| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 4.4 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2013 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * File for CiviCRM APIv3 utilitity functions |
| 30 | * |
| 31 | * @package CiviCRM_APIv3 |
| 32 | * @subpackage API_utils |
| 33 | * |
| 34 | * @copyright CiviCRM LLC (c) 2004-2013 |
| 35 | * @version $Id: utils.php 30879 2010-11-22 15:45:55Z shot $ |
| 36 | * |
| 37 | */ |
| 38 | |
| 39 | /** |
| 40 | * Initialize CiviCRM - should be run at the start of each API function |
| 41 | */ |
| 42 | function _civicrm_api3_initialize() { |
| 43 | require_once 'CRM/Core/ClassLoader.php'; |
| 44 | CRM_Core_ClassLoader::singleton()->register(); |
| 45 | CRM_Core_Config::singleton(); |
| 46 | } |
| 47 | |
| 48 | /** |
| 49 | * Wrapper Function for civicrm_verify_mandatory to make it simple to pass either / or fields for checking |
| 50 | * |
| 51 | * @param array $params array of fields to check |
| 52 | * @param array $daoName string DAO to check for required fields (create functions only) |
| 53 | * @param array $keyoptions |
| 54 | * |
| 55 | * @internal param array $keys list of required fields options. One of the options is required |
| 56 | * @return null or throws error if there the required fields not present |
| 57 | * @ |
| 58 | */ |
| 59 | function civicrm_api3_verify_one_mandatory($params, $daoName = NULL, $keyoptions = array( |
| 60 | )) { |
| 61 | $keys = array(array()); |
| 62 | foreach ($keyoptions as $key) { |
| 63 | $keys[0][] = $key; |
| 64 | } |
| 65 | civicrm_api3_verify_mandatory($params, $daoName, $keys); |
| 66 | } |
| 67 | |
| 68 | /** |
| 69 | * Function to check mandatory fields are included |
| 70 | * |
| 71 | * @param array $params array of fields to check |
| 72 | * @param array $daoName string DAO to check for required fields (create functions only) |
| 73 | * @param array $keys list of required fields. A value can be an array denoting that either this or that is required. |
| 74 | * @param bool $verifyDAO |
| 75 | * |
| 76 | * @throws API_Exception |
| 77 | * @return null or throws error if there the required fields not present |
| 78 | * |
| 79 | * @todo see notes on _civicrm_api3_check_required_fields regarding removing $daoName param |
| 80 | */ |
| 81 | function civicrm_api3_verify_mandatory($params, $daoName = NULL, $keys = array( |
| 82 | ), $verifyDAO = TRUE) { |
| 83 | |
| 84 | $unmatched = array(); |
| 85 | if ($daoName != NULL && $verifyDAO && empty($params['id'])) { |
| 86 | $unmatched = _civicrm_api3_check_required_fields($params, $daoName, TRUE); |
| 87 | if (!is_array($unmatched)) { |
| 88 | $unmatched = array(); |
| 89 | } |
| 90 | } |
| 91 | |
| 92 | if (!empty($params['id'])) { |
| 93 | $keys = array('version'); |
| 94 | } |
| 95 | else { |
| 96 | if (!in_array('version', $keys)) { |
| 97 | // required from v3 onwards |
| 98 | $keys[] = 'version'; |
| 99 | } |
| 100 | } |
| 101 | foreach ($keys as $key) { |
| 102 | if (is_array($key)) { |
| 103 | $match = 0; |
| 104 | $optionset = array(); |
| 105 | foreach ($key as $subkey) { |
| 106 | if (!array_key_exists($subkey, $params) || empty($params[$subkey])) { |
| 107 | $optionset[] = $subkey; |
| 108 | } |
| 109 | else { |
| 110 | // as long as there is one match then we don't need to rtn anything |
| 111 | $match = 1; |
| 112 | } |
| 113 | } |
| 114 | if (empty($match) && !empty($optionset)) { |
| 115 | $unmatched[] = "one of (" . implode(", ", $optionset) . ")"; |
| 116 | } |
| 117 | } |
| 118 | else { |
| 119 | if (!array_key_exists($key, $params) || empty($params[$key])) { |
| 120 | $unmatched[] = $key; |
| 121 | } |
| 122 | } |
| 123 | } |
| 124 | if (!empty($unmatched)) { |
| 125 | throw new API_Exception("Mandatory key(s) missing from params array: " . implode(", ", $unmatched),"mandatory_missing",array("fields"=>$unmatched)); |
| 126 | } |
| 127 | } |
| 128 | |
| 129 | /** |
| 130 | * |
| 131 | * @param <type> $data |
| 132 | * @param array $data |
| 133 | * @param object $dao DAO / BAO object to be freed here |
| 134 | * |
| 135 | * @throws API_Exception |
| 136 | * @return array <type> |
| 137 | */ |
| 138 | function civicrm_api3_create_error($msg, $data = array(), &$dao = NULL) { |
| 139 | //fix me - $dao should be param 4 & 3 should be $apiRequest |
| 140 | if (is_object($dao)) { |
| 141 | $dao->free(); |
| 142 | } |
| 143 | |
| 144 | if (is_array($dao)) { |
| 145 | if ($msg == 'DB Error: constraint violation' || substr($msg, 0,9) == 'DB Error:' || $msg == 'DB Error: already exists') { |
| 146 | try { |
| 147 | $fields = _civicrm_api3_api_getfields($dao); |
| 148 | _civicrm_api3_validate_fields($dao['entity'], $dao['action'], $dao['params'], $fields, TRUE); |
| 149 | } |
| 150 | catch(Exception $e) { |
| 151 | $msg = $e->getMessage(); |
| 152 | } |
| 153 | } |
| 154 | } |
| 155 | $data['is_error'] = 1; |
| 156 | $data['error_message'] = $msg; |
| 157 | // we will show sql to privelledged user only (not sure of a specific |
| 158 | // security hole here but seems sensible - perhaps should apply to the trace as well? |
| 159 | if(isset($data['sql']) && CRM_Core_Permission::check('Administer CiviCRM')) { |
| 160 | $data['debug_information'] = $data['sql']; |
| 161 | } |
| 162 | if (is_array($dao) && isset($dao['params']) && is_array($dao['params']) && CRM_Utils_Array::value('api.has_parent', $dao['params'])) { |
| 163 | $errorCode = empty($data['error_code']) ? 'chained_api_failed' : $data['error_code']; |
| 164 | throw new API_Exception('Error in call to ' . $dao['entity'] . '_' . $dao['action'] . ' : ' . $msg, $errorCode, $data); |
| 165 | } |
| 166 | return $data; |
| 167 | } |
| 168 | |
| 169 | /** |
| 170 | * Format array in result output styple |
| 171 | * |
| 172 | * @param array $values values generated by API operation (the result) |
| 173 | * @param array $params parameters passed into API call |
| 174 | * @param string $entity the entity being acted on |
| 175 | * @param string $action the action passed to the API |
| 176 | * @param object $dao DAO object to be freed here |
| 177 | * @param array $extraReturnValues additional values to be added to top level of result array( |
| 178 | * - this param is currently used for legacy behaviour support |
| 179 | * |
| 180 | * @return array $result |
| 181 | */ |
| 182 | function civicrm_api3_create_success($values = 1, $params = array( |
| 183 | ), $entity = NULL, $action = NULL, &$dao = NULL, $extraReturnValues = array()) { |
| 184 | $result = array(); |
| 185 | $result['is_error'] = 0; |
| 186 | //lets set the ['id'] field if it's not set & we know what the entity is |
| 187 | if (is_array($values) && !empty($entity)) { |
| 188 | foreach ($values as $key => $item) { |
| 189 | if (empty($item['id']) && !empty($item[$entity . "_id"])) { |
| 190 | $values[$key]['id'] = $item[$entity . "_id"]; |
| 191 | } |
| 192 | if(!empty($item['financial_type_id'])){ |
| 193 | //4.3 legacy handling |
| 194 | $values[$key]['contribution_type_id'] = $item['financial_type_id']; |
| 195 | } |
| 196 | if(!empty($item['next_sched_contribution_date'])){ |
| 197 | // 4.4 legacy handling |
| 198 | $values[$key]['next_sched_contribution'] = $item['next_sched_contribution_date']; |
| 199 | } |
| 200 | } |
| 201 | } |
| 202 | |
| 203 | if (is_array($params) && !empty($params['debug'])) { |
| 204 | if (is_string($action) && $action != 'getfields') { |
| 205 | $apiFields = civicrm_api($entity, 'getfields', array('version' => 3, 'action' => $action) + $params); |
| 206 | } |
| 207 | elseif ($action != 'getfields') { |
| 208 | $apiFields = civicrm_api($entity, 'getfields', array('version' => 3) + $params); |
| 209 | } |
| 210 | else { |
| 211 | $apiFields = FALSE; |
| 212 | } |
| 213 | |
| 214 | $allFields = array(); |
| 215 | if ($action != 'getfields' && is_array($apiFields) && is_array(CRM_Utils_Array::value('values', $apiFields))) { |
| 216 | $allFields = array_keys($apiFields['values']); |
| 217 | } |
| 218 | $paramFields = array_keys($params); |
| 219 | $undefined = array_diff($paramFields, $allFields, array_keys($_COOKIE), array('action', 'entity', 'debug', 'version', 'check_permissions', 'IDS_request_uri', 'IDS_user_agent', 'return', 'sequential', 'rowCount', 'option_offset', 'option_limit', 'custom', 'option_sort', 'options')); |
| 220 | if ($undefined) { |
| 221 | $result['undefined_fields'] = array_merge($undefined); |
| 222 | } |
| 223 | } |
| 224 | if (is_object($dao)) { |
| 225 | $dao->free(); |
| 226 | } |
| 227 | |
| 228 | $result['version'] = 3; |
| 229 | if (is_array($values)) { |
| 230 | $result['count'] = (int) count($values); |
| 231 | |
| 232 | // Convert value-separated strings to array |
| 233 | _civicrm_api3_separate_values($values); |
| 234 | |
| 235 | if ($result['count'] == 1) { |
| 236 | list($result['id']) = array_keys($values); |
| 237 | } |
| 238 | elseif (!empty($values['id']) && is_int($values['id'])) { |
| 239 | $result['id'] = $values['id']; |
| 240 | } |
| 241 | } |
| 242 | else { |
| 243 | $result['count'] = !empty($values) ? 1 : 0; |
| 244 | } |
| 245 | |
| 246 | if (is_array($values) && isset($params['sequential']) && |
