| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 4.5 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2014 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * |
| 30 | * @package CRM |
| 31 | * @copyright CiviCRM LLC (c) 2004-2014 |
| 32 | * $Id$ |
| 33 | * |
| 34 | */ |
| 35 | |
| 36 | /** |
| 37 | * Create a page for displaying CiviCRM Profile Fields. |
| 38 | * |
| 39 | * Heart of this class is the run method which checks |
| 40 | * for action type and then displays the appropriate |
| 41 | * page. |
| 42 | * |
| 43 | */ |
| 44 | class CRM_Profile_Page_Dynamic extends CRM_Core_Page { |
| 45 | |
| 46 | /** |
| 47 | * The contact id of the person we are viewing |
| 48 | * |
| 49 | * @var int |
| 50 | * @access protected |
| 51 | */ |
| 52 | protected $_id; |
| 53 | |
| 54 | /** |
| 55 | * the profile group are are interested in |
| 56 | * |
| 57 | * @var int |
| 58 | * @access protected |
| 59 | */ |
| 60 | protected $_gid; |
| 61 | |
| 62 | /** |
| 63 | * The profile types we restrict this page to display |
| 64 | * |
| 65 | * @var string |
| 66 | * @access protected |
| 67 | */ |
| 68 | protected $_restrict; |
| 69 | |
| 70 | /** |
| 71 | * Should we bypass permissions |
| 72 | * |
| 73 | * @var boolean |
| 74 | * @access protected |
| 75 | */ |
| 76 | protected $_skipPermission; |
| 77 | |
| 78 | /** |
| 79 | * Store profile ids if multiple profile ids are passed using comma separated. |
| 80 | * Currently lets implement this functionality only for dialog mode |
| 81 | */ |
| 82 | protected $_profileIds = array(); |
| 83 | |
| 84 | /** |
| 85 | * Contact profile having activity fields? |
| 86 | * |
| 87 | * @var string |
| 88 | */ |
| 89 | protected $_isContactActivityProfile = FALSE; |
| 90 | |
| 91 | /** |
| 92 | * Activity Id connected to the profile |
| 93 | * |
| 94 | * @var string |
| 95 | */ |
| 96 | protected $_activityId = NULL; |
| 97 | |
| 98 | protected $_multiRecord = NULL; |
| 99 | |
| 100 | protected $_recordId = NULL; |
| 101 | |
| 102 | /* |
| 103 | * fetch multirecord as well as non-multirecord fields |
| 104 | */ |
| 105 | protected $_allFields = NULL; |
| 106 | |
| 107 | /** |
| 108 | * class constructor |
| 109 | * |
| 110 | * @param int $id the contact id |
| 111 | * @param int $gid the group id |
| 112 | * |
| 113 | * @param $restrict |
| 114 | * @param bool $skipPermission |
| 115 | * @param null $profileIds |
| 116 | * |
| 117 | * @return \CRM_Profile_Page_Dynamic |
| 118 | * @access public |
| 119 | */ |
| 120 | function __construct($id, $gid, $restrict, $skipPermission = FALSE, $profileIds = NULL) { |
| 121 | parent::__construct(); |
| 122 | |
| 123 | $this->_id = $id; |
| 124 | $this->_gid = $gid; |
| 125 | $this->_restrict = $restrict; |
| 126 | $this->_skipPermission = $skipPermission; |
| 127 | |
| 128 | if (!array_key_exists('multiRecord', $_GET)) { |
| 129 | $this->set('multiRecord', NULL); |
| 130 | } |
| 131 | if (!array_key_exists('recordId', $_GET)) { |
| 132 | $this->set('recordId', NULL); |
| 133 | } |
| 134 | if (!array_key_exists('allFields', $_GET)) { |
| 135 | $this->set('allFields', NULL); |
| 136 | } |
| 137 | |
| 138 | //specifies the action being done on a multi record field |
| 139 | $multiRecordAction = CRM_Utils_Request::retrieve('multiRecord', 'String', $this); |
| 140 | |
| 141 | $this->_multiRecord = (!is_numeric($multiRecordAction)) ? |
| 142 | CRM_Core_Action::resolve($multiRecordAction) : $multiRecordAction; |
| 143 | if ($this->_multiRecord) { |
| 144 | $this->set('multiRecord', $this->_multiRecord); |
| 145 | } |
| 146 | |
| 147 | if ($this->_multiRecord & CRM_Core_Action::VIEW) { |
| 148 | $this->_recordId = CRM_Utils_Request::retrieve('recordId', 'Positive', $this); |
