Commit | Line | Data |
---|---|---|
19b53e5b | 1 | <?php |
380f3545 TO |
2 | |
3 | /* | |
4 | +--------------------------------------------------------------------+ | |
41498ac5 | 5 | | Copyright CiviCRM LLC. All rights reserved. | |
380f3545 | 6 | | | |
41498ac5 TO |
7 | | This work is published under the GNU AGPLv3 license with some | |
8 | | permitted exceptions and without any warranty. For full license | | |
9 | | and copyright information, see https://civicrm.org/licensing | | |
380f3545 TO |
10 | +--------------------------------------------------------------------+ |
11 | */ | |
19b53e5b C |
12 | namespace Civi\Api4\Generic; |
13 | ||
eb378b8a | 14 | use Civi\Api4\Utils\CoreUtil; |
961e974c | 15 | use Civi\Api4\Utils\FormattingUtil; |
19b53e5b | 16 | use Civi\Api4\Utils\ReflectionUtils; |
19b53e5b C |
17 | |
18 | /** | |
19 | * Base class for all api actions. | |
20 | * | |
c2adedc1 CW |
21 | * An api Action object stores the parameters of the api call, and defines a _run function to execute the action. |
22 | * | |
23 | * Every `protected` class var is considered a parameter (unless it starts with an underscore). | |
24 | * | |
25 | * Adding a `protected` var to your Action named e.g. `$thing` will automatically: | |
26 | * - Provide a getter/setter (via `__call` MagicMethod) named `getThing()` and `setThing()`. | |
27 | * - Expose the param in the Api Explorer (be sure to add a doc-block as it displays in the help panel). | |
28 | * - Require a value for the param if you add the "@required" annotation. | |
29 | * | |
19b53e5b | 30 | * @method bool getCheckPermissions() |
b65fa6dc CW |
31 | * @method $this setDebug(bool $value) Enable/disable debug output |
32 | * @method bool getDebug() | |
19b53e5b C |
33 | * @method $this setChain(array $chain) |
34 | * @method array getChain() | |
35 | */ | |
36 | abstract class AbstractAction implements \ArrayAccess { | |
37 | ||
f0b61afb | 38 | use \Civi\Schema\Traits\MagicGetterSetterTrait; |
e1f0b33e | 39 | |
19b53e5b C |
40 | /** |
41 | * Api version number; cannot be changed. | |
42 | * | |
43 | * @var int | |
44 | */ | |
45 | protected $version = 4; | |
46 | ||
47 | /** | |
48 | * Additional api requests - will be called once per result. | |
49 | * | |
50 | * Keys can be any string - this will be the name given to the output. | |
51 | * | |
136ca5bb | 52 | * You can reference other values in the api results in this call by prefixing them with `$`. |
19b53e5b C |
53 | * |
54 | * For example, you could create a contact and place them in a group by chaining the | |
136ca5bb | 55 | * `GroupContact` api to the `Contact` api: |
19b53e5b | 56 | * |
136ca5bb | 57 | * ```php |
19b53e5b C |
58 | * Contact::create() |
59 | * ->setValue('first_name', 'Hello') | |
136ca5bb CW |
60 | * ->addChain('add_a_group', GroupContact::create() |
61 | * ->setValue('contact_id', '$id') | |
62 | * ->setValue('group_id', 123) | |
63 | * ) | |
64 | * ``` | |
19b53e5b | 65 | * |
136ca5bb | 66 | * This will substitute the id of the newly created contact with `$id`. |
19b53e5b C |
67 | * |
68 | * @var array | |
69 | */ | |
70 | protected $chain = []; | |
71 | ||
72 | /** | |
73 | * Whether to enforce acl permissions based on the current user. | |
74 | * | |
75 | * Setting to FALSE will disable permission checks and override ACLs. | |
76 | * In REST/javascript this cannot be disabled. | |
77 | * | |
78 | * @var bool | |
79 | */ | |
80 | protected $checkPermissions = TRUE; | |
81 | ||