| 247 | $params['sequential'] == 1 |
| 248 | ) { |
| 249 | $result['values'] = array_values($values); |
| 250 | } |
| 251 | else { |
| 252 | $result['values'] = $values; |
| 253 | } |
| 254 | |
| 255 | return array_merge($result, $extraReturnValues); |
| 256 | } |
| 257 | |
| 258 | /** |
| 259 | * Load the DAO of the entity |
| 260 | */ |
| 261 | function _civicrm_api3_load_DAO($entity) { |
| 262 | $dao = _civicrm_api3_get_DAO($entity); |
| 263 | if (empty($dao)) { |
| 264 | return FALSE; |
| 265 | } |
| 266 | $d = new $dao(); |
| 267 | return $d; |
| 268 | } |
| 269 | |
| 270 | /** |
| 271 | * Function to return the DAO of the function or Entity |
| 272 | * @param String $name either a function of the api (civicrm_{entity}_create or the entity name |
| 273 | * return the DAO name to manipulate this function |
| 274 | * eg. "civicrm_api3_contact_create" or "Contact" will return "CRM_Contact_BAO_Contact" |
| 275 | * @return mixed|string |
| 276 | */ |
| 277 | function _civicrm_api3_get_DAO($name) { |
| 278 | if (strpos($name, 'civicrm_api3') !== FALSE) { |
| 279 | $last = strrpos($name, '_'); |
| 280 | // len ('civicrm_api3_') == 13 |
| 281 | $name = substr($name, 13, $last - 13); |
| 282 | } |
| 283 | |
| 284 | if (strtolower($name) == 'individual' || strtolower($name) == 'household' || strtolower($name) == 'organization') { |
| 285 | $name = 'Contact'; |
| 286 | } |
| 287 | |
| 288 | //hack to deal with incorrectly named BAO/DAO - see CRM-10859 - |
| 289 | // several of these have been removed but am not confident mailing_recipients is |
| 290 | // tests so have not tackled. |
| 291 | // correct approach for im is unclear |
| 292 | if($name == 'mailing_recipients' || $name == 'MailingRecipients'){ |
| 293 | return 'CRM_Mailing_BAO_Recipients'; |
| 294 | } |
| 295 | if(strtolower($name) == 'im'){ |
| 296 | return 'CRM_Core_BAO_IM'; |
| 297 | } |
| 298 | return CRM_Core_DAO_AllCoreTables::getFullName(_civicrm_api_get_camel_name($name, 3)); |
| 299 | } |
| 300 | |
| 301 | /** |
| 302 | * Function to return the DAO of the function or Entity |
| 303 | * @param String $name is either a function of the api (civicrm_{entity}_create or the entity name |
| 304 | * return the DAO name to manipulate this function |
| 305 | * eg. "civicrm_contact_create" or "Contact" will return "CRM_Contact_BAO_Contact" |
| 306 | * @return mixed |
| 307 | */ |
| 308 | function _civicrm_api3_get_BAO($name) { |
| 309 | $dao = _civicrm_api3_get_DAO($name); |
| 310 | $dao = str_replace("DAO", "BAO", $dao); |
| 311 | return $dao; |
| 312 | } |
| 313 | |
| 314 | /** |
| 315 | * Recursive function to explode value-separated strings into arrays |
| 316 | * |
| 317 | */ |
| 318 | function _civicrm_api3_separate_values(&$values) { |
| 319 | $sp = CRM_Core_DAO::VALUE_SEPARATOR; |
| 320 | foreach ($values as $key => & $value) { |
| 321 | if (is_array($value)) { |
| 322 | _civicrm_api3_separate_values($value); |
| 323 | } |
| 324 | elseif (is_string($value)) { |
| 325 | if($key == 'case_type_id'){// this is to honor the way case API was originally written |
| 326 | $value = trim(str_replace($sp, ',', $value), ','); |
| 327 | } |
| 328 | elseif (strpos($value, $sp) !== FALSE) { |
| 329 | $value = explode($sp, trim($value, $sp)); |
| 330 | } |
| 331 | } |
| 332 | } |
| 333 | } |
| 334 | |
| 335 | /** |
| 336 | * This is a legacy wrapper for api_store_values which will check the suitable fields using getfields |
| 337 | * rather than DAO->fields |
| 338 | * |
| 339 | * Getfields has handling for how to deal with uniquenames which dao->fields doesn't |
| 340 | * |
| 341 | * Note this is used by BAO type create functions - eg. contribution |
| 342 | * @param string $entity |
| 343 | * @param array $params |
| 344 | * @param array $values |
| 345 | */ |
| 346 | function _civicrm_api3_filter_fields_for_bao($entity, &$params, &$values){ |
| 347 | $fields = civicrm_api($entity,'getfields', array('version' => 3,'action' => 'create')); |
| 348 | $fields = $fields['values']; |
| 349 | _civicrm_api3_store_values($fields, $params, $values); |
| 350 | } |
| 351 | /** |
| 352 | * |
| 353 | * @param array $fields |
| 354 | * @param array $params |
| 355 | * @param array $values |
| 356 | * |
| 357 | * @return Bool $valueFound |
| 358 | */ |
| 359 | function _civicrm_api3_store_values(&$fields, &$params, &$values) { |
| 360 | $valueFound = FALSE; |
| 361 | |
| 362 | $keys = array_intersect_key($params, $fields); |
| 363 | foreach ($keys as $name => $value) { |
| 364 | if ($name !== 'id') { |
| 365 | $values[$name] = $value; |
| 366 | $valueFound = TRUE; |
| 367 | } |
| 368 | } |
| 369 | return $valueFound; |
| 370 | } |
| 371 | |
| 372 | /** |
| 373 | * The API supports 2 types of get requestion. The more complex uses the BAO query object. |
| 374 | * This is a generic function for those functions that call it |
| 375 | * |
| 376 | * At the moment only called by contact we should extend to contribution & |
| 377 | * others that use the query object. Note that this function passes permission information in. |
| 378 | * The others don't |
| 379 | * |
| 380 | * @param $entity |
| 381 | * @param array $params as passed into api get or getcount function |
| 382 | * @param array $additional_options |
| 383 | * @param bool $getCount are we just after the count |
| 384 | * |
| 385 | * @return |
| 386 | * @internal param array $options array of options (so we can modify the filter) |
| 387 | */ |
| 388 | function _civicrm_api3_get_using_query_object($entity, $params, $additional_options = array(), $getCount = NULL){ |
| 389 | |
| 390 | // Convert id to e.g. contact_id |
| 391 | if (empty($params[$entity . '_id']) && isset($params['id'])) { |
| 392 | $params[$entity . '_id'] = $params['id']; |
| 393 | } |
| 394 | unset($params['id']); |
| 395 | |
| 396 | $options = _civicrm_api3_get_options_from_params($params, TRUE); |
| 397 | |
| 398 | $inputParams = array_merge( |
| 399 | CRM_Utils_Array::value('input_params', $options, array()), |
| 400 | CRM_Utils_Array::value('input_params', $additional_options, array()) |
| 401 | ); |
| 402 | $returnProperties = array_merge( |
| 403 | CRM_Utils_Array::value('return', $options, array()), |
| 404 | CRM_Utils_Array::value('return', $additional_options, array()) |
| 405 | ); |
| 406 | if(empty($returnProperties)){ |
| 407 | $returnProperties = NULL; |
| 408 | } |
| 409 | if(!empty($params['check_permissions'])){ |
| 410 | // we will filter query object against getfields |
| 411 | $fields = civicrm_api($entity, 'getfields', array('version' => 3, 'action' => 'get')); |
| 412 | // we need to add this in as earlier in this function 'id' was unset in favour of $entity_id |
| 413 | $fields['values'][$entity . '_id'] = array(); |
| 414 | $varsToFilter = array('returnProperties', 'inputParams'); |
| 415 | foreach ($varsToFilter as $varToFilter){ |
| 416 | if(!is_array($$varToFilter)){ |
| 417 | continue; |
| 418 | } |
| 419 | //I was going to throw an exception rather than silently filter out - but |
| 420 | //would need to diff out of exceptions arr other keys like 'options', 'return', 'api. etcetc |
| 421 | //so we are silently ignoring parts of their request |
| 422 | //$exceptionsArr = array_diff(array_keys($$varToFilter), array_keys($fields['values'])); |
| 423 | $$varToFilter = array_intersect_key($$varToFilter, $fields['values']); |
| 424 | } |
| 425 | } |
| 426 | $options = array_merge($options,$additional_options); |
| 427 | $sort = CRM_Utils_Array::value('sort', $options, NULL); |
| 428 | $offset = CRM_Utils_Array::value('offset', $options, NULL); |
| 429 | $limit = CRM_Utils_Array::value('limit', $options, NULL); |
| 430 | $smartGroupCache = CRM_Utils_Array::value('smartGroupCache', $params); |
| 431 | |
| 432 | if($getCount){ |
| 433 | $limit = NULL; |
| 434 | $returnProperties = NULL; |
| 435 | } |
| 436 | |
| 437 | $newParams = CRM_Contact_BAO_Query::convertFormValues($inputParams); |
| 438 | foreach ($newParams as &$newParam) { |
| 439 | if($newParam[1] == '=' && is_array($newParam[2])) { |
| 440 | // we may be looking at an attempt to use the 'IN' style syntax |
| 441 | // @todo at time of writing only 'IN' & 'NOT IN' are supported for the array style syntax |
| 442 | $sqlFilter = CRM_Core_DAO::createSqlFilter($newParam[0], $params[$newParam[0]], 'String', NULL, TRUE); |
| 443 | if($sqlFilter) { |
| 444 | $newParam[1] = key($newParam[2]); |
| 445 | $newParam[2] = $sqlFilter; |
| 446 | } |
| 447 | } |
| 448 | |
| 449 | } |
| 450 | $skipPermissions = CRM_Utils_Array::value('check_permissions', $params)? 0 :1; |
| 451 | |
| 452 | list($entities, $options) = CRM_Contact_BAO_Query::apiQuery( |
| 453 | $newParams, |
| 454 | $returnProperties, |
| 455 | NULL, |
| 456 | $sort, |
| 457 | $offset , |
| 458 | $limit, |
| 459 | $smartGroupCache, |
| 460 | $getCount, |
| 461 | $skipPermissions |
| 462 | ); |
| 463 | if ($getCount) { // only return the count of contacts |
| 464 | return $entities; |
| 465 | } |
| 466 | |
| 467 | return $entities; |
| 468 | } |
| 469 | |
| 470 | /** |
| 471 | * Function transfers the filters being passed into the DAO onto the params object |
