[civicrm-core.git] / CRM / Mailing / Page / View.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 */

/**
 * A page for mailing preview.
 */
class CRM_Mailing_Page_View extends CRM_Core_Page {

  /**
   * Signal to Flexmailer that this version of the class is usable.
   *
   * @var bool
   */
  const USES_MAILING_PREVIEW_API = 1;

  protected $_mailingID;
  protected $_mailing;
  protected $_contactID;

  /**
   * Lets do permission checking here.
   * First check for valid mailing, if false return fatal.
   * Second check for visibility.
   * Call a hook to see if hook wants to override visibility setting.
   */
  public function checkPermission() {
    if (!$this->_mailing) {
      return FALSE;
    }

    // check for visibility, if visibility is Public Pages and they have the permission
    // return true
    if ($this->_mailing->visibility == 'Public Pages' &&
      CRM_Core_Permission::check('view public CiviMail content')
    ) {
      return TRUE;
    }

    // if user is an admin, return true
    if (CRM_Core_Permission::check('administer CiviCRM') ||
      CRM_Core_Permission::check('approve mailings') ||
      CRM_Core_Permission::check('access CiviMail')
    ) {
      return TRUE;
    }

    return FALSE;
  }

  /**
   * Run this page (figure out the action needed and perform it).
   *
   * @param int $id
   * @param int $contactID
   * @param bool $print
   * @param bool $allowID
   *
   * @return null|string
   *   Not really sure if anything should be returned - parent doesn't
   */
  public function run($id = NULL, $contactID = NULL, $print = TRUE, $allowID = FALSE) {
    if (is_numeric($id)) {
      $this->_mailingID = $id;
    }
    else {
      $print = TRUE;
      $this->_mailingID = CRM_Utils_Request::retrieve('id', 'String', CRM_Core_DAO::$_nullObject, TRUE);
    }

    // Retrieve contact ID and checksum from the URL
    $cs = CRM_Utils_Request::retrieve('cs', 'String');
    $cid = CRM_Utils_Request::retrieve('cid', 'Int');

    // # CRM-7651
    // override contactID from the function level if passed in
    if (isset($contactID) &&
      is_numeric($contactID)
    ) {
      $this->_contactID = $contactID;
    }

    // Support checksummed view of the mailing to replace tokens
    elseif (!empty($cs) && !empty($cid) && CRM_Contact_BAO_Contact_Utils::validChecksum($cid, $cs)) {
      $this->_contactID = $cid;
    }

    else {
      $this->_contactID = CRM_Core_Session::getLoggedInContactID();
    }

    // mailing key check
    if (Civi::settings()->get('hash_mailing_url')) {
      $this->_mailing = new CRM_Mailing_BAO_Mailing();

      if (!is_numeric($this->_mailingID)) {

        //lets get the id from the hash
        $result_id = civicrm_api3('Mailing', 'get', [
          'return' => ['id'],
          'hash' => $this->_mailingID,
        ]);
        $this->_mailing->hash = $this->_mailingID;
        $this->_mailingID     = $result_id['id'];
      }
      elseif (is_numeric($this->_mailingID)) {
        $this->_mailing->id = $this->_mailingID;
        // if mailing is present and associated hash is present
        // while 'hash' is not been used for mailing view : throw 'permissionDenied'
        if ($this->_mailing->find() &&
          CRM_Core_DAO::getFieldValue('CRM_Mailing_BAO_Mailing', $this->_mailingID, 'hash', 'id') &&
          !$allowID
        ) {
          CRM_Utils_System::permissionDenied();
          return NULL;
        }
      }
    }
    else {
      $this->_mailing = new CRM_Mailing_BAO_Mailing();
      $this->_mailing->id = $this->_mailingID;
    }

    if (!$this->_mailing->find(TRUE) ||
      !$this->checkPermission()
    ) {
      CRM_Utils_System::permissionDenied();
      return NULL;
    }

    $contactId = $this->_contactID ?? 0;

    $result = civicrm_api3('Mailing', 'preview', [
      'id' => $this->_mailingID,
      'contact_id' => $contactId,
    ]);
    $mailing = $result['values'] ?? NULL;