b65fa6dc CW |
82 | /** |
83 | * Add debugging info to the api result. | |
84 | * | |
136ca5bb | 85 | * When enabled, `$result->debug` will be populated with information about the api call, |
32f72d83 CW |
86 | * including sql queries executed. |
87 | * | |
136ca5bb | 88 | * **Note:** with checkPermissions enabled, debug info will only be returned if the user has "view debug output" permission. |
32f72d83 | 89 | * |
b65fa6dc CW |
90 | * @var bool |
91 | */ | |
92 | protected $debug = FALSE; | |
93 | ||
19b53e5b C |
94 | /** |
95 | * @var string | |
96 | */ | |
97 | protected $_entityName; | |
98 | ||
99 | /** | |
100 | * @var string | |
101 | */ | |
102 | protected $_actionName; | |
103 | ||
104 | /** | |
105 | * @var \ReflectionClass | |
106 | */ | |
107 | private $_reflection; | |
108 | ||
109 | /** | |
110 | * @var array | |
111 | */ | |
112 | private $_paramInfo; | |
113 | ||
114 | /** | |
115 | * @var array | |
116 | */ | |
117 | private $_entityFields; | |
118 | ||
119 | /** | |
120 | * @var array | |
121 | */ | |
122 | private $_arrayStorage = []; | |
123 | ||
124 | /** | |
125 | * @var int | |
126 | * Used to identify api calls for transactions | |
127 | * @see \Civi\Core\Transaction\Manager | |
128 | */ | |
129 | private $_id; | |
130 | ||
32f72d83 | 131 | public $_debugOutput = []; |
b65fa6dc | 132 | |
19b53e5b C |
133 | /** |
134 | * Action constructor. | |
135 | * | |
136 | * @param string $entityName | |
137 | * @param string $actionName | |
138 | * @throws \API_Exception | |
139 | */ | |
140 | public function __construct($entityName, $actionName) { | |
141 | // If a namespaced class name is passed in | |
142 | if (strpos($entityName, '\\') !== FALSE) { | |
143 | $entityName = substr($entityName, strrpos($entityName, '\\') + 1); | |
144 | } | |
145 | $this->_entityName = $entityName; | |
146 | $this->_actionName = $actionName; | |
147 | $this->_id = \Civi\API\Request::getNextId(); | |
148 | } | |
149 | ||
150 | /** | |
151 | * Strictly enforce api parameters | |
152 | * @param $name | |
153 | * @param $value | |
154 | * @throws \Exception | |
155 | */ | |
156 | public function __set($name, $value) { | |
157 | throw new \API_Exception('Unknown api parameter'); | |
158 | } | |
159 | ||
160 | /** | |
161 | * @param int $val | |
162 | * @return $this | |
163 | * @throws \API_Exception | |
164 | */ | |
165 | public function setVersion($val) { | |
121ec912 | 166 | if ($val !== 4 && $val !== '4') { |
19b53e5b C |
167 | throw new \API_Exception('Cannot modify api version'); |
168 | } | |
169 | return $this; | |
170 | } | |
171 | ||
6764a9d3 CW |
172 | /** |
173 | * @param bool $checkPermissions | |
174 | * @return $this | |
175 | */ | |
176 | public function setCheckPermissions(bool $checkPermissions) { | |
177 | $this->checkPermissions = $checkPermissions; | |
178 | return $this; | |
179 | } | |
180 | ||
19b53e5b C |
181 | /** |
182 | * @param string $name | |
183 | * Unique name for this chained request | |
184 | * @param \Civi\Api4\Generic\AbstractAction $apiRequest | |
136ca5bb CW |
185 | * @param string|int|array $index |
186 | * See `civicrm_api4()` for documentation of `$index` param | |
19b53e5b C |
187 | * @return $this |
188 | */ | |
189 | public function addChain($name, AbstractAction $apiRequest, $index = NULL) { | |
190 | $this->chain[$name] = [$apiRequest->getEntityName(), $apiRequest->getActionName(), $apiRequest->getParams(), $index]; | |
191 | return $this; | |
192 | } | |
193 | ||
9b69b3a1 SL |
