[civicrm-core.git] / CRM / UF / Form / Inline / Preview.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 * This class generates form components
 * for previewing Civicrm Profile Group
 */
class CRM_UF_Form_Inline_Preview extends CRM_UF_Form_AbstractPreview {

  /**
   * Pre processing work done here.
   *
   * gets session variables for group or field id
   */
  public function preProcess() {
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
      // CRM_Core_Controller validates qfKey for POST requests, but not necessarily
      // for GET requests. Allowing GET would therefore be CSRF vulnerability.
      CRM_Core_Error::statusBounce(ts('Preview only supports HTTP POST'));
    }
    // Inline forms don't get menu-level permission checks
    $checkPermission = [
      [
        'administer CiviCRM',
        'manage event profiles',
      ],
    ];
    if (!CRM_Core_Permission::check($checkPermission)) {
      CRM_Core_Error::statusBounce(ts('Permission Denied'));
    }
    $content = json_decode($_REQUEST['ufData'], TRUE);
    foreach (['ufGroup', 'ufFieldCollection'] as $key) {
      if (!is_array($content[$key])) {
        CRM_Core_Error::statusBounce("Missing JSON parameter, $key");
      }
    }

    $fields = CRM_Core_BAO_UFGroup::formatUFFields($content['ufGroup'], $content['ufFieldCollection']);
    $this->setProfile($fields);
  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
6a488035	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
6a488035	9	+--------------------------------------------------------------------+
d25dd0ee	10	*/
6a488035	11
6a488035 TO	12	/**
	13	* This class generates form components
	14	* for previewing Civicrm Profile Group
6a488035 TO	15	*/
	16	class CRM_UF_Form_Inline_Preview extends CRM_UF_Form_AbstractPreview {
	17
	18	/**
100fef9d	19	* Pre processing work done here.
6a488035 TO	20	*
6a488035 TO	21	* gets session variables for group or field id
6a488035	22	*/
00be9182	23	public function preProcess() {
fbdcf459	24	if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
6a488035 TO	25	// CRM_Core_Controller validates qfKey for POST requests, but not necessarily
6a488035 TO	26	// for GET requests. Allowing GET would therefore be CSRF vulnerability.
fbdcf459	27	CRM_Core_Error::statusBounce(ts('Preview only supports HTTP POST'));
6a488035 TO	28	}
6a488035 TO	29	// Inline forms don't get menu-level permission checks
be2fb01f CW	30	$checkPermission = [
be2fb01f CW	31	[
44792363	32	'administer CiviCRM',
44792363	33	'manage event profiles',
be2fb01f CW	34	],
be2fb01f CW	35	];
44792363	36	if (!CRM_Core_Permission::check($checkPermission)) {
beb414cc	37	CRM_Core_Error::statusBounce(ts('Permission Denied'));
6a488035 TO	38	}
6a488035 TO	39	$content = json_decode($_REQUEST['ufData'], TRUE);
be2fb01f	40	foreach (['ufGroup', 'ufFieldCollection'] as $key) {
6a488035	41	if (!is_array($content[$key])) {
fbdcf459	42	CRM_Core_Error::statusBounce("Missing JSON parameter, $key");
6a488035 TO	43	}
6a488035 TO	44	}
fbdcf459	45
6a488035	46	$fields = CRM_Core_BAO_UFGroup::formatUFFields($content['ufGroup'], $content['ufFieldCollection']);
6a488035	47	$this->setProfile($fields);
6a488035 TO	48	}
	49
	50	}