From d7c8a466b12c99306a2080cd22d887a36c9f751d Mon Sep 17 00:00:00 2001 From: Xebax <xebax@wanadoo.fr> Date: Fri, 17 Jun 2016 00:50:07 +0200 Subject: [PATCH] REST API: fix deleting a product/service. Add a User parameter to the Product::delete() method to explicitly set the user that performs the action instead of using a global variable. In the calls to Product::delete() with a fetched object, remove the deprecated parameter $id. --- htdocs/product/card.php | 2 +- htdocs/product/class/api_products.class.php | 3 +-- htdocs/product/class/product.class.php | 5 +++-- htdocs/webservices/server_productorservice.php | 6 +----- test/phpunit/ProductTest.php | 2 +- 5 files changed, 7 insertions(+), 11 deletions(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 330e712cf1b..c2d7b76dac3 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -553,7 +553,7 @@ if (empty($reshook)) { if (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer)) { - $result = $object->delete($object->id); + $result = $object->delete($user); } if ($result > 0) diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index ce0a812558e..c2273c4cf2d 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -306,7 +306,6 @@ class Products extends DolibarrApi * * @param int $id Product ID * @return array - * FIXME Deleting a product/service does not work because the Product::delete() method uses a global $user but it is not set. */ function delete($id) { @@ -322,7 +321,7 @@ class Products extends DolibarrApi throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } - return $this->product->delete($id); + return $this->product->delete(DolibarrApiAccess::$user); } /** diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 982b109da99..908ccea68e9 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -878,18 +878,19 @@ class Product extends CommonObject /** * Delete a product from database (if not used) * + * @param User $user Object user that ask to delete * @param int $id Product id (usage of this is deprecated, delete should be called without parameters on a fetched object) * @param int $notrigger Do not execute trigger * @return int < 0 if KO, 0 = Not possible, > 0 if OK */ - function delete($id=0, $notrigger=0) + function delete($user, $id=0, $notrigger=0) { // Deprecation warning if ($id > 0) { dol_syslog(__METHOD__ . " with parameter is deprecated", LOG_WARNING); } - global $conf,$user,$langs; + global $conf,$langs; require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php'; $error=0; diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php index aa43dbb185c..9da26495f76 100644 --- a/htdocs/webservices/server_productorservice.php +++ b/htdocs/webservices/server_productorservice.php @@ -841,10 +841,6 @@ function deleteProductOrService($authentication,$listofidstring) $error=0; $fuser=check_authentication($authentication,$error,$errorcode,$errorlabel); - // User must be defined to user authenticated - global $user; - $user=$fuser; - $listofid=explode(',',trim($listofidstring)); $listofiddeleted=array(); @@ -873,7 +869,7 @@ function deleteProductOrService($authentication,$listofidstring) } else { - $result=$newobject->delete(); + $result=$newobject->delete($fuser); if ($result <= 0) { $error++; diff --git a/test/phpunit/ProductTest.php b/test/phpunit/ProductTest.php index 199aace802c..87f290593f0 100644 --- a/test/phpunit/ProductTest.php +++ b/test/phpunit/ProductTest.php @@ -232,7 +232,7 @@ class ProductTest extends PHPUnit_Framework_TestCase $localobject=new Product($this->savdb); $result=$localobject->fetch($id); - $result=$localobject->delete($id); + $result=$localobject->delete($user); print __METHOD__." id=".$id." result=".$result."\n"; $this->assertLessThan($result, 0); -- GitLab