[civicrm-core.git] / Civi / Api4 / Utils / CoreUtil.php

<?php

/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

namespace Civi\Api4\Utils;

use Civi\API\Exception\NotImplementedException;
use Civi\API\Request;
use Civi\Api4\Entity;
use Civi\Api4\Event\CreateApi4RequestEvent;
use CRM_Core_DAO_AllCoreTables as AllCoreTables;

class CoreUtil {

  /**
   * @param $entityName
   *
   * @return \CRM_Core_DAO|string
   *   The BAO name for use in static calls. Return doc block is hacked to allow
   *   auto-completion of static methods
   */
  public static function getBAOFromApiName($entityName) {
    if ($entityName === 'CustomValue' || strpos($entityName, 'Custom_') === 0) {
      return 'CRM_Core_BAO_CustomValue';
    }
    $dao = AllCoreTables::getFullName($entityName);
    return $dao ? AllCoreTables::getBAOClassName($dao) : NULL;
  }

  /**
   * @param $entityName
   * @return string|\Civi\Api4\Generic\AbstractEntity
   */
  public static function getApiClass($entityName) {
    $e = new CreateApi4RequestEvent($entityName);
    \Civi::dispatcher()->dispatch('civi.api4.createRequest', $e);
    return $e->className;
  }

  /**
   * Get a piece of metadata about an entity
   *
   * @param string $entityName
   * @param string $keyToReturn
   * @return mixed
   */
  public static function getInfoItem(string $entityName, string $keyToReturn) {
    // Because this function might be called thousands of times per request, read directly
    // from the cache set by Apiv4 Entity.get to avoid the processing overhead of the API wrapper.
    $cached = \Civi::cache('metadata')->get('api4.entities.info');
    if ($cached) {
      $info = $cached[$entityName] ?? NULL;
    }
    // If the cache is empty, calling Entity.get will populate it and we'll use it next time.
    else {
      $info = Entity::get(FALSE)
        ->addWhere('name', '=', $entityName)
        ->addSelect($keyToReturn)
        ->execute()->first();
    }
    return $info ? $info[$keyToReturn] ?? NULL : NULL;
  }

  /**
   * Get name of unique identifier, typically "id"
   * @param string $entityName
   * @return string
   */
  public static function getIdFieldName(string $entityName): string {
    return self::getInfoItem($entityName, 'primary_key')[0] ?? 'id';
  }

  /**
   * Get table name of given entity
   *
   * @param string $entityName
   *
   * @return string
   */
  public static function getTableName($entityName) {
    if (strpos($entityName, 'Custom_') === 0) {
      $customGroup = substr($entityName, 7);
      return \CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $customGroup, 'table_name', 'name');
    }
    return AllCoreTables::getTableForEntityName($entityName);
  }

  /**
   * Given a sql table name, return the name of the api entity.
   *
   * @param $tableName
   * @return string|NULL
   */
  public static function getApiNameFromTableName($tableName) {
    $entityName = AllCoreTables::getBriefName(AllCoreTables::getClassForTable($tableName));
    // Real entities
    if ($entityName) {
      // Verify class exists
      return self::getApiClass($entityName) ? $entityName : NULL;
    }
    // Multi-value custom group pseudo-entities
    $customGroup = \CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $tableName, 'name', 'table_name');
    return self::isCustomEntity($customGroup) ? "Custom_$customGroup" : NULL;
  }

  /**
   * @return string[]
   */
  public static function getOperators() {
    $operators = \CRM_Core_DAO::acceptedSQLOperators();
    $operators[] = 'CONTAINS';
    $operators[] = 'IS EMPTY';
    $operators[] = 'IS NOT EMPTY';
    $operators[] = 'REGEXP';
    $operators[] = 'NOT REGEXP';
    return $operators;
  }

  /**
   * For a given API Entity, return the types of custom fields it supports and the column they join to.
   *
   * @param string $entityName
   * @return array|mixed|null
   * @throws \API_Exception
   * @throws \Civi\API\Exception\UnauthorizedException
   */
  public static function getCustomGroupExtends(string $entityName) {
    // Custom_group.extends pretty much maps 1-1 with entity names, except for a couple oddballs (Contact, Participant).
    switch ($entityName) {
      case 'Contact':
        return [
          'extends' => array_merge(['Contact'], array_keys(\CRM_Core_SelectValues::contactType())),
          'column' => 'id',
        ];

      case 'Participant':
        return [
          'extends' => ['Participant', 'ParticipantRole', 'ParticipantEventName', 'ParticipantEventType'],
          'column' => 'id',
        ];

      case 'RelationshipCache':
        return [
          'extends' => ['Relationship'],
          'column' => 'relationship_id',
        ];
    }
    if (array_key_exists($entityName, \CRM_Core_SelectValues::customGroupExtends())) {
      return [
        'extends' => [$entityName],
        'column' => 'id',
      ];
    }
    return NULL;
  }

