Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /** | |
3 | * params must contain at least id=xx & {one of the fields from getfields}=value | |
9657ccf2 | 4 | * |
72b3a70c | 5 | * @param array $apiRequest |
9657ccf2 EM |
6 | * |
7 | * @throws API_Exception | |
8 | * @return array | |
6a488035 TO |
9 | */ |
10 | function civicrm_api3_generic_setValue($apiRequest) { | |
11 | $entity = $apiRequest['entity']; | |
12 | $params = $apiRequest['params']; | |
13 | // we can't use _spec, doesn't work with generic | |
14 | civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value')); | |
15 | $id = $params['id']; | |
16 | if (!is_numeric($id)) { | |
17 | return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id")); | |
18 | } | |
19 | ||
20 | $field = CRM_Utils_String::munge($params['field']); | |
21 | $value = $params['value']; | |
22 | ||
23 | $fields = civicrm_api($entity, 'getFields', array('version' => 3, 'action' => 'create', "sequential")); | |
24 | // getfields error, shouldn't happen. | |
6c552737 TO |
25 | if ($fields['is_error']) { |
26 | return $fields; | |
27 | } | |
6a488035 TO |
28 | $fields = $fields['values']; |
29 | ||
47737104 CW |
30 | $isCustom = strpos($field, 'custom_') === 0; |
31 | // Trim off the id portion of a multivalued custom field name | |
32 | $fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field; | |
33 | if (!array_key_exists($fieldKey, $fields)) { | |
6a488035 TO |
34 | return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields))); |
35 | } | |
36 | ||
47737104 CW |
37 | $def = $fields[$fieldKey]; |
38 | $title = CRM_Utils_Array::value('title', $def, ts('Field')); | |
5ba3bfc8 CW |
39 | // Disallow empty values except for the number zero. |
40 | // TODO: create a utility for this since it's needed in many places | |
47737104 CW |
41 | if (!empty($def['required']) || !empty($def['is_required'])) { |
42 | if ((empty($value) || $value === 'null') && $value !== '0' && $value !== 0) { | |
43 | return civicrm_api3_create_error(ts('%1 is a required field.', array(1 => $title)), array("error_code" => "required", "field" => $field)); | |
44 | } | |
6a488035 TO |
45 | } |
46 | ||
47 | switch ($def['type']) { | |
47737104 CW |
48 | case CRM_Utils_Type::T_FLOAT: |
49 | if (!is_numeric($value) && !empty($value) && $value !== 'null') { | |
50 | return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN')); | |
51 | } | |
c866eb5f | 52 | break; |
47737104 | 53 | |
da54ec85 | 54 | case CRM_Utils_Type::T_INT: |
47737104 CW |
55 | if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') { |
56 | return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN')); | |
6a488035 | 57 | } |
c866eb5f | 58 | break; |
6a488035 | 59 | |
da54ec85 CW |
60 | case CRM_Utils_Type::T_STRING: |
61 | case CRM_Utils_Type::T_TEXT: | |
6a488035 TO |
62 | if (!CRM_Utils_Rule::xssString($value)) { |
63 | return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS')); | |
64 | } | |
c866eb5f TO |
65 | if (array_key_exists('maxlength', $def)) { |
66 | $value = substr($value, 0, $def['maxlength']); | |
67 | } | |
68 | break; | |
6a488035 | 69 | |
da54ec85 | 70 | case CRM_Utils_Type::T_DATE: |
be2e0c6a | 71 | $value = CRM_Utils_Type::escape($value, "Date", FALSE); |
6c552737 | 72 | if (!$value) { |
6a488035 | 73 | return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS"); |
6c552737 | 74 | } |
6a488035 TO |
75 | break; |
76 | ||
da54ec85 | 77 | case CRM_Utils_Type::T_BOOLEAN: |
47737104 CW |
78 | // Allow empty value for non-required fields |
79 | if ($value === '' || $value === 'null') { | |
80 | $value = ''; | |
81 | } | |
82 | else { | |
83 | $value = (boolean) $value; | |
84 | } | |
6a488035 TO |
85 | break; |
86 | ||
87 | default: | |
92fcb95f | 88 | return civicrm_api3_create_error("Param '$field' is of a type not managed yet (" . $def['type'] . "). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED')); |
6a488035 TO |
89 | } |
90 | ||
abe95f29 | 91 | $dao_name = _civicrm_api3_get_DAO($entity); |
75c9b470 | 92 | $params = array('id' => $id, $field => $value); |
47737104 CW |
93 | |
94 | if ((!empty($def['pseudoconstant']) || !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') { | |
95 | _civicrm_api3_api_match_pseudoconstant($params, $entity, $field, $def); | |
96 | } | |
97 | ||
75c9b470 CW |
98 | CRM_Utils_Hook::pre('edit', $entity, $id, $params); |
99 | ||
7a8e775a | 100 | // Custom fields |
47737104 | 101 | if ($isCustom) { |
7a8e775a | 102 | CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID'); |
47737104 CW |
103 | // Treat 'null' as empty value. This is awful but the rest of the code supports it. |
104 | if ($params[$field] === 'null') { | |
105 | $params[$field] = ''; | |
106 | } | |
7a8e775a CW |
107 | CRM_Core_BAO_CustomValueTable::setValues($params); |
108 | CRM_Utils_Hook::post('edit', $entity, $id, CRM_Core_DAO::$_nullObject); | |
109 | return civicrm_api3_create_success($params); | |
110 | } | |
111 | // Core fields | |
112 | elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) { | |
abe95f29 | 113 | $entityDAO = new $dao_name(); |
114 | $entityDAO->copyValues($params); | |
bb0c64a4 | 115 | CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO); |
d062030e | 116 | return civicrm_api3_create_success($params); |
6a488035 TO |
117 | } |
118 | else { | |
119 | return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)"); | |
120 | } | |
121 | } |