194 | /** |
195 | * Magic function to provide automatic getter/setter for params. | |
196 | * | |
197 | * @param $name | |
198 | * @param $arguments | |
199 | * @return static|mixed | |
200 | * @throws \API_Exception | |
201 | */ | |
202 | public function __call($name, $arguments) { | |
203 | $param = lcfirst(substr($name, 3)); | |
204 | if (!$param || $param[0] == '_') { | |
205 | throw new \API_Exception('Unknown api parameter: ' . $name); | |
206 | } | |
207 | $mode = substr($name, 0, 3); | |
208 | if ($this->paramExists($param)) { | |
209 | switch ($mode) { | |
210 | case 'get': | |
211 | return $this->$param; | |
212 | ||
213 | case 'set': | |
214 | $this->$param = $arguments[0]; | |
215 | return $this; | |
216 | } | |
217 | } | |
218 | throw new \API_Exception('Unknown api parameter: ' . $name); | |
219 | } | |
220 | ||
19b53e5b C |
221 | /** |
222 | * Invoke api call. | |
223 | * | |
224 | * At this point all the params have been sent in and we initiate the api call & return the result. | |
225 | * This is basically the outer wrapper for api v4. | |
226 | * | |
227 | * @return \Civi\Api4\Generic\Result | |
121ec912 | 228 | * @throws \API_Exception |
19b53e5b C |
229 | * @throws \Civi\API\Exception\UnauthorizedException |
230 | */ | |
231 | public function execute() { | |
232 | /** @var \Civi\API\Kernel $kernel */ | |
233 | $kernel = \Civi::service('civi_api_kernel'); | |
b65fa6dc CW |
234 | $result = $kernel->runRequest($this); |
235 | if ($this->debug && (!$this->checkPermissions || \CRM_Core_Permission::check('view debug output'))) { | |
32f72d83 | 236 | $result->debug['actionClass'] = get_class($this); |
b65fa6dc CW |
237 | $result->debug = array_merge($result->debug, $this->_debugOutput); |
238 | } | |
239 | else { | |
240 | $result->debug = NULL; | |
241 | } | |
242 | return $result; | |
19b53e5b C |
243 | } |
244 | ||
245 | /** | |
246 | * @param \Civi\Api4\Generic\Result $result | |
247 | */ | |
248 | abstract public function _run(Result $result); | |
249 | ||
250 | /** | |
251 | * Serialize this object's params into an array | |
252 | * @return array | |
253 | */ | |
254 | public function getParams() { | |
255 | $params = []; | |
e1f0b33e TO |
256 | $magicProperties = $this->getMagicProperties(); |
257 | foreach ($magicProperties as $name => $bool) { | |
258 | $params[$name] = $this->$name; | |
19b53e5b C |
259 | } |
260 | return $params; | |
261 | } | |
262 | ||
263 | /** | |
264 | * Get documentation for one or all params | |
265 | * | |
266 | * @param string $param | |
267 | * @return array of arrays [description, type, default, (comment)] | |
268 | */ | |
269 | public function getParamInfo($param = NULL) { | |
270 | if (!isset($this->_paramInfo)) { | |
271 | $defaults = $this->getParamDefaults(); | |
fc95d9a5 | 272 | $vars = [ |
e3c6d5ff CW |
273 | 'entity' => $this->getEntityName(), |
274 | 'action' => $this->getActionName(), | |
fc95d9a5 CW |
275 | ]; |
276 | // For actions like "getFields" and "getActions" they are not getting the entity itself. | |
277 | // So generic docs will make more sense like this: | |
e3c6d5ff CW |
278 | if (substr($vars['action'], 0, 3) === 'get' && substr($vars['action'], -1) === 's') { |
279 | $vars['entity'] = lcfirst(substr($vars['action'], 3, -1)); | |
fc95d9a5 | 280 | } |
19b53e5b C |
281 | foreach ($this->reflect()->getProperties(\ReflectionProperty::IS_PROTECTED) as $property) { |
282 | $name = $property->getName(); | |
283 | if ($name != 'version' && $name[0] != '_') { | |