| 472 | */ |
| 473 | function _civicrm_api3_dao_set_filter(&$dao, $params, $unique = TRUE, $entity) { |
| 474 | $entity = substr($dao->__table, 8); |
| 475 | |
| 476 | $allfields = _civicrm_api3_build_fields_array($dao, $unique); |
| 477 | |
| 478 | $fields = array_intersect(array_keys($allfields), array_keys($params)); |
| 479 | if (isset($params[$entity . "_id"])) { |
| 480 | //if entity_id is set then treat it as ID (will be overridden by id if set) |
| 481 | $dao->id = $params[$entity . "_id"]; |
| 482 | } |
| 483 | |
| 484 | $options = _civicrm_api3_get_options_from_params($params); |
| 485 | //apply options like sort |
| 486 | _civicrm_api3_apply_options_to_dao($params, $dao, $entity); |
| 487 | |
| 488 | //accept filters like filter.activity_date_time_high |
| 489 | // std is now 'filters' => .. |
| 490 | if (strstr(implode(',', array_keys($params)), 'filter')) { |
| 491 | if (isset($params['filters']) && is_array($params['filters'])) { |
| 492 | foreach ($params['filters'] as $paramkey => $paramvalue) { |
| 493 | _civicrm_api3_apply_filters_to_dao($paramkey, $paramvalue, $dao); |
| 494 | } |
| 495 | } |
| 496 | else { |
| 497 | foreach ($params as $paramkey => $paramvalue) { |
| 498 | if (strstr($paramkey, 'filter')) { |
| 499 | _civicrm_api3_apply_filters_to_dao(substr($paramkey, 7), $paramvalue, $dao); |
| 500 | } |
| 501 | } |
| 502 | } |
| 503 | } |
| 504 | // http://issues.civicrm.org/jira/browse/CRM-9150 - stick with 'simple' operators for now |
| 505 | // support for other syntaxes is discussed in ticket but being put off for now |
| 506 | $acceptedSQLOperators = array('=', '<=', '>=', '>', '<', 'LIKE', "<>", "!=", "NOT LIKE", 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN'); |
| 507 | if (!$fields) { |
| 508 | $fields = array(); |
| 509 | } |
| 510 | |
| 511 | foreach ($fields as $field) { |
| 512 | if (is_array($params[$field])) { |
| 513 | //get the actual fieldname from db |
| 514 | $fieldName = $allfields[$field]['name']; |
| 515 | $where = CRM_Core_DAO::createSqlFilter($fieldName, $params[$field], 'String'); |
| 516 | if(!empty($where)) { |
| 517 | $dao->whereAdd($where); |
| 518 | } |
| 519 | } |
| 520 | else { |
| 521 | if ($unique) { |
| 522 | $daoFieldName = $allfields[$field]['name']; |
| 523 | if (empty($daoFieldName)) { |
| 524 | throw new API_Exception("Failed to determine field name for \"$field\""); |
| 525 | } |
| 526 | $dao->{$daoFieldName} = $params[$field]; |
| 527 | } |
| 528 | else { |
| 529 | $dao->$field = $params[$field]; |
| 530 | } |
| 531 | } |
| 532 | } |
| 533 | if (!empty($options['return']) && is_array($options['return']) && empty($options['is_count'])) { |
| 534 | $dao->selectAdd(); |
| 535 | $options['return']['id'] = TRUE;// ensure 'id' is included |
| 536 | $allfields = _civicrm_api3_get_unique_name_array($dao); |
| 537 | $returnMatched = array_intersect(array_keys($options['return']), $allfields); |
| 538 | foreach ($returnMatched as $returnValue) { |
| 539 | $dao->selectAdd($returnValue); |
| 540 | } |
| 541 | |
| 542 | $unmatchedFields = array_diff(// not already matched on the field names |
| 543 | array_keys($options['return']), |
| 544 | $returnMatched |
| 545 | ); |
| 546 | |
| 547 | $returnUniqueMatched = array_intersect( |
| 548 | $unmatchedFields, |
| 549 | array_flip($allfields)// but a match for the field keys |
| 550 | ); |
| 551 | foreach ($returnUniqueMatched as $uniqueVal){ |
| 552 | $dao->selectAdd($allfields[$uniqueVal]); |
| 553 | } |
| 554 | } |
| 555 | } |
| 556 | |
| 557 | /** |
| 558 | * Apply filters (e.g. high, low) to DAO object (prior to find) |
| 559 | * @param string $filterField field name of filter |
| 560 | * @param string $filterValue field value of filter |
| 561 | * @param object $dao DAO object |
| 562 | */ |
| 563 | function _civicrm_api3_apply_filters_to_dao($filterField, $filterValue, &$dao) { |
| 564 | if (strstr($filterField, 'high')) { |
| 565 | $fieldName = substr($filterField, 0, -5); |
| 566 | $dao->whereAdd("($fieldName <= $filterValue )"); |
| 567 | } |
| 568 | if (strstr($filterField, 'low')) { |
| 569 | $fieldName = substr($filterField, 0, -4); |
| 570 | $dao->whereAdd("($fieldName >= $filterValue )"); |
| 571 | } |
| 572 | if($filterField == 'is_current' && $filterValue == 1){ |
| 573 | $todayStart = date('Ymd000000', strtotime('now')); |
| 574 | $todayEnd = date('Ymd235959', strtotime('now')); |
| 575 | $dao->whereAdd("(start_date <= '$todayStart' OR start_date IS NULL) AND (end_date >= '$todayEnd' OR end_date IS NULL)"); |
| 576 | if(property_exists($dao, 'is_active')){ |
| 577 | $dao->whereAdd('is_active = 1'); |
| 578 | } |
| 579 | } |
| 580 | } |
| 581 | |
| 582 | /** |
| 583 | * Get sort, limit etc options from the params - supporting old & new formats. |
| 584 | * get returnproperties for legacy |
| 585 | * |
| 586 | * @param array $params params array as passed into civicrm_api |
| 587 | * @param bool $queryObject - is this supporting a queryobject api (e.g contact) - if so we support more options |
| 588 | * for legacy report & return a unique fields array |
| 589 | * |
| 590 | * @param string $entity |
| 591 | * @param string $action |
| 592 | * |
| 593 | * @return array $options options extracted from params |
| 594 | */ |
| 595 | function _civicrm_api3_get_options_from_params(&$params, $queryObject = FALSE, $entity = '', $action = '') { |
| 596 | $is_count = FALSE; |
| 597 | $sort = CRM_Utils_Array::value('sort', $params, 0); |
| 598 | $sort = CRM_Utils_Array::value('option.sort', $params, $sort); |
| 599 | $sort = CRM_Utils_Array::value('option_sort', $params, $sort); |
| 600 | |
| 601 | $offset = CRM_Utils_Array::value('offset', $params, 0); |
| 602 | $offset = CRM_Utils_Array::value('option.offset', $params, $offset); |
| 603 | // dear PHP thought it would be a good idea to transform a.b into a_b in the get/post |
| 604 | $offset = CRM_Utils_Array::value('option_offset', $params, $offset); |
| 605 | |
| 606 | $limit = CRM_Utils_Array::value('rowCount', $params, 25); |
| 607 | $limit = CRM_Utils_Array::value('option.limit', $params, $limit); |
| 608 | $limit = CRM_Utils_Array::value('option_limit', $params, $limit); |
| 609 | |
| 610 | if (is_array(CRM_Utils_Array::value('options', $params))) { |
| 611 | // is count is set by generic getcount not user |
| 612 | $is_count = CRM_Utils_Array::value('is_count', $params['options']); |
| 613 | $offset = CRM_Utils_Array::value('offset', $params['options'], $offset); |
| 614 | $limit = CRM_Utils_Array::value('limit', $params['options'], $limit); |
| 615 | $sort = CRM_Utils_Array::value('sort', $params['options'], $sort); |
| 616 | } |
| 617 | |
| 618 | $returnProperties = array(); |
| 619 | // handle the format return =sort_name,display_name... |
| 620 | if (array_key_exists('return', $params)) { |
| 621 | if (is_array($params['return'])) { |
| 622 | $returnProperties = array_fill_keys($params['return'], 1); |
| 623 | } |
| 624 | else { |
| 625 | $returnProperties = explode(',', str_replace(' ', '', $params['return'])); |
| 626 | $returnProperties = array_fill_keys($returnProperties, 1); |
| 627 | } |
| 628 | } |
| 629 | if ($entity && $action =='get') { |
| 630 | if (CRM_Utils_Array::value('id',$returnProperties)) { |
| 631 | $returnProperties[$entity . '_id'] = 1; |
| 632 | unset($returnProperties['id']); |
| 633 | } |
| 634 | switch (trim(strtolower($sort))){ |
| 635 | case 'id': |
| 636 | case 'id desc': |
| 637 | case 'id asc': |
| 638 | $sort = str_replace('id', $entity . '_id',$sort); |
| 639 | } |
| 640 | } |
| 641 | |
| 642 | $options = array( |
| 643 | 'offset' => CRM_Utils_Rule::integer($offset) ? $offset : NULL, |
| 644 | 'sort' => CRM_Utils_Rule::string($sort) ? $sort : NULL, |
| 645 | 'limit' => CRM_Utils_Rule::integer($limit) ? $limit : NULL, |
| 646 | 'is_count' => $is_count, |
| 647 | 'return' => !empty($returnProperties) ? $returnProperties : NULL, |
| 648 | ); |
| 649 | |
| 650 | if ($options['sort'] && stristr($options['sort'], 'SELECT')) { |
| 651 | throw new API_Exception('invalid string in sort options'); |
| 652 | } |
| 653 | |
| 654 | if (!$queryObject) { |
| 655 | return $options; |
| 656 | } |
| 657 | //here comes the legacy support for $returnProperties, $inputParams e.g for contat_get |
| 658 | // if the queryobject is being used this should be used |
| 659 | $inputParams = array(); |
| 660 | $legacyreturnProperties = array(); |
| 661 | $otherVars = array( |
| 662 | 'sort', 'offset', 'rowCount', 'options','return', |
| 663 | ); |
| 664 | foreach ($params as $n => $v) { |
| 665 | if (substr($n, 0, 7) == 'return.') { |
| 666 | $legacyreturnProperties[substr($n, 7)] = $v; |
| 667 | } |
| 668 | elseif ($n == 'id') { |
| 669 | $inputParams[$entity. '_id'] = $v; |
| 670 | } |
| 671 | elseif (in_array($n, $otherVars)) {} |
| 672 | else { |
| 673 | $inputParams[$n] = $v; |
| 674 | if ($v && !is_array($v) && stristr($v, 'SELECT')) { |
| 675 | throw new API_Exception('invalid string'); |
| 676 | } |
| 677 | } |
| 678 | } |
| 679 | $options['return'] = array_merge($returnProperties, $legacyreturnProperties); |
