[civicrm-core.git] / api / v3 / Generic / Setvalue.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 5                                                  |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2019                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 * @package CiviCRM_APIv3
 */

/**
 * Set a single value using the api.
 *
 * This function is called when no specific setvalue api exists.
 * Params must contain at least id=xx & {one of the fields from getfields}=value
 *
 * @param array $apiRequest
 *
 * @throws API_Exception
 * @return array
 */
function civicrm_api3_generic_setValue($apiRequest) {
  $entity = $apiRequest['entity'];
  $params = $apiRequest['params'];
  $id = $params['id'];
  if (!is_numeric($id)) {
    return civicrm_api3_create_error(ts('Please enter a number'), [
      'error_code' => 'NaN',
      'field' => "id",
    ]);
  }

  $field = CRM_Utils_String::munge($params['field']);
  $value = $params['value'];

  $fields = civicrm_api($entity, 'getFields', [
    'version' => 3,
    'action' => 'create',
    "sequential"]
  );
  // getfields error, shouldn't happen.
  if ($fields['is_error']) {
    return $fields;
  }
  $fields = $fields['values'];

  $isCustom = strpos($field, 'custom_') === 0;
  // Trim off the id portion of a multivalued custom field name
  $fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field;
  if (!array_key_exists($fieldKey, $fields)) {
    return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", ["error_code" => "invalid_field", "fields" => array_keys($fields)]);
  }

  $def = $fields[$fieldKey];
  $title = CRM_Utils_Array::value('title', $def, ts('Field'));
  // Disallow empty values except for the number zero.
  // TODO: create a utility for this since it's needed in many places
  if (!empty($def['required']) || !empty($def['is_required'])) {
    if ((empty($value) || $value === 'null') && $value !== '0' && $value !== 0) {
      return civicrm_api3_create_error(ts('%1 is a required field.', [1 => $title]), ["error_code" => "required", "field" => $field]);
    }
  }

  switch ($def['type']) {
    case CRM_Utils_Type::T_FLOAT:
      if (!is_numeric($value) && !empty($value) && $value !== 'null') {
        return civicrm_api3_create_error(ts('%1 must be a number.', [1 => $title]), ['error_code' => 'NaN']);
      }
      break;

    case CRM_Utils_Type::T_INT:
      if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') {
        return civicrm_api3_create_error(ts('%1 must be a number.', [1 => $title]), ['error_code' => 'NaN']);
      }
      break;

    case CRM_Utils_Type::T_STRING:
    case CRM_Utils_Type::T_TEXT:
      if (!CRM_Utils_Rule::xssString($value)) {
        return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), ['error_code' => 'XSS']);
      }
      if (array_key_exists('maxlength', $def)) {
        $value = substr($value, 0, $def['maxlength']);
      }
      break;

    case CRM_Utils_Type::T_DATE:
      $value = CRM_Utils_Type::escape($value, "Date", FALSE);
      if (!$value) {
        return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
      }
      break;

    case CRM_Utils_Type::T_BOOLEAN:
      // Allow empty value for non-required fields
      if ($value === '' || $value === 'null') {
        $value = '';
      }
      else {
        $value = (boolean) $value;
      }
      break;

    default:
      return civicrm_api3_create_error("Param '$field' is of a type not managed yet (" . $def['type'] . "). Join the API team and help us implement it", ['error_code' => 'NOT_IMPLEMENTED']);
  }

  $dao_name = _civicrm_api3_get_DAO($entity);
  $params = ['id' => $id, $field => $value];

  if ((!empty($def['pseudoconstant']) || !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') {
    _civicrm_api3_api_match_pseudoconstant($params[$field], $entity, $field, $def);
  }

  CRM_Utils_Hook::pre('edit', $entity, $id, $params);

  // Custom fields
  if ($isCustom) {
    CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID');
    // Treat 'null' as empty value. This is awful but the rest of the code supports it.
    if ($params[$field] === 'null') {
      $params[$field] = '';
    }
    CRM_Core_BAO_CustomValueTable::setValues($params);
    CRM_Utils_Hook::post('edit', $entity, $id);
  }
  // Core fields
  elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) {
    $entityDAO = new $dao_name();
    $entityDAO->copyValues($params);
    CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
  }
  else {
    return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)");
  }

  // Add changelog entry - TODO: Should we do this for other entities as well?
  if (strtolower($entity) === 'contact') {
    CRM_Core_BAO_Log::register($id, 'civicrm_contact', $id);
  }

