projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #13042 from jackrabbithanna/dev-core-475
[civicrm-core.git] / CRM / Profile / Form / Edit.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2019 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2019
32 *
33 */
34
35 /**
36 * This class generates form components for custom data
37 *
38 * It delegates the work to lower level subclasses and integrates the changes
39 * back in. It also uses a lot of functionality with the CRM API's, so any change
40 * made here could potentially affect the API etc. Be careful, be aware, use unit tests.
41 *
42 */
43 class CRM_Profile_Form_Edit extends CRM_Profile_Form {
44 protected $_postURL = NULL;
45 protected $_cancelURL = NULL;
46 protected $_errorURL = NULL;
47 protected $_context;
48 protected $_blockNo;
49 protected $_prefix;
50 protected $returnExtra;
51
52 /**
53 * Pre processing work done here.
54 *
55 * @param
56 *
57 */
58 public function preProcess() {
59 $this->_mode = CRM_Profile_Form::MODE_CREATE;
60
61 $this->_onPopupClose = CRM_Utils_Request::retrieve('onPopupClose', 'String', $this);
62 $this->assign('onPopupClose', $this->_onPopupClose);
63
64 //set the context for the profile
65 $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
66
67 //set the block no
68 $this->_blockNo = CRM_Utils_Request::retrieve('blockNo', 'String', $this);
69
70 //set the prefix
71 $this->_prefix = CRM_Utils_Request::retrieve('prefix', 'String', $this);
72
73 // Fields for the EntityRef widget
74 $this->returnExtra = CRM_Utils_Request::retrieve('returnExtra', 'String', $this);
75
76 $this->assign('context', $this->_context);
77
78 if ($this->_blockNo) {
79 $this->assign('blockNo', $this->_blockNo);
80 $this->assign('prefix', $this->_prefix);
81 }
82
83 $this->assign('createCallback', CRM_Utils_Request::retrieve('createCallback', 'String', $this));
84
85 if ($this->get('skipPermission')) {
86 $this->_skipPermission = TRUE;
87 }
88
89 if ($this->get('edit')) {
90 // make sure we have right permission to edit this user
91 $userID = CRM_Core_Session::getLoggedInContactID();
92
93 // Set the ID from the query string, otherwise default to the current user
94 $id = CRM_Utils_Request::retrieve('id', 'Positive', $this, FALSE, $userID);
95
96 if ($id) {
97 // this is edit mode.
98 $this->_mode = CRM_Profile_Form::MODE_EDIT;
99
100 if ($id != $userID) {
101 // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228
102 // see also CRM-19079 for modifications to the condition
103 $config = CRM_Core_Config::singleton();
104 if ($config->userFrameworkFrontend && $config->userSystem->is_joomla) {
105 CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($id, $this);
106 }
107 else {
108 CRM_Contact_BAO_Contact_Permission::validateChecksumContact($id, $this);
109 }
110 $this->_isPermissionedChecksum = TRUE;
111 }
112 }
113
114 // CRM-16784: If there is no ID then this can't be an 'edit'
115 else {
116 CRM_Core_Error::fatal(ts('No user/contact ID was specified, so the Profile cannot be used in edit mode.'));
117 }
118
119 }
120
121 parent::preProcess();
122
123 // and also the profile is of type 'Profile'
124 $query = "
125 SELECT module,is_reserved
126 FROM civicrm_uf_group
127 LEFT JOIN civicrm_uf_join ON uf_group_id = civicrm_uf_group.id
128 WHERE civicrm_uf_group.id = %1
129 ";
130
131 $params = array(1 => array($this->_gid, 'Integer'));
132 $dao = CRM_Core_DAO::executeQuery($query, $params);
133
134 $isProfile = FALSE;
135 while ($dao->fetch()) {
136 $isProfile = ($isProfile || ($dao->module == "Profile"));
137 }
138
139 //Check that the user has the "add contacts" Permission
140 $canAdd = CRM_Core_Permission::check("add contacts");
141
142 //Remove need for Profile module type when using reserved profiles [CRM-14488]
143 if (!$dao->N || (!$isProfile && !($dao->is_reserved && $canAdd))) {
144 CRM_Core_Error::fatal(ts('The requested Profile (gid=%1) is not configured to be used for \'Profile\' edit and view forms in its Settings. Contact the site administrator if you need assistance.',
145 array(1 => $this->_gid)
146 ));
147 }
148 }
149
150 /**
151 * Build the form object.