    $title = NULL;
    if (isset($mailing['body_html']) && empty($_GET['text'])) {
      $header = 'text/html; charset=utf-8';
      $content = $mailing['body_html'];
      if (strpos($content, '<head>') === FALSE && strpos($content, '<title>') === FALSE) {
        $title = '<head><title>' . $mailing['subject'] . '</title></head>';
      }
    }
    else {
      $header = 'text/plain; charset=utf-8';
      $content = $mailing['body_text'];
    }
    CRM_Utils_System::setTitle($mailing['subject']);

    if (CRM_Utils_Array::value('snippet', $_GET) === 'json') {
      CRM_Core_Page_AJAX::returnJsonResponse($content);
    }
    if ($print) {
      CRM_Utils_System::setHttpHeader('Content-Type', $header);
      print $title;
      print $content;
      CRM_Utils_System::civiExit();
    }
    else {
      return $content;
    }
  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
6a488035	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
6a488035	9	+--------------------------------------------------------------------+
d25dd0ee	10	*/
6a488035 TO	11
	12	/**
	13	*
	14	* @package CRM
ca5cec67	15	* @copyright CiviCRM LLC https://civicrm.org/licensing
6a488035 TO	16	*/
	17
	18	/**
25606795	19	* A page for mailing preview.
6a488035 TO	20	*/
6a488035 TO	21	class CRM_Mailing_Page_View extends CRM_Core_Page {
640d3ea6 TO	22
640d3ea6 TO	23	/**
9f266042	24	* Signal to Flexmailer that this version of the class is usable.
	25	*
	26	* @var bool
640d3ea6 TO	27	*/
	28	const USES_MAILING_PREVIEW_API = 1;
	29
6a488035 TO	30	protected $_mailingID;
	31	protected $_mailing;
	32	protected $_contactID;
	33
	34	/**
fe482240	35	* Lets do permission checking here.
25606795 SB	36	* First check for valid mailing, if false return fatal.
	37	* Second check for visibility.
	38	* Call a hook to see if hook wants to override visibility setting.
6a488035	39	*/
00be9182	40	public function checkPermission() {
6a488035 TO	41	if (!$this->_mailing) {
	42	return FALSE;
	43	}
	44
	45	// check for visibility, if visibility is Public Pages and they have the permission
	46	// return true
	47	if ($this->_mailing->visibility == 'Public Pages' &&
	48	CRM_Core_Permission::check('view public CiviMail content')
	49	) {
	50	return TRUE;
	51	}
	52
	53	// if user is an admin, return true
	54	if (CRM_Core_Permission::check('administer CiviCRM') \|\|
cb7b73f0	55	CRM_Core_Permission::check('approve mailings') \|\|
6a488035 TO	56	CRM_Core_Permission::check('access CiviMail')
	57	) {
	58	return TRUE;
	59	}
	60
	61	return FALSE;
	62	}
	63
	64	/**
100fef9d	65	* Run this page (figure out the action needed and perform it).
6a488035	66	*
100fef9d CW	67	* @param int $id
100fef9d CW	68	* @param int $contactID
77b97be7 EM	69	* @param bool $print
77b97be7 EM	70	* @param bool $allowID
7535623a	71	*
7535623a	72	* @return null\|string
3b2bf3b5	73	* Not really sure if anything should be returned - parent doesn't
6a488035	74	*/
00be9182	75	public function run($id = NULL, $contactID = NULL, $print = TRUE, $allowID = FALSE) {
6a488035 TO	76	if (is_numeric($id)) {
	77	$this->_mailingID = $id;
	78	}
	79	else {
	80	$print = TRUE;
c57f36a1	81	$this->_mailingID = CRM_Utils_Request::retrieve('id', 'String', CRM_Core_DAO::$_nullObject, TRUE);
6a488035 TO	82	}
6a488035 TO	83
b56b8b0e J	84	// Retrieve contact ID and checksum from the URL
