* @param DoliDB $db Database handler
*/
function __construct($db)
{
global $langs,$conf;
$this->db = $db;
// Id for module (must be unique).
// Use here a free id (See in Home -> System information -> Dolibarr for list of used modules id).
$this->numero = 2610;
// Key text used to identify module (for permissions, menus, etc...)
$this->rights_class = 'api';
// Family can be 'crm','financial','hr','projects','products','ecm','technic','other'
// It is used to group modules in module setup page
$this->family = "technic";
// Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module)
$this->name = preg_replace('/^mod/i','',get_class($this));
// Module description, used if translation string 'ModuleXXXDesc' not found (where XXX is value of numeric property 'numero' of module)
$this->description = "REST interface";
// Possible values for version are: 'development', 'experimental', 'dolibarr' or 'dolibarr_deprecated' or version
$this->version = 'development';
// Key used in llx_const table to save module status enabled/disabled (where MYMODULE is value of property name of module in uppercase)
$this->const_name = 'MAIN_MODULE_'.strtoupper($this->name);
// Where to store the module in setup page (0=common,1=interface,2=others,3=very specific)
$this->special = 1;
// Name of image file used for this module.
// If file is in theme/yourtheme/img directory under name object_pictovalue.png, use this->picto='pictovalue'
// If file is in module/img directory under name object_pictovalue.png, use this->picto='pictovalue@module'
$this->picto='technic';
$this->module_parts = array();
// Data directories to create when module is enabled.
// Example: this->dirs = array("/api/temp");
$this->dirs = array();
// Config pages. Put here list of php page, stored into api/admin directory, to use to setup module.
$this->config_page_url = array("api.php@api");
// Dependencies
$this->hidden = false; // A condition to hide module
$this->depends = array(); // List of modules id that must be enabled if this module is enabled
$this->requiredby = array(); // List of modules id to disable if this one is disabled
$this->conflictwith = array(); // List of modules id this module is in conflict with
$this->phpmin = array(5,3); // Minimum version of PHP required by module
$this->langfiles = array("other");
// Constants
// List of particular constants to add when module is enabled (key, 'chaine', value, desc, visible, 'current' or 'allentities', deleteonunactive)
// Example: $this->const=array(0=>array('MYMODULE_MYNEWCONST1','chaine','myvalue','This is a constant to add',1),
// 1=>array('MYMODULE_MYNEWCONST2','chaine','myvalue','This is another constant to add',0, 'current', 1)
// );
$this->const = array();
// Array to add new pages in new tabs
// Example: $this->tabs = array('objecttype:+tabname1:Title1:mylangfile@api:$user->rights->api->read:/api/mynewtab1.php?id=__ID__', // To add a new tab identified by code tabname1
// 'objecttype:+tabname2:SUBSTITUTION_Title2:mylangfile@api:$user->rights->othermodule->read:/api/mynewtab2.php?id=__ID__', // To add another new tab identified by code tabname2. Label will be result of calling all substitution functions on 'Title2' key.
// 'objecttype:-tabname:NU:conditiontoremove'); // To remove an existing tab identified by code tabname
// where objecttype can be
// 'categories_x' to add a tab in category view (replace 'x' by type of category (0=product, 1=supplier, 2=customer, 3=member)
// 'contact' to add a tab in contact view
// 'contract' to add a tab in contract view
// 'group' to add a tab in group view
// 'intervention' to add a tab in intervention view
// 'invoice' to add a tab in customer invoice view
// 'invoice_supplier' to add a tab in supplier invoice view
// 'member' to add a tab in fundation member view
// 'opensurveypoll' to add a tab in opensurvey poll view
// 'order' to add a tab in customer order view
// 'order_supplier' to add a tab in supplier order view
// 'payment' to add a tab in payment view
// 'payment_supplier' to add a tab in supplier payment view
// 'product' to add a tab in product view
// 'propal' to add a tab in propal view
// 'project' to add a tab in project view
// 'stock' to add a tab in stock view
// 'thirdparty' to add a tab in third party view
// 'user' to add a tab in user view
$this->tabs = array();
// Dictionaries
if (! isset($conf->api->enabled))
{
$conf->api=new stdClass();
$conf->api->enabled=0;
}
$this->dictionaries=array();
/* Example:
if (! isset($conf->api->enabled)) $conf->api->enabled=0; // This is to avoid warnings
$this->dictionaries=array(
'langs'=>'mylangfile@api',
'tabname'=>array(MAIN_DB_PREFIX."table1",MAIN_DB_PREFIX."table2",MAIN_DB_PREFIX."table3"), // List of tables we want to see into dictonnary editor
'tablib'=>array("Table1","Table2","Table3"), // Label of tables
'tabsql'=>array('SELECT f.rowid as rowid, f.code, f.label, f.active FROM '.MAIN_DB_PREFIX.'table1 as f','SELECT f.rowid as rowid, f.code, f.label, f.active FROM '.MAIN_DB_PREFIX.'table2 as f','SELECT f.rowid as rowid, f.code, f.label, f.active FROM '.MAIN_DB_PREFIX.'table3 as f'), // Request to select fields
'tabsqlsort'=>array("label ASC","label ASC","label ASC"), // Sort order
'tabfield'=>array("code,label","code,label","code,label"), // List of fields (result of select to show dictionary)
'tabfieldvalue'=>array("code,label","code,label","code,label"), // List of fields (list of fields to edit a record)
'tabfieldinsert'=>array("code,label","code,label","code,label"), // List of fields (list of fields for insert)
'tabrowid'=>array("rowid","rowid","rowid"), // Name of columns with primary key (try to always name it 'rowid')
'tabcond'=>array($conf->api->enabled,$conf->api->enabled,$conf->api->enabled) // Condition to show each dictionary
);
*/
// Boxes
// Add here list of php file(s) stored in core/boxes that contains class to show a box.