  return civicrm_api3_create_success($params);
}
Commit	Line	Data
6a488035	1	<?php
b081365f CW	2	/*
b081365f CW	3	+--------------------------------------------------------------------+
fee14197	4	\| CiviCRM version 5 \|
b081365f	5	+--------------------------------------------------------------------+
6b83d5bd	6	\| Copyright CiviCRM LLC (c) 2004-2019 \|
b081365f CW	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
	26	*/
	27
	28	/**
	29	* @package CiviCRM_APIv3
	30	*/
	31
6a488035	32	/**
2fb1dd66 EM	33	* Set a single value using the api.
	34	*
	35	* This function is called when no specific setvalue api exists.
	36	* Params must contain at least id=xx & {one of the fields from getfields}=value
9657ccf2	37	*
72b3a70c	38	* @param array $apiRequest
9657ccf2 EM	39	*
	40	* @throws API_Exception
	41	* @return array
6a488035 TO	42	*/
	43	function civicrm_api3_generic_setValue($apiRequest) {
	44	$entity = $apiRequest['entity'];
	45	$params = $apiRequest['params'];
6a488035 TO	46	$id = $params['id'];
6a488035 TO	47	if (!is_numeric($id)) {
cf8f0fff	48	return civicrm_api3_create_error(ts('Please enter a number'), [
2fb1dd66 EM	49	'error_code' => 'NaN',
2fb1dd66 EM	50	'field' => "id",
cf8f0fff	51	]);
6a488035 TO	52	}
	53
	54	$field = CRM_Utils_String::munge($params['field']);
	55	$value = $params['value'];
	56
cf8f0fff	57	$fields = civicrm_api($entity, 'getFields', [
c1a920f1 EM	58	'version' => 3,
c1a920f1 EM	59	'action' => 'create',
cf8f0fff	60	"sequential"]
c1a920f1	61	);
6a488035	62	// getfields error, shouldn't happen.
6c552737 TO	63	if ($fields['is_error']) {
	64	return $fields;
	65	}
6a488035 TO	66	$fields = $fields['values'];
6a488035 TO	67
47737104 CW	68	$isCustom = strpos($field, 'custom_') === 0;
	69	// Trim off the id portion of a multivalued custom field name
	70	$fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field;
	71	if (!array_key_exists($fieldKey, $fields)) {
cf8f0fff	72	return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", ["error_code" => "invalid_field", "fields" => array_keys($fields)]);
6a488035 TO	73	}
6a488035 TO	74
47737104 CW	75	$def = $fields[$fieldKey];
47737104 CW	76	$title = CRM_Utils_Array::value('title', $def, ts('Field'));
5ba3bfc8 CW	77	// Disallow empty values except for the number zero.
5ba3bfc8 CW	78	// TODO: create a utility for this since it's needed in many places
47737104 CW	79	if (!empty($def['required']) \|\| !empty($def['is_required'])) {
47737104 CW	80	if ((empty($value) \|\| $value === 'null') && $value !== '0' && $value !== 0) {
cf8f0fff	81	return civicrm_api3_create_error(ts('%1 is a required field.', [1 => $title]), ["error_code" => "required", "field" => $field]);
47737104	82	}
6a488035 TO	83	}
	84
	85	switch ($def['type']) {
47737104 CW	86	case CRM_Utils_Type::T_FLOAT:
47737104 CW	87	if (!is_numeric($value) && !empty($value) && $value !== 'null') {
cf8f0fff	88	return civicrm_api3_create_error(ts('%1 must be a number.', [1 => $title]), ['error_code' => 'NaN']);
47737104	89	}
c866eb5f	90	break;
47737104	91
da54ec85	92	case CRM_Utils_Type::T_INT:
47737104	93	if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') {
cf8f0fff	94	return civicrm_api3_create_error(ts('%1 must be a number.', [1 => $title]), ['error_code' => 'NaN']);
6a488035	95	}
c866eb5f	96	break;
6a488035	97
da54ec85 CW	98	case CRM_Utils_Type::T_STRING:
da54ec85 CW	99	case CRM_Utils_Type::T_TEXT:
6a488035	100	if (!CRM_Utils_Rule::xssString($value)) {
cf8f0fff	101	return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), ['error_code' => 'XSS']);
6a488035	102	}
c866eb5f TO	103	if (array_key_exists('maxlength', $def)) {
	104	$value = substr($value, 0, $def['maxlength']);
	105	}
	106	break;
6a488035	107
da54ec85	108	case CRM_Utils_Type::T_DATE:
be2e0c6a	109	$value = CRM_Utils_Type::escape($value, "Date", FALSE);
6c552737	110	if (!$value) {
6a488035	111	return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
6c552737	112	}
6a488035 TO	113	break;
6a488035 TO	114
da54ec85	115	case CRM_Utils_Type::T_BOOLEAN:
47737104 CW	116	// Allow empty value for non-required fields
	117	if ($value === '' \|\| $value === 'null') {
	118	$value = '';
	119	}
	120	else {
	121	$value = (boolean) $value;
	122	}
6a488035 TO	123	break;
	124
	125	default:
cf8f0fff	126	return civicrm_api3_create_error("Param '$field' is of a type not managed yet (" . $def['type'] . "). Join the API team and help us implement it", ['error_code' => 'NOT_IMPLEMENTED']);
6a488035 TO	127	}
6a488035 TO	128
abe95f29	129	$dao_name = _civicrm_api3_get_DAO($entity);
cf8f0fff	130	$params = ['id' => $id, $field => $value];
47737104 CW	131
47737104 CW	132	if ((!empty($def['pseudoconstant']) \|\| !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') {
99efe93a	133	_civicrm_api3_api_match_pseudoconstant($params[$field], $entity, $field, $def);
47737104 CW	134	}
47737104 CW	135
75c9b470 CW	136	CRM_Utils_Hook::pre('edit', $entity, $id, $params);
75c9b470 CW	137
7a8e775a	138	// Custom fields
47737104	139	if ($isCustom) {
7a8e775a	140	CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID');
47737104 CW	141	// Treat 'null' as empty value. This is awful but the rest of the code supports it.
	142	if ($params[$field] === 'null') {
	143	$params[$field] = '';
	144	}
7a8e775a	145	CRM_Core_BAO_CustomValueTable::setValues($params);
1273d77c	146	CRM_Utils_Hook::post('edit', $entity, $id);
7a8e775a CW	147	}
	148	// Core fields
	149	elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) {
abe95f29	150	$entityDAO = new $dao_name();
abe95f29	151	$entityDAO->copyValues($params);
bb0c64a4	152	CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
6a488035 TO	153	}
	154	else {
	155	return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)");
	156	}
99efe93a CW	157
	158	// Add changelog entry - TODO: Should we do this for other entities as well?
	159	if (strtolower($entity) === 'contact') {
	160	CRM_Core_BAO_Log::register($id, 'civicrm_contact', $id);
	161	}
	162
	163	return civicrm_api3_create_success($params);
6a488035	164	}