Fix init of environment for a dedicated entity in API

Dolibarr · Oct 19, 2017 · 8da7f78 · 8da7f78
1 parent 83440f5
commit 8da7f78
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php
@@ -107,7 +107,7 @@ public function __isAllowed()
 			$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
 			$sql.= " WHERE u.api_key = '".$db->escape($api_key)."'";
 			// TODO Check if 2 users has same API key.
-			
+
 			$result = $db->query($sql);
 			if ($result)
 			{
@@ -118,9 +118,12 @@ public function __isAllowed()
 					$stored_key = $obj->api_key;
 					$userentity = $obj->entity;
 
-					if (! defined("DOLENTITY"))		// If API was not forced with HTTP_DOLENTITY, we set entity to entity of user
+					if (! defined("DOLENTITY") && $conf->entity != $obj->entity)		// If API was not forced with HTTP_DOLENTITY, and user is on another entity, so we reset entity to entity of user
 					{
 						$conf->entity = ($obj->entity?$obj->entity:1);
+						// We must also reload global conf to get params from the entity
+						dol_syslog("Entity was not set on http header with HTTP_DOLAPIENTITY (recommanded for performance purpose), so we switch now on entity of user (".$conf->entity .") and we have to reload configuration.", LOG_WARNING);
+						$conf->setValues($db);
 					}
 				}
 			}

diff --git a/htdocs/api/index.php b/htdocs/api/index.php
@@ -37,6 +37,10 @@
 if (! defined("NOLOGIN"))        define("NOLOGIN",'1');				// If this page is public (can be called outside logged session)
 
 
+// Force entity if a value is provided into HTTP header. Otherwise, will use the entity of user of token used.
+if (! empty($_SERVER['HTTP_DOLAPIENTITY'])) define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']);
+
+
 $res=0;
 if (! $res && file_exists("../main.inc.php")) $res=include '../main.inc.php';
 if (! $res) die("Include of main fails");