$this->boxes = array(); // List of boxes
// Example:
//$this->boxes=array(array(0=>array('file'=>'myboxa.php','note'=>'','enabledbydefaulton'=>'Home'),1=>array('file'=>'myboxb.php','note'=>''),2=>array('file'=>'myboxc.php','note'=>'')););
// Permissions
$this->rights = array(); // Permission array used by this module
$r=0;
// Add here list of permission defined by an id, a label, a boolean and two constant strings.
// Example:
// $this->rights[$r][0] = $this->numero + $r; // Permission id (must not be already used)
// $this->rights[$r][1] = 'Permision label'; // Permission label
// $this->rights[$r][3] = 1; // Permission by default for new user (0/1)
// $this->rights[$r][4] = 'level1'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
// $this->rights[$r][5] = 'level2'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
// $r++;
// Main menu entries
$this->menu = array(); // List of menus to add
$r=0;
// Add here entries to declare new menus
//
// Example to declare a new Top Menu entry and its Left menu entry:
// $this->menu[$r]=array( 'fk_menu'=>0, // Put 0 if this is a top menu
// 'type'=>'top', // This is a Top menu entry
// 'titre'=>'Api top menu',
// 'mainmenu'=>'api',
// 'leftmenu'=>'api',
// 'url'=>'/api/pagetop.php',
// 'langs'=>'mylangfile@api', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
// 'position'=>100,
// 'enabled'=>'$conf->api->enabled', // Define condition to show or hide menu entry. Use '$conf->api->enabled' if entry must be visible if module is enabled.
// 'perms'=>'1', // Use 'perms'=>'$user->rights->api->level1->level2' if you want your menu with a permission rules
// 'target'=>'',
// 'user'=>2); // 0=Menu for internal users, 1=external users, 2=both
// $r++;
//
// Example to declare a Left Menu entry into an existing Top menu entry:
// $this->menu[$r]=array( 'fk_menu'=>'fk_mainmenu=xxx', // Use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
// 'type'=>'left', // This is a Left menu entry
// 'titre'=>'Api left menu',
// 'mainmenu'=>'xxx',
// 'leftmenu'=>'api',
// 'url'=>'/api/pagelevel2.php',
// 'langs'=>'mylangfile@api', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
// 'position'=>100,
// 'enabled'=>'$conf->api->enabled', // Define condition to show or hide menu entry. Use '$conf->api->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected.
// 'perms'=>'1', // Use 'perms'=>'$user->rights->api->level1->level2' if you want your menu with a permission rules
// 'target'=>'',
// 'user'=>2); // 0=Menu for internal users, 1=external users, 2=both
// $r++;
// Exports
$r=1;
// Example:
// $this->export_code[$r]=$this->rights_class.'_'.$r;
// $this->export_label[$r]='CustomersInvoicesAndInvoiceLines'; // Translation key (used only if key ExportDataset_xxx_z not found)
// $this->export_enabled[$r]='1'; // Condition to show export in list (ie: '$user->id==3'). Set to 1 to always show when module is enabled.
