projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
security/core#14 Validate "context" inputs
[civicrm-core.git] / CRM / Case / Form / Activity / OpenCase.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2018 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2018
32 */
33
34 /**
35 * This class generates form components for OpenCase Activity.
36 */
37 class CRM_Case_Form_Activity_OpenCase {
38
39 /**
40 * The id of the client associated with this case.
41 *
42 * @var int
43 */
44 public $_contactID;
45
46 /**
47 * @param CRM_Core_Form $form
48 */
49 public static function preProcess(&$form) {
50 //get multi client case configuration
51 $xmlProcessorProcess = new CRM_Case_XMLProcessor_Process();
52 $form->_allowMultiClient = (bool) $xmlProcessorProcess->getAllowMultipleCaseClients();
53
54 if ($form->_context == 'caseActivity') {
55 $contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $form);
56 $atype = CRM_Core_PseudoConstant::getKey('CRM_Activity_BAO_Activity', 'activity_type_id', 'Change Case Start Date');
57 $caseId = CRM_Utils_Array::first($form->_caseId);
58 $form->assign('changeStartURL', CRM_Utils_System::url('civicrm/case/activity',
59 "action=add&reset=1&cid=$contactID&caseid={$caseId}&atype=$atype"
60 )
61 );
62 return;
63 }
64
65 $form->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $form);
66 $form->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $form);
67 $form->assign('context', $form->_context);
68
69 // check if the case type id passed in url is a valid one
70 $caseTypeId = CRM_Utils_Request::retrieve('ctype', 'Positive', $form);
71 $caseTypes = CRM_Case_BAO_Case::buildOptions('case_type_id', 'create');
72 $form->_caseTypeId = array_key_exists($caseTypeId, $caseTypes) ? $caseTypeId : NULL;
73
74 // check if the case status id passed in url is a valid one
75 $caseStatusId = CRM_Utils_Request::retrieve('case_status_id', 'Positive', $form);
76 $caseStatus = CRM_Case_PseudoConstant::caseStatus();
77 $form->_caseStatusId = array_key_exists($caseStatusId, $caseStatus) ? $caseStatusId : NULL;
78
79 // Add attachments
80 CRM_Core_BAO_File::buildAttachment($form, 'civicrm_activity', $form->_activityId);
81 $session = CRM_Core_Session::singleton();
82 $session->pushUserContext(CRM_Utils_System::url('civicrm/case', 'reset=1'));
83 }
84
85 /**
86 * Set default values for the form. For edit/view mode
87 * the default values are retrieved from the database
88 *
89 *
90 * @param CRM_Core_Form $form
91 */
92 public static function setDefaultValues(&$form) {
93 $defaults = array();
94 if ($form->_context == 'caseActivity') {
95 return $defaults;
96 }
97
98 list($defaults['start_date'], $defaults['start_date_time']) = CRM_Utils_Date::setDateDefaults(NULL, 'activityDateTime');
99
100 // set default case status, case type, encounter medium, location type and phone type defaults are set in DB
101 if ($form->_caseStatusId) {
102 $caseStatus = $form->_caseStatusId;
103 }
104 else {
105 $caseStatus = CRM_Core_OptionGroup::values('case_status', FALSE, FALSE, FALSE, 'AND is_default = 1');
106 if (count($caseStatus) == 1) {
107 $caseStatus = key($caseStatus); //$defaults['status_id'] = key($caseStatus);
108 }
109 }
110 $defaults['status_id'] = $caseStatus;
111
112 // set default case type passed in url
113 if ($form->_caseTypeId) {
114 $defaults['case_type_id'] = $form->_caseTypeId;
115 }
116 else {
117 // TODO: Not possible yet to set a default case type in the system
118 // For now just add the convenience of auto-selecting if there is only one option
119 $caseTypes = CRM_Case_BAO_Case::buildOptions('case_type_id', 'create');
120 if (count($caseTypes) == 1) {
121 reset($caseTypes);
122 $defaults['case_type_id'] = key($caseTypes);