| 149 | $this->_allFields = CRM_Utils_Request::retrieve('allFields', 'Integer', $this); |
| 150 | } |
| 151 | |
| 152 | if ($profileIds) { |
| 153 | $this->_profileIds = $profileIds; |
| 154 | } |
| 155 | else { |
| 156 | $this->_profileIds = array($gid); |
| 157 | } |
| 158 | |
| 159 | $this->_activityId = CRM_Utils_Request::retrieve('aid', 'Positive', $this, FALSE, 0, 'GET'); |
| 160 | if (is_numeric($this->_activityId)) { |
| 161 | $latestRevisionId = CRM_Activity_BAO_Activity::getLatestActivityId($this->_activityId); |
| 162 | if ($latestRevisionId) { |
| 163 | $this->_activityId = $latestRevisionId; |
| 164 | } |
| 165 | } |
| 166 | $this->_isContactActivityProfile = CRM_Core_BAO_UFField::checkContactActivityProfileType($this->_gid); |
| 167 | } |
| 168 | |
| 169 | /** |
| 170 | * Get the action links for this page. |
| 171 | * |
| 172 | * @return array $_actionLinks |
| 173 | * |
| 174 | */ |
| 175 | function &actionLinks() { |
| 176 | return NULL; |
| 177 | } |
| 178 | |
| 179 | /** |
| 180 | * Run the page. |
| 181 | * |
| 182 | * This method is called after the page is created. It checks for the |
| 183 | * type of action and executes that action. |
| 184 | * |
| 185 | * @return void |
| 186 | * @access public |
| 187 | * |
| 188 | */ |
| 189 | function run() { |
| 190 | $template = CRM_Core_Smarty::singleton(); |
| 191 | if ($this->_id && $this->_gid) { |
| 192 | |
| 193 | // first check that id is part of the limit group id, CRM-4822 |
| 194 | $limitListingsGroupsID = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', |
| 195 | $this->_gid, |
| 196 | 'limit_listings_group_id' |
| 197 | ); |
| 198 | $config = CRM_Core_Config::singleton(); |
| 199 | if ($limitListingsGroupsID) { |
| 200 | |
| 201 | if (!CRM_Contact_BAO_GroupContact::isContactInGroup($this->_id, |
| 202 | $limitListingsGroupsID |
| 203 | )) { |
| 204 | CRM_Utils_System::setTitle(ts('Profile View - Permission Denied')); |
| 205 | return CRM_Core_Session::setStatus(ts('You do not have permission to view this contact record. Contact the site administrator if you need assistance.'), ts('Permission Denied'), 'error'); |
| 206 | } |
| 207 | } |
| 208 | |
| 209 | $session = CRM_Core_Session::singleton(); |
| 210 | $userID = $session->get('userID'); |
| 211 | |
| 212 | $this->_isPermissionedChecksum = FALSE; |
| 213 | $permissionType = CRM_Core_Permission::VIEW; |
| 214 | if ($this->_id != $userID) { |
| 215 | // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228 |
| 216 | if ($config->userFrameworkFrontend) { |
| 217 | $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE); |
| 218 | } |
| 219 | else { |
| 220 | $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE); |
| 221 | } |
| 222 | } |
| 223 | // CRM-10853 |
| 224 | // Users with create or edit permission should be allowed to view their own profile |
| 225 | if ($this->_id == $userID || $this->_isPermissionedChecksum) { |
| 226 | if (!CRM_Core_Permission::check('profile view')) { |
| 227 | if (CRM_Core_Permission::check('profile create') || CRM_Core_Permission::check('profile edit')) { |
| 228 | $this->_skipPermission = TRUE; |
| 229 | } |
| 230 | } |
| 231 | } |
| 232 | |
| 233 | // make sure we dont expose all fields based on permission |
| 234 | $admin = FALSE; |
| 235 | if ((!$config->userFrameworkFrontend && |
| 236 | (CRM_Core_Permission::check('administer users') || |
| 237 | CRM_Core_Permission::check('view all contacts') || |
| 238 | CRM_Contact_BAO_Contact_Permission::allow($this->_id) |
| 239 | ) |
| 240 | ) || |
| 241 | $this->_id == $userID || |
| 242 | $this->_isPermissionedChecksum |
| 243 | ) { |
| 244 | $admin = TRUE; |
| 245 | } |
| 246 | |
| 247 | $values = array(); |
| 248 | $fields = CRM_Core_BAO_UFGroup::getFields($this->_profileIds, FALSE, CRM_Core_Action::VIEW, |
