[civicrm-core.git] / api / v3 / Generic / Setvalue.php

<?php
/**
 * params must contain at least id=xx & {one of the fields from getfields}=value
 *
 * @param $apiRequest
 *
 * @throws API_Exception
 * @return array
 */
function civicrm_api3_generic_setValue($apiRequest) {
  $entity = $apiRequest['entity'];
  $params = $apiRequest['params'];
  // we can't use _spec, doesn't work with generic
  civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value'));
  $id = $params['id'];
  if (!is_numeric($id)) {
    return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id"));
  }

  $field = CRM_Utils_String::munge($params['field']);
  $value = $params['value'];

  $fields = civicrm_api($entity, 'getFields', array('version' => 3, 'action' => 'create', "sequential"));
  // getfields error, shouldn't happen.
  if ($fields['is_error'])
  return $fields;
  $fields = $fields['values'];

  $isCustom = strpos($field, 'custom_') === 0;
  // Trim off the id portion of a multivalued custom field name
  $fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field;
  if (!array_key_exists($fieldKey, $fields)) {
    return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields)));
  }

  $def = $fields[$fieldKey];
  $title = CRM_Utils_Array::value('title', $def, ts('Field'));
  // Disallow empty values except for the number zero.
  // TODO: create a utility for this since it's needed in many places
  if (!empty($def['required']) || !empty($def['is_required'])) {
    if ((empty($value) || $value === 'null') && $value !== '0' && $value !== 0) {
      return civicrm_api3_create_error(ts('%1 is a required field.', array(1 => $title)), array("error_code" => "required", "field" => $field));
    }
  }

  switch ($def['type']) {
    case CRM_Utils_Type::T_FLOAT:
      if (!is_numeric($value) && !empty($value) && $value !== 'null') {
        return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
      }
    break;

    case CRM_Utils_Type::T_INT:
      if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') {
        return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
      }
    break;

    case CRM_Utils_Type::T_STRING:
    case CRM_Utils_Type::T_TEXT:
      if (!CRM_Utils_Rule::xssString($value)) {
        return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS'));
      }
    if (array_key_exists('maxlength', $def)) {
      $value = substr($value, 0, $def['maxlength']);
    }
    break;

    case CRM_Utils_Type::T_DATE:
      $value = CRM_Utils_Type::escape($value,"Date",false);
      if (!$value)
        return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
      break;

    case CRM_Utils_Type::T_BOOLEAN:
      // Allow empty value for non-required fields
      if ($value === '' || $value === 'null') {
        $value = '';
      }
      else {
        $value = (boolean) $value;
      }
      break;

    default:
      return civicrm_api3_create_error("Param '$field' is of a type not managed yet (".$def['type']."). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED'));
  }

  $dao_name = _civicrm_api3_get_DAO($entity);
  $params = array('id' => $id, $field => $value);

  if ((!empty($def['pseudoconstant']) || !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') {
    _civicrm_api3_api_match_pseudoconstant($params, $entity, $field, $def);
  }

  CRM_Utils_Hook::pre('edit', $entity, $id, $params);

