FIX adding tms and datec to email templates (#36189)

* NEW: adding tms and datec to email templates

* Escaping a timestamp string I just generated myself

* switching single and double quotes in escape line for tms and datec to make the build system happy?

* Add an id to the table

* showing better names than tms and datec

* Changing code to label to fix #29116

* using hregis advice to use idate not escape the string with date

* requested changes

* forgot to add my name to editors

* had to make class changes for API to work

* setting datec back to int|string

* removing unused code lines and using idate in the api file

* no tms in create or update, but select. No datec in update

* expanding hurl tests to prevent post with id or tms, put with id or datec

---------

Co-authored-by: Jon Bendtsen <[email protected]>

Author: JonBendtsen

htdocs/admin/mails_templates.php

@@ -14,6 +14,7 @@
  * Copyright (C) 2018-2024  Frédéric France         <[email protected]>
  * Copyright (C) 2024-2025	MDW						<[email protected]>
  * Copyright (C) 2025		Vincent Maury			<[email protected]>
+ * Copyright (C) 2025		Jon Bendtsen			<[email protected]>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -120,22 +121,25 @@
 $tabname[25] = MAIN_DB_PREFIX."c_email_templates";
 
 // Nom des champs en resultat de select pour affichage du dictionnaire
+// Names of fields in select results for dictionary display (AI translated)
 $tabfield = array();
 $tabfield[25] = "label,lang,type_template,fk_user,private,position,module,topic,joinfiles,defaultfortype,content";
 if (getDolGlobalString('MAIN_EMAIL_TEMPLATES_FOR_OBJECT_LINES')) {
 	$tabfield[25] .= ',content_lines';
 }
 
 // Nom des champs d'edition pour modification d'un enregistrement
+// Names of edit fields for modifying a record (AI translated)
 $tabfieldvalue = array();
 $tabfieldvalue[25] = "label,lang,type_template,fk_user,private,position,topic,email_from,joinfiles,defaultfortype,content";
 if (getDolGlobalString('MAIN_EMAIL_TEMPLATES_FOR_OBJECT_LINES')) {
 	$tabfieldvalue[25] .= ',content_lines';
 }
 
 // Nom des champs dans la table pour insertion d'un enregistrement
+// Field names in the table for inserting a record (AI translated)
 $tabfieldinsert = array();
-$tabfieldinsert[25] = "label,lang,type_template,fk_user,private,position,topic,email_from,joinfiles,defaultfortype,content";
+$tabfieldinsert[25] = "label,lang,type_template,fk_user,private,position,topic,email_from,joinfiles,defaultfortype,content,datec";
 if (getDolGlobalString('MAIN_EMAIL_TEMPLATES_FOR_OBJECT_LINES')) {
 	$tabfieldinsert[25] .= ',content_lines';
 }
@@ -338,14 +342,14 @@
 	if ((GETPOST('actionadd', 'alpha') && $permissiontoadd) || (GETPOST('actionmodify', 'alpha') && $permissiontoedit)) {
 		$listfield = explode(',', str_replace(' ', '', $tabfield[25]));
 		$listfieldinsert = explode(',', $tabfieldinsert[25]);
-		$listfieldmodify = explode(',', $tabfieldinsert[25]);
+		$listfieldmodify = explode(',', $tabfieldvalue[25]);
 		$listfieldvalue = explode(',', $tabfieldvalue[25]);
 
 		// Check that all fields are filled
 		$ok = 1;
 		foreach ($listfield as $f => $value) {
 			// Not mandatory fields
-			if (in_array($value, ['joinfiles', 'defaultfortype', 'content', 'content_lines', 'module'])) {
+			if (in_array($value, ['joinfiles', 'defaultfortype', 'content', 'content_lines', 'module', 'tms', 'datec'])) {
 				continue;
 			}
 