db11224f CW |
284 | $docs = ReflectionUtils::getCodeDocs($property, 'Property', $vars); |
285 | $docs['default'] = $defaults[$name]; | |
286 | if (!empty($docs['optionsCallback'])) { | |
287 | $docs['options'] = $this->{$docs['optionsCallback']}(); | |
288 | unset($docs['optionsCallback']); | |
289 | } | |
290 | $this->_paramInfo[$name] = $docs; | |
19b53e5b C |
291 | } |
292 | } | |
293 | } | |
294 | return $param ? $this->_paramInfo[$param] : $this->_paramInfo; | |
295 | } | |
296 | ||
297 | /** | |
298 | * @return string | |
299 | */ | |
300 | public function getEntityName() { | |
301 | return $this->_entityName; | |
302 | } | |
303 | ||
304 | /** | |
305 | * | |
306 | * @return string | |
307 | */ | |
308 | public function getActionName() { | |
309 | return $this->_actionName; | |
310 | } | |
311 | ||
312 | /** | |
313 | * @param string $param | |
314 | * @return bool | |
315 | */ | |
316 | public function paramExists($param) { | |
e1f0b33e | 317 | return array_key_exists($param, $this->getMagicProperties()); |
19b53e5b C |
318 | } |
319 | ||
320 | /** | |
321 | * @return array | |
322 | */ | |
323 | protected function getParamDefaults() { | |
e1f0b33e | 324 | return array_intersect_key($this->reflect()->getDefaultProperties(), $this->getMagicProperties()); |
19b53e5b C |
325 | } |
326 | ||
327 | /** | |
328 | * @inheritDoc | |
329 | */ | |
330 | public function offsetExists($offset) { | |
331 | return in_array($offset, ['entity', 'action', 'params', 'version', 'check_permissions', 'id']) || isset($this->_arrayStorage[$offset]); | |
332 | } | |
333 | ||
334 | /** | |
335 | * @inheritDoc | |
336 | */ | |
337 | public function &offsetGet($offset) { | |
338 | $val = NULL; | |
339 | if (in_array($offset, ['entity', 'action'])) { | |
340 | $offset .= 'Name'; | |
341 | } | |
342 | if (in_array($offset, ['entityName', 'actionName', 'params', 'version'])) { | |
343 | $getter = 'get' . ucfirst($offset); | |
344 | $val = $this->$getter(); | |
345 | return $val; | |
346 | } | |
347 | if ($offset == 'check_permissions') { | |
348 | return $this->checkPermissions; | |
349 | } | |
350 | if ($offset == 'id') { | |
351 | return $this->_id; | |
352 | } | |
353 | if (isset($this->_arrayStorage[$offset])) { | |
354 | return $this->_arrayStorage[$offset]; | |
355 | } | |
356 | return $val; | |
357 | } | |
358 | ||
359 | /** | |
360 | * @inheritDoc | |
361 | */ | |
362 | public function offsetSet($offset, $value) { | |
363 | if (in_array($offset, ['entity', 'action', 'entityName', 'actionName', 'params', 'version', 'id'])) { | |
364 | throw new \API_Exception('Cannot modify api4 state via array access'); | |
365 | } | |
366 | if ($offset == 'check_permissions') { | |
367 | $this->setCheckPermissions($value); | |
368 | } | |
369 | else { | |
370 | $this->_arrayStorage[$offset] = $value; | |
371 | } | |
372 | } | |
373 | ||
374 | /** | |
375 | * @inheritDoc | |
376 | */ | |
377 | public function offsetUnset($offset) { | |
378 | if (in_array($offset, ['entity', 'action', 'entityName', 'actionName', 'params', 'check_permissions', 'version', 'id'])) { | |
379 | throw new \API_Exception('Cannot modify api4 state via array access'); | |
380 | } | |
381 | unset($this->_arrayStorage[$offset]); | |
382 | } | |
383 | ||
384 | /** | |
385 | * Is this api call permitted? | |
386 | * | |
387 | * This function is called if checkPermissions is set to true. | |
388 | * | |
389 | * @return bool | |