  /**
   * Checks if a custom group exists and is multivalued
   *
   * @param $customGroupName
   * @return bool
   * @throws \CRM_Core_Exception
   */
  public static function isCustomEntity($customGroupName) {
    return $customGroupName && \CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $customGroupName, 'is_multiple', 'name');
  }

  /**
   * Check if current user is authorized to perform specified action on a given entity.
   *
   * @param \Civi\Api4\Generic\AbstractAction $apiRequest
   * @param array $record
   * @param int|string $userID
   *   Contact ID of the user we are testing,. 0 for the anonymous user.
   * @return bool
   * @throws \API_Exception
   * @throws \CRM_Core_Exception
   * @throws \Civi\API\Exception\NotImplementedException
   * @throws \Civi\API\Exception\UnauthorizedException
   */
  public static function checkAccessRecord(\Civi\Api4\Generic\AbstractAction $apiRequest, array $record, int $userID) {

    // Super-admins always have access to everything
    if (\CRM_Core_Permission::check('all CiviCRM permissions and ACLs', $userID)) {
      return TRUE;
    }

    // For get actions, just run a get and ACLs will be applied to the query.
    // It's a cheap trick and not as efficient as not running the query at all,
    // but BAO::checkAccess doesn't consistently check permissions for the "get" action.
    if (is_a($apiRequest, '\Civi\Api4\Generic\DAOGetAction')) {
      return (bool) $apiRequest->addSelect('id')->addWhere('id', '=', $record['id'])->execute()->count();
    }

    $event = new \Civi\Api4\Event\AuthorizeRecordEvent($apiRequest, $record, $userID);
    \Civi::dispatcher()->dispatch('civi.api4.authorizeRecord', $event);

    // Note: $bao::_checkAccess() is a quasi-listener. TODO: Convert to straight-up listener.
    if ($event->isAuthorized() === NULL) {
      $baoName = self::getBAOFromApiName($apiRequest->getEntityName());
      if ($baoName && method_exists($baoName, '_checkAccess')) {
        $authorized = $baoName::_checkAccess($event->getEntityName(), $event->getActionName(), $event->getRecord(), $event->getUserID());
        $event->setAuthorized($authorized);
      }
      else {
        $event->setAuthorized(TRUE);
      }
    }
    return $event->isAuthorized();
  }

  /**
   * If the permissions of record $A are based on record $B, then use `checkAccessDelegated($B...)`
   * to make see if access to $B is permitted.
   *
   * @param string $entityName
   * @param string $actionName
   * @param array $record
   * @param int $userID
   *   Contact ID of the user we are testing, or 0 for the anonymous user.
   *
   * @return bool
   * @throws \API_Exception
   * @throws \CRM_Core_Exception
   */
  public static function checkAccessDelegated(string $entityName, string $actionName, array $record, int $userID) {
    $apiRequest = Request::create($entityName, $actionName, ['version' => 4]);
    // TODO: Should probably emit civi.api.authorize for checking guardian permission; but in APIv4 with std cfg, this is de-facto equivalent.
    if (!$apiRequest->isAuthorized()) {
      return FALSE;
    }
    return static::checkAccessRecord($apiRequest, $record, $userID);
  }

  /**
   * @return \Civi\Api4\Service\Schema\SchemaMap
   */
  public static function getSchemaMap() {
    $cache = \Civi::cache('metadata');
    $schemaMap = $cache->get('api4.schema.map');
    if (!$schemaMap) {
      $schemaMap = \Civi::service('schema_map_builder')->build();
      $cache->set('api4.schema.map', $schemaMap);
    }
    return $schemaMap;
  }