| 680 | $options['input_params'] = $inputParams; |
| 681 | return $options; |
| 682 | } |
| 683 | |
| 684 | /** |
| 685 | * Apply options (e.g. sort, limit, order by) to DAO object (prior to find) |
| 686 | * |
| 687 | * @param array $params params array as passed into civicrm_api |
| 688 | * @param object $dao DAO object |
| 689 | * @param $entity |
| 690 | */ |
| 691 | function _civicrm_api3_apply_options_to_dao(&$params, &$dao, $entity) { |
| 692 | |
| 693 | $options = _civicrm_api3_get_options_from_params($params,FALSE,$entity); |
| 694 | if(!$options['is_count']) { |
| 695 | $dao->limit((int)$options['offset'], (int)$options['limit']); |
| 696 | if (!empty($options['sort'])) { |
| 697 | $dao->orderBy($options['sort']); |
| 698 | } |
| 699 | } |
| 700 | } |
| 701 | |
| 702 | /** |
| 703 | * build fields array. This is the array of fields as it relates to the given DAO |
| 704 | * returns unique fields as keys by default but if set but can return by DB fields |
| 705 | */ |
| 706 | function _civicrm_api3_build_fields_array(&$bao, $unique = TRUE) { |
| 707 | $fields = $bao->fields(); |
| 708 | if ($unique) { |
| 709 | if(!CRM_Utils_Array::value('id', $fields)){ |
| 710 | $entity = _civicrm_api_get_entity_name_from_dao($bao); |
| 711 | $fields['id'] = $fields[$entity . '_id']; |
| 712 | unset($fields[$entity . '_id']); |
| 713 | } |
| 714 | return $fields; |
| 715 | } |
| 716 | |
| 717 | foreach ($fields as $field) { |
| 718 | $dbFields[$field['name']] = $field; |
| 719 | } |
| 720 | return $dbFields; |
| 721 | } |
| 722 | |
| 723 | /** |
| 724 | * build fields array. This is the array of fields as it relates to the given DAO |
| 725 | * returns unique fields as keys by default but if set but can return by DB fields |
| 726 | */ |
| 727 | function _civicrm_api3_get_unique_name_array(&$bao) { |
| 728 | $fields = $bao->fields(); |
| 729 | foreach ($fields as $field => $values) { |
| 730 | $uniqueFields[$field] = CRM_Utils_Array::value('name',$values, $field); |
| 731 | } |
| 732 | return $uniqueFields; |
| 733 | } |
| 734 | |
| 735 | /** |
| 736 | * Converts an DAO object to an array |
| 737 | * |
| 738 | * @param object $dao (reference )object to convert |
| 739 | * @param null $params |
| 740 | * @param bool $uniqueFields |
| 741 | * @param string $entity |
| 742 | * |
| 743 | * @return array |
| 744 | * |
| 745 | * @params array of arrays (key = id) of array of fields |
| 746 | * |
| 747 | * @static void |
| 748 | * @access public |
| 749 | */ |
| 750 | function _civicrm_api3_dao_to_array($dao, $params = NULL, $uniqueFields = TRUE, $entity = "") { |
| 751 | $result = array(); |
| 752 | if(isset($params['options']) && CRM_Utils_Array::value('is_count', $params['options'])) { |
| 753 | return $dao->count(); |
| 754 | } |
| 755 | if (empty($dao) || !$dao->find()) { |
| 756 | return array(); |
| 757 | } |
| 758 | |
| 759 | if(isset($dao->count)) { |
| 760 | return $dao->count; |
| 761 | } |
| 762 | //if custom fields are required we will endeavour to set them . NB passing $entity in might be a bit clunky / unrequired |
| 763 | if (!empty($entity) && CRM_Utils_Array::value('return', $params) && is_array($params['return'])) { |
| 764 | foreach ($params['return'] as $return) { |
| 765 | if (substr($return, 0, 6) == 'custom') { |
| 766 | $custom = TRUE; |
| 767 | } |
| 768 | } |
| 769 | } |
| 770 | |
| 771 | |
| 772 | $fields = array_keys(_civicrm_api3_build_fields_array($dao, $uniqueFields)); |
| 773 | |
| 774 | while ($dao->fetch()) { |
| 775 | $tmp = array(); |
| 776 | foreach ($fields as $key) { |
| 777 | if (array_key_exists($key, $dao)) { |
| 778 | // not sure on that one |
| 779 | if ($dao->$key !== NULL) { |
| 780 | $tmp[$key] = $dao->$key; |
| 781 | } |
| 782 | } |
| 783 | } |
| 784 | $result[$dao->id] = $tmp; |
| 785 | if (!empty($custom)) { |
| 786 | _civicrm_api3_custom_data_get($result[$dao->id], $entity, $dao->id); |
| 787 | } |
| 788 | } |
| 789 | |
| 790 | |
| 791 | return $result; |
| 792 | } |
| 793 | |
| 794 | /** |
| 795 | * Converts an object to an array |
| 796 | * |
| 797 | * @param object $dao (reference) object to convert |
| 798 | * @param array $values (reference) array |
| 799 | * @param array|bool $uniqueFields |
| 800 | * |
| 801 | * @return array |
| 802 | * @static void |
| 803 | * @access public |
| 804 | */ |
| 805 | function _civicrm_api3_object_to_array(&$dao, &$values, $uniqueFields = FALSE) { |
| 806 | |
| 807 | $fields = _civicrm_api3_build_fields_array($dao, $uniqueFields); |
| 808 | foreach ($fields as $key => $value) { |
| 809 | if (array_key_exists($key, $dao)) { |
| 810 | $values[$key] = $dao->$key; |
| 811 | } |
| 812 | } |
| 813 | } |
| 814 | |
| 815 | /** |
| 816 | * Wrapper for _civicrm_object_to_array when api supports unique fields |
| 817 | */ |
| 818 | function _civicrm_api3_object_to_array_unique_fields(&$dao, &$values) { |
| 819 | return _civicrm_api3_object_to_array($dao, $values, TRUE); |
| 820 | } |
| 821 | |
| 822 | /** |
| 823 | * |
| 824 | * @param array $params |
| 825 | * @param array $values |
| 826 | * @param string $extends entity that this custom field extends (e.g. contribution, event, contact) |
| 827 | * @param string $entityId ID of entity per $extends |
| 828 | */ |
| 829 | function _civicrm_api3_custom_format_params($params, &$values, $extends, $entityId = NULL) { |
| 830 | $values['custom'] = array(); |
| 831 | foreach ($params as $key => $value) { |
| 832 | list($customFieldID, $customValueID) = CRM_Core_BAO_CustomField::getKeyID($key, TRUE); |
| 833 | if ($customFieldID && (!IS_NULL($value))) { |
| 834 | CRM_Core_BAO_CustomField::formatCustomField($customFieldID, $values['custom'], |
| 835 | $value, $extends, $customValueID, $entityId, FALSE, FALSE |
| 836 | ); |
| 837 | } |
| 838 | } |
| 839 | } |
| 840 | |
| 841 | /** |
| 842 | * @deprecated |
| 843 | * This function ensures that we have the right input parameters |
| 844 | * |
| 845 | * This function is only called when $dao is passed into verify_mandatory. |
| 846 | * The practice of passing $dao into verify_mandatory turned out to be |
| 847 | * unsatisfactory as the required fields @ the dao level is so diffent to the abstract |
| 848 | * api level. Hence the intention is to remove this function |
| 849 | * & the associated param from viery_mandatory |
| 850 | * |
| 851 | * @param array $params Associative array of property name/value |
| 852 | * pairs to insert in new history. |
| 853 | * @param $daoName |
| 854 | * @param bool $return |
| 855 | * |
| 856 | * @daoName string DAO to check params agains |
| 857 | * |
| 858 | * @return bool should the missing fields be returned as an array (core error created as default) |
| 859 | * |
| 860 | * @return bool true if all fields present, depending on $result a core error is created of an array of missing fields is returned |
| 861 | * @access public |
| 862 | */ |
| 863 | function _civicrm_api3_check_required_fields($params, $daoName, $return = FALSE) { |
| 864 | //@deprecated - see notes |
| 865 | if (isset($params['extends'])) { |
| 866 | if (($params['extends'] == 'Activity' || |
| 867 | $params['extends'] == 'Phonecall' || |
| 868 | $params['extends'] == 'Meeting' || |
| 869 | $params['extends'] == 'Group' || |
| 870 | $params['extends'] == 'Contribution' |
| 871 | ) && |
| 872 | ($params['style'] == 'Tab') |
| 873 | ) { |
| 874 | return civicrm_api3_create_error(ts("Can not create Custom Group in Tab for " . $params['extends'])); |
| 875 | } |
| 876 | } |
| 877 | |
| 878 | $dao = new $daoName(); |
| 879 | $fields = $dao->fields(); |
| 880 | |
| 881 | $missing = array(); |
| 882 | foreach ($fields as $k => $v) { |
| 883 | if ($v['name'] == 'id') { |
| 884 | continue; |
| 885 | } |
| 886 | |
| 887 | if (CRM_Utils_Array::value('required', $v)) { |
| 888 | // 0 is a valid input for numbers, CRM-8122 |
| 889 | if (!isset($params[$k]) || (empty($params[$k]) && !($params[$k] === 0))) { |
| 890 | $missing[] = $k; |
| 891 | } |
| 892 | } |
| 893 | } |
| 894 | |
| 895 | if (!empty($missing)) { |
| 896 | if (!empty($return)) { |
| 897 | return $missing; |
| 898 | } |
| 899 | else { |
| 900 | return civicrm_api3_create_error(ts("Required fields " . implode(',', $missing) . " for $daoName are not present")); |
| 901 | } |
| 902 | } |
| 903 | |
| 904 | return TRUE; |
| 905 | } |
| 906 | |
| 907 | /** |
| 908 | * Check permissions for a given API call. |
| 909 | * |
| 910 | * @param $entity string API entity being accessed |
| 911 | * @param $action string API action being performed |
| 912 | * @param $params array params of the API call |
| 913 | * @param $throw bool whether to throw exception instead of returning false |
| 914 | * |
| 915 | * @throws Exception |
| 916 | * @return bool whether the current API user has the permission to make the call |
| 917 | */ |
| 918 | function _civicrm_api3_api_check_permission($entity, $action, &$params, $throw = TRUE) { |
| 919 | // return early unless we’re told explicitly to do the permission check |
| 920 | if (empty($params['check_permissions']) or $params['check_permissions'] == FALSE) { |
| 921 | return TRUE; |
| 922 | } |
| 923 | |