// $this->export_permission[$r]=array(array("facture","facture","export"));
// $this->export_fields_array[$r]=array('s.rowid'=>"IdCompany",'s.nom'=>'CompanyName','s.address'=>'Address','s.zip'=>'Zip','s.town'=>'Town','s.fk_pays'=>'Country','s.phone'=>'Phone','s.siren'=>'ProfId1','s.siret'=>'ProfId2','s.ape'=>'ProfId3','s.idprof4'=>'ProfId4','s.code_compta'=>'CustomerAccountancyCode','s.code_compta_fournisseur'=>'SupplierAccountancyCode','f.rowid'=>"InvoiceId",'f.facnumber'=>"InvoiceRef",'f.datec'=>"InvoiceDateCreation",'f.datef'=>"DateInvoice",'f.total'=>"TotalHT",'f.total_ttc'=>"TotalTTC",'f.tva'=>"TotalVAT",'f.paye'=>"InvoicePaid",'f.fk_statut'=>'InvoiceStatus','f.note'=>"InvoiceNote",'fd.rowid'=>'LineId','fd.description'=>"LineDescription",'fd.price'=>"LineUnitPrice",'fd.tva_tx'=>"LineVATRate",'fd.qty'=>"LineQty",'fd.total_ht'=>"LineTotalHT",'fd.total_tva'=>"LineTotalTVA",'fd.total_ttc'=>"LineTotalTTC",'fd.date_start'=>"DateStart",'fd.date_end'=>"DateEnd",'fd.fk_product'=>'ProductId','p.ref'=>'ProductRef');
// $this->export_entities_array[$r]=array('s.rowid'=>"company",'s.nom'=>'company','s.address'=>'company','s.zip'=>'company','s.town'=>'company','s.fk_pays'=>'company','s.phone'=>'company','s.siren'=>'company','s.siret'=>'company','s.ape'=>'company','s.idprof4'=>'company','s.code_compta'=>'company','s.code_compta_fournisseur'=>'company','f.rowid'=>"invoice",'f.facnumber'=>"invoice",'f.datec'=>"invoice",'f.datef'=>"invoice",'f.total'=>"invoice",'f.total_ttc'=>"invoice",'f.tva'=>"invoice",'f.paye'=>"invoice",'f.fk_statut'=>'invoice','f.note'=>"invoice",'fd.rowid'=>'invoice_line','fd.description'=>"invoice_line",'fd.price'=>"invoice_line",'fd.total_ht'=>"invoice_line",'fd.total_tva'=>"invoice_line",'fd.total_ttc'=>"invoice_line",'fd.tva_tx'=>"invoice_line",'fd.qty'=>"invoice_line",'fd.date_start'=>"invoice_line",'fd.date_end'=>"invoice_line",'fd.fk_product'=>'product','p.ref'=>'product');
// $this->export_sql_start[$r]='SELECT DISTINCT ';
// $this->export_sql_end[$r] =' FROM ('.MAIN_DB_PREFIX.'facture as f, '.MAIN_DB_PREFIX.'facturedet as fd, '.MAIN_DB_PREFIX.'societe as s)';
// $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'product as p on (fd.fk_product = p.rowid)';
// $this->export_sql_end[$r] .=' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture';
// $this->export_sql_order[$r] .=' ORDER BY s.nom';
// $r++;
}
/**
* Function called when module is enabled.
* The init function add constants, boxes, permissions and menus (defined in constructor) into Dolibarr database.
* It also creates data directories
*
* @param string $options Options when enabling module ('', 'noboxes')
* @return int 1 if OK, 0 if KO
*/
function init($options='')
{
$sql = array();
$result=$this->_load_tables('/api/sql/');
return $this->_init($sql, $options);
}
/**
* Function called when module is disabled.
* Remove from database constants, boxes and permissions from Dolibarr database.
* Data directories are not deleted
*
* @param string $options Options when enabling module ('', 'noboxes')
* @return int 1 if OK, 0 if KO
*/
function remove($options='')
{
$sql = array();
return $this->_remove($sql, $options);
}
}
htdocs/includes/restler/ApcCache.php 0 → 100644
+ 114
0
View file @ cb6f23d9
<?php
namespace Luracast\Restler;
use Luracast\Restler\iCache;
/**
* Class ApcCache provides an APC based cache for Restler
*
* @category Framework
* @package Restler
* @author Joel R. Simpson <joel.simpson@gmail.com>
* @copyright 2013 Luracast
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link http://luracast.com/products/restler/
* @version 3.0.0rc5
*/
class ApcCache implements iCache
{
/**
* The namespace that all of the cached entries will be stored under. This allows multiple APIs to run concurrently.
*
* @var string
*/
static public $namespace = 'restler';
/**
* store data in the cache
*
*
* @param string $name
* @param mixed $data
*
* @return boolean true if successful
*/
public function set($name, $data)
{
function_exists('apc_store') || $this->apcNotAvailable();
try {
return apc_store(self::$namespace . "-" . $name, $data);
} catch
(\Exception $exception) {
return false;
}
}
private function apcNotAvailable()
{
throw new \Exception('APC is not available for use as Restler Cache. Please make sure the module is installed. http://php.net/manual/en/apc.installation.php');
}
/**
* retrieve data from the cache
*
*
* @param string $name
* @param bool $ignoreErrors
*
* @throws \Exception
* @return mixed
*/
public function get($name, $ignoreErrors = false)
{
function_exists('apc_fetch') || $this->apcNotAvailable();
try {
return apc_fetch(self::$namespace . "-" . $name);
} catch (\Exception $exception) {
if (!$ignoreErrors) {
throw $exception;
}
return null;
}
}
/**
* delete data from the cache
*
*
* @param string $name
* @param bool $ignoreErrors
*
* @throws \Exception
* @return boolean true if successful
*/
public function clear($name, $ignoreErrors = false)
{
function_exists('apc_delete') || $this->apcNotAvailable();
try {
apc_delete(self::$namespace . "-" . $name);
} catch (\Exception $exception) {
if (!$ignoreErrors) {
throw $exception;
}
}
}
/**
* check if the given name is cached
*
*
* @param string $name
*
* @return boolean true if cached
*/
public function isCached($name)
{
function_exists('apc_exists') || $this->apcNotAvailable();
return apc_exists(self::$namespace . "-" . $name);
}
}
\ No newline at end of file
htdocs/includes/restler/AutoLoader.php 0 → 100644
+ 438
0
View file @ cb6f23d9
<?php
namespace Luracast\Restler {
/**
* Class that implements spl_autoload facilities and multiple
* conventions support.
* Supports composer libraries and 100% PSR-0 compliant.
* In addition we enable namespace prefixing and class aliases.