@@ -399,6 +403,7 @@
 
 			// List of values
 			$i = 0;
+			$now = dol_now();
 			foreach ($listfieldinsert as $f => $value) {
 				$keycode = isset($listfieldvalue[$i]) ? $listfieldvalue[$i] : "";
 				if ($value == 'lang') {
@@ -429,7 +434,9 @@
 				if ($i) {
 					$sql .= ", ";
 				}
-				if (GETPOST($keycode) == '' && $keycode != 'langcode') {
+				if ($keycode == 'datec') {
+					$sql .= "'".$db->idate($now)."'";
+				} elseif (GETPOST($keycode) == '' && $keycode != 'langcode') {
 					$sql .= "null"; // langcode must be '' if not defined so the unique key that include lang will work
 				} elseif (GETPOST($keycode) == '0' && $keycode == 'langcode') {
 					$sql .= "''"; // langcode must be '' if not defined so the unique key that include lang will work
@@ -631,7 +638,7 @@
 $morejs = array();
 $morecss = array();
 
-$sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, private, position, topic, email_from,joinfiles, defaultfortype, content_lines, content, enabled, active";
+$sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, private, position, topic, email_from,joinfiles, defaultfortype, content_lines, content, enabled, active, tms, datec";
 $sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates";
 $sql .= " WHERE entity IN (".getEntity('email_template').")";
 if (!$user->admin) {
@@ -757,14 +764,14 @@
 	$obj->content = GETPOST('content', 'restricthtml');
 
 	// Form to add a new line
-	print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">';
+	print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST" id="create_c_email_template">';
 	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="action" value="add">';
 	print '<input type="hidden" name="from" value="'.dol_escape_htmltag(GETPOST('from', 'alpha')).'">';
 	print '<input type="hidden" name="backtopage" value="'.$backtopage.'">';
 
 	print '<div class="div-table-responsive-no-min">';
-	print '<table class="noborder centpercent">';
+	print '<table class="noborder centpercent" id="table_create_c_email_template">';
 
 	// Line to enter new values (title)
 	print '<tr class="liste_titre">';
@@ -793,7 +800,7 @@
 			$valuetoshow = $langs->trans("Code");
 		}
 		if ($fieldlist[$field] == 'label') {
-			$valuetoshow = $langs->trans("Code");
+			$valuetoshow = $langs->trans("Label");
 		}
 		if ($fieldlist[$field] == 'type_template') {
 			$valuetoshow = $langs->trans("TypeOfTemplate");
@@ -932,12 +939,12 @@
 
 $num = $db->num_rows($resql);
 
-print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">';
+print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST" id="list_of_c_email_templates">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="from" value="'.dol_escape_htmltag(GETPOST('from', 'alpha')).'">';
 
 print '<div class="div-table-responsive-no-min">';
-print '<table class="noborder centpercent">';
+print '<table class="noborder centpercent" id="table_list_of_c_email_templates">';
 
 $i = 0;
 
@@ -981,7 +988,7 @@
 
 
 // Title line with search boxes
-print '<tr class="liste_titre">';
+print '<tr class="liste_titre" id="Title line with search boxes">';
 // Action column
 if (getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) {
 	print '<td class="liste_titre center" width="64">';
@@ -1018,6 +1025,9 @@
 }*/
 // Status
 print '<td></td>';
+// Have to expand the id="Title line with search boxes" with 2 extra fields because the line below id="Title of lines" are 2 fields longer
+print '<td></td>'; // tms / Modif. date
+print '<td></td>'; // datec / Date creation
 // Action column
 if (!getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) {
 	print '<td class="liste_titre center" width="64">';
@@ -1028,11 +1038,12 @@
 print '</tr>';
 