123 }
124 }
125
126 $medium = CRM_Core_OptionGroup::values('encounter_medium', FALSE, FALSE, FALSE, 'AND is_default = 1');
127 if (count($medium) == 1) {
128 $defaults['medium_id'] = key($medium);
129 }
130
131 $defaultLocationType = CRM_Core_BAO_LocationType::getDefault();
132 if ($defaultLocationType->id) {
133 $defaults['location[1][location_type_id]'] = $defaultLocationType->id;
134 }
135
136 $phoneType = CRM_Core_OptionGroup::values('phone_type', FALSE, FALSE, FALSE, 'AND is_default = 1');
137 if (count($phoneType) == 1) {
138 $defaults['location[1][phone][1][phone_type_id]'] = key($phoneType);
139 }
140
141 return $defaults;
142 }
143
144 /**
145 * @param CRM_Case_Form_Case $form
146 */
147 public static function buildQuickForm(&$form) {
148 if ($form->_context == 'caseActivity') {
149 return;
150 }
151 if ($form->_context == 'standalone') {
152 $form->addEntityRef('client_id', ts('Client'), array(
153 'create' => TRUE,
154 'multiple' => $form->_allowMultiClient,
155 ), TRUE);
156 }
157
158 $element = $form->addField('case_type_id', array(
159 'context' => 'create',
160 'entity' => 'Case',
161 'onchange' => "CRM.buildCustomData('Case', this.value);",
162 ), TRUE);
163 if ($form->_caseTypeId) {
164 $element->freeze();
165 }
166
167 $csElement = $form->addField('status_id', array(
168 'context' => 'create',
169 'entity' => 'Case',
170 ), TRUE);
171 if ($form->_caseStatusId) {
172 $csElement->freeze();
173 }
174
175 $form->add('text', 'duration', ts('Activity Duration'), array('size' => 4, 'maxlength' => 8));
176 $form->addRule('duration', ts('Please enter the duration as number of minutes (integers only).'), 'positiveInteger');
177
178 if ($form->_currentlyViewedContactId) {
179 list($displayName) = CRM_Contact_BAO_Contact::getDisplayAndImage($form->_currentlyViewedContactId);
180 $form->assign('clientName', $displayName);
181 }
182
183 $form->addDate('start_date', ts('Case Start Date'), TRUE, array('formatType' => 'activityDateTime'));
184
185 $form->addField('medium_id', array('entity' => 'activity', 'context' => 'create'), TRUE);
186
187 // calling this field activity_location to prevent conflict with contact location fields
188 $form->add('text', 'activity_location', ts('Location'), CRM_Core_DAO::getAttribute('CRM_Activity_DAO_Activity', 'location'));
189
190 $form->add('wysiwyg', 'activity_details', ts('Details'), array('rows' => 4, 'cols' => 60), FALSE);
191
192 $form->addButtons(array(
193 array(
194 'type' => 'upload',
195 'name' => ts('Save'),
196 'isDefault' => TRUE,
197 ),
198 array(
199 'type' => 'upload',
200 'name' => ts('Save and New'),
201 'subName' => 'new',
202 ),
203 array(
204 'type' => 'cancel',
205 'name' => ts('Cancel'),
206 ),
207 )
208 );
209 }
210
211 /**
212 * Process the form submission.
213 *
214 *
215 * @param CRM_Core_Form $form
216 * @param array $params
217 */
218 public static function beginPostProcess(&$form, &$params) {
219 if ($form->_context == 'caseActivity') {
220 return;
221 }
222
223 if ($form->_context == 'standalone') {
224 $params['client_id'] = explode(',', $params['client_id']);
225 $form->_currentlyViewedContactId = $params['client_id'][0];
226 }
227
228 // for open case start date should be set to current date
229 $params['start_date'] = CRM_Utils_Date::processDate($params['start_date'], $params['start_date_time']);
230
231 // rename activity_location param to the correct column name for activity DAO
232 $params['location'] = CRM_Utils_Array::value('activity_location', $params);
233
234 // Add attachments
235 CRM_Core_BAO_File::formatAttachment(
236 $params,
237 $params,
238 'civicrm_activity',
239 $form->_activityId
240 );
241
242 }
243
244 /**
245 * Global validation rules for the form.