  // Custom fields
  if ($isCustom) {
    CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID');
    // Treat 'null' as empty value. This is awful but the rest of the code supports it.
    if ($params[$field] === 'null') {
      $params[$field] = '';
    }
    CRM_Core_BAO_CustomValueTable::setValues($params);
    CRM_Utils_Hook::post('edit', $entity, $id, CRM_Core_DAO::$_nullObject);
    return civicrm_api3_create_success($params);
  }
  // Core fields
  elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) {
    $entityDAO = new $dao_name();
    $entityDAO->copyValues($params);
    CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
    return civicrm_api3_create_success($params);
  }
  else {
    return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)");
  }
}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/**
	3	* params must contain at least id=xx & {one of the fields from getfields}=value
9657ccf2 EM	4	*
	5	* @param $apiRequest
	6	*
	7	* @throws API_Exception
	8	* @return array
6a488035 TO	9	*/
	10	function civicrm_api3_generic_setValue($apiRequest) {
	11	$entity = $apiRequest['entity'];
	12	$params = $apiRequest['params'];
	13	// we can't use _spec, doesn't work with generic
	14	civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value'));
	15	$id = $params['id'];
	16	if (!is_numeric($id)) {
	17	return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id"));
	18	}
	19
	20	$field = CRM_Utils_String::munge($params['field']);
	21	$value = $params['value'];
	22
	23	$fields = civicrm_api($entity, 'getFields', array('version' => 3, 'action' => 'create', "sequential"));
	24	// getfields error, shouldn't happen.
	25	if ($fields['is_error'])
	26	return $fields;
	27	$fields = $fields['values'];
	28
47737104 CW	29	$isCustom = strpos($field, 'custom_') === 0;
	30	// Trim off the id portion of a multivalued custom field name
	31	$fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field;
	32	if (!array_key_exists($fieldKey, $fields)) {
6a488035 TO	33	return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields)));
	34	}
	35
47737104 CW	36	$def = $fields[$fieldKey];
47737104 CW	37	$title = CRM_Utils_Array::value('title', $def, ts('Field'));
5ba3bfc8 CW	38	// Disallow empty values except for the number zero.
5ba3bfc8 CW	39	// TODO: create a utility for this since it's needed in many places
47737104 CW	40	if (!empty($def['required']) \|\| !empty($def['is_required'])) {
	41	if ((empty($value) \|\| $value === 'null') && $value !== '0' && $value !== 0) {
	42	return civicrm_api3_create_error(ts('%1 is a required field.', array(1 => $title)), array("error_code" => "required", "field" => $field));
	43	}
6a488035 TO	44	}
	45
	46	switch ($def['type']) {
47737104 CW	47	case CRM_Utils_Type::T_FLOAT:
	48	if (!is_numeric($value) && !empty($value) && $value !== 'null') {
	49	return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
	50	}
	51	break;
	52
da54ec85	53	case CRM_Utils_Type::T_INT:
47737104 CW	54	if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') {
47737104 CW	55	return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
6a488035	56	}
47737104	57	break;
6a488035	58
da54ec85 CW	59	case CRM_Utils_Type::T_STRING:
da54ec85 CW	60	case CRM_Utils_Type::T_TEXT:
6a488035 TO	61	if (!CRM_Utils_Rule::xssString($value)) {
	62	return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS'));
	63	}
	64	if (array_key_exists('maxlength', $def)) {
	65	$value = substr($value, 0, $def['maxlength']);
	66	}
	67	break;
	68
da54ec85	69	case CRM_Utils_Type::T_DATE:
6a488035 TO	70	$value = CRM_Utils_Type::escape($value,"Date",false);
	71	if (!$value)
	72	return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
	73	break;
	74
da54ec85	75	case CRM_Utils_Type::T_BOOLEAN:
47737104 CW	76	// Allow empty value for non-required fields
	77	if ($value === '' \|\| $value === 'null') {
	78	$value = '';
	79	}
	80	else {
	81	$value = (boolean) $value;
	82	}
6a488035 TO	83	break;
	84
	85	default:
	86	return civicrm_api3_create_error("Param '$field' is of a type not managed yet (".$def['type']."). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED'));
	87	}
	88
abe95f29	89	$dao_name = _civicrm_api3_get_DAO($entity);
75c9b470	90	$params = array('id' => $id, $field => $value);
47737104 CW	91
	92	if ((!empty($def['pseudoconstant']) \|\| !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') {
	93	_civicrm_api3_api_match_pseudoconstant($params, $entity, $field, $def);
	94	}
	95
75c9b470 CW	96	CRM_Utils_Hook::pre('edit', $entity, $id, $params);
75c9b470 CW	97
7a8e775a	98	// Custom fields
47737104	99	if ($isCustom) {
7a8e775a	100	CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID');
47737104 CW	101	// Treat 'null' as empty value. This is awful but the rest of the code supports it.
	102	if ($params[$field] === 'null') {
	103	$params[$field] = '';
	104	}
7a8e775a CW	105	CRM_Core_BAO_CustomValueTable::setValues($params);
	106	CRM_Utils_Hook::post('edit', $entity, $id, CRM_Core_DAO::$_nullObject);
	107	return civicrm_api3_create_success($params);
	108	}
	109	// Core fields
	110	elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) {
abe95f29	111	$entityDAO = new $dao_name();
abe95f29	112	$entityDAO->copyValues($params);
bb0c64a4	113	CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
d062030e	114	return civicrm_api3_create_success($params);
6a488035 TO	115	}
	116	else {
	117	return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)");
	118	}
	119	}