 // Title of lines
-print '<tr class="liste_titre">';
+print '<tr class="liste_titre" id="Title of lines">';
 // Action column
 if (getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) {
 	print getTitleFieldOfList('');
 }
+array_push($fieldlist, "tms", "datec");
 foreach ($fieldlist as $field => $value) {
 	$showfield = 1; // By default
 	$css = "left";
@@ -1061,7 +1072,7 @@
 		$valuetoshow = $langs->trans("Type");
 	}
 	if ($fieldlist[$field] == 'libelle' || $fieldlist[$field] == 'label') {
-		$valuetoshow = $langs->trans("Code");
+		$valuetoshow = $langs->trans("Label");
 	}
 	if ($fieldlist[$field] == 'type_template') {
 		$css = 'center';
@@ -1073,6 +1084,12 @@
 	if ($fieldlist[$field] == 'position') {
 		$css = 'center';
 	}
+	if ($fieldlist[$field] == 'tms') {
+		$valuetoshow = 'Modif. date';
+	}
+	if ($fieldlist[$field] == 'datec') {
+		$valuetoshow = 'Date creation';
+	}
 
 	if ($fieldlist[$field] == 'joinfiles') {
 		$valuetoshow = $langs->trans("FilesAttachedToEmail");
@@ -1123,7 +1140,13 @@
 				print '<tr class="nohover oddeven" id="rowid-'.$obj->rowid.'">';
 
 				$tmpaction = 'edit';
-				$parameters = array('fieldlist' => $fieldlist, 'tabname' => $tabname[25]);
+				if ($action == 'edit') {
+					// do not show tms and datec
+					$fieldlist = explode(',', $tabfield[25]);
+					$parameters = array('fieldlist' => $fieldlist, 'tabname' => $tabname[25]);
+				} else {
+					$parameters = array('fieldlist' => $fieldlist, 'tabname' => $tabname[25]);
+				}
 				$reshook = $hookmanager->executeHooks('editEmailTemplateFieldlist', $parameters, $obj, $tmpaction); // Note that $action and $object may have been modified by some hooks
 				$error = $hookmanager->error;
 				$errors = $hookmanager->errors;

htdocs/api/class/api_emailtemplates.class.php

@@ -323,6 +323,9 @@ public function post($request_data = null)
 			if ($field == 'id') {
 				throw new RestException(400, 'Creating with id field is forbidden');
 			}
+			if ($field == 'tms') {
+				throw new RestException(400, 'Creating with tms field is forbidden');
+			}
 
 			$this->email_template->$field = $this->_checkValForAPI($field, $value, $this->email_template);
 		}
@@ -349,6 +352,7 @@ public function post($request_data = null)
 	 *
 	 * @return	Object					Object with cleaned properties
 	 *
+	 * @throws	RestException 400
 	 * @throws	RestException 403
 	 * @throws	RestException 404
 	 * @throws	RestException 500
@@ -367,8 +371,12 @@ public function putById($id, $request_data = null)
 
 		foreach ($request_data as $field => $value) {
 			if ($field == 'id') {
-				continue;
+				throw new RestException(400, 'Updating with id field is forbidden');
 			}
+			if ($field == 'datec') {
+				throw new RestException(400, 'Updating with datec field is forbidden');
+			}
+
 			if ($field === 'caller') {
 				// Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
 				$this->email_template->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
@@ -400,7 +408,7 @@ public function putById($id, $request_data = null)
 	 *
 	 * @return	Object					Object with cleaned properties
 	 *
-	 * @throws	RestException 403
+	 * @throws	RestException 400
 	 * @throws	RestException 404
 	 * @throws	RestException 500
 	 */
@@ -419,8 +427,12 @@ public function putbyLabel($label, $request_data = null)
 		$newlabel = $label;
 		foreach ($request_data as $field => $value) {
 			if ($field == 'id') {
-				continue;
+				throw new RestException(400, 'Updating with id field is forbidden');
 			}
+			if ($field == 'datec') {
+				throw new RestException(400, 'Updating with datec field is forbidden');
+			}
+
 			if ($field == 'label') {
 				$newlabel = $this->_checkValForAPI($field, $value, $this->email_template);
 			}