| 249 | NULL, NULL, FALSE, $this->_restrict, |
| 250 | $this->_skipPermission, NULL, |
| 251 | $permissionType |
| 252 | ); |
| 253 | |
| 254 | if ($this->_multiRecord & CRM_Core_Action::VIEW && $this->_recordId && !$this->_allFields) { |
| 255 | CRM_Core_BAO_UFGroup::shiftMultiRecordFields($fields, $multiRecordFields); |
| 256 | $fields = $multiRecordFields; |
| 257 | } |
| 258 | if ($this->_isContactActivityProfile && $this->_gid) { |
| 259 | $errors = CRM_Profile_Form::validateContactActivityProfile($this->_activityId, $this->_id, $this->_gid); |
| 260 | if (!empty($errors)) { |
| 261 | CRM_Core_Error::fatal(array_pop($errors)); |
| 262 | } |
| 263 | } |
| 264 | |
| 265 | //reformat fields array |
| 266 | foreach ($fields as $name => $field) { |
| 267 | // also eliminate all formatting fields |
| 268 | if (CRM_Utils_Array::value('field_type', $field) == 'Formatting') { |
| 269 | unset($fields[$name]); |
| 270 | } |
| 271 | |
| 272 | // make sure that there is enough permission to expose this field |
| 273 | if (!$admin && $field['visibility'] == 'User and User Admin Only') { |
| 274 | unset($fields[$name]); |
| 275 | } |
| 276 | } |
| 277 | |
| 278 | if ($this->_isContactActivityProfile) { |
| 279 | $contactFields = $activityFields = array(); |
| 280 | |
| 281 | foreach ($fields as $fieldName => $field) { |
| 282 | if (CRM_Utils_Array::value('field_type', $field) == 'Activity') { |
| 283 | $activityFields[$fieldName] = $field; |
| 284 | } |
| 285 | else { |
| 286 | $contactFields[$fieldName] = $field; |
| 287 | } |
| 288 | } |
| 289 | |
| 290 | CRM_Core_BAO_UFGroup::getValues($this->_id, $contactFields, $values); |
| 291 | if ($this->_activityId) { |
| 292 | CRM_Core_BAO_UFGroup::getValues( |
| 293 | NULL, |
| 294 | $activityFields, |
| 295 | $values, |
| 296 | TRUE, |
| 297 | array(array('activity_id', '=', $this->_activityId, 0, 0)) |
| 298 | ); |
| 299 | } |
| 300 | } |
| 301 | else { |
| 302 | $customWhereClause = NULL; |
| 303 | if ($this->_multiRecord & CRM_Core_Action::VIEW && $this->_recordId) { |
| 304 | if ($this->_allFields) { |
| 305 | $copyFields = $fields; |
| 306 | CRM_Core_BAO_UFGroup::shiftMultiRecordFields($copyFields, $multiRecordFields); |
| 307 | $fieldKey = key($multiRecordFields); |
| 308 | } else { |
| 309 | $fieldKey = key($fields); |
| 310 | } |
| 311 | if ($fieldID = CRM_Core_BAO_CustomField::getKeyID($fieldKey)) { |
| 312 | $tableColumnGroup = CRM_Core_BAO_CustomField::getTableColumnGroup($fieldID); |
| 313 | $columnName = "{$tableColumnGroup[0]}.id"; |
| 314 | $customWhereClause = $columnName . ' = ' . $this->_recordId; |
| 315 | } |
| 316 | } |
| 317 | CRM_Core_BAO_UFGroup::getValues($this->_id, $fields, $values, TRUE, NULL, FALSE, $customWhereClause); |
| 318 | } |
| 319 | |
| 320 | // $profileFields array can be used for customized display of field labels and values in Profile/View.tpl |
| 321 | $profileFields = array(); |
| 322 | $labels = array(); |
| 323 | |
| 324 | foreach ($fields as $name => $field) { |
| 325 | //CRM-14338 |
| 326 | // Create a unique, non-empty index for each field. |
| 327 | $index = $field['title']; |
| 328 | if ($index === '') $index = ' '; |
| 329 | while (array_key_exists($index, $labels)) |
| 330 | $index .= ' '; |
| 331 | |
| 332 | $labels[$index] = preg_replace('/\s+|\W+/', '_', $name); |
| 333 | } |
| 334 | |
| 335 | foreach ($values as $title => $value) { |
| 336 | $profileFields[$labels[$title]] = array( |
| 337 | 'label' => $title, |
| 338 | 'value' => $value, |
| 339 | ); |
| 340 | } |
| 341 | |
| 342 | $template->assign_by_ref('row', $values); |
| 343 | $template->assign_by_ref('profileFields', $profileFields); |
| 344 | } |
| 345 | |