| 924 | require_once 'CRM/Core/DAO/permissions.php'; |
| 925 | $permissions = _civicrm_api3_permissions($entity, $action, $params); |
| 926 | |
| 927 | // $params might’ve been reset by the alterAPIPermissions() hook |
| 928 | if (isset($params['check_permissions']) and $params['check_permissions'] == FALSE) { |
| 929 | return TRUE; |
| 930 | } |
| 931 | |
| 932 | foreach ($permissions as $perm) { |
| 933 | if (!CRM_Core_Permission::check($perm)) { |
| 934 | if ($throw) { |
| 935 | throw new Exception("API permission check failed for $entity/$action call; missing permission: $perm."); |
| 936 | } |
| 937 | else { |
| 938 | return FALSE; |
| 939 | } |
| 940 | } |
| 941 | } |
| 942 | return TRUE; |
| 943 | } |
| 944 | |
| 945 | /** |
| 946 | * Function to do a 'standard' api get - when the api is only doing a $bao->find then use this |
| 947 | * |
| 948 | * @param string $bao_name name of BAO |
| 949 | * @param array $params params from api |
| 950 | * @param bool $returnAsSuccess return in api success format |
| 951 | * @param string $entity |
| 952 | * |
| 953 | * @return array |
| 954 | */ |
| 955 | function _civicrm_api3_basic_get($bao_name, &$params, $returnAsSuccess = TRUE, $entity = "") { |
| 956 | $bao = new $bao_name(); |
| 957 | _civicrm_api3_dao_set_filter($bao, $params, TRUE,$entity); |
| 958 | if ($returnAsSuccess) { |
| 959 | return civicrm_api3_create_success(_civicrm_api3_dao_to_array($bao, $params, FALSE, $entity), $params, $entity); |
| 960 | } |
| 961 | else { |
| 962 | return _civicrm_api3_dao_to_array($bao, $params, FALSE, $entity); |
| 963 | } |
| 964 | } |
| 965 | |
| 966 | /** |
| 967 | * Function to do a 'standard' api create - when the api is only doing a $bao::create then use this |
| 968 | * @param string $bao_name Name of BAO Class |
| 969 | * @param array $params parameters passed into the api call |
| 970 | * @param string $entity Entity - pass in if entity is non-standard & required $ids array |
| 971 | * @return array |
| 972 | */ |
| 973 | function _civicrm_api3_basic_create($bao_name, &$params, $entity = NULL) { |
| 974 | |
| 975 | $args = array(&$params); |
| 976 | if (!empty($entity)) { |
| 977 | $ids = array($entity => CRM_Utils_Array::value('id', $params)); |
| 978 | $args[] = &$ids; |
| 979 | } |
| 980 | |
| 981 | if (method_exists($bao_name, 'create')) { |
| 982 | $fct = 'create'; |
| 983 | $fct_name = $bao_name . '::' . $fct; |
| 984 | $bao = call_user_func_array(array($bao_name, $fct), $args); |
| 985 | } |
| 986 | elseif (method_exists($bao_name, 'add')) { |
| 987 | $fct = 'add'; |
| 988 | $fct_name = $bao_name . '::' . $fct; |
| 989 | $bao = call_user_func_array(array($bao_name, $fct), $args); |
| 990 | } |
| 991 | else { |
| 992 | $fct_name = '_civicrm_api3_basic_create_fallback'; |
| 993 | $bao = _civicrm_api3_basic_create_fallback($bao_name, $params); |
| 994 | } |
| 995 | |
| 996 | if (is_null($bao)) { |
| 997 | return civicrm_api3_create_error('Entity not created (' . $fct_name . ')'); |
| 998 | } |
| 999 | else { |
| 1000 | $values = array(); |
| 1001 | _civicrm_api3_object_to_array($bao, $values[$bao->id]); |
| 1002 | return civicrm_api3_create_success($values, $params, $entity, 'create', $bao); |
| 1003 | } |
| 1004 | } |
| 1005 | |
| 1006 | /** |
| 1007 | * For BAO's which don't have a create() or add() functions, use this fallback implementation. |
| 1008 | * |
| 1009 | * @fixme There's an intuitive sense that this behavior should be defined somehow in the BAO/DAO class |
| 1010 | * structure. In practice, that requires a fair amount of refactoring and/or kludgery. |
| 1011 | * |
| 1012 | * @param string $bao_name |
| 1013 | * @param array $params |
| 1014 | * |
| 1015 | * @throws API_Exception |
| 1016 | * @return CRM_Core_DAO|NULL an instance of the BAO |
| 1017 | */ |
| 1018 | function _civicrm_api3_basic_create_fallback($bao_name, &$params) { |
| 1019 | $entityName = CRM_Core_DAO_AllCoreTables::getBriefName(get_parent_class($bao_name)); |
| 1020 | if (empty($entityName)) { |
| 1021 | throw new API_Exception("Class \"$bao_name\" does not map to an entity name", "unmapped_class_to_entity", array( |
| 1022 | 'class_name' => $bao_name, |
| 1023 | )); |
| 1024 | } |
| 1025 | $hook = empty($params['id']) ? 'create' : 'edit'; |
| 1026 | |
| 1027 | CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params); |
| 1028 | $instance = new $bao_name(); |
| 1029 | $instance->copyValues($params); |
| 1030 | $instance->save(); |
| 1031 | CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance); |
| 1032 | |
| 1033 | return $instance; |
| 1034 | } |
| 1035 | |
| 1036 | /** |
| 1037 | * Function to do a 'standard' api del - when the api is only doing a $bao::del then use this |
| 1038 | * if api::del doesn't exist it will try DAO delete method |
| 1039 | */ |
| 1040 | function _civicrm_api3_basic_delete($bao_name, &$params) { |
| 1041 | |
| 1042 | civicrm_api3_verify_mandatory($params, NULL, array('id')); |
| 1043 | $args = array(&$params['id']); |
| 1044 | if (method_exists($bao_name, 'del')) { |
| 1045 | $bao = call_user_func_array(array($bao_name, 'del'), $args); |
| 1046 | if ($bao !== FALSE) { |
| 1047 | return civicrm_api3_create_success(TRUE); |
| 1048 | } |
| 1049 | throw new API_Exception('Could not delete entity id ' . $params['id']); |
| 1050 | } |
| 1051 | elseif (method_exists($bao_name, 'delete')) { |
| 1052 | $dao = new $bao_name(); |
| 1053 | $dao->id = $params['id']; |
| 1054 | if ($dao->find()) { |
| 1055 | while ($dao->fetch()) { |
| 1056 | $dao->delete(); |
| 1057 | return civicrm_api3_create_success(); |
| 1058 | } |
| 1059 | } |
| 1060 | else { |
| 1061 | throw new API_Exception('Could not delete entity id ' . $params['id']); |
| 1062 | } |
| 1063 | } |
| 1064 | |
| 1065 | throw new API_Exception('no delete method found'); |
| 1066 | } |
| 1067 | |
| 1068 | /** |
| 1069 | * Get custom data for the given entity & Add it to the returnArray as 'custom_123' = 'custom string' AND 'custom_123_1' = 'custom string' |
| 1070 | * Where 123 is field value & 1 is the id within the custom group data table (value ID) |
| 1071 | * |
| 1072 | * @param array $returnArray - array to append custom data too - generally $result[4] where 4 is the entity id. |
| 1073 | * @param string $entity e.g membership, event |
| 1074 | * @param $entity_id |
| 1075 | * @param int $groupID - per CRM_Core_BAO_CustomGroup::getTree |
| 1076 | * @param int $subType e.g. membership_type_id where custom data doesn't apply to all membership types |
| 1077 | * @param string $subName - Subtype of entity |
| 1078 | */ |
| 1079 | function _civicrm_api3_custom_data_get(&$returnArray, $entity, $entity_id, $groupID = NULL, $subType = NULL, $subName = NULL) { |
| 1080 | $groupTree = &CRM_Core_BAO_CustomGroup::getTree($entity, |
| 1081 | CRM_Core_DAO::$_nullObject, |
| 1082 | $entity_id, |
| 1083 | $groupID, |
| 1084 | $subType, |
| 1085 | $subName |
| 1086 | ); |
| 1087 | $groupTree = CRM_Core_BAO_CustomGroup::formatGroupTree($groupTree, 1, CRM_Core_DAO::$_nullObject); |
| 1088 | $customValues = array(); |
| 1089 | CRM_Core_BAO_CustomGroup::setDefaults($groupTree, $customValues); |
| 1090 | if (!empty($customValues)) { |
| 1091 | foreach ($customValues as $key => $val) { |
| 1092 | if (strstr($key, '_id')) { |
| 1093 | $idkey = substr($key, 0, -3); |
| 1094 | $returnArray['custom_' . (CRM_Core_BAO_CustomField::getKeyID($idkey) . "_id")] = $val; |
| 1095 | $returnArray[$key] = $val; |
| 1096 | } |
| 1097 | else { |
| 1098 | // per standard - return custom_fieldID |
| 1099 | $returnArray['custom_' . (CRM_Core_BAO_CustomField::getKeyID($key))] = $val; |
| 1100 | |
| 1101 | //not standard - but some api did this so guess we should keep - cheap as chips |
| 1102 | $returnArray[$key] = $val; |
| 1103 | } |
| 1104 | } |
| 1105 | } |
| 1106 | } |
| 1107 | |
| 1108 | /** |
| 1109 | * Validate fields being passed into API. This function relies on the getFields function working accurately |
| 1110 | * for the given API. If error mode is set to TRUE then it will also check |
| 1111 | * foreign keys |
| 1112 | * |
| 1113 | * As of writing only date was implemented. |
| 1114 | * @param string $entity |
| 1115 | * @param string $action |
| 1116 | * @param array $params - |
| 1117 | * @param array $fields response from getfields all variables are the same as per civicrm_api |
| 1118 | * @param bool $errorMode errorMode do intensive post fail checks? |
| 1119 | * @throws Exception |
| 1120 | */ |
| 1121 | function _civicrm_api3_validate_fields($entity, $action, &$params, $fields, $errorMode = False) { |
| 1122 | $fields = array_intersect_key($fields, $params); |
| 1123 | foreach ($fields as $fieldName => $fieldInfo) { |
| 1124 | switch (CRM_Utils_Array::value('type', $fieldInfo)) { |
| 1125 | case CRM_Utils_Type::T_INT: |
| 1126 | //field is of type integer |
| 1127 | _civicrm_api3_validate_integer($params, $fieldName, $fieldInfo, $entity); |
| 1128 | break; |
| 1129 | |
| 1130 | case 4: |
| 1131 | case 12: |
| 1132 | //field is of type date or datetime |
| 1133 | _civicrm_api3_validate_date($params, $fieldName, $fieldInfo); |