246 *
247 * @param $fields
248 * @param $files
249 * @param CRM_Core_Form $form
250 *
251 * @return array
252 * list of errors to be posted back to the form
253 */
254 public static function formRule($fields, $files, $form) {
255 if ($form->_context == 'caseActivity') {
256 return TRUE;
257 }
258
259 $errors = array();
260 return $errors;
261 }
262
263 /**
264 * Process the form submission.
265 *
266 * @param CRM_Core_Form $form
267 * @param array $params
268 */
269 public static function endPostProcess(&$form, &$params) {
270 if ($form->_context == 'caseActivity') {
271 return;
272 }
273
274 $xmlProcessorProcess = new CRM_Case_XMLProcessor_Process();
275 $isMultiClient = $xmlProcessorProcess->getAllowMultipleCaseClients();
276
277 if (!$isMultiClient && !$form->_currentlyViewedContactId) {
278 CRM_Core_Error::fatal('Required parameter missing for OpenCase - end post processing');
279 }
280
281 if (!$form->_currentUserId ||
282 !$params['case_id'] ||
283 !$params['case_type']
284 ) {
285 CRM_Core_Error::fatal('Required parameter missing for OpenCase - end post processing');
286 }
287
288 // 1. create case-contact
289 if ($isMultiClient && $form->_context == 'standalone') {
290 foreach ($params['client_id'] as $cliId) {
291 if (empty($cliId)) {
292 CRM_Core_Error::fatal('client_id cannot be empty');
293 }
294 $contactParams = array(
295 'case_id' => $params['case_id'],
296 'contact_id' => $cliId,
297 );
298 CRM_Case_BAO_CaseContact::create($contactParams);
299 }
300 }
301 else {
302 $contactParams = array(
303 'case_id' => $params['case_id'],
304 'contact_id' => $form->_currentlyViewedContactId,
305 );
306 CRM_Case_BAO_CaseContact::create($contactParams);
307 }
308
309 // 2. initiate xml processor
310 $xmlProcessor = new CRM_Case_XMLProcessor_Process();
311
312 $xmlProcessorParams = array(
313 'clientID' => $form->_currentlyViewedContactId,
314 'creatorID' => $form->_currentUserId,
315 'standardTimeline' => 1,
316 'activityTypeName' => 'Open Case',
317 'caseID' => $params['case_id'],
318 'subject' => $params['activity_subject'],
319 'location' => $params['location'],
320 'activity_date_time' => $params['start_date'],
321 'duration' => CRM_Utils_Array::value('duration', $params),
322 'medium_id' => $params['medium_id'],
323 'details' => $params['activity_details'],
324 'relationship_end_date' => CRM_Utils_Array::value('end_date', $params),
325 );
326
327 if (array_key_exists('custom', $params) && is_array($params['custom'])) {
328 $xmlProcessorParams['custom'] = $params['custom'];
329 }
330
331 // Add parameters for attachments
332 $numAttachments = Civi::settings()->get('max_attachments');
333 for ($i = 1; $i <= $numAttachments; $i++) {
334 $attachName = "attachFile_$i";
335 if (isset($params[$attachName]) && !empty($params[$attachName])) {
336 $xmlProcessorParams[$attachName] = $params[$attachName];
337 }
338 }
339
340 $xmlProcessor->run($params['case_type'], $xmlProcessorParams);
341
342 // status msg
343 $params['statusMsg'] = ts('Case opened successfully.');
344
345 $buttonName = $form->controller->getButtonName();
346 $session = CRM_Core_Session::singleton();
347 if ($buttonName == $form->getButtonName('upload', 'new')) {
348 if ($form->_context == 'standalone') {
349 $session->replaceUserContext(CRM_Utils_System::url('civicrm/case/add',
350 'reset=1&action=add&context=standalone'
351 ));
352 }
353 else {
354 $session->replaceUserContext(CRM_Utils_System::url('civicrm/contact/view/case',
355 "reset=1&action=add&context=case&cid={$form->_contactID}"
356 ));
357 }
358 }
359 }
360
361 }