70da3927 | 390 | * @internal Implement/override in civicrm-core.git only. Signature may evolve. |
19b53e5b | 391 | */ |
70da3927 | 392 | public function isAuthorized(): bool { |
19b53e5b | 393 | $permissions = $this->getPermissions(); |
70da3927 | 394 | return \CRM_Core_Permission::check($permissions); |
19b53e5b C |
395 | } |
396 | ||
397 | /** | |
398 | * @return array | |
399 | */ | |
400 | public function getPermissions() { | |
eb378b8a | 401 | $permissions = call_user_func([CoreUtil::getApiClass($this->_entityName), 'permissions']); |
19b53e5b C |
402 | $permissions += [ |
403 | // applies to getFields, getActions, etc. | |
404 | 'meta' => ['access CiviCRM'], | |
405 | // catch-all, applies to create, get, delete, etc. | |
406 | 'default' => ['administer CiviCRM'], | |
407 | ]; | |
408 | $action = $this->getActionName(); | |
d1961207 CW |
409 | // Map specific action names to more generic versions |
410 | $map = [ | |
411 | 'getActions' => 'meta', | |
412 | 'getFields' => 'meta', | |
413 | 'replace' => 'delete', | |
414 | 'save' => 'create', | |
415 | ]; | |
416 | $generic = $map[$action] ?? 'default'; | |
417 | return $permissions[$action] ?? $permissions[$generic] ?? $permissions['default']; | |
19b53e5b C |
418 | } |
419 | ||
420 | /** | |
421 | * Returns schema fields for this entity & action. | |
422 | * | |
39e0f675 | 423 | * Here we bypass the api wrapper and run the getFields action directly. |
80aabc65 | 424 | * This is because we DON'T want the wrapper to check permissions as this is an internal op. |
19b53e5b C |
425 | * @see \Civi\Api4\Action\Contact\GetFields |
426 | * | |
39e0f675 | 427 | * @throws \API_Exception |
19b53e5b C |
428 | * @return array |
429 | */ | |
430 | public function entityFields() { | |
431 | if (!$this->_entityFields) { | |
a1415a02 | 432 | $allowedTypes = ['Field', 'Filter', 'Extra']; |
3a8dc228 CW |
433 | $getFields = \Civi\API\Request::create($this->getEntityName(), 'getFields', [ |
434 | 'version' => 4, | |
80aabc65 | 435 | 'checkPermissions' => FALSE, |
3a8dc228 | 436 | 'action' => $this->getActionName(), |
a1415a02 | 437 | 'where' => [['type', 'IN', $allowedTypes]], |
3a8dc228 | 438 | ]); |
19b53e5b | 439 | $result = new Result(); |
4b3b32e5 CW |
440 | // Pass TRUE for the private $isInternal param |
441 | $getFields->_run($result, TRUE); | |
19b53e5b C |
442 | $this->_entityFields = (array) $result->indexBy('name'); |
443 | } | |
444 | return $this->_entityFields; | |
445 | } | |
446 | ||
447 | /** | |
448 | * @return \ReflectionClass | |
449 | */ | |
450 | public function reflect() { | |
451 | if (!$this->_reflection) { | |
452 | $this->_reflection = new \ReflectionClass($this); | |
453 | } | |
454 | return $this->_reflection; | |
455 | } | |
456 | ||
457 | /** | |
458 | * Validates required fields for actions which create a new object. | |
459 | * | |
460 | * @param $values | |
461 | * @return array | |
462 | * @throws \API_Exception | |
463 | */ | |
464 | protected function checkRequiredFields($values) { | |
465 | $unmatched = []; | |
466 | foreach ($this->entityFields() as $fieldName => $fieldInfo) { | |
467 | if (!isset($values[$fieldName]) || $values[$fieldName] === '') { | |
468 | if (!empty($fieldInfo['required']) && !isset($fieldInfo['default_value'])) { | |
469 | $unmatched[] = $fieldName; | |
470 | } | |
471 | elseif (!empty($fieldInfo['required_if'])) { | |
472 | if ($this->evaluateCondition($fieldInfo['required_if'], ['values' => $values])) { | |
473 | $unmatched[] = $fieldName; | |