  /**
   * Fetches database references + those returned by hook
   *
   * @see \CRM_Utils_Hook::referenceCounts()
   * @param string $entityName
   * @param int $entityId
   * @return array{name: string, type: string, count: int, table: string|null, key: string|null}[]
   * @throws NotImplementedException
   */
  public static function getRefCount(string $entityName, $entityId) {
    $daoName = self::getInfoItem($entityName, 'dao');
    if (!$daoName) {
      throw new NotImplementedException("Cannot getRefCount for $entityName - dao not found.");
    }
    /** @var \CRM_Core_DAO $dao */
    $dao = new $daoName();
    $dao->id = $entityId;
    return $dao->getReferenceCounts();
  }

}
Commit	Line	Data
19b53e5b C	1	<?php
19b53e5b C	2
380f3545 TO	3	/*
380f3545 TO	4	+--------------------------------------------------------------------+
41498ac5	5	\| Copyright CiviCRM LLC. All rights reserved. \|
380f3545	6	\| \|
41498ac5 TO	7	\| This work is published under the GNU AGPLv3 license with some \|
	8	\| permitted exceptions and without any warranty. For full license \|
	9	\| and copyright information, see https://civicrm.org/licensing \|
380f3545 TO	10	+--------------------------------------------------------------------+
	11	*/
	12
19b53e5b C	13	namespace Civi\Api4\Utils;
19b53e5b C	14
04309075	15	use Civi\API\Exception\NotImplementedException;
929a9585	16	use Civi\API\Request;
0b2471a8	17	use Civi\Api4\Entity;
8badd1d8	18	use Civi\Api4\Event\CreateApi4RequestEvent;
19b53e5b C	19	use CRM_Core_DAO_AllCoreTables as AllCoreTables;
19b53e5b C	20
19b53e5b C	21	class CoreUtil {
	22
	23	/**
19b53e5b C	24	* @param $entityName
	25	*
	26	* @return \CRM_Core_DAO\|string
	27	* The BAO name for use in static calls. Return doc block is hacked to allow
	28	* auto-completion of static methods
	29	*/
	30	public static function getBAOFromApiName($entityName) {
	31	if ($entityName === 'CustomValue' \|\| strpos($entityName, 'Custom_') === 0) {
5e327f37	32	return 'CRM_Core_BAO_CustomValue';
19b53e5b	33	}
0b2471a8 CW	34	$dao = AllCoreTables::getFullName($entityName);
0b2471a8 CW	35	return $dao ? AllCoreTables::getBAOClassName($dao) : NULL;
eb378b8a CW	36	}
	37
	38	/**
	39	* @param $entityName
	40	* @return string\|\Civi\Api4\Generic\AbstractEntity
	41	*/
	42	public static function getApiClass($entityName) {
8badd1d8 CW	43	$e = new CreateApi4RequestEvent($entityName);
	44	\Civi::dispatcher()->dispatch('civi.api4.createRequest', $e);
	45	return $e->className;
19b53e5b C	46	}
19b53e5b C	47
974c7140	48	/**
b74d4d5c	49	* Get a piece of metadata about an entity
974c7140 CW	50	*
	51	* @param string $entityName
	52	* @param string $keyToReturn
	53	* @return mixed
	54	*/
	55	public static function getInfoItem(string $entityName, string $keyToReturn) {
b74d4d5c CW	56	// Because this function might be called thousands of times per request, read directly
	57	// from the cache set by Apiv4 Entity.get to avoid the processing overhead of the API wrapper.
	58	$cached = \Civi::cache('metadata')->get('api4.entities.info');
	59	if ($cached) {
	60	$info = $cached[$entityName] ?? NULL;
	61	}
	62	// If the cache is empty, calling Entity.get will populate it and we'll use it next time.
	63	else {
	64	$info = Entity::get(FALSE)
	65	->addWhere('name', '=', $entityName)
	66	->addSelect($keyToReturn)
	67	->execute()->first();
	68	}
0b2471a8	69	return $info ? $info[$keyToReturn] ?? NULL : NULL;
974c7140 CW	70	}
974c7140 CW	71
12e4505a CW	72	/**
	73	* Get name of unique identifier, typically "id"
	74	* @param string $entityName
	75	* @return string
	76	*/
	77	public static function getIdFieldName(string $entityName): string {
	78	return self::getInfoItem($entityName, 'primary_key')[0] ?? 'id';
	79	}
	80
19b53e5b	81	/**
5e327f37	82	* Get table name of given entity
19b53e5b	83	*
