3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
19 * Business objects for managing custom data values.
21 class CRM_Core_BAO_CustomValue
extends CRM_Core_DAO
{
24 * Validate a value against a CustomField type.
27 * The type of the data.
28 * @param string $value
29 * The data to be validated.
32 * True if the value is of the specified type
34 public static function typecheck($type, $value) {
40 return CRM_Utils_Rule
::string($value);
43 return CRM_Utils_Rule
::integer($value);
47 return CRM_Utils_Rule
::numeric($value);
50 if (is_numeric($value)) {
51 return CRM_Utils_Rule
::dateTime($value);
54 return CRM_Utils_Rule
::date($value);
57 return CRM_Utils_Rule
::boolean($value);
59 case 'ContactReference':
60 return CRM_Utils_Rule
::validContact($value);
64 //fix for multi select state, CRM-3437
66 $mulValues = explode(',', $value);
67 foreach ($mulValues as $key => $state) {
68 $valid = array_key_exists(strtolower(trim($state)),
69 array_change_key_case(array_flip(CRM_Core_PseudoConstant
::stateProvinceAbbreviation()), CASE_LOWER
)
70 ) ||
array_key_exists(strtolower(trim($state)),
71 array_change_key_case(array_flip(CRM_Core_PseudoConstant
::stateProvince()), CASE_LOWER
)
81 //fix multi select country, CRM-3437
83 $mulValues = explode(',', $value);
84 foreach ($mulValues as $key => $country) {
85 $valid = array_key_exists(strtolower(trim($country)),
86 array_change_key_case(array_flip(CRM_Core_PseudoConstant
::countryIsoCode()), CASE_LOWER
)
87 ) ||
array_key_exists(strtolower(trim($country)),
88 array_change_key_case(array_flip(CRM_Core_PseudoConstant
::country()), CASE_LOWER
)
97 return CRM_Utils_Rule
::url($value);
103 * Given a 'civicrm' type string, return the mysql data store area
105 * @param string $type
106 * The civicrm type string.
108 * @return string|null
109 * the mysql data store placeholder
111 public static function typeToField($type) {
119 case 'StateProvince':
121 case 'Auto-complete':
128 return 'decimal_data';
145 * @param array $formValues
148 public static function fixCustomFieldValue(&$formValues) {
149 if (empty($formValues)) {
152 foreach (array_keys($formValues) as $key) {
153 if (substr($key, 0, 7) != 'custom_') {
156 elseif (empty($formValues[$key])) {
160 $htmlType = CRM_Core_DAO
::getFieldValue('CRM_Core_BAO_CustomField',
161 substr($key, 7), 'html_type'
163 $dataType = CRM_Core_DAO
::getFieldValue('CRM_Core_BAO_CustomField',
164 substr($key, 7), 'data_type'
167 if (is_array($formValues[$key])) {
168 if (!in_array(key($formValues[$key]), CRM_Core_DAO
::acceptedSQLOperators(), TRUE)) {
169 $formValues[$key] = ['IN' => $formValues[$key]];
172 elseif (($htmlType == 'TextArea' ||
173 ($htmlType == 'Text' && $dataType == 'String')
174 ) && strstr($formValues[$key], '%')
176 $formValues[$key] = ['LIKE' => $formValues[$key]];
178 elseif ($htmlType == 'Autocomplete-Select' && !empty($formValues[$key]) && is_string($formValues[$key]) && (strpos($formValues[$key], ',') != FALSE)) {
179 $formValues[$key] = ['IN' => explode(',', $formValues[$key])];
185 * Delete option value give an option value and custom group id.
187 * @param int $customValueID
189 * @param int $customGroupID
192 public static function deleteCustomValue($customValueID, $customGroupID) {
193 // first we need to find custom value table, from custom group ID
194 $tableName = CRM_Core_DAO
::getFieldValue('CRM_Core_DAO_CustomGroup', $customGroupID, 'table_name');
196 // Retrieve the $entityId so we can pass that to the hook.
197 $entityID = (int) CRM_Core_DAO
::singleValueQuery("SELECT entity_id FROM {$tableName} WHERE id = %1", [
198 1 => [$customValueID, 'Integer'],
201 // delete custom value from corresponding custom value table
202 $sql = "DELETE FROM {$tableName} WHERE id = {$customValueID}";
203 CRM_Core_DAO
::executeQuery($sql);
205 CRM_Utils_Hook
::custom('delete',
206 (int) $customGroupID,
213 * ACL clause for an APIv4 custom pseudo-entity (aka multi-record custom group extending Contact).
216 public function addSelectWhereClause() {
218 'entity_id' => CRM_Utils_SQL
::mergeSubquery('Contact'),
220 CRM_Utils_Hook
::selectWhereClause($this, $clauses);
225 * Special checkAccess function for multi-record custom pseudo-entities
227 * @param string $entityName
228 * Ex: 'Contact' or 'Custom_Foobar'
229 * @param string $action
230 * @param array $record
232 * Contact ID of the active user (whose access we must check). 0 for anonymous.
234 * TRUE if granted. FALSE if prohibited. NULL if indeterminate.
236 public static function _checkAccess(string $entityName, string $action, array $record, int $userID): ?
bool {
237 // This check implements two rules: you must have access to the specific custom-data-group - and to the underlying record (e.g. Contact).
239 $groupName = substr($entityName, 0, 7) === 'Custom_' ?
substr($entityName, 7) : NULL;
240 $extends = CRM_Core_DAO
::getFieldValue('CRM_Core_DAO_CustomGroup', $groupName, 'extends', 'name');
241 $id = CRM_Core_DAO
::getFieldValue('CRM_Core_DAO_CustomGroup', $groupName, 'id', 'name');
243 // $groupName is required but the function signature has to match the parent.
244 throw new CRM_Core_Exception('Missing required group-name in CustomValue::checkAccess');
247 if (empty($extends) ||
empty($id)) {
248 throw new CRM_Core_Exception('Received invalid group-name in CustomValue::checkAccess');
251 $actionType = $action === 'get' ? CRM_Core_Permission
::VIEW
: CRM_Core_Permission
::EDIT
;
252 if (!\CRM_Core_BAO_CustomGroup
::checkGroupAccess($id, $actionType, $userID)) {
256 $eid = $record['entity_id'] ??
NULL;
258 $tableName = CRM_Core_DAO
::getFieldValue('CRM_Core_DAO_CustomGroup', $groupName, 'table_name', 'name');
259 $eid = CRM_Core_DAO
::singleValueQuery("SELECT entity_id FROM `$tableName` WHERE id = " . (int) $record['id']);
262 // Do we have access to the target record?
263 if ($extends === 'Contact' ||
in_array($extends, CRM_Contact_BAO_ContactType
::basicTypes(TRUE), TRUE)) {
264 return \Civi\Api4\Utils\CoreUtil
::checkAccessDelegated('Contact', 'update', ['id' => $eid], $userID);
266 elseif (\Civi\Api4\Utils\CoreUtil
::getApiClass($extends)) {
267 // For most entities (Activity, Relationship, Contribution, ad nauseum), we acn just use an eponymous API.
268 return \Civi\Api4\Utils\CoreUtil
::checkAccessDelegated($extends, 'update', ['id' => $eid], $userID);
271 // Do you need to add a special case for some oddball custom-group type?
272 throw new CRM_Core_Exception("Cannot assess delegated permissions for group {$groupName}.");