Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 | 11 | |
6a488035 TO |
12 | /** |
13 | * This class generates form components | |
14 | * for previewing Civicrm Profile Group | |
6a488035 TO |
15 | */ |
16 | class CRM_UF_Form_Inline_Preview extends CRM_UF_Form_AbstractPreview { | |
17 | ||
18 | /** | |
100fef9d | 19 | * Pre processing work done here. |
6a488035 TO |
20 | * |
21 | * gets session variables for group or field id | |
6a488035 | 22 | */ |
00be9182 | 23 | public function preProcess() { |
fbdcf459 | 24 | if ($_SERVER['REQUEST_METHOD'] !== 'POST') { |
6a488035 TO |
25 | // CRM_Core_Controller validates qfKey for POST requests, but not necessarily |
26 | // for GET requests. Allowing GET would therefore be CSRF vulnerability. | |
fbdcf459 | 27 | CRM_Core_Error::statusBounce(ts('Preview only supports HTTP POST')); |
6a488035 TO |
28 | } |
29 | // Inline forms don't get menu-level permission checks | |
be2fb01f CW |
30 | $checkPermission = [ |
31 | [ | |
44792363 | 32 | 'administer CiviCRM', |
33 | 'manage event profiles', | |
be2fb01f CW |
34 | ], |
35 | ]; | |
44792363 | 36 | if (!CRM_Core_Permission::check($checkPermission)) { |
beb414cc | 37 | CRM_Core_Error::statusBounce(ts('Permission Denied')); |
6a488035 TO |
38 | } |
39 | $content = json_decode($_REQUEST['ufData'], TRUE); | |
be2fb01f | 40 | foreach (['ufGroup', 'ufFieldCollection'] as $key) { |
6a488035 | 41 | if (!is_array($content[$key])) { |
fbdcf459 | 42 | CRM_Core_Error::statusBounce("Missing JSON parameter, $key"); |
6a488035 TO |
43 | } |
44 | } | |
fbdcf459 | 45 | |
6a488035 | 46 | $fields = CRM_Core_BAO_UFGroup::formatUFFields($content['ufGroup'], $content['ufFieldCollection']); |
6a488035 | 47 | $this->setProfile($fields); |
6a488035 TO |
48 | } |
49 | ||
50 | } |