| 346 | $name = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'name'); |
| 347 | $this->assign('ufGroupName', $name); |
| 348 | CRM_Utils_Hook::viewProfile($name); |
| 349 | |
| 350 | if (strtolower($name) == 'summary_overlay') { |
| 351 | $template->assign('overlayProfile', TRUE); |
| 352 | } |
| 353 | |
| 354 | if (($this->_multiRecord & CRM_Core_Action::VIEW) && $this->_recordId && !$this->_allFields) { |
| 355 | $fieldDetail = reset($fields); |
| 356 | $fieldId = CRM_Core_BAO_CustomField::getKeyID($fieldDetail['name']); |
| 357 | $customGroupDetails = CRM_Core_BAO_CustomGroup::getGroupTitles(array($fieldId)); |
| 358 | $multiRecTitle = $customGroupDetails[$fieldId]['groupTitle']; |
| 359 | } else { |
| 360 | $title = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'title'); |
| 361 | } |
| 362 | |
| 363 | //CRM-4131. |
| 364 | $displayName = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $this->_id, 'display_name'); |
| 365 | if ($displayName) { |
| 366 | $session = CRM_Core_Session::singleton(); |
| 367 | $config = CRM_Core_Config::singleton(); |
| 368 | if ($session->get('userID') && |
| 369 | CRM_Core_Permission::check('access CiviCRM') && |
| 370 | CRM_Contact_BAO_Contact_Permission::allow($session->get('userID'), CRM_Core_Permission::VIEW) && |
| 371 | !$config->userFrameworkFrontend |
| 372 | ) { |
| 373 | $contactViewUrl = CRM_Utils_System::url('civicrm/contact/view', "action=view&reset=1&cid={$this->_id}", TRUE); |
| 374 | $this->assign('displayName', $displayName); |
| 375 | $displayName = "<a href=\"$contactViewUrl\">{$displayName}</a>"; |
| 376 | } |
| 377 | $title .= ' - ' . $displayName; |
| 378 | } |
| 379 | |
| 380 | $title = isset($multiRecTitle) ? ts('View %1 Record', array(1 => $multiRecTitle)) : $title; |
| 381 | CRM_Utils_System::setTitle($title); |
| 382 | |
| 383 | // invoke the pagRun hook, CRM-3906 |
| 384 | CRM_Utils_Hook::pageRun($this); |
| 385 | |
| 386 | return trim($template->fetch($this->getHookedTemplateFileName())); |
| 387 | } |
| 388 | |
| 389 | /** |
| 390 | * @param string $suffix |
| 391 | * |
| 392 | * @return null|string |
| 393 | */ |
| 394 | function checkTemplateFileExists($suffix = '') { |
| 395 | if ($this->_gid) { |
| 396 | $templateFile = "CRM/Profile/Page/{$this->_gid}/Dynamic.{$suffix}tpl"; |
| 397 | $template = CRM_Core_Page::getTemplate(); |
| 398 | if ($template->template_exists($templateFile)) { |
| 399 | return $templateFile; |
| 400 | } |
| 401 | |
| 402 | // lets see if we have customized by name |
| 403 | $ufGroupName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'name'); |
| 404 | if ($ufGroupName) { |
| 405 | $templateFile = "CRM/Profile/Page/{$ufGroupName}/Dynamic.{$suffix}tpl"; |
| 406 | if ($template->template_exists($templateFile)) { |
| 407 | return $templateFile; |
| 408 | } |
| 409 | } |
| 410 | } |
| 411 | return NULL; |
| 412 | } |
| 413 | |
| 414 | /** |
| 415 | * Use the form name to create the tpl file name |
| 416 | * |
| 417 | * @return string |
| 418 | * @access public |
| 419 | */ |
| 420 | /** |
| 421 | * @return string |
| 422 | */ |
| 423 | function getTemplateFileName() { |
| 424 | $fileName = $this->checkTemplateFileExists(); |
| 425 | return $fileName ? $fileName : parent::getTemplateFileName(); |
| 426 | } |
| 427 | |
| 428 | /** |
| 429 | * Default extra tpl file basically just replaces .tpl with .extra.tpl |
| 430 | * i.e. we dont override |
| 431 | * |
| 432 | * @return string |
| 433 | * @access public |
| 434 | */ |
| 435 | /** |
| 436 | * @return string |
| 437 | */ |
| 438 | function overrideExtraTemplateFileName() { |
| 439 | $fileName = $this->checkTemplateFileExists('extra.'); |
| 440 | return $fileName ? $fileName : parent::overrideExtraTemplateFileName(); |
| 441 | } |
| 442 | } |
| 443 | |