152 *
153 */
154 public function buildQuickForm() {
155 if (empty($this->_ufGroup['id'])) {
156 CRM_Core_Error::fatal();
157 }
158
159 // set the title
160 if ($this->_multiRecord && $this->_customGroupTitle) {
161 $groupTitle = ($this->_multiRecord & CRM_Core_Action::UPDATE) ? 'Edit ' . $this->_customGroupTitle . ' Record' : $this->_customGroupTitle;
162
163 }
164 else {
165 $groupTitle = $this->_ufGroup['title'];
166 }
167 CRM_Utils_System::setTitle($groupTitle);
168 $this->assign('recentlyViewed', FALSE);
169
170 if ($this->_context != 'dialog') {
171 $this->_postURL = $this->_ufGroup['post_URL'];
172 $this->_cancelURL = $this->_ufGroup['cancel_URL'];
173
174 $gidString = $this->_gid;
175 if (!empty($this->_profileIds)) {
176 $gidString = implode(',', $this->_profileIds);
177 }
178
179 if (!$this->_postURL) {
180 if ($this->_context == 'Search') {
181 $this->_postURL = CRM_Utils_System::url('civicrm/contact/search');
182 }
183 elseif ($this->_id && $this->_gid) {
184 $urlParams = "reset=1&id={$this->_id}&gid={$gidString}";
185 if ($this->_isContactActivityProfile && $this->_activityId) {
186 $urlParams .= "&aid={$this->_activityId}";
187 }
188 // get checksum if present
189 if ($this->get('cs')) {
190 $urlParams .= "&cs=" . $this->get('cs');
191 }
192 $this->_postURL = CRM_Utils_System::url('civicrm/profile/view', $urlParams);
193 }
194 }
195
196 if (!$this->_cancelURL) {
197 $this->_cancelURL = CRM_Utils_System::url('civicrm/profile',
198 "reset=1&gid={$gidString}"
199 );
200 }
201
202 // we do this gross hack since qf also does entity replacement
203 $this->_postURL = str_replace('&amp;', '&', $this->_postURL);
204 $this->_cancelURL = str_replace('&amp;', '&', $this->_cancelURL);
205
206 // also retain error URL if set
207 $this->_errorURL = CRM_Utils_Array::value('errorURL', $_POST);
208 if ($this->_errorURL) {
209 // we do this gross hack since qf also does entity replacement
210 $this->_errorURL = str_replace('&amp;', '&', $this->_errorURL);
211 $this->addElement('hidden', 'errorURL', $this->_errorURL);
212 }
213
214 // replace the session stack in case user cancels (and we dont go into postProcess)
215 $session = CRM_Core_Session::singleton();
216 $session->replaceUserContext($this->_postURL);
217 }
218
219 parent::buildQuickForm();
220
221 $this->assign('cancelURL', $this->_cancelURL);
222
223 $cancelButtonValue = !empty($this->_ufGroup['cancel_button_text']) ? $this->_ufGroup['cancel_button_text'] : ts('Cancel');
224 $this->assign('cancelButtonText', $cancelButtonValue);
225 $this->assign('includeCancelButton', CRM_Utils_Array::value('add_cancel_button', $this->_ufGroup));
226
227 if (($this->_multiRecord & CRM_Core_Action::DELETE) && $this->_recordExists) {
228 $this->_deleteButtonName = $this->getButtonName('upload', 'delete');
229 $this->addElement('submit', $this->_deleteButtonName, ts('Delete'));
230
231 return;
232 }
233
234 //get the value from session, this is set if there is any file
235 //upload field
236 $uploadNames = $this->get('uploadNames');
237
238 if (!empty($uploadNames)) {
239 $buttonName = 'upload';
240 }
241 else {
242 $buttonName = 'next';
243 }
244
245 $buttons[] = array(
246 'type' => $buttonName,
247 'name' => !empty($this->_ufGroup['submit_button_text']) ? $this->_ufGroup['submit_button_text'] : ts('Save'),
248 'isDefault' => TRUE,
249 );
250
251 $this->addButtons($buttons);
252
253 $this->addFormRule(array('CRM_Profile_Form', 'formRule'), $this);
254 }
255
256 /**
257 * Process the user submitted custom data values.