5e327f37	84	* @param string $entityName
19b53e5b C	85	*
	86	* @return string
	87	*/
5e327f37 CW	88	public static function getTableName($entityName) {
	89	if (strpos($entityName, 'Custom_') === 0) {
	90	$customGroup = substr($entityName, 7);
	91	return \CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $customGroup, 'table_name', 'name');
	92	}
	93	return AllCoreTables::getTableForEntityName($entityName);
19b53e5b C	94	}
	95
	96	/**
	97	* Given a sql table name, return the name of the api entity.
	98	*
	99	* @param $tableName
5e327f37	100	* @return string\|NULL
19b53e5b C	101	*/
19b53e5b C	102	public static function getApiNameFromTableName($tableName) {
5e327f37	103	$entityName = AllCoreTables::getBriefName(AllCoreTables::getClassForTable($tableName));
aa680b8d CW	104	// Real entities
	105	if ($entityName) {
	106	// Verify class exists
	107	return self::getApiClass($entityName) ? $entityName : NULL;
5e327f37	108	}
aa680b8d CW	109	// Multi-value custom group pseudo-entities
	110	$customGroup = \CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $tableName, 'name', 'table_name');
	111	return self::isCustomEntity($customGroup) ? "Custom_$customGroup" : NULL;
19b53e5b C	112	}
19b53e5b C	113
9d2afe25 CW	114	/**
	115	* @return string[]
	116	*/
	117	public static function getOperators() {
39deabd6 CW	118	$operators = \CRM_Core_DAO::acceptedSQLOperators();
39deabd6 CW	119	$operators[] = 'CONTAINS';
c0e68893	120	$operators[] = 'IS EMPTY';
c0e68893	121	$operators[] = 'IS NOT EMPTY';
b5599ad6 PF	122	$operators[] = 'REGEXP';
b5599ad6 PF	123	$operators[] = 'NOT REGEXP';
39deabd6	124	return $operators;
9d2afe25 CW	125	}
9d2afe25 CW	126
cbda9790 CW	127	/**
	128	* For a given API Entity, return the types of custom fields it supports and the column they join to.
	129	*
	130	* @param string $entityName
	131	* @return array\|mixed\|null
	132	* @throws \API_Exception
	133	* @throws \Civi\API\Exception\UnauthorizedException
	134	*/
	135	public static function getCustomGroupExtends(string $entityName) {
	136	// Custom_group.extends pretty much maps 1-1 with entity names, except for a couple oddballs (Contact, Participant).
	137	switch ($entityName) {
	138	case 'Contact':
	139	return [
	140	'extends' => array_merge(['Contact'], array_keys(\CRM_Core_SelectValues::contactType())),
	141	'column' => 'id',
	142	];
	143
	144	case 'Participant':
	145	return [
	146	'extends' => ['Participant', 'ParticipantRole', 'ParticipantEventName', 'ParticipantEventType'],
	147	'column' => 'id',
	148	];
	149
	150	case 'RelationshipCache':
	151	return [
	152	'extends' => ['Relationship'],
	153	'column' => 'relationship_id',
	154	];
	155	}
	156	if (array_key_exists($entityName, \CRM_Core_SelectValues::customGroupExtends())) {
	157	return [
	158	'extends' => [$entityName],
	159	'column' => 'id',
	160	];
	161	}
	162	return NULL;
	163	}
	164
aa680b8d CW	165	/**
	166	* Checks if a custom group exists and is multivalued
	167	*
	168	* @param $customGroupName
	169	* @return bool
	170	* @throws \CRM_Core_Exception
	171	*/
8badd1d8	172	public static function isCustomEntity($customGroupName) {
aa680b8d CW	173	return $customGroupName && \CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $customGroupName, 'is_multiple', 'name');
	174	}
	175
929a9585 CW	176	/**
	177	* Check if current user is authorized to perform specified action on a given entity.
	178	*
849354a5	179	* @param \Civi\Api4\Generic\AbstractAction $apiRequest
929a9585	180	* @param array $record
70da3927 TO	181	* @param int\|string $userID
70da3927 TO	182	* Contact ID of the user we are testing,. 0 for the anonymous user.
929a9585 CW	183	* @return bool
	184	* @throws \API_Exception
	185	* @throws \CRM_Core_Exception
	186	* @throws \Civi\API\Exception\NotImplementedException
	187	* @throws \Civi\API\Exception\UnauthorizedException