	85	$cs = CRM_Utils_Request::retrieve('cs', 'String');
	86	$cid = CRM_Utils_Request::retrieve('cid', 'Int');
	87
6a488035 TO	88	// # CRM-7651
	89	// override contactID from the function level if passed in
	90	if (isset($contactID) &&
	91	is_numeric($contactID)
	92	) {
	93	$this->_contactID = $contactID;
	94	}
b56b8b0e J	95
	96	// Support checksummed view of the mailing to replace tokens
	97	elseif (!empty($cs) && !empty($cid) && CRM_Contact_BAO_Contact_Utils::validChecksum($cid, $cs)) {
	98	$this->_contactID = $cid;
	99	}
	100
6a488035	101	else {
3bdcd4ec	102	$this->_contactID = CRM_Core_Session::getLoggedInContactID();
6a488035 TO	103	}
6a488035 TO	104
c57f36a1	105	// mailing key check
aaffa79f	106	if (Civi::settings()->get('hash_mailing_url')) {
c57f36a1 PJ	107	$this->_mailing = new CRM_Mailing_BAO_Mailing();
	108
	109	if (!is_numeric($this->_mailingID)) {
d51b4af6	110
	111	//lets get the id from the hash
	112	$result_id = civicrm_api3('Mailing', 'get', [
	113	'return' => ['id'],
	114	'hash' => $this->_mailingID,
	115	]);
c57f36a1	116	$this->_mailing->hash = $this->_mailingID;
d51b4af6	117	$this->_mailingID = $result_id['id'];
c57f36a1 PJ	118	}
	119	elseif (is_numeric($this->_mailingID)) {
	120	$this->_mailing->id = $this->_mailingID;
	121	// if mailing is present and associated hash is present
	122	// while 'hash' is not been used for mailing view : throw 'permissionDenied'
	123	if ($this->_mailing->find() &&
303aa3b3	124	CRM_Core_DAO::getFieldValue('CRM_Mailing_BAO_Mailing', $this->_mailingID, 'hash', 'id') &&
c57f36a1 PJ	125	!$allowID
	126	) {
	127	CRM_Utils_System::permissionDenied();
3b2bf3b5	128	return NULL;
c57f36a1 PJ	129	}
	130	}
	131	}
	132	else {
	133	$this->_mailing = new CRM_Mailing_BAO_Mailing();
	134	$this->_mailing->id = $this->_mailingID;
	135	}
6a488035 TO	136
	137	if (!$this->_mailing->find(TRUE) \|\|
	138	!$this->checkPermission()
	139	) {
	140	CRM_Utils_System::permissionDenied();
3b2bf3b5	141	return NULL;
6a488035 TO	142	}
6a488035 TO	143
2e1f50d6	144	$contactId = $this->_contactID ?? 0;
640d3ea6 TO	145
	146	$result = civicrm_api3('Mailing', 'preview', [
	147	'id' => $this->_mailingID,
	148	'contact_id' => $contactId,
	149	]);
9e10fb6b	150	$mailing = $result['values'] ?? NULL;
6a488035	151
3f32bb8b	152	$title = NULL;
640d3ea6	153	if (isset($mailing['body_html']) && empty($_GET['text'])) {
956d2f84	154	$header = 'text/html; charset=utf-8';
640d3ea6	155	$content = $mailing['body_html'];
3f32bb8b	156	if (strpos($content, '<head>') === FALSE && strpos($content, '<title>') === FALSE) {
640d3ea6	157	$title = '<head><title>' . $mailing['subject'] . '</title></head>';
3f32bb8b	158	}
6a488035 TO	159	}
6a488035 TO	160	else {
956d2f84	161	$header = 'text/plain; charset=utf-8';
640d3ea6	162	$content = $mailing['body_text'];
6a488035	163	}
640d3ea6	164	CRM_Utils_System::setTitle($mailing['subject']);
6a488035	165
fc164be7 CW	166	if (CRM_Utils_Array::value('snippet', $_GET) === 'json') {
	167	CRM_Core_Page_AJAX::returnJsonResponse($content);
	168	}
6a488035	169	if ($print) {
956d2f84	170	CRM_Utils_System::setHttpHeader('Content-Type', $header);
3f32bb8b	171	print $title;
6a488035 TO	172	print $content;
	173	CRM_Utils_System::civiExit();
	174	}
	175	else {
	176	return $content;
	177	}
	178	}
96025800	179
6a488035	180	}