| 1134 | break; |
| 1135 | |
| 1136 | case 32://blob |
| 1137 | _civicrm_api3_validate_html($params, $fieldName, $fieldInfo); |
| 1138 | break; |
| 1139 | |
| 1140 | case CRM_Utils_Type::T_STRING: |
| 1141 | _civicrm_api3_validate_string($params, $fieldName, $fieldInfo, $entity); |
| 1142 | break; |
| 1143 | |
| 1144 | case CRM_Utils_Type::T_MONEY: |
| 1145 | if (!CRM_Utils_Rule::money($params[$fieldName]) && !empty($params[$fieldName])) { |
| 1146 | throw new Exception($fieldName . " is not a valid amount: " . $params[$fieldName]); |
| 1147 | } |
| 1148 | } |
| 1149 | |
| 1150 | // intensive checks - usually only called after DB level fail |
| 1151 | if (!empty($errorMode) && strtolower($action) == 'create') { |
| 1152 | if (CRM_Utils_Array::value('FKClassName', $fieldInfo)) { |
| 1153 | if (CRM_Utils_Array::value($fieldName, $params)) { |
| 1154 | _civicrm_api3_validate_constraint($params, $fieldName, $fieldInfo); |
| 1155 | } |
| 1156 | elseif (CRM_Utils_Array::value('required', $fieldInfo)) { |
| 1157 | throw new Exception("DB Constraint Violation - possibly $fieldName should possibly be marked as mandatory for this API. If so, please raise a bug report"); |
| 1158 | } |
| 1159 | } |
| 1160 | if (CRM_Utils_Array::value('api.unique', $fieldInfo)) { |
| 1161 | $params['entity'] = $entity; |
| 1162 | _civicrm_api3_validate_uniquekey($params, $fieldName, $fieldInfo); |
| 1163 | } |
| 1164 | } |
| 1165 | } |
| 1166 | } |
| 1167 | |
| 1168 | /** |
| 1169 | * Validate date fields being passed into API. |
| 1170 | * It currently converts both unique fields and DB field names to a mysql date. |
| 1171 | * @todo - probably the unique field handling & the if exists handling is now done before this |
| 1172 | * function is reached in the wrapper - can reduce this code down to assume we |
| 1173 | * are only checking the passed in field |
| 1174 | * |
| 1175 | * It also checks against the RULE:date function. This is a centralisation of code that was scattered and |
| 1176 | * may not be the best thing to do. There is no code level documentation on the existing functions to work off |
| 1177 | * |
| 1178 | * @param array $params params from civicrm_api |
| 1179 | * @param string $fieldName uniquename of field being checked |
| 1180 | * @param $fieldInfo |
| 1181 | * @throws Exception |
| 1182 | * @internal param array $fieldinfo array of fields from getfields function |
| 1183 | */ |
| 1184 | function _civicrm_api3_validate_date(&$params, &$fieldName, &$fieldInfo) { |
| 1185 | //should we check first to prevent it from being copied if they have passed in sql friendly format? |
| 1186 | if (CRM_Utils_Array::value($fieldInfo['name'], $params)) { |
| 1187 | //accept 'whatever strtotime accepts |
| 1188 | if (strtotime($params[$fieldInfo['name']]) === FALSE) { |
| 1189 | throw new Exception($fieldInfo['name'] . " is not a valid date: " . $params[$fieldInfo['name']]); |
| 1190 | } |
| 1191 | $params[$fieldInfo['name']] = CRM_Utils_Date::processDate($params[$fieldInfo['name']]); |
| 1192 | } |
| 1193 | if ((CRM_Utils_Array::value('name', $fieldInfo) != $fieldName) && CRM_Utils_Array::value($fieldName, $params)) { |
| 1194 | //If the unique field name differs from the db name & is set handle it here |
| 1195 | if (strtotime($params[$fieldName]) === FALSE) { |
| 1196 | throw new Exception($fieldName . " is not a valid date: " . $params[$fieldName]); |
| 1197 | } |
| 1198 | $params[$fieldName] = CRM_Utils_Date::processDate($params[$fieldName]); |
| 1199 | } |
| 1200 | } |
| 1201 | |
| 1202 | /** |
| 1203 | * Validate foreign constraint fields being passed into API. |
| 1204 | * |
| 1205 | * @param array $params params from civicrm_api |
| 1206 | * @param string $fieldName uniquename of field being checked |
| 1207 | * @param $fieldInfo |
| 1208 | * @throws Exception |
| 1209 | * @internal param array $fieldinfo array of fields from getfields function |
| 1210 | */ |
| 1211 | function _civicrm_api3_validate_constraint(&$params, &$fieldName, &$fieldInfo) { |
| 1212 | $dao = new $fieldInfo['FKClassName']; |
| 1213 | $dao->id = $params[$fieldName]; |
| 1214 | $dao->selectAdd(); |
| 1215 | $dao->selectAdd('id'); |
| 1216 | if (!$dao->find()) { |
| 1217 | throw new Exception("$fieldName is not valid : " . $params[$fieldName]); |
| 1218 | } |
| 1219 | } |
| 1220 | |
| 1221 | /** |
| 1222 | * Validate foreign constraint fields being passed into API. |
| 1223 | * |
| 1224 | * @param array $params params from civicrm_api |
| 1225 | * @param string $fieldName uniquename of field being checked |
| 1226 | * @param $fieldInfo |
| 1227 | * @throws Exception |
| 1228 | * @internal param array $fieldinfo array of fields from getfields function |
| 1229 | */ |
| 1230 | function _civicrm_api3_validate_uniquekey(&$params, &$fieldName, &$fieldInfo) { |
| 1231 | $existing = civicrm_api($params['entity'], 'get', array( |
| 1232 | 'version' => $params['version'], |
| 1233 | $fieldName => $params[$fieldName], |
| 1234 | )); |
| 1235 | // an entry already exists for this unique field |
| 1236 | if ($existing['count'] == 1) { |
| 1237 | // question - could this ever be a security issue? |
| 1238 | throw new Exception("Field: `$fieldName` must be unique. An conflicting entity already exists - id: " . $existing['id']); |
| 1239 | } |
| 1240 | } |
| 1241 | |
| 1242 | /** |
| 1243 | * Generic implementation of the "replace" action. |
| 1244 | * |
| 1245 | * Replace the old set of entities (matching some given keys) with a new set of |
| 1246 | * entities (matching the same keys). |
| 1247 | * |
| 1248 | * Note: This will verify that 'values' is present, but it does not directly verify |
| 1249 | * any other parameters. |
| 1250 | * |
| 1251 | * @param string $entity entity name |
| 1252 | * @param array $params params from civicrm_api, including: |
| 1253 | * - 'values': an array of records to save |
| 1254 | * - all other items: keys which identify new/pre-existing records |
| 1255 | * @return array|int |
| 1256 | */ |
| 1257 | function _civicrm_api3_generic_replace($entity, $params) { |
| 1258 | |
| 1259 | $transaction = new CRM_Core_Transaction(); |
| 1260 | try { |
| 1261 | if (!is_array($params['values'])) { |
| 1262 | throw new Exception("Mandatory key(s) missing from params array: values"); |
| 1263 | } |
| 1264 | |
| 1265 | // Extract the keys -- somewhat scary, don't think too hard about it |
| 1266 | $baseParams = _civicrm_api3_generic_replace_base_params($params); |
| 1267 | |
| 1268 | // Lookup pre-existing records |
| 1269 | $preexisting = civicrm_api($entity, 'get', $baseParams, $params); |
| 1270 | if (civicrm_error($preexisting)) { |
| 1271 | $transaction->rollback(); |
| 1272 | return $preexisting; |
| 1273 | } |
| 1274 | |
| 1275 | // Save the new/updated records |
| 1276 | $creates = array(); |
| 1277 | foreach ($params['values'] as $replacement) { |
| 1278 | // Sugar: Don't force clients to duplicate the 'key' data |
| 1279 | $replacement = array_merge($baseParams, $replacement); |
| 1280 | $action = (isset($replacement['id']) || isset($replacement[$entity . '_id'])) ? 'update' : 'create'; |
| 1281 | $create = civicrm_api($entity, $action, $replacement); |
| 1282 | if (civicrm_error($create)) { |
| 1283 | $transaction->rollback(); |
| 1284 | return $create; |
| 1285 | } |
| 1286 | foreach ($create['values'] as $entity_id => $entity_value) { |
| 1287 | $creates[$entity_id] = $entity_value; |
| 1288 | } |
| 1289 | } |
| 1290 | |
| 1291 | // Remove stale records |
| 1292 | $staleIDs = array_diff( |
| 1293 | array_keys($preexisting['values']), |
| 1294 | array_keys($creates) |
| 1295 | ); |
| 1296 | foreach ($staleIDs as $staleID) { |
| 1297 | $delete = civicrm_api($entity, 'delete', array( |
| 1298 | 'version' => $params['version'], |
| 1299 | 'id' => $staleID, |
| 1300 | )); |
| 1301 | if (civicrm_error($delete)) { |
| 1302 | $transaction->rollback(); |
| 1303 | return $delete; |
| 1304 | } |
| 1305 | } |
| 1306 | |
| 1307 | return civicrm_api3_create_success($creates, $params); |
| 1308 | } |
| 1309 | catch(PEAR_Exception $e) { |
| 1310 | $transaction->rollback(); |
| 1311 | return civicrm_api3_create_error($e->getMessage()); |
| 1312 | } |
| 1313 | catch(Exception $e) { |
| 1314 | $transaction->rollback(); |
| 1315 | return civicrm_api3_create_error($e->getMessage()); |
| 1316 | } |
| 1317 | } |
| 1318 | |
| 1319 | /** |
| 1320 | * @param $params |
| 1321 | * |
| 1322 | * @return mixed |
| 1323 | */ |
| 1324 | function _civicrm_api3_generic_replace_base_params($params) { |
| 1325 | $baseParams = $params; |
| 1326 | unset($baseParams['values']); |
| 1327 | unset($baseParams['sequential']); |
| 1328 | unset($baseParams['options']); |
| 1329 | return $baseParams; |
| 1330 | } |
| 1331 | |
| 1332 | /** |
| 1333 | * returns fields allowable by api |
| 1334 | * |
| 1335 | * @param $entity string Entity to query |
| 1336 | * @param bool $unique index by unique fields? |
| 1337 | * @param array $params |
| 1338 | * |
| 1339 | * @return array |
| 1340 | */ |
| 1341 | function _civicrm_api_get_fields($entity, $unique = FALSE, &$params = array( |
| 1342 | )) { |
