From d0356d6bd035c629a9e2fcfa2b88b6ec60b31184 Mon Sep 17 00:00:00 2001
From: nka11 <nicolas@karageuzian.com>
Date: Sun, 10 Apr 2016 13:57:53 +0200
Subject: [PATCH] new api class for accounts, filtering on order api
---
htdocs/commande/class/api_commande.class.php | 22 +-
htdocs/societe/class/api_contact.class.php | 3 +-
htdocs/user/class/api_account.class.php | 212 +++++++++++++++++++
3 files changed, 233 insertions(+), 4 deletions(-)
create mode 100644 htdocs/user/class/api_account.class.php
diff --git a/htdocs/commande/class/api_commande.class.php b/htdocs/commande/class/api_commande.class.php
index e8266fe6383..f0f346ecdb2 100644
--- a/htdocs/commande/class/api_commande.class.php
+++ b/htdocs/commande/class/api_commande.class.php
@@ -106,12 +106,12 @@ class CommandeApi extends DolibarrApi
* @url GET /order/list
* @return array Array of order objects
*/
- function getList($mode=0, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
+ function getList($mode=0, $societe = "", $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
global $db, $conf;
$obj_ret = array();
-
- $socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : '';
+ // case of external user, $societe param is ignored and replaced by user's socid
+ $socid = DolibarrApiAccess::$user->societe_id ? DolibarrApiAccess::$user->societe_id : $societe;
// If the internal user must only see his customers, force searching by him
if (! DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id;
@@ -178,6 +178,22 @@ class CommandeApi extends DolibarrApi
}
return $obj_ret;
}
+
+ /**
+ * List orders for specific thirdparty
+ *
+ * Get a list of orders
+ *
+ * @param int $socid Id of customer
+ *
+ * @url GET /customer/{socid}/order/list
+ * @url GET /thirdparty/{socid}/order/list
+ * @return array Array of order objects
+ */
+ function getListForSoc($socid = "") {
+ return getList(0,$socid);
+ }
+
/**
* Create order object
diff --git a/htdocs/societe/class/api_contact.class.php b/htdocs/societe/class/api_contact.class.php
index 09f92dd1364..1021913f16e 100644
--- a/htdocs/societe/class/api_contact.class.php
+++ b/htdocs/societe/class/api_contact.class.php
@@ -17,7 +17,7 @@
use Luracast\Restler\RestException;
-require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
+//require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
/**
* API class for contact object
@@ -100,6 +100,7 @@ class ContactApi extends DolibarrApi
* @url GET /contact/list
* @url GET /contact/list/{socid}
* @url GET /thirdparty/{socid}/contacts
+ * @url GET /customer/{socid}/contacts
*
* @throws RestException
*/
diff --git a/htdocs/user/class/api_account.class.php b/htdocs/user/class/api_account.class.php
new file mode 100644
index 00000000000..956584d9292
--- /dev/null
+++ b/htdocs/user/class/api_account.class.php
@@ -0,0 +1,212 @@
+<?php
+/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+use Luracast\Restler\RestException;
+
+//require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
+
+/**
+ * API class for user object
+ *
+ * @smart-auto-routing false
+ * @access protected
+ * @class DolibarrApiAccess {@requires user,external}
+ *
+ */
+class AccountApi extends DolibarrApi
+{
+ /**
+ *
+ * @var array $FIELDS Mandatory fields, checked when create and update object
+ */
+ static $FIELDS = array(
+ 'login'
+ );
+
+ /**
+ * @var User $account {@type User}
+ */
+ public $account;
+
+ /**
+ * Constructor
+ *
+ * @url account/
+ *
+ */
+ function __construct() {
+ global $db, $conf;
+ $this->db = $db;
+ $this->account = new User($this->db);
+ }
+
+ /**
+ * Get properties of an account object
+ *
+ * Return an array with account informations
+ *
+ * @param int $id ID of account
+ * @return array|mixed data without useless information