	188	*/
70da3927	189	public static function checkAccessRecord(\Civi\Api4\Generic\AbstractAction $apiRequest, array $record, int $userID) {
5623bf2a CW	190
	191	// Super-admins always have access to everything
	192	if (\CRM_Core_Permission::check('all CiviCRM permissions and ACLs', $userID)) {
	193	return TRUE;
	194	}
	195
929a9585 CW	196	// For get actions, just run a get and ACLs will be applied to the query.
	197	// It's a cheap trick and not as efficient as not running the query at all,
	198	// but BAO::checkAccess doesn't consistently check permissions for the "get" action.
849354a5	199	if (is_a($apiRequest, '\Civi\Api4\Generic\DAOGetAction')) {
e294cebf	200	return (bool) $apiRequest->addSelect('id')->addWhere('id', '=', $record['id'])->execute()->count();
929a9585	201	}
e294cebf	202
af4cccf7 TO	203	$event = new \Civi\Api4\Event\AuthorizeRecordEvent($apiRequest, $record, $userID);
	204	\Civi::dispatcher()->dispatch('civi.api4.authorizeRecord', $event);
	205
	206	// Note: $bao::_checkAccess() is a quasi-listener. TODO: Convert to straight-up listener.
	207	if ($event->isAuthorized() === NULL) {
	208	$baoName = self::getBAOFromApiName($apiRequest->getEntityName());
	209	if ($baoName && method_exists($baoName, '_checkAccess')) {
	210	$authorized = $baoName::_checkAccess($event->getEntityName(), $event->getActionName(), $event->getRecord(), $event->getUserID());
	211	$event->setAuthorized($authorized);
	212	}
	213	else {
	214	$event->setAuthorized(TRUE);
	215	}
929a9585	216	}
af4cccf7	217	return $event->isAuthorized();
929a9585 CW	218	}
929a9585 CW	219
6ea81ac6 TO	220	/**
	221	* If the permissions of record $A are based on record $B, then use `checkAccessDelegated($B...)`
	222	* to make see if access to $B is permitted.
	223	*
	224	* @param string $entityName
	225	* @param string $actionName
	226	* @param array $record
70da3927 TO	227	* @param int $userID
70da3927 TO	228	* Contact ID of the user we are testing, or 0 for the anonymous user.
6ea81ac6 TO	229	*
	230	* @return bool
	231	* @throws \API_Exception
	232	* @throws \CRM_Core_Exception
	233	*/
70da3927	234	public static function checkAccessDelegated(string $entityName, string $actionName, array $record, int $userID) {
849354a5 TO	235	$apiRequest = Request::create($entityName, $actionName, ['version' => 4]);
849354a5 TO	236	// TODO: Should probably emit civi.api.authorize for checking guardian permission; but in APIv4 with std cfg, this is de-facto equivalent.
70da3927	237	if (!$apiRequest->isAuthorized()) {
849354a5 TO	238	return FALSE;
	239	}
	240	return static::checkAccessRecord($apiRequest, $record, $userID);
6ea81ac6 TO	241	}
6ea81ac6 TO	242
b1b4a32c CW	243	/**
	244	* @return \Civi\Api4\Service\Schema\SchemaMap
	245	*/
	246	public static function getSchemaMap() {
	247	$cache = \Civi::cache('metadata');
	248	$schemaMap = $cache->get('api4.schema.map');
	249	if (!$schemaMap) {
	250	$schemaMap = \Civi::service('schema_map_builder')->build();
	251	$cache->set('api4.schema.map', $schemaMap);
	252	}
	253	return $schemaMap;
	254	}
	255
04309075 CW	256	/**
	257	* Fetches database references + those returned by hook
	258	*
	259	* @see \CRM_Utils_Hook::referenceCounts()
	260	* @param string $entityName
	261	* @param int $entityId
	262	* @return array{name: string, type: string, count: int, table: string\|null, key: string\|null}[]
	263	* @throws NotImplementedException
	264	*/
	265	public static function getRefCount(string $entityName, $entityId) {
	266	$daoName = self::getInfoItem($entityName, 'dao');
	267	if (!$daoName) {
	268	throw new NotImplementedException("Cannot getRefCount for $entityName - dao not found.");
	269	}
	270	/** @var \CRM_Core_DAO $dao */
	271	$dao = new $daoName();
	272	$dao->id = $entityId;
	273	return $dao->getReferenceCounts();
	274	}
	275
19b53e5b	276	}