| 1343 | $unsetIfEmpty = array('dataPattern', 'headerPattern', 'default', 'export', 'import'); |
| 1344 | $dao = _civicrm_api3_get_DAO($entity); |
| 1345 | if (empty($dao)) { |
| 1346 | return array(); |
| 1347 | } |
| 1348 | $d = new $dao(); |
| 1349 | $fields = $d->fields(); |
| 1350 | // replace uniqueNames by the normal names as the key |
| 1351 | if (empty($unique)) { |
| 1352 | foreach ($fields as $name => & $field) { |
| 1353 | //getting rid of unused attributes |
| 1354 | foreach ($unsetIfEmpty as $attr) { |
| 1355 | if (empty($field[$attr])) { |
| 1356 | unset($field[$attr]); |
| 1357 | } |
| 1358 | } |
| 1359 | if ($name == $field['name']) { |
| 1360 | continue; |
| 1361 | } |
| 1362 | if (array_key_exists($field['name'], $fields)) { |
| 1363 | $field['error'] = 'name conflict'; |
| 1364 | // it should never happen, but better safe than sorry |
| 1365 | continue; |
| 1366 | } |
| 1367 | $fields[$field['name']] = $field; |
| 1368 | $fields[$field['name']]['uniqueName'] = $name; |
| 1369 | unset($fields[$name]); |
| 1370 | } |
| 1371 | } |
| 1372 | $fields += _civicrm_api_get_custom_fields($entity, $params); |
| 1373 | return $fields; |
| 1374 | } |
| 1375 | |
| 1376 | /** |
| 1377 | * Return an array of fields for a given entity - this is the same as the BAO function but |
| 1378 | * fields are prefixed with 'custom_' to represent api params |
| 1379 | */ |
| 1380 | function _civicrm_api_get_custom_fields($entity, &$params) { |
| 1381 | $customfields = array(); |
| 1382 | $entity = _civicrm_api_get_camel_name($entity); |
| 1383 | if (strtolower($entity) == 'contact') { |
| 1384 | // Use sub-type if available, otherwise stick with 'Contact' |
| 1385 | $entity = CRM_Utils_Array::value('contact_type', $params); |
| 1386 | } |
| 1387 | $retrieveOnlyParent = FALSE; |
| 1388 | // we could / should probably test for other subtypes here - e.g. activity_type_id |
| 1389 | if($entity == 'Contact'){ |
| 1390 | empty($params['contact_sub_type']); |
| 1391 | } |
| 1392 | $customfields = CRM_Core_BAO_CustomField::getFields($entity, |
| 1393 | FALSE, |
| 1394 | FALSE, |
| 1395 | CRM_Utils_Array::value('contact_sub_type', $params, FALSE), |
| 1396 | NULL, |
| 1397 | $retrieveOnlyParent, |
| 1398 | FALSE, |
| 1399 | FALSE |
| 1400 | ); |
| 1401 | // find out if we have any requests to resolve options |
| 1402 | $getoptions = CRM_Utils_Array::value('get_options', CRM_Utils_Array::value('options',$params)); |
| 1403 | if(!is_array($getoptions)){ |
| 1404 | $getoptions = array($getoptions); |
| 1405 | } |
| 1406 | |
| 1407 | foreach ($customfields as $key => $value) { |
| 1408 | // Regular fields have a 'name' property |
| 1409 | $value['name'] = 'custom_' . $key; |
| 1410 | $value['type'] = _getStandardTypeFromCustomDataType($value['data_type']); |
| 1411 | $customfields['custom_' . $key] = $value; |
| 1412 | if (in_array('custom_' . $key, $getoptions)) { |
| 1413 | $customfields['custom_' . $key]['options'] = CRM_Core_BAO_CustomOption::valuesByID($key); |
| 1414 | } |
| 1415 | unset($customfields[$key]); |
| 1416 | } |
| 1417 | return $customfields; |
| 1418 | } |
| 1419 | /** |
| 1420 | * Translate the custom field data_type attribute into a std 'type' |
| 1421 | */ |
| 1422 | function _getStandardTypeFromCustomDataType($dataType) { |
| 1423 | $mapping = array( |
| 1424 | 'String' => CRM_Utils_Type::T_STRING, |
| 1425 | 'Int' => CRM_Utils_Type::T_INT, |
| 1426 | 'Money' => CRM_Utils_Type::T_MONEY, |
| 1427 | 'Memo' => CRM_Utils_Type::T_LONGTEXT, |
| 1428 | 'Float' => CRM_Utils_Type::T_FLOAT, |
| 1429 | 'Date' => CRM_Utils_Type::T_DATE, |
| 1430 | 'Boolean' => CRM_Utils_Type::T_BOOLEAN, |
| 1431 | 'StateProvince' => CRM_Utils_Type::T_INT, |
| 1432 | 'File' => CRM_Utils_Type::T_STRING, |
| 1433 | 'Link' => CRM_Utils_Type::T_STRING, |
| 1434 | 'ContactReference' => CRM_Utils_Type::T_INT, |
| 1435 | 'Country' => CRM_Utils_Type::T_INT, |
| 1436 | ); |
| 1437 | return $mapping[$dataType]; |
| 1438 | } |
| 1439 | /** |
| 1440 | * Return array of defaults for the given API (function is a wrapper on getfields) |
| 1441 | */ |
| 1442 | function _civicrm_api3_getdefaults($apiRequest, $fields) { |
| 1443 | $defaults = array(); |
| 1444 | |
| 1445 | foreach ($fields as $field => $values) { |
| 1446 | if (isset($values['api.default'])) { |
| 1447 | $defaults[$field] = $values['api.default']; |
| 1448 | } |
| 1449 | } |
| 1450 | return $defaults; |
| 1451 | } |
| 1452 | |
| 1453 | /** |
| 1454 | * Return array of defaults for the given API (function is a wrapper on getfields) |
| 1455 | */ |
| 1456 | function _civicrm_api3_getrequired($apiRequest, $fields) { |
| 1457 | $required = array('version'); |
| 1458 | |
| 1459 | foreach ($fields as $field => $values) { |
| 1460 | if (CRM_Utils_Array::value('api.required', $values)) { |
| 1461 | $required[] = $field; |
| 1462 | } |
| 1463 | } |
| 1464 | return $required; |
| 1465 | } |
| 1466 | |
| 1467 | /** |
| 1468 | * Fill params array with alternate (alias) values where a field has an alias and that is filled & the main field isn't |
| 1469 | * If multiple aliases the last takes precedence |
| 1470 | * |
| 1471 | * Function also swaps unique fields for non-unique fields & vice versa. |
| 1472 | */ |
| 1473 | function _civicrm_api3_swap_out_aliases(&$apiRequest, $fields) { |
| 1474 | foreach ($fields as $field => $values) { |
| 1475 | $uniqueName = CRM_Utils_Array::value('uniqueName', $values); |
| 1476 | if (CRM_Utils_Array::value('api.aliases', $values)) { |
| 1477 | // if aliased field is not set we try to use field alias |
| 1478 | if (!isset($apiRequest['params'][$field])) { |
| 1479 | foreach ($values['api.aliases'] as $alias) { |
| 1480 | if (isset($apiRequest['params'][$alias])) { |
| 1481 | $apiRequest['params'][$field] = $apiRequest['params'][$alias]; |
| 1482 | } |
| 1483 | //unset original field nb - need to be careful with this as it may bring inconsistencies |
| 1484 | // out of the woodwork but will be implementing only as _spec function extended |
| 1485 | unset($apiRequest['params'][$alias]); |
| 1486 | } |
| 1487 | } |
| 1488 | } |
| 1489 | if (!isset($apiRequest['params'][$field]) |
| 1490 | && CRM_Utils_Array::value('name', $values) |
| 1491 | && $field != $values['name'] |
| 1492 | && isset($apiRequest['params'][$values['name']]) |
| 1493 | ) { |
| 1494 | $apiRequest['params'][$field] = $apiRequest['params'][$values['name']]; |
| 1495 | // note that it would make sense to unset the original field here but tests need to be in place first |
| 1496 | } |
| 1497 | if (!isset($apiRequest['params'][$field]) |
| 1498 | && $uniqueName |
| 1499 | && $field != $uniqueName |
| 1500 | && array_key_exists($uniqueName, $apiRequest['params']) |
| 1501 | ) |
| 1502 | { |
| 1503 | $apiRequest['params'][$field] = CRM_Utils_Array::value($values['uniqueName'], $apiRequest['params']); |
| 1504 | // note that it would make sense to unset the original field here but tests need to be in place first |
| 1505 | } |
| 1506 | } |
| 1507 | |
| 1508 | } |
| 1509 | |
| 1510 | /** |
| 1511 | * Validate integer fields being passed into API. |
| 1512 | * It currently converts the incoming value 'user_contact_id' into the id of the currenty logged in user |
| 1513 | * |
| 1514 | * @param array $params params from civicrm_api |
| 1515 | * @param string $fieldName uniquename of field being checked |
| 1516 | * @param $fieldInfo |
| 1517 | * @param $entity |
| 1518 | * @throws API_Exception |
| 1519 | * @internal param array $fieldinfo array of fields from getfields function |
| 1520 | */ |
| 1521 | function _civicrm_api3_validate_integer(&$params, &$fieldName, &$fieldInfo, $entity) { |
| 1522 | //if fieldname exists in params |
| 1523 | if (CRM_Utils_Array::value($fieldName, $params)) { |
| 1524 | // if value = 'user_contact_id' (or similar), replace value with contact id |
| 1525 | if (!is_numeric($params[$fieldName]) && is_scalar($params[$fieldName])) { |
| 1526 | $realContactId = _civicrm_api3_resolve_contactID($params[$fieldName]); |
| 1527 | if ('unknown-user' === $realContactId) { |
| 1528 | throw new API_Exception("\"$fieldName\" \"{$params[$fieldName]}\" cannot be resolved to a contact ID", 2002, array('error_field' => $fieldName,"type"=>"integer")); |
| 1529 | } elseif (is_numeric($realContactId)) { |
| 1530 | $params[$fieldName] = $realContactId; |
| 1531 | } |
| 1532 | } |
| 1533 | if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options'])) { |
| 1534 | _civicrm_api3_api_match_pseudoconstant($params, $entity, $fieldName, $fieldInfo); |
| 1535 | } |
| 1536 | |
| 1537 | // After swapping options, ensure we have an integer(s) |
| 1538 | foreach ((array) ($params[$fieldName]) as $value) { |
| 1539 | if ($value && !is_numeric($value) && $value !== 'null' && !is_array($value)) { |
| 1540 | throw new API_Exception("$fieldName is not a valid integer", 2001, array('error_field' => $fieldName, "type" => "integer")); |
| 1541 | } |
| 1542 | } |
| 1543 | |
| 1544 | // Check our field length |
| 1545 | if(is_string($params[$fieldName]) && |
| 1546 | CRM_Utils_Array::value('maxlength',$fieldInfo) |
| 1547 | && strlen($params[$fieldName]) > $fieldInfo['maxlength'] |