*
* @category Framework
* @package Restler
* @subpackage helper
* @author Nick Lombard <github@jigsoft.co.za>
* @copyright 2012 Luracast
* @version 3.0.0rc5
*/
class AutoLoader
{
protected static $instance, // the singleton instance reference
$perfectLoaders, // used to keep the ideal list of loaders
$rogueLoaders = array(), // other auto loaders now unregistered
$classMap = array(), // the class to include file mapping
$aliases = array( // aliases and prefixes instead of null list aliases
'Luracast\\Restler' => null,
'Luracast\\Restler\\Format' => null,
'Luracast\\Restler\\Data' => null,
'Luracast\\Restler\\Filter' => null,
);
/**
* Singleton instance facility.
*
* @static
* @return AutoLoader the current instance or new instance if none exists.
*/
public static function instance()
{
static::$instance = static::$instance ?: new static();
return static::thereCanBeOnlyOne();
}
/**
* Helper function to add a path to the include path.
* AutoLoader uses the include path to discover classes.
*
* @static
*
* @param $path string absolute or relative path.
*
* @return bool false if the path cannot be resolved
* or the resolved absolute path.
*/
public static function addPath($path) {
if (false === $path = stream_resolve_include_path($path))
return false;
else
set_include_path($path.PATH_SEPARATOR.get_include_path());
return $path;
}
/**
* Other autoLoaders interfere and cause duplicate class loading.
* AutoLoader is capable enough to handle all standards so no need
* for others stumbling about.
*
* @return callable the one true auto loader.
*/
public static function thereCanBeOnlyOne() {
if (static::$perfectLoaders === spl_autoload_functions())
return static::$instance;
if (false !== $loaders = spl_autoload_functions())
if (0 < $count = count($loaders))
for ($i = 0, static::$rogueLoaders += $loaders;
$i < $count && false != ($loader = $loaders[$i]);
$i++)
if ($loader !== static::$perfectLoaders[0])
spl_autoload_unregister($loader);
return static::$instance;
}
/**
* Seen this before cache handler.
* Facilitates both lookup and persist operations as well as convenience,
* load complete map functionality. The key can only be given a non falsy
* value once, this will be truthy for life.
*
* @param $key mixed class name considered or a collection of
* classMap entries
* @param $value mixed optional not required when doing a query on
* key. Default is false we haven't seen this
* class. Most of the time it will be the filename
* for include and is set to true if we are unable
* to load this class iow true == it does not exist.
* value may also be a callable auto loader function.
*
* @return mixed The known value for the key or false if key has no value
*/
public static function seen($key, $value = false)
{
if (is_array($key)) {
static::$classMap = $key + static::$classMap;
return false;
}
if (empty(static::$classMap[$key]))
static::$classMap[$key] = $value;
if (is_string($alias = static::$classMap[$key]))
if (isset(static::$classMap[$alias]))
return static::$classMap[$alias];
return static::$classMap[$key];
}
/**
* Protected constructor to enforce singleton pattern.
* Populate a default include path.
* All possible includes cant possibly be catered for and if you
* require another path then simply add it calling set_include_path.
*/
protected function __construct()
{
static::$perfectLoaders = array($this);
if (false === static::seen('__include_path')) {
$paths = explode(PATH_SEPARATOR, get_include_path());
$slash = DIRECTORY_SEPARATOR;
$dir = dirname(__DIR__);
$source_dir = dirname($dir);
$dir = dirname($source_dir);
foreach (
array(
array($source_dir),
array($dir, '..', '..', 'composer'),
array($dir, 'vendor', 'composer'),
array($dir, '..', '..', '..', 'php'),
array($dir, 'vendor', 'php'))
as $includePath)
if (false !== $path = stream_resolve_include_path(
implode($slash, $includePath)
))
if ('composer' == end($includePath) &&
false !== $classmapPath = stream_resolve_include_path(
"$path{$slash}autoload_classmap.php"
)
) {
static::seen(static::loadFile(
$classmapPath
));
$paths = array_merge(
$paths,
array_values(static::loadFile(
"$path{$slash}autoload_namespaces.php"
))
);
} else
$paths[] = $path;
$paths = array_filter(array_map(
function ($path) {
if (false == $realPath = @realpath($path))
return null;
return $realPath . DIRECTORY_SEPARATOR;
},
$paths
));
natsort($paths);
static::seen(
'__include_path',
implode(PATH_SEPARATOR, array_unique($paths))
);
}
set_include_path(static::seen('__include_path'));
}
/**
* Attempt to include the path location.
* Called from a static context which will not expose the AutoLoader
* instance itself.
*
* @param $path string location of php file on the include path
*
* @return bool|mixed returns reference obtained from the include or false
*/
private static function loadFile($path)
{
return \Luracast_Restler_autoloaderInclude($path);
}
/**
* Attempt to load class with namespace prefixes.
*
* @param $className string class name
*
* @return bool|mixed reference to discovered include or false
*/
private function loadPrefixes($className)
{
$currentClass = $className;
if (false !== $pos = strrpos($className, '\\'))
$className = substr($className, $pos);
else
$className = "\\$className";
for (
$i = 0,
$file = false,
$count = count(static::$aliases),
$prefixes = array_keys(static::$aliases);
$i < $count
&& false === $file
&& false === $file = $this->discover(
$variant = $prefixes[$i++].$className,
$currentClass
);
$file = $this->loadAliases($variant)
);
return $file;
}
/**
* Attempt to load configured aliases based on namespace part of class name.