+ *
+ * @url GET account/{user}
+ * @throws RestException
+ */
+ function get($id) {
+ //if (!DolibarrApiAccess::$user->rights->user->lire)
+ //{
+ //throw new RestException(401);
+ //}
+
+ $result = $this->account->fetch($id);
+ if (!$result)
+ {
+ throw new RestException(404, 'User not found');
+ }
+
+ if (!DolibarrApi::_checkAccessToResource('user', $this->account->id, 'user'))
+ {
+ throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
+ }
+
+ return $this->_cleanObjectDatas($this->account);
+ }
+
+ /**
+ * Create account object from contact
+ *
+ * @param int $contactid Id of contact
+ * @param array $request_data Request datas
+ * @return int ID of account
+ *
+ * @url POST /contact/{contactid}/createAccount
+ */
+ function createFromContact($contactid, $request_data = NULL) {
+ //if (!DolibarrApiAccess::$user->rights->user->creer)
+ //{
+ //throw new RestException(401);
+ //}
+ //
+ if (!isset($request_data["login"]))
+ throw new RestException(400, "login field missing");
+ if (!isset($request_data["password"]))
+ throw new RestException(400, "password field missing");
+ if (!DolibarrApiAccess::$user->rights->societe->contact->lire) {
+ throw new RestException(401);
+ }
+ $contact = new Contact($this->db);
+ $contact->fetch($contactid);
+ if ($contact->id <= 0) {
+ throw new RestException(404, 'Contact not found');
+ }
+
+ if (!DolibarrApi::_checkAccessToResource('contact', $contact->id, 'socpeople&societe')) {
+ throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
+ }
+ // Check mandatory fields
+ $login = $request_data["login"];
+ $password = $request_data["password"];
+ $result = $this->account->create_from_contact($contact,$login,$password);
+ if ($result <= 0) {
+ throw new RestException(500, "User not created");
+ }
+ // password parameter not used in create_from_contact
+ $this->account->setPassword($this->account,$password);
+ return $result;
+ }
+
+ /**
+ * Update account
+ *
+ * @param int $id Id of account to update
+ * @param array $request_data Datas
+ * @return int
+ *
+ * @url PUT account/{id}
+ */
+ function put($id, $request_data = NULL) {
+ //if (!DolibarrApiAccess::$user->rights->user->creer)
+ //{//
+ //throw new RestException(401);
+ //}
+
+ $result = $this->account->fetch($id);
+ if (!$result)
+ {
+ throw new RestException(404, 'Account not found');
+ }
+
+ if (!DolibarrApi::_checkAccessToResource('user', $this->account->id, 'user'))
+ {
+ throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
+ }
+
+ foreach ($request_data as $field => $value)
+ {
+ $this->account->$field = $value;
+ }
+
+ if ($this->account->update($id, DolibarrApiAccess::$user, 1, '', '', 'update'))
+ return $this->get($id);
+
+ return false;
+ }
+
+ /**
+ * Delete account
+ *
+ * @param int $id Account ID
+ * @return array
+ *
+ * @url DELETE account/{id}
+ */
+ function delete($id) {
+ //if (!DolibarrApiAccess::$user->rights->user->supprimer)
+ //{
+ //throw new RestException(401);
+ //}
+ $result = $this->account->fetch($id);
+ if (!$result)
+ {
+ throw new RestException(404, 'User not found');
+ }
+
+ if (!DolibarrApi::_checkAccessToResource('user', $this->account->id, 'user'))
+ {
+ throw new RestException(401, 'Access not allowed for login ' . DolibarrApiAccess::$user->login);
+ }
+
+ return $this->account->delete($id);
+ }
+
+ /**
+ * Validate fields before create or update object
+ *
+ * @param array $data Data to validate
+ * @return array
+ * @throws RestException
+ */
+ function _validate($data) {
+ $account = array();
+ foreach (UserApi::$FIELDS as $field)
+ {
+ if (!isset($data[$field]))
+ throw new RestException(400, "$field field missing");
+ $account[$field] = $data[$field];
+ }
+ return $account;
+ }
+}
--
GitLab