474 | } | |
475 | } | |
476 | } | |
477 | } | |
478 | return $unmatched; | |
479 | } | |
480 | ||
961e974c CW |
481 | /** |
482 | * Replaces pseudoconstants in input values | |
483 | * | |
484 | * @param array $record | |
485 | * @throws \API_Exception | |
486 | */ | |
487 | protected function formatWriteValues(&$record) { | |
488 | $optionFields = []; | |
489 | // Collect fieldnames with a :pseudoconstant suffix & remove them from $record array | |
490 | foreach (array_keys($record) as $expr) { | |
491 | $suffix = strrpos($expr, ':'); | |
492 | if ($suffix) { | |
493 | $fieldName = substr($expr, 0, $suffix); | |
494 | $field = $this->entityFields()[$fieldName] ?? NULL; | |
495 | if ($field) { | |
496 | $optionFields[$fieldName] = [ | |
497 | 'val' => $record[$expr], | |
265192b2 | 498 | 'expr' => $expr, |
721c9da1 | 499 | 'field' => $field, |
961e974c | 500 | 'suffix' => substr($expr, $suffix + 1), |
0dcd942c | 501 | 'depends' => $field['input_attrs']['control_field'] ?? NULL, |
961e974c CW |
502 | ]; |
503 | unset($record[$expr]); | |
504 | } | |
505 | } | |
506 | } | |
507 | // Sort option lookups by dependency, so e.g. country_id is processed first, then state_province_id, then county_id | |
508 | uasort($optionFields, function ($a, $b) { | |
721c9da1 | 509 | return $a['field']['name'] === $b['depends'] ? -1 : 1; |
961e974c CW |
510 | }); |
511 | // Replace pseudoconstants. Note this is a reverse lookup as we are evaluating input not output. | |
512 | foreach ($optionFields as $fieldName => $info) { | |
265192b2 | 513 | $options = FormattingUtil::getPseudoconstantList($info['field'], $info['expr'], $record, 'create'); |
961e974c CW |
514 | $record[$fieldName] = FormattingUtil::replacePseudoconstant($options, $info['val'], TRUE); |
515 | } | |
516 | } | |
517 | ||
19b53e5b C |
518 | /** |
519 | * This function is used internally for evaluating field annotations. | |
520 | * | |
521 | * It should never be passed raw user input. | |
522 | * | |
523 | * @param string $expr | |
524 | * Conditional in php format e.g. $foo > $bar | |
525 | * @param array $vars | |
526 | * Variable name => value | |
527 | * @return bool | |
528 | * @throws \API_Exception | |
529 | * @throws \Exception | |
530 | */ | |
531 | protected function evaluateCondition($expr, $vars) { | |
532 | if (strpos($expr, '}') !== FALSE || strpos($expr, '{') !== FALSE) { | |
533 | throw new \API_Exception('Illegal character in expression'); | |
534 | } | |
535 | $tpl = "{if $expr}1{else}0{/if}"; | |
536 | return (bool) trim(\CRM_Core_Smarty::singleton()->fetchWith('string:' . $tpl, $vars)); | |
537 | } | |
538 | ||
32f72d83 CW |
539 | /** |
540 | * When in debug mode, this logs the callback function being used by a Basic*Action class. | |
541 | * | |
542 | * @param callable $callable | |
543 | */ | |
544 | protected function addCallbackToDebugOutput($callable) { | |
545 | if ($this->debug && empty($this->_debugOutput['callback'])) { | |
546 | if (is_scalar($callable)) { | |
547 | $this->_debugOutput['callback'] = (string) $callable; | |
548 | } | |
549 | elseif (is_array($callable)) { | |
550 | foreach ($callable as $key => $unit) { | |
551 | $this->_debugOutput['callback'][$key] = is_object($unit) ? get_class($unit) : (string) $unit; | |
552 | } | |
553 | } | |
554 | elseif (is_object($callable)) { | |
555 | $this->_debugOutput['callback'] = get_class($callable); | |
556 | } | |
557 | } | |
558 | } | |
559 | ||
19b53e5b | 560 | } |