*
* @param $className string fully qualified class name.
*
* @return bool|mixed reference to discovered include or false
*/
private function loadAliases($className)
{
$file = false;
if (preg_match('/(.+)(\\\\\w+$)/U', $className, $parts))
for (
$i = 0,
$aliases = isset(static::$aliases[$parts[1]])
? static::$aliases[$parts[1]] : array(),
$count = count($aliases);
$i < $count && false === $file;
$file = $this->discover(
"{$aliases[$i++]}$parts[2]",
$className
)
) ;
return $file;
}
/**
* Load from rogueLoaders as last resort.
* It may happen that a custom auto loader may load classes in a unique way,
* these classes cannot be seen otherwise nor should we attempt to cover every
* possible deviation. If we still can't find a class, as a last resort, we will
* run through the list of rogue loaders and verify if we succeeded.
*
* @param $className string className that can't be found
* @param null $loader callable loader optional when the loader is known
*
* @return bool false unless className now exists
*/
private function loadLastResort($className, $loader = null) {
$loaders = array_unique(static::$rogueLoaders);
if (isset($loader)) {
if (false === array_search($loader, $loaders))
static::$rogueLoaders[] = $loader;
return $this->loadThisLoader($className, $loader);
}
foreach ($loaders as $loader)
if (false !== $file = $this->loadThisLoader($className, $loader))
return $file;
return false;
}
/**
* Helper for loadLastResort.
* Use loader with $className and see if className exists.
*
* @param $className string name of a class to load
* @param $loader callable autoLoader method
*
* @return bool false unless className exists
*/
private function loadThisLoader($className, $loader) {
if (is_callable($loader)
&& false !== $file = $loader($className)
&& $this->exists($className, $loader))
return $file;
return false;
}
/**
* Create an alias for class.
*
* @param $className string the name of the alias class
* @param $currentClass string the current class this alias references
*/
private function alias($className, $currentClass)
{
if ($className != $currentClass
&& false !== strpos($className, $currentClass))
if (!class_exists($currentClass, false)
&& class_alias($className, $currentClass))
static::seen($currentClass, $className);
}
/**
* Discovery process.
*
* @param $className string class name to discover
* @param $currentClass string optional name of current class when
* looking up an alias
*
* @return bool|mixed resolved include reference or false
*/
private function discover($className, $currentClass = null)
{
$currentClass = $currentClass ?: $className;
/** The short version we've done this before and found it in cache */
if (false !== $file = static::seen($className)) {
if (!$this->exists($className))
if (is_callable($file))
$file = $this->loadLastResort($className, $file);
elseif($file = stream_resolve_include_path($file))
$file = static::loadFile($file);
$this->alias($className, $currentClass);
return $file;
}
/** We did not find it in cache, lets look for it shall we */
/** replace \ with / and _ in CLASS NAME with / = PSR-0 in 3 lines */
$file = preg_replace("/\\\|_(?=\w+$)/", DIRECTORY_SEPARATOR, $className);
if (false === $file = stream_resolve_include_path("$file.php"))
return false;
/** have we loaded this file before could this be an alias */
if (in_array($file, get_included_files())) {
if (false !== $sameFile = array_search($file, static::$classMap))
if (!$this->exists($className, $file))
if (false !== strpos($sameFile, $className))
$this->alias($sameFile, $className);
return $file;
}
$state = array_merge(get_declared_classes(), get_declared_interfaces());
if (false !== $result = static::loadFile($file)) {
if ($this->exists($className, $file))
$this->alias($className, $currentClass);
elseif (false != $diff = array_diff(
array_merge(get_declared_classes(), get_declared_interfaces()), $state))
foreach ($diff as $autoLoaded)
if ($this->exists($autoLoaded, $file))
if (false !== strpos($autoLoaded, $className))
$this->alias($autoLoaded, $className);
if (!$this->exists($currentClass))
$result = false;
}
return $result;
}
/**
* Checks whether supplied string exists in a loaded class or interface.
* As a convenience the supplied $mapping can be the value for seen.
*
* @param $className string The class or interface to verify
* @param $mapping string (optional) value for map/seen if found to exist
*
* @return bool whether the class/interface exists without calling auto loader
*/
private function exists($className, $mapping = null)
{
if (class_exists($className, false)
|| interface_exists($className, false))
if (isset($mapping))
return static::seen($className, $mapping);
else
return true;
return false;
}
/**
* Auto loader callback through __invoke object as function.
*
* @param $className string class/interface name to auto load
*
* @return mixed|null the reference from the include or null
*/
public function __invoke($className)
{
if (empty($className))
return false;
if (false !== $includeReference = $this->discover($className))
return $includeReference;
static::thereCanBeOnlyOne();
if (false !== $includeReference = $this->loadAliases($className))
return $includeReference;
if (false !== $includeReference = $this->loadPrefixes($className))
return $includeReference;
if (false !== $includeReference = $this->loadLastResort($className))
return $includeReference;
static::seen($className, true);
return null;
}
}
}
namespace {
/**
* Include function in the root namespace to include files optimized
* for the global context.