htdocs/core/class/cemailtemplate.class.php

@@ -275,9 +275,9 @@ public function create($user, $notrigger = 0)
 			$sql .= " '".((int) $this->fk_user)."',";
 		}
 		if (is_null($this->datec)) {
-			$sql .= " NULL,";
+			$sql .= " '".$this->db->idate($now)."',";
 		} else {
-			$sql .= " ".((int) $this->datec).",";
+			$sql .= " '".$this->db->idate($this->datec)."',";
 		}
 		$sql .= " '".$this->db->escape($this->label)."',";
 		$sql .= " ".((int) $this->position).", ".((int) $this->defaultfortype).",";
@@ -372,7 +372,6 @@ public function update(User $user, $notrigger = 0)
 		$sql .= " lang=".($this->lang ? "'".$this->db->escape($this->lang)."', " : 'NULL, ');
 		$sql .= " private=".((int) $this->private).",";
 		$sql .= " fk_user=".((int) $this->fk_user).",";
-		$sql .= " datec=".((int) $this->datec).",";
 		$sql .= " label=".($this->label ? "'".$this->db->escape($this->label)."', " : 'NULL, ');
 		$sql .= " position=".((int) $this->position).",";
 		$sql .= " defaultfortype=".((int) $this->defaultfortype).",";
@@ -528,7 +527,7 @@ public function apifetch($id, $label = '')
 				$this->active = (int) $obj->active;
 				$this->content = (string) $obj->content;
 				$this->content_lines = (string) $obj->content_lines;
-				$this->datec = (int) $obj->datec;
+				$this->datec = $this->db->jdate($obj->datec);
 				$this->defaultfortype = (int) $obj->defaultfortype;
 				$this->email_from = (string) $obj->email_from;
 				$this->email_to = (string) $obj->email_to;
@@ -542,7 +541,7 @@ public function apifetch($id, $label = '')
 				$this->module = (string) $obj->module;
 				$this->position = (int) $obj->position;
 				$this->private = (int) $obj->private;
-				$this->tms = $obj->tms;
+				$this->tms = $this->db->jdate($obj->tms);
 				$this->topic = (string) $obj->topic;
 				$this->type_template = (string) $obj->type_template;
 

test/hurl/api/emailtemplates/10_emailtemplates.hurl

@@ -65,6 +65,12 @@ POST http://{{hostnport}}/api/index.php/emailtemplates
 HTTP 400
 {"error":{"code":400,"message":"Bad Request: Creating with id field is forbidden"}}
 
+# POST No tms in post request data
+POST http://{{hostnport}}/api/index.php/emailtemplates
+{ "tms" : 42, "label" : "automatic test using 10_emailtemplates.hurl", "topic" : "automatic test using 10_emailtemplates.hurl", "type_template" : "all" }
+HTTP 400
+{"error":{"code":400,"message":"Bad Request: Creating with tms field is forbidden"}}
+
 # DELETE
 DELETE http://{{hostnport}}/api/index.php/emailtemplates/
 HTTP 405
@@ -96,3 +102,23 @@ GET http://{{hostnport}}/api/index.php/emailtemplates
 DOLAPIENTITY: 2
 HTTP 401
 {"error":{"code":401,"message":"Unauthorized: Error user not valid (not found with api key or bad status or bad validity dates) (conf->entity=2)"}}
+
+# GET id of first element
+GET http://{{hostnport}}/api/index.php/emailtemplates?limit=1&page=0
+HTTP 200
+[Asserts]
+jsonpath "$[0].id" exists
+[Captures]
+template-id: jsonpath "$[0]['id']"
+
+# PUT with an id
+PUT http://{{hostnport}}/api/index.php/emailtemplates/{{ template-id }}
+{ "id" : 42, "label" : "automatic test using 10_emailtemplates.hurl", "topic" : "automatic test using 10_emailtemplates.hurl", "type_template" : "all" }
+HTTP 400
+{"error":{"code":400,"message":"Bad Request: Updating with id field is forbidden"}}
+
+# PUT with an datec
+PUT http://{{hostnport}}/api/index.php/emailtemplates/{{ template-id }}
+{ "datec" : 42, "label" : "automatic test using 10_emailtemplates.hurl", "topic" : "automatic test using 10_emailtemplates.hurl", "type_template" : "all" }
+HTTP 400
+{"error":{"code":400,"message":"Bad Request: Updating with datec field is forbidden"}}