Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into d…

…evelop
Dolibarr · Oct 9, 2017 · e405e5d · e405e5d
2 parents 3e0ccd6 + bd8beb4
commit e405e5d
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 7 deletions.
diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
@@ -23,6 +23,8 @@
 
 require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
+require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
 
 /**
  * API class for receive files
@@ -148,7 +150,7 @@ public function get($id) {
 	 * Test sample 2: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "mysubdir1/mysubdir2", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
 	 *
 	 * @param   string  $filename           Name of file to create ('FA1705-0123')
-	 * @param   string  $modulepart         Name of module or area concerned by file upload ('facture', ...)
+	 * @param   string  $modulepart         Name of module or area concerned by file upload ('facture', 'project', 'project_task', ...)
 	 * @param   string  $ref                Reference of object (This will define subdir automatically and store submited file into it)
 	 * @param   string  $subdir             Subdirectory (Only if ref not provided)
 	 * @param   string  $filecontent        File content (string with file content. An empty file will be created if this parameter is not provided)
@@ -166,7 +168,10 @@ public function post($filename, $modulepart, $ref='', $subdir='', $filecontent='
         var_dump($filecontent);
         exit;*/
 
-		require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
+		if(empty($modulepart))
+		{
+			throw new RestException(400, 'Modulepart not provided.');
+		}
 
 		if (!DolibarrApiAccess::$user->rights->ecm->upload) {
 			throw new RestException(401);
@@ -186,16 +191,60 @@ public function post($filename, $modulepart, $ref='', $subdir='', $filecontent='
 			if ($modulepart == 'facture' || $modulepart == 'invoice')
 			{
 				$modulepart='facture';
-				$object=new Facture($db);
+				$object = new Facture($this->db);
+			}
+			elseif ($modulepart == 'project')
+			{
+				$object = new Project($this->db);
+			}
+			elseif ($modulepart == 'task' || $modulepart == 'project_task')
+			{
+				$modulepart = 'project_task';
+				$object = new Task($this->db);
+
+				$task_result = $object->fetch('', $ref);
+
+				// Fetching the tasks project is required because its out_dir might be a subdirectory of the project
+				if($task_result > 0)
+				{
+					$project_result = $object->fetch_projet();
+
+					if($project_result >= 0)
+					{
+						$tmpreldir = dol_sanitizeFileName($object->project->ref).'/';
+					}
+				}
+				else
+				{
+					throw new RestException(500, 'Error while fetching Task '.$ref);
+				}
+			}
+			// TODO Implement additional moduleparts
+			else
+			{
+				throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
+			}
+
+			if(is_object($object))
+			{
 				$result = $object->fetch('', $ref);
+
+				if($result == 0)
+				{
+					throw new RestException(500, "Object with ref '".$ref.'" was not found.');
+			}
+				elseif ($result < 0)
+				{
+					throw new RestException(500, 'Error while fetching object.');
+				}
 			}
 
 			if (! ($object->id > 0))
 			{
    				throw new RestException(500, 'The object '.$modulepart." with ref '".$ref."' was not found.");
 			}
 
-			$tmp = dol_check_secure_access_document($modulepart, $tmpreldir.$object->ref, $entity, DolibarrApiAccess::$user, $ref, 'write');
+			$tmp = dol_check_secure_access_document($modulepart, $tmpreldir.dol_sanitizeFileName($object->ref), $entity, DolibarrApiAccess::$user, $ref, 'write');
 			$upload_dir = $tmp['original_file'];
 
 			if (empty($upload_dir) || $upload_dir == '/')

diff --git a/htdocs/projet/class/api_tasks.class.php b/htdocs/projet/class/api_tasks.class.php
@@ -19,6 +19,7 @@
  use Luracast\Restler\RestException;
 
  require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
+ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 
 /**
  * API class for projects
@@ -501,15 +502,17 @@ function delete($id)
      */
     function addTimeSpent($id, $date, $duration, $user_id=0, $note='')
     {
-        if(! DolibarrApiAccess::$user->rights->projet->creer) {
+
+
+        if( ! DolibarrApiAccess::$user->rights->projet->creer) {
             throw new RestException(401);
         }
         $result = $this->task->fetch($id);
         if ($result <= 0) {
             throw new RestException(404, 'Task not found');
         }
-
-        if( ! DolibarrApi::_checkAccessToResource('project',$this->project->id)) {
+        
+        if( ! DolibarrApi::_checkAccessToResource('project', $this->task->fk_project)) {
             throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
         }