*
* @param $path string path of php file to include into the global context.
*
* @return mixed|bool false if the file could not be included.
*/
function Luracast_Restler_autoloaderInclude($path) {
return include $path;
}
}
htdocs/includes/restler/CommentParser.php 0 → 100644
+ 466
0
View file @ cb6f23d9
<?php
namespace Luracast\Restler;
use Exception;
/**
* Parses the PHPDoc comments for metadata. Inspired by `Documentor` code base.
*
* @category Framework
* @package Restler
* @subpackage Helper
* @author R.Arul Kumaran <arul@luracast.com>
* @copyright 2010 Luracast
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link http://luracast.com/products/restler/
* @version 3.0.0rc5
*/
class CommentParser
{
/**
* name for the embedded data
*
* @var string
*/
public static $embeddedDataName = 'properties';
/**
* Regular Expression pattern for finding the embedded data and extract
* the inner information. It is used with preg_match.
*
* @var string
*/
public static $embeddedDataPattern
= '/```(\w*)[\s]*(([^`]*`{0,2}[^`]+)*)```/ms';
/**
* Pattern will have groups for the inner details of embedded data
* this index is used to locate the data portion.
*
* @var int
*/
public static $embeddedDataIndex = 2;
/**
* Delimiter used to split the array data.
*
* When the name portion is of the embedded data is blank auto detection
* will be used and if URLEncodedFormat is detected as the data format
* the character specified will be used as the delimiter to find split
* array data.
*
* @var string
*/
public static $arrayDelimiter = ',';
/**
* character sequence used to escape \@
*/
const escapedAtChar = '\\@';
/**
* character sequence used to escape end of comment
*/
const escapedCommendEnd = '{@*}';
/**
* Instance of Restler class injected at runtime.
*
* @var Restler
*/
public $restler;
/**
* Comment information is parsed and stored in to this array.
*
* @var array
*/
private $_data = array();
/**
* Parse the comment and extract the data.
*
* @static
*
* @param $comment
* @param bool $isPhpDoc
*
* @return array associative array with the extracted values
*/
public static function parse($comment, $isPhpDoc = true)
{
$p = new self();
if (empty($comment)) {
return $p->_data;
}
if ($isPhpDoc) {
$comment = self::removeCommentTags($comment);
}
$p->extractData($comment);
return $p->_data;
}
/**
* Removes the comment tags from each line of the comment.
*
* @static
*
* @param string $comment PhpDoc style comment
*
* @return string comments with out the tags
*/
public static function removeCommentTags($comment)
{
$pattern = '/(^\/\*\*)|(^\s*\**[ \/]?)|\s(?=@)|\s\*\//m';
return preg_replace($pattern, '', $comment);
}
/**
* Extracts description and long description, uses other methods to get
* parameters.
*
* @param $comment
*
* @return array
*/
private function extractData($comment)
{
//to use @ as part of comment we need to
$comment = str_replace(
array(self::escapedCommendEnd, self::escapedAtChar),
array('*/', '@'),
$comment);
$description = array();
$longDescription = array();
$params = array();
$mode = 0; // extract short description;
$comments = preg_split("/(\r?\n)/", $comment);
// remove first blank line;
array_shift($comments);
$addNewline = false;
foreach ($comments as $line) {
$line = trim($line);
$newParam = false;
if (empty ($line)) {
if ($mode == 0) {
$mode++;
} else {
$addNewline = true;
}
continue;
} elseif ($line{0} == '@') {
$mode = 2;
$newParam = true;
}
switch ($mode) {
case 0 :
$description[] = $line;
if (count($description) > 3) {
// if more than 3 lines take only first line
$longDescription = $description;
$description[] = array_shift($longDescription);
$mode = 1;
} elseif (substr($line, -1) == '.') {
$mode = 1;
}
break;
case 1 :
if ($addNewline) {
$line = ' ' . $line;
}
$longDescription[] = $line;
break;
case 2 :
$newParam
? $params[] = $line
: $params[count($params) - 1] .= ' ' . $line;
}
$addNewline = false;
}
$description = implode(' ', $description);
$longDescription = implode(' ', $longDescription);
$description = preg_replace('/\s+/msu', ' ', $description);
$longDescription = preg_replace('/\s+/msu', ' ', $longDescription);
list($description, $d1)
= $this->parseEmbeddedData($description);
list($longDescription, $d2)
= $this->parseEmbeddedData($longDescription);
$this->_data = compact('description', 'longDescription');
$d2 += $d1;
if (!empty($d2)) {
$this->_data[self::$embeddedDataName] = $d2;
}
foreach ($params as $key => $line) {
list(, $param, $value) = preg_split('/\@|\s/', $line, 3)
+ array('', '', '');
list($value, $embedded) = $this->parseEmbeddedData($value);
$value = array_filter(preg_split('/\s+/msu', $value));
$this->parseParam($param, $value, $embedded);
}
return $this->_data;
}
/**
* Parse parameters that begin with (at)
*
* @param $param
* @param array $value
* @param array $embedded
*/
private function parseParam($param, array $value, array $embedded)
{