258 *
259 */
260 public function postProcess() {
261 parent::postProcess();
262
263 // Send back data for the EntityRef widget
264 if ($this->returnExtra) {
265 $contact = civicrm_api3('Contact', 'getsingle', array(
266 'id' => $this->_id,
267 'return' => $this->returnExtra,
268 ));
269 foreach (explode(',', $this->returnExtra) as $field) {
270 $field = trim($field);
271 $this->ajaxResponse['extra'][$field] = CRM_Utils_Array::value($field, $contact);
272 }
273 }
274
275 // When saving (not deleting) and not in an ajax popup
276 if (empty($_POST[$this->_deleteButtonName]) && $this->_context != 'dialog') {
277 CRM_Core_Session::setStatus(ts('Your information has been saved.'), ts('Thank you.'), 'success');
278 }
279
280 $session = CRM_Core_Session::singleton();
281 // only replace user context if we do not have a postURL
282 if (!$this->_postURL) {
283 $gidString = $this->_gid;
284 if (!empty($this->_profileIds)) {
285 $gidString = implode(',', $this->_profileIds);
286 }
287
288 $urlParams = "reset=1&id={$this->_id}&gid={$gidString}";
289 if ($this->_isContactActivityProfile && $this->_activityId) {
290 $urlParams .= "&aid={$this->_activityId}";
291 }
292 // Get checksum if present
293 if ($this->get('cs')) {
294 $urlParams .= "&cs=" . $this->get('cs');
295 }
296 // Generate one if needed
297 elseif (!CRM_Contact_BAO_Contact_Permission::allow($this->_id)) {
298 $urlParams .= "&cs=" . CRM_Contact_BAO_Contact_Utils::generateChecksum($this->_id);
299 }
300 $url = CRM_Utils_System::url('civicrm/profile/view', $urlParams);
301 }
302 else {
303 // Replace tokens from post URL
304 $contactParams = array(
305 'contact_id' => $this->_id,
306 'version' => 3,
307 );
308
309 $contact = civicrm_api('contact', 'get', $contactParams);
310 $contact = reset($contact['values']);
311
312 $dummyMail = new CRM_Mailing_BAO_Mailing();
313 $dummyMail->body_text = $this->_postURL;
314 $tokens = $dummyMail->getTokens();
315
316 $url = CRM_Utils_Token::replaceContactTokens($this->_postURL, $contact, FALSE, CRM_Utils_Array::value('text', $tokens));
317 }
318
319 $session->replaceUserContext($url);
320 }
321
322 /**
323 * Intercept QF validation and do our own redirection.
324 *
325 * We use this to send control back to the user for a user formatted page
326 * This allows the user to maintain the same state and display the error messages
327 * in their own theme along with any modifications
328 *
329 * This is a first version and will be tweaked over a period of time
330 *
331 *
332 * @return bool
333 * true if no error found
334 */
335 public function validate() {
336 $errors = parent::validate();
337
338 if (!$errors && !empty($_POST['errorURL'])) {
339 $message = NULL;
340 foreach ($this->_errors as $name => $mess) {
341 $message .= $mess;
342 $message .= '<p>';
343 }
344
345 CRM_Utils_System::setUFMessage($message);
346
347 $message = urlencode($message);
348
349 $errorURL = $_POST['errorURL'];
350 if (strpos($errorURL, '?') !== FALSE) {
351 $errorURL .= '&';
352 }
353 else {
354 $errorURL .= '?';
355 }
356 $errorURL .= "gid={$this->_gid}&msg=$message";
357 CRM_Utils_System::redirect($errorURL);
358 }
359
360 return $errors;
361 }
362
363 }