Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /** | |
3 | * params must contain at least id=xx & {one of the fields from getfields}=value | |
9657ccf2 EM |
4 | * |
5 | * @param $apiRequest | |
6 | * | |
7 | * @throws API_Exception | |
8 | * @return array | |
6a488035 TO |
9 | */ |
10 | function civicrm_api3_generic_setValue($apiRequest) { | |
11 | $entity = $apiRequest['entity']; | |
12 | $params = $apiRequest['params']; | |
13 | // we can't use _spec, doesn't work with generic | |
14 | civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value')); | |
15 | $id = $params['id']; | |
16 | if (!is_numeric($id)) { | |
17 | return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id")); | |
18 | } | |
19 | ||
20 | $field = CRM_Utils_String::munge($params['field']); | |
21 | $value = $params['value']; | |
22 | ||
23 | $fields = civicrm_api($entity, 'getFields', array('version' => 3, 'action' => 'create', "sequential")); | |
24 | // getfields error, shouldn't happen. | |
25 | if ($fields['is_error']) | |
26 | return $fields; | |
27 | $fields = $fields['values']; | |
28 | ||
47737104 CW |
29 | $isCustom = strpos($field, 'custom_') === 0; |
30 | // Trim off the id portion of a multivalued custom field name | |
31 | $fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field; | |
32 | if (!array_key_exists($fieldKey, $fields)) { | |
6a488035 TO |
33 | return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields))); |
34 | } | |
35 | ||
47737104 CW |
36 | $def = $fields[$fieldKey]; |
37 | $title = CRM_Utils_Array::value('title', $def, ts('Field')); | |
5ba3bfc8 CW |
38 | // Disallow empty values except for the number zero. |
39 | // TODO: create a utility for this since it's needed in many places | |
47737104 CW |
40 | if (!empty($def['required']) || !empty($def['is_required'])) { |
41 | if ((empty($value) || $value === 'null') && $value !== '0' && $value !== 0) { | |
42 | return civicrm_api3_create_error(ts('%1 is a required field.', array(1 => $title)), array("error_code" => "required", "field" => $field)); | |
43 | } | |
6a488035 TO |
44 | } |
45 | ||
46 | switch ($def['type']) { | |
47737104 CW |
47 | case CRM_Utils_Type::T_FLOAT: |
48 | if (!is_numeric($value) && !empty($value) && $value !== 'null') { | |
49 | return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN')); | |
50 | } | |
51 | break; | |
52 | ||
da54ec85 | 53 | case CRM_Utils_Type::T_INT: |
47737104 CW |
54 | if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') { |
55 | return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN')); | |
6a488035 | 56 | } |
47737104 | 57 | break; |
6a488035 | 58 | |
da54ec85 CW |
59 | case CRM_Utils_Type::T_STRING: |
60 | case CRM_Utils_Type::T_TEXT: | |
6a488035 TO |
61 | if (!CRM_Utils_Rule::xssString($value)) { |
62 | return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS')); | |
63 | } | |
64 | if (array_key_exists('maxlength', $def)) { | |
65 | $value = substr($value, 0, $def['maxlength']); | |
66 | } | |
67 | break; | |
68 | ||
da54ec85 | 69 | case CRM_Utils_Type::T_DATE: |
6a488035 TO |
70 | $value = CRM_Utils_Type::escape($value,"Date",false); |
71 | if (!$value) | |
72 | return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS"); | |
73 | break; | |
74 | ||
da54ec85 | 75 | case CRM_Utils_Type::T_BOOLEAN: |
47737104 CW |
76 | // Allow empty value for non-required fields |
77 | if ($value === '' || $value === 'null') { | |
78 | $value = ''; | |
79 | } | |
80 | else { | |
81 | $value = (boolean) $value; | |
82 | } | |
6a488035 TO |
83 | break; |
84 | ||
85 | default: | |
86 | return civicrm_api3_create_error("Param '$field' is of a type not managed yet (".$def['type']."). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED')); | |
87 | } | |
88 | ||
abe95f29 | 89 | $dao_name = _civicrm_api3_get_DAO($entity); |
75c9b470 | 90 | $params = array('id' => $id, $field => $value); |
47737104 CW |
91 | |
92 | if ((!empty($def['pseudoconstant']) || !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') { | |
93 | _civicrm_api3_api_match_pseudoconstant($params, $entity, $field, $def); | |
94 | } | |
95 | ||
75c9b470 CW |
96 | CRM_Utils_Hook::pre('edit', $entity, $id, $params); |
97 | ||
7a8e775a | 98 | // Custom fields |
47737104 | 99 | if ($isCustom) { |
7a8e775a | 100 | CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID'); |
47737104 CW |
101 | // Treat 'null' as empty value. This is awful but the rest of the code supports it. |
102 | if ($params[$field] === 'null') { | |
103 | $params[$field] = ''; | |
104 | } | |
7a8e775a CW |
105 | CRM_Core_BAO_CustomValueTable::setValues($params); |
106 | CRM_Utils_Hook::post('edit', $entity, $id, CRM_Core_DAO::$_nullObject); | |
107 | return civicrm_api3_create_success($params); | |
108 | } | |
109 | // Core fields | |
110 | elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) { | |
abe95f29 | 111 | $entityDAO = new $dao_name(); |
112 | $entityDAO->copyValues($params); | |
bb0c64a4 | 113 | CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO); |
d062030e | 114 | return civicrm_api3_create_success($params); |
6a488035 TO |
115 | } |
116 | else { | |
117 | return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)"); | |
118 | } | |
119 | } |