$data = & $this->_data;
$allowMultiple = false;
switch ($param) {
case 'param' :
$value = $this->formatParam($value);
$allowMultiple = true;
break;
case 'var' :
$value = $this->formatVar($value);
break;
case 'return' :
$value = $this->formatReturn($value);
break;
case 'class' :
$data = & $data[$param];
list ($param, $value) = $this->formatClass($value);
break;
case 'access' :
$value = reset($value);
break;
case 'expires' :
case 'status' :
$value = intval(reset($value));
break;
case 'throws' :
$value = $this->formatThrows($value);
$allowMultiple = true;
break;
case 'author':
$value = $this->formatAuthor($value);
$allowMultiple = true;
break;
case 'header' :
case 'link':
case 'example':
case 'todo':
$allowMultiple = true;
//don't break, continue with code for default:
default :
$value = implode(' ', $value);
}
if (!empty($embedded)) {
if (is_string($value)) {
$value = array('description' => $value);
}
$value[self::$embeddedDataName] = $embedded;
}
if (empty ($data[$param])) {
if ($allowMultiple) {
$data[$param] = array(
$value
);
} else {
$data[$param] = $value;
}
} elseif ($allowMultiple) {
$data[$param][] = $value;
} elseif ($param == 'param') {
$arr = array(
$data[$param],
$value
);
$data[$param] = $arr;
} else {
if (!is_string($value) && isset($value[self::$embeddedDataName])
&& isset($data[$param][self::$embeddedDataName])
) {
$value[self::$embeddedDataName]
+= $data[$param][self::$embeddedDataName];
}
$data[$param] = $value + $data[$param];
}
}
/**
* Parses the inline php doc comments and embedded data.
*
* @param $subject
*
* @return array
* @throws Exception
*/
private function parseEmbeddedData($subject)
{
$data = array();
//parse {@pattern } tags specially
while (preg_match('|(?s-m)({@pattern (/.+/[imsxuADSUXJ]*)})|', $subject, $matches)) {
$subject = str_replace($matches[0], '', $subject);
$data['pattern'] = $matches[2];
}
while (preg_match('/{@(\w+)\s?([^}]*)}/ms', $subject, $matches)) {
$subject = str_replace($matches[0], '', $subject);
if ($matches[2] == 'true' || $matches[2] == 'false') {
$matches[2] = $matches[2] == 'true';
} elseif ($matches[2] == '') {
$matches[2] = true;
}
if ($matches[1] == 'pattern') {
throw new Exception('Inline pattern tag should follow {@pattern /REGEX_PATTERN_HERE/} format and can optionally include PCRE modifiers following the ending `/`');
} elseif (false !== strpos($matches[2], static::$arrayDelimiter)) {
$matches[2] = explode(static::$arrayDelimiter, $matches[2]);
}
$data[$matches[1]] = $matches[2];
}
while (preg_match(self::$embeddedDataPattern, $subject, $matches)) {
$subject = str_replace($matches[0], '', $subject);
$str = $matches[self::$embeddedDataIndex];
if (isset ($this->restler)
&& self::$embeddedDataIndex > 1
&& !empty ($matches[1])
) {
$extension = $matches[1];
$formatMap = $this->restler->getFormatMap();
if (isset ($formatMap[$extension])) {
/**
* @var \Luracast\Restler\Format\iFormat
*/
$format = $formatMap[$extension];
$format = new $format();
$data = $format->decode($str);
}
} else { // auto detect
if ($str{0} == '{') {
$d = json_decode($str, true);
if (json_last_error() != JSON_ERROR_NONE) {
throw new Exception('Error parsing embedded JSON data'
. " $str");
}
$data = $d + $data;
} else {
parse_str($str, $d);
//clean up
$d = array_filter($d);
foreach ($d as $key => $val) {
$kt = trim($key);
if ($kt != $key) {
unset($d[$key]);
$key = $kt;
$d[$key] = $val;
}
if (is_string($val)) {
if ($val == 'true' || $val == 'false') {
$d[$key] = $val == 'true' ? true : false;
} else {
$val = explode(self::$arrayDelimiter, $val);
if (count($val) > 1) {
$d[$key] = $val;
} else {
$d[$key] =
preg_replace('/\s+/msu', ' ',
$d[$key]);
}
}
}
}
$data = $d + $data;
}
}
}
return array($subject, $data);
}
private function formatThrows(array $value)
{
$r = array();
$r['code'] = count($value) && is_numeric($value[0])
? intval(array_shift($value)) : 500;
$reason = implode(' ', $value);
$r['reason'] = empty($reason) ? '' : $reason;
return $r;
}
private function formatClass(array $value)
{
$param = array_shift($value);
if (empty($param)) {
$param = 'Unknown';
}
$value = implode(' ', $value);
return array(
ltrim($param, '\\'),
array('description' => $value)
);
}
private function formatAuthor(array $value)
{
$r = array();
$email = end($value);
if ($email{0} == '<') {
$email = substr($email, 1, -1);
array_pop($value);
$r['email'] = $email;
}
$r['name'] = implode(' ', $value);
return $r;
}
private function formatReturn(array $value)
{
$data = explode('|', array_shift($value));
$r = array(
'type' => count($data) == 1 ? $data[0] : $data
);
$r['description'] = implode(' ', $value);
return $r;
}
private function formatParam(array $value)
{
$r = array();
$data = array_shift($value);
if (empty($data)) {
$r['type'] = 'mixed';
} elseif ($data{0} == '$') {
$r['name'] = substr($data, 1);
$r['type'] = 'mixed';
} else {
$data = explode('|', $data);
$r['type'] = count($data) == 1 ? $data[0] : $data;