| 1548 | ){ |
| 1549 | throw new API_Exception( $params[$fieldName] . " is " . strlen($params[$fieldName]) . " characters - longer than $fieldName length" . $fieldInfo['maxlength'] . ' characters', |
| 1550 | 2100, array('field' => $fieldName, "max_length"=>$fieldInfo['maxlength']) |
| 1551 | ); |
| 1552 | } |
| 1553 | } |
| 1554 | } |
| 1555 | |
| 1556 | /** |
| 1557 | * Determine a contact ID using a string expression |
| 1558 | * |
| 1559 | * @param string $contactIdExpr e.g. "user_contact_id" or "@user:username" |
| 1560 | * @return int|NULL|'unknown-user' |
| 1561 | */ |
| 1562 | function _civicrm_api3_resolve_contactID($contactIdExpr) { |
| 1563 | //if value = 'user_contact_id' replace value with logged in user id |
| 1564 | if ($contactIdExpr == "user_contact_id") { |
| 1565 | $session = &CRM_Core_Session::singleton(); |
| 1566 | if (!is_numeric($session->get('userID'))) { |
| 1567 | return NULL; |
| 1568 | } |
| 1569 | return $session->get('userID'); |
| 1570 | } elseif (preg_match('/^@user:(.*)$/', $contactIdExpr, $matches)) { |
| 1571 | $config = CRM_Core_Config::singleton(); |
| 1572 | |
| 1573 | $ufID = $config->userSystem->getUfId($matches[1]); |
| 1574 | if (!$ufID) { |
| 1575 | return 'unknown-user'; |
| 1576 | } |
| 1577 | |
| 1578 | $contactID = CRM_Core_BAO_UFMatch::getContactId($ufID); |
| 1579 | if (!$contactID) { |
| 1580 | return 'unknown-user'; |
| 1581 | } |
| 1582 | |
| 1583 | return $contactID; |
| 1584 | } |
| 1585 | return NULL; |
| 1586 | } |
| 1587 | |
| 1588 | /** |
| 1589 | * Validate html (check for scripting attack) |
| 1590 | * @param $params |
| 1591 | * @param $fieldName |
| 1592 | * @param $fieldInfo |
| 1593 | * |
| 1594 | * @throws API_Exception |
| 1595 | */ |
| 1596 | function _civicrm_api3_validate_html(&$params, &$fieldName, &$fieldInfo) { |
| 1597 | if ($value = CRM_Utils_Array::value($fieldName, $params)) { |
| 1598 | if (!CRM_Utils_Rule::xssString($value)) { |
| 1599 | throw new API_Exception('Illegal characters in input (potential scripting attack)', array("field"=>$fieldName,"error_code"=>"xss")); |
| 1600 | } |
| 1601 | } |
| 1602 | } |
| 1603 | |
| 1604 | /** |
| 1605 | * Validate string fields being passed into API. |
| 1606 | * @param array $params params from civicrm_api |
| 1607 | * @param string $fieldName uniquename of field being checked |
| 1608 | * @param $fieldInfo |
| 1609 | * @param $entity |
| 1610 | * @throws API_Exception |
| 1611 | * @throws Exception |
| 1612 | * @internal param array $fieldinfo array of fields from getfields function |
| 1613 | */ |
| 1614 | function _civicrm_api3_validate_string(&$params, &$fieldName, &$fieldInfo, $entity) { |
| 1615 | // If fieldname exists in params |
| 1616 | $value = CRM_Utils_Array::value($fieldName, $params, ''); |
| 1617 | if(!is_array($value)){ |
| 1618 | $value = (string) $value; |
| 1619 | } |
| 1620 | else{ |
| 1621 | //@todo what do we do about passed in arrays. For many of these fields |
| 1622 | // the missing piece of functionality is separating them to a separated string |
| 1623 | // & many save incorrectly. But can we change them wholesale? |
| 1624 | } |
| 1625 | if ($value ) { |
| 1626 | if (!CRM_Utils_Rule::xssString($value)) { |
| 1627 | throw new Exception('Illegal characters in input (potential scripting attack)'); |
| 1628 | } |
| 1629 | if ($fieldName == 'currency') { |
| 1630 | if (!CRM_Utils_Rule::currencyCode($value)) { |
| 1631 | throw new Exception("Currency not a valid code: $value"); |
| 1632 | } |
| 1633 | } |
| 1634 | if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options']) || !empty($fieldInfo['enumValues'])) { |
| 1635 | _civicrm_api3_api_match_pseudoconstant($params, $entity, $fieldName, $fieldInfo); |
| 1636 | } |
| 1637 | // Check our field length |
| 1638 | elseif (is_string($value) && !empty($fieldInfo['maxlength']) && strlen($value) > $fieldInfo['maxlength']) { |
| 1639 | throw new API_Exception("Value for $fieldName is " . strlen($value) . " characters - This field has a maxlength of {$fieldInfo['maxlength']} characters.", |
| 1640 | 2100, array('field' => $fieldName) |
| 1641 | ); |
| 1642 | } |
| 1643 | } |
| 1644 | } |
| 1645 | |
| 1646 | /** |
| 1647 | * Validate & swap out any pseudoconstants / options |
| 1648 | * |
| 1649 | * @param $params: api parameters |
| 1650 | * @param $entity: api entity name |
| 1651 | * @param $fieldName: field name used in api call (not necessarily the canonical name) |
| 1652 | * @param $fieldInfo: getfields meta-data |
| 1653 | */ |
| 1654 | function _civicrm_api3_api_match_pseudoconstant(&$params, $entity, $fieldName, $fieldInfo) { |
| 1655 | $options = CRM_Utils_Array::value('options', $fieldInfo); |
| 1656 | if (!$options) { |
| 1657 | if(strtolower($entity) == 'profile' && !empty($fieldInfo['entity'])) { |
| 1658 | // we need to get the options from the entity the field relates to |
| 1659 | $entity = $fieldInfo['entity']; |
| 1660 | } |
| 1661 | $options = civicrm_api($entity, 'getoptions', array('version' => 3, 'field' => $fieldInfo['name'], 'context' => 'validate')); |
| 1662 | $options = CRM_Utils_Array::value('values', $options, array()); |
| 1663 | } |
| 1664 | |
| 1665 | // If passed a value-separated string, explode to an array, then re-implode after matching values |
| 1666 | $implode = FALSE; |
| 1667 | if (is_string($params[$fieldName]) && strpos($params[$fieldName], CRM_Core_DAO::VALUE_SEPARATOR) !== FALSE) { |
| 1668 | $params[$fieldName] = CRM_Utils_Array::explodePadded($params[$fieldName]); |
| 1669 | $implode = TRUE; |
| 1670 | } |
| 1671 | // If passed multiple options, validate each |
| 1672 | if (is_array($params[$fieldName])) { |
| 1673 | foreach ($params[$fieldName] as &$value) { |
| 1674 | if (!is_array($value)) { |
| 1675 | _civicrm_api3_api_match_pseudoconstant_value($value, $options, $fieldName); |
| 1676 | } |
| 1677 | } |
| 1678 | // TODO: unwrap the call to implodePadded from the conditional and do it always |
| 1679 | // need to verify that this is safe and doesn't break anything though. |
| 1680 | // Better yet would be to leave it as an array and ensure that every dao/bao can handle array input |
| 1681 | if ($implode) { |
| 1682 | CRM_Utils_Array::implodePadded($params[$fieldName]); |
| 1683 | } |
| 1684 | } |
| 1685 | else { |
| 1686 | _civicrm_api3_api_match_pseudoconstant_value($params[$fieldName], $options, $fieldName); |
| 1687 | } |
| 1688 | } |
| 1689 | |
| 1690 | /** |
| 1691 | * Validate & swap a single option value for a field |
| 1692 | * |
| 1693 | * @param $value: field value |
| 1694 | * @param $options: array of options for this field |
| 1695 | * @param $fieldName: field name used in api call (not necessarily the canonical name) |
| 1696 | * @throws API_Exception |
| 1697 | */ |
| 1698 | function _civicrm_api3_api_match_pseudoconstant_value(&$value, $options, $fieldName) { |
| 1699 | // If option is a key, no need to translate |
| 1700 | if (array_key_exists($value, $options)) { |
| 1701 | return; |
| 1702 | } |
| 1703 | |
| 1704 | // Translate value into key |
| 1705 | $newValue = array_search($value, $options); |
| 1706 | if ($newValue !== FALSE) { |
| 1707 | $value = $newValue; |
| 1708 | return; |
| 1709 | } |
| 1710 | // Case-insensitive matching |
| 1711 | $newValue = strtolower($value); |
| 1712 | $options = array_map("strtolower", $options); |
| 1713 | $newValue = array_search($newValue, $options); |
| 1714 | if ($newValue === FALSE) { |
| 1715 | throw new API_Exception("'$value' is not a valid option for field $fieldName", 2001, array('error_field' => $fieldName)); |
| 1716 | } |
| 1717 | $value = $newValue; |
| 1718 | } |
| 1719 | |
| 1720 | /** |
| 1721 | * Returns the canonical name of a field |
| 1722 | * @param $entity: api entity name (string should already be standardized - no camelCase) |
| 1723 | * @param $fieldName: any variation of a field's name (name, unique_name, api.alias) |
| 1724 | * |
| 1725 | * @return (string|bool) fieldName or FALSE if the field does not exist |
| 1726 | */ |
| 1727 | function _civicrm_api3_api_resolve_alias($entity, $fieldName) { |
| 1728 | if (strpos($fieldName, 'custom_') === 0 && is_numeric($fieldName[7])) { |
| 1729 | return $fieldName; |
| 1730 | } |
| 1731 | if ($fieldName == "{$entity}_id") { |
| 1732 | return 'id'; |
| 1733 | } |
| 1734 | $result = civicrm_api($entity, 'getfields', array( |
| 1735 | 'version' => 3, |
| 1736 | 'action' => 'create', |
| 1737 | )); |
| 1738 | $meta = $result['values']; |
| 1739 | if (!isset($meta[$fieldName]['name']) && isset($meta[$fieldName . '_id'])) { |
| 1740 | $fieldName = $fieldName . '_id'; |
| 1741 | } |
| 1742 | if (isset($meta[$fieldName])) { |
| 1743 | return $meta[$fieldName]['name']; |
| 1744 | } |
| 1745 | foreach ($meta as $info) { |
| 1746 | if ($fieldName == CRM_Utils_Array::value('uniqueName', $info)) { |
| 1747 | return $info['name']; |
| 1748 | } |
| 1749 | if (array_search($fieldName, CRM_Utils_Array::value('api.aliases', $info, array())) !== FALSE) { |
| 1750 | return $info['name']; |
| 1751 | } |
| 1752 | } |
| 1753 | return FALSE; |
| 1754 | } |