CRM/Profile/Page/Dynamic.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17
  18 /**
  19  * Create a page for displaying CiviCRM Profile Fields.
  20  *
  21  * Heart of this class is the run method which checks
  22  * for action type and then displays the appropriate
  23  * page.
  24  *
  25  */
  26 class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
  27
  28   /**
  29    * The contact id of the person we are viewing.
  30    *
  31    * @var int
  32    */
  33   protected $_id;
  34
  35   /**
  36    * The profile group are are interested in.
  37    *
  38    * @var int
  39    */
  40   protected $_gid;
  41
  42   /**
  43    * The profile types we restrict this page to display.
  44    *
  45    * @var string
  46    */
  47   protected $_restrict;
  48
  49   /**
  50    * Should we bypass permissions.
  51    *
  52    * @var bool
  53    */
  54   protected $_skipPermission;
  55
  56   /**
  57    * Store profile ids if multiple profile ids are passed using comma separated.
  58    * Currently lets implement this functionality only for dialog mode
  59    * @var array
  60    */
  61   protected $_profileIds = [];
  62
  63   /**
  64    * Contact profile having activity fields?
  65    *
  66    * @var string
  67    */
  68   protected $_isContactActivityProfile = FALSE;
  69
  70   /**
  71    * Activity Id connected to the profile.
  72    *
  73    * @var string
  74    */
  75   protected $_activityId = NULL;
  76
  77   protected $_multiRecord = NULL;
  78
  79   protected $_recordId = NULL;
  80
  81   /**
  82    *
  83    * fetch multirecord as well as non-multirecord fields
  84    * @var int
  85    */
  86   protected $_allFields = NULL;
  87
  88   /**
  89    * Class constructor.
  90    *
  91    * @param int $id
  92    *   The contact id.
  93    * @param int $gid
  94    *   The group id.
  95    *
  96    * @param $restrict
  97    * @param bool $skipPermission
  98    * @param null $profileIds
  99    *
 100    * @return \CRM_Profile_Page_Dynamic
 101    */
 102   public function __construct($id, $gid, $restrict, $skipPermission = FALSE, $profileIds = NULL) {
 103     parent::__construct();
 104
 105     $this->_id = $id;
 106     $this->_gid = $gid;
 107     $this->_restrict = $restrict;
 108     $this->_skipPermission = $skipPermission;
 109
 110     if (!array_key_exists('multiRecord', $_GET)) {
 111       $this->set('multiRecord', NULL);
 112     }
 113     if (!array_key_exists('recordId', $_GET)) {
 114       $this->set('recordId', NULL);
 115     }
 116     if (!array_key_exists('allFields', $_GET)) {
 117       $this->set('allFields', NULL);
 118     }
 119
 120     //specifies the action being done on a multi record field
 121     $multiRecordAction = CRM_Utils_Request::retrieve('multiRecord', 'String', $this);
 122
 123     $this->_multiRecord = (!is_numeric($multiRecordAction)) ? CRM_Core_Action::resolve($multiRecordAction) : $multiRecordAction;
 124     if ($this->_multiRecord) {
 125       $this->set('multiRecord', $this->_multiRecord);
 126     }
 127
 128     if ($this->_multiRecord & CRM_Core_Action::VIEW) {
 129       $this->_recordId = CRM_Utils_Request::retrieve('recordId', 'Positive', $this);
 130       $this->_allFields = CRM_Utils_Request::retrieve('allFields', 'Integer', $this);
 131     }
 132
 133     if ($profileIds) {
 134       $this->_profileIds = $profileIds;
 135     }
 136     else {
 137       $this->_profileIds = [$gid];
 138     }
 139
 140     $this->_activityId = CRM_Utils_Request::retrieve('aid', 'Positive', $this, FALSE, 0, 'GET');
 141     if (is_numeric($this->_activityId)) {
 142       $latestRevisionId = CRM_Activity_BAO_Activity::getLatestActivityId($this->_activityId);
 143       if ($latestRevisionId) {
 144         $this->_activityId = $latestRevisionId;
 145       }
 146     }
 147     $this->_isContactActivityProfile = CRM_Core_BAO_UFField::checkContactActivityProfileType($this->_gid);
 148   }
 149
 150   /**
 151    * Get the action links for this page.
 152    *
 153    * @return array
 154    */
 155   public function &actionLinks() {
 156     return NULL;
 157   }
 158
 159   /**
 160    * Run the page.
 161    *
 162    * This method is called after the page is created. It checks for the
 163    * type of action and executes that action.
 164    *
 165    */
 166   public function run() {
 167     $template = CRM_Core_Smarty::singleton();
 168     if ($this->_id && $this->_gid) {
 169
 170       // first check that id is part of the limit group id, CRM-4822
 171       $limitListingsGroupsID = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup',
 172         $this->_gid,
 173         'limit_listings_group_id'
 174       );
 175       $config = CRM_Core_Config::singleton();
 176       if ($limitListingsGroupsID) {
 177
 178         if (!CRM_Contact_BAO_GroupContact::isContactInGroup($this->_id,
 179           $limitListingsGroupsID
 180         )
 181         ) {
 182           CRM_Utils_System::setTitle(ts('Profile View - Permission Denied'));
 183           return CRM_Core_Session::setStatus(ts('You do not have permission to view this contact record. Contact the site administrator if you need assistance.'), ts('Permission Denied'), 'error');
 184         }
 185       }
 186
 187       $session = CRM_Core_Session::singleton();
 188       $userID = $session->get('userID');
 189
 190       $this->_isPermissionedChecksum = $allowPermission = FALSE;
 191       $permissionType = CRM_Core_Permission::VIEW;
 192       if (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id)) {
 193         $allowPermission = TRUE;
 194       }
 195       if ($this->_id != $userID) {
 196         // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228
 197         if ($config->userFrameworkFrontend) {
 198           $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE);
 199           if (!$this->_isPermissionedChecksum) {
 200             $this->_isPermissionedChecksum = $allowPermission;
 201           }
 202         }
 203         else {
 204           $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE);
 205         }
 206       }
 207       // CRM-10853
 208       // Users with create or edit permission should be allowed to view their own profile
 209       if ($this->_id == $userID || $this->_isPermissionedChecksum) {
 210         if (!CRM_Core_Permission::check('profile view')) {
 211           if (CRM_Core_Permission::check('profile create') || CRM_Core_Permission::check('profile edit')) {
 212             $this->_skipPermission = TRUE;
 213           }
 214         }
 215       }
 216
 217       // make sure we dont expose all fields based on permission
 218       $admin = FALSE;
 219       if ((!$config->userFrameworkFrontend && $allowPermission) ||
 220         $this->_id == $userID ||
 221         $this->_isPermissionedChecksum
 222       ) {
 223         $admin = TRUE;
 224       }
 225
 226       $values = [];
 227       $fields = CRM_Core_BAO_UFGroup::getFields($this->_profileIds, FALSE, CRM_Core_Action::VIEW,
 228         NULL, NULL, FALSE, $this->_restrict,
 229         $this->_skipPermission, NULL,
 230         $permissionType
 231       );
 232
 233       if ($this->_multiRecord & CRM_Core_Action::VIEW && $this->_recordId && !$this->_allFields) {
 234         CRM_Core_BAO_UFGroup::shiftMultiRecordFields($fields, $multiRecordFields);
 235         $fields = $multiRecordFields;
 236       }
 237       if ($this->_isContactActivityProfile && $this->_gid) {
 238         $errors = CRM_Profile_Form::validateContactActivityProfile($this->_activityId, $this->_id, $this->_gid);
 239         if (!empty($errors)) {
 240           CRM_Core_Error::statusBounce(array_pop($errors));
 241         }
 242       }
 243
 244       //reformat fields array
 245       foreach ($fields as $name => $field) {
 246         // also eliminate all formatting fields
 247         if (CRM_Utils_Array::value('field_type', $field) == 'Formatting') {
 248           unset($fields[$name]);
 249         }
 250
 251         // make sure that there is enough permission to expose this field
 252         if (!$admin && $field['visibility'] == 'User and User Admin Only') {
 253           unset($fields[$name]);
 254         }
 255       }
 256
 257       if ($this->_isContactActivityProfile) {
 258         $contactFields = $activityFields = [];
 259
 260         foreach ($fields as $fieldName => $field) {
 261           if (CRM_Utils_Array::value('field_type', $field) == 'Activity') {
 262             $activityFields[$fieldName] = $field;
 263           }
 264           else {
 265             $contactFields[$fieldName] = $field;
 266           }
 267         }
 268
 269         CRM_Core_BAO_UFGroup::getValues($this->_id, $contactFields, $values);
 270         if ($this->_activityId) {
 271           CRM_Core_BAO_UFGroup::getValues(
 272             NULL,
 273             $activityFields,
 274             $values,
 275             TRUE,
 276             [['activity_id', '=', $this->_activityId, 0, 0]]
 277           );
 278         }
 279       }
 280       else {
 281         $customWhereClause = NULL;
 282         if ($this->_multiRecord & CRM_Core_Action::VIEW && $this->_recordId) {
 283           if ($this->_allFields) {
 284             $copyFields = $fields;
 285             CRM_Core_BAO_UFGroup::shiftMultiRecordFields($copyFields, $multiRecordFields);
 286             $fieldKey = key($multiRecordFields);
 287           }
 288           else {
 289             $fieldKey = key($fields);
 290           }
 291           if ($fieldID = CRM_Core_BAO_CustomField::getKeyID($fieldKey)) {
 292             $tableColumnGroup = CRM_Core_BAO_CustomField::getTableColumnGroup($fieldID);
 293             $columnName = "{$tableColumnGroup[0]}.id";
 294             $customWhereClause = $columnName . ' = ' . $this->_recordId;
 295           }
 296         }
 297         CRM_Core_BAO_UFGroup::getValues($this->_id, $fields, $values, TRUE, NULL, FALSE, $customWhereClause);
 298       }
 299
 300       // $profileFields array can be used for customized display of field labels and values in Profile/View.tpl
 301       $profileFields = [];
 302       $labels = [];
 303
 304       foreach ($fields as $name => $field) {
 305         //CRM-14338
 306         // Create a unique, non-empty index for each field.
 307         $index = $field['title'];
 308         if ($index === '') {
 309           $index = ' ';
 310         }
 311         while (array_key_exists($index, $labels)) {
 312           $index .= ' ';
 313         }
 314
 315         $labels[$index] = preg_replace('/\s+|\W+/', '_', $name);
 316       }
 317
 318       foreach ($values as $title => $value) {
 319         $profileFields[$labels[$title]] = [
 320           'label' => $title,
 321           'value' => $value,
 322         ];
 323       }
 324
 325       $template->assign_by_ref('row', $values);
 326       $template->assign_by_ref('profileFields', $profileFields);
 327     }
 328
 329     $name = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'name');
 330     $this->assign('ufGroupName', $name);
 331     CRM_Utils_Hook::viewProfile($name);
 332
 333     if (strtolower($name) == 'summary_overlay') {
 334       $template->assign('overlayProfile', TRUE);
 335     }
 336
 337     if (($this->_multiRecord & CRM_Core_Action::VIEW) && $this->_recordId && !$this->_allFields) {
 338       $fieldDetail = reset($fields);
 339       $fieldId = CRM_Core_BAO_CustomField::getKeyID($fieldDetail['name']);
 340       $customGroupDetails = CRM_Core_BAO_CustomGroup::getGroupTitles([$fieldId]);
 341       $multiRecTitle = $customGroupDetails[$fieldId]['groupTitle'];
 342     }
 343     else {
 344       $title = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'title');
 345     }
 346
 347     //CRM-4131.
 348     $displayName = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $this->_id, 'display_name');
 349     if ($displayName) {
 350       $session = CRM_Core_Session::singleton();
 351       $config = CRM_Core_Config::singleton();
 352       if ($session->get('userID') &&
 353         CRM_Core_Permission::check('access CiviCRM') &&
 354         CRM_Contact_BAO_Contact_Permission::allow($session->get('userID'), CRM_Core_Permission::VIEW) &&
 355         !$config->userFrameworkFrontend
 356       ) {
 357         $contactViewUrl = CRM_Utils_System::url('civicrm/contact/view', "action=view&reset=1&cid={$this->_id}", TRUE);
 358         $this->assign('displayName', $displayName);
 359         $displayName = "<a href=\"$contactViewUrl\">{$displayName}</a>";
 360       }
 361       $title .= ' - ' . $displayName;
 362     }
 363
 364     $title = isset($multiRecTitle) ? ts('View %1 Record', [1 => $multiRecTitle]) : $title;
 365     CRM_Utils_System::setTitle($title);
 366
 367     // invoke the pagRun hook, CRM-3906
 368     CRM_Utils_Hook::pageRun($this);
 369
 370     return trim($template->fetch($this->getHookedTemplateFileName()));
 371   }
 372
 373   /**
 374    * @param string $suffix
 375    *
 376    * @return null|string
 377    */
 378   public function checkTemplateFileExists($suffix = '') {
 379     if ($this->_gid) {
 380       $templateFile = "CRM/Profile/Page/{$this->_gid}/Dynamic.{$suffix}tpl";
 381       $template = CRM_Core_Page::getTemplate();
 382       if ($template->template_exists($templateFile)) {
 383         return $templateFile;
 384       }
 385
 386       // lets see if we have customized by name
 387       $ufGroupName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'name');
 388       if ($ufGroupName) {
 389         $templateFile = "CRM/Profile/Page/{$ufGroupName}/Dynamic.{$suffix}tpl";
 390         if ($template->template_exists($templateFile)) {
 391           return $templateFile;
 392         }
 393       }
 394     }
 395     return NULL;
 396   }
 397
 398   /**
 399    * Use the form name to create the tpl file name.
 400    *
 401    * @return string
 402    */
 403   public function getTemplateFileName() {
 404     $fileName = $this->checkTemplateFileExists();
 405     return $fileName ? $fileName : parent::getTemplateFileName();
 406   }
 407
 408   /**
 409    * Default extra tpl file basically just replaces .tpl with .extra.tpl
 410    * i.e. we dont override
 411    *
 412    * @return string
 413    */
 414   public function overrideExtraTemplateFileName() {
 415     $fileName = $this->checkTemplateFileExists('extra.');
 416     return $fileName ? $fileName : parent::overrideExtraTemplateFileName();
 417   }
 418
 419 }