$data = array_shift($value);
if (!empty($data) && $data{0} == '$') {
$r['name'] = substr($data, 1);
}
}
if ($value) {
$r['description'] = implode(' ', $value);
}
return $r;
}
private function formatVar(array $value)
{
$r = array();
$data = array_shift($value);
if (empty($data)) {
$r['type'] = 'mixed';
} elseif ($data{0} == '$') {
$r['name'] = substr($data, 1);
$r['type'] = 'mixed';
} else {
$data = explode('|', $data);
$r['type'] = count($data) == 1 ? $data[0] : $data;
}
if ($value) {
$r['description'] = implode(' ', $value);
}
return $r;
}
}
htdocs/includes/restler/Compose.php 0 → 100644
+ 71
0
View file @ cb6f23d9
<?php
namespace Luracast\Restler;
/**
* Default Composer to provide standard structure for all HTTP responses
*
* @category Framework
* @package Restler
* @subpackage result
* @author R.Arul Kumaran <arul@luracast.com>
* @copyright 2010 Luracast
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link http://luracast.com/products/restler/
*/
class Compose implements iCompose
{
/**
* @var bool When restler is not running in production mode, this value will
* be checked to include the debug information on error response
*/
public static $includeDebugInfo = true;
/**
* Current Restler instance
* Injected at runtime
*
* @var Restler
*/
public $restler;
/**
* Result of an api call is passed to this method
* to create a standard structure for the data
*
* @param mixed $result can be a primitive or array or object
*
* @return mixed
*/
public function response($result)
{
//TODO: check Defaults::language and change result accordingly
return $result;
}
/**
* When the api call results in RestException this method
* will be called to return the error message
*
* @param RestException $exception exception that has reasons for failure
*
* @return array
*/
public function message(RestException $exception)
{
//TODO: check Defaults::language and change result accordingly
$r = array(
'error' => array(
'code' => $exception->getCode(),
'message' => $exception->getErrorMessage(),
) + $exception->getDetails()
);
if (!Scope::get('Restler')->getProductionMode() && self::$includeDebugInfo) {
$r += array(
'debug' => array(
'source' => $exception->getSource(),
'stages' => $exception->getStages(),
)
);
}
return $r;
}
}
\ No newline at end of file
htdocs/includes/restler/Data/ApiMethodInfo.php 0 → 100644
+ 55
0
View file @ cb6f23d9
<?php
namespace Luracast\Restler\Data;
/**
* ValueObject for api method info. All needed information about a api method
* is stored here
*
* @category Framework
* @package Restler
* @author R.Arul Kumaran <arul@luracast.com>
* @copyright 2010 Luracast
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link http://luracast.com/products/restler/
* @version 3.0.0rc5
*/
class ApiMethodInfo extends ValueObject
{
/**
* @var string target url
*/
public $url;
/**
* @var string
*/
public $className;
/**
* @var string
*/
public $methodName;
/**
* @var array parameters to be passed to the api method
*/
public $parameters = array();
/**
* @var array information on parameters in the form of array(name => index)
*/
public $arguments = array();
/**
* @var array default values for parameters if any
* in the form of array(index => value)
*/
public $defaults = array();
/**
* @var array key => value pair of method meta information
*/
public $metadata = array();
/**
* @var int access level
* 0 - @public - available for all
* 1 - @hybrid - both public and protected (enhanced info for authorized)
* 2 - @protected comment - only for authenticated users
* 3 - protected method - only for authenticated users
*/
public $accessLevel = 0;
}
\ No newline at end of file
htdocs/includes/restler/Data/Arr.php 0 → 100644
+ 33
0
View file @ cb6f23d9
<?php
namespace Luracast\Restler\Data;
/**
* Convenience class for Array manipulation
*
* @category Framework
* @package Restler
* @author R.Arul Kumaran <arul@luracast.com>
* @copyright 2010 Luracast
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link http://luracast.com/products/restler/
*/
class Arr
{
/**
* Deep copy given array
*
* @param array $arr
*
* @return array
*/
public static function copy(array $arr)
{
$copy = array();
foreach ($arr as $key => $value) {
if (is_array($value)) $copy[$key] = static::copy($value);
else if (is_object($value)) $copy[$key] = clone $value;
else $copy[$key] = $value;
}
return $copy;
}
}
\ No newline at end of file
htdocs/includes/restler/Data/Invalid.php 0 → 100644
+ 20
0
View file @ cb6f23d9
<?php
namespace Luracast\Restler\Data;
use Exception;
/**
* Invalid Exception
*
* @category Framework
* @package Restler
* @author R.Arul Kumaran <arul@luracast.com>
* @copyright 2010 Luracast
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link http://luracast.com/products/restler/
* @version 3.0.0rc5
*/
class Invalid extends Exception
{
}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment