projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #21120 from eileenmcnaughton/acl_setting
[civicrm-core.git] / Civi / Api4 / Generic / AbstractAction.php
1 <?php
2
3 /*
4 +--------------------------------------------------------------------+
5 | Copyright CiviCRM LLC. All rights reserved. |
6 | |
7 | This work is published under the GNU AGPLv3 license with some |
8 | permitted exceptions and without any warranty. For full license |
9 | and copyright information, see https://civicrm.org/licensing |
10 +--------------------------------------------------------------------+
11 */
12 namespace Civi\Api4\Generic;
13
14 use Civi\Api4\Utils\CoreUtil;
15 use Civi\Api4\Utils\FormattingUtil;
16 use Civi\Api4\Utils\ReflectionUtils;
17
18 /**
19 * Base class for all api actions.
20 *
21 * An api Action object stores the parameters of the api call, and defines a _run function to execute the action.
22 *
23 * Every `protected` class var is considered a parameter (unless it starts with an underscore).
24 *
25 * Adding a `protected` var to your Action named e.g. `$thing` will automatically:
26 * - Provide a getter/setter (via `__call` MagicMethod) named `getThing()` and `setThing()`.
27 * - Expose the param in the Api Explorer (be sure to add a doc-block as it displays in the help panel).
28 * - Require a value for the param if you add the "@required" annotation.
29 *
30 * @method bool getCheckPermissions()
31 * @method $this setDebug(bool $value) Enable/disable debug output
32 * @method bool getDebug()
33 * @method $this setChain(array $chain)
34 * @method array getChain()
35 */
36 abstract class AbstractAction implements \ArrayAccess {
37
38 use \Civi\Schema\Traits\MagicGetterSetterTrait;
39
40 /**
41 * Api version number; cannot be changed.
42 *
43 * @var int
44 */
45 protected $version = 4;
46
47 /**
48 * Additional api requests - will be called once per result.
49 *
50 * Keys can be any string - this will be the name given to the output.
51 *
52 * You can reference other values in the api results in this call by prefixing them with `$`.
53 *
54 * For example, you could create a contact and place them in a group by chaining the
55 * `GroupContact` api to the `Contact` api:
56 *
57 * ```php
58 * Contact::create()
59 * ->setValue('first_name', 'Hello')
60 * ->addChain('add_a_group', GroupContact::create()
61 * ->setValue('contact_id', '$id')
62 * ->setValue('group_id', 123)
63 * )
64 * ```
65 *
66 * This will substitute the id of the newly created contact with `$id`.
67 *
68 * @var array
69 */
70 protected $chain = [];
71
72 /**
73 * Whether to enforce acl permissions based on the current user.
74 *
75 * Setting to FALSE will disable permission checks and override ACLs.
76 * In REST/javascript this cannot be disabled.
77 *
78 * @var bool
79 */
80 protected $checkPermissions = TRUE;
81
82 /**
83 * Add debugging info to the api result.
84 *
85 * When enabled, `$result->debug` will be populated with information about the api call,
86 * including sql queries executed.
87 *
88 * **Note:** with checkPermissions enabled, debug info will only be returned if the user has "view debug output" permission.
89 *
90 * @var bool
91 */
92 protected $debug = FALSE;
93
94 /**
95 * @var string
96 */
97 protected $_entityName;
98
99 /**
100 * @var string
101 */
102 protected $_actionName;
103
104 /**
105 * @var \ReflectionClass
106 */
107 private $_reflection;
108
109 /**
110 * @var array
111 */
112 private $_paramInfo;
113
114 /**
115 * @var array
116 */
117 private $_entityFields;
118
119 /**
120 * @var array
121 */
122 private $_arrayStorage = [];
123
124 /**
125 * @var int
126 * Used to identify api calls for transactions
127 * @see \Civi\Core\Transaction\Manager
128 */
129 private $_id;
130
131 public $_debugOutput = [];
132
133 /**
134 * Action constructor.
135 *
136 * @param string $entityName
137 * @param string $actionName
138 * @throws \API_Exception
139 */
140 public function __construct($entityName, $actionName) {
141 // If a namespaced class name is passed in
142 if (strpos($entityName, '\\') !== FALSE) {
143 $entityName = substr($entityName, strrpos($entityName, '\\') + 1);
144 }
145 $this->_entityName = $entityName;
146 $this->_actionName = $actionName;
147 $this->_id = \Civi\API\Request::getNextId();
148 }
149
150 /**
151 * Strictly enforce api parameters
152 * @param $name
153 * @param $value
154 * @throws \Exception
155 */
156 public function __set($name, $value) {
157 throw new \API_Exception('Unknown api parameter');
158 }
159
160 /**
161 * @param int $val
162 * @return $this
163 * @throws \API_Exception
164 */
165 public function setVersion($val) {
166 if ($val !== 4 && $val !== '4') {
167 throw new \API_Exception('Cannot modify api version');
168 }
169 return $this;
170 }
171
172 /**
173 * @param bool $checkPermissions
174 * @return $this
175 */
176 public function setCheckPermissions(bool $checkPermissions) {
177 $this->checkPermissions = $checkPermissions;
178 return $this;
179 }
180
181 /**
182 * @param string $name
183 * Unique name for this chained request
184 * @param \Civi\Api4\Generic\AbstractAction $apiRequest
185 * @param string|int|array $index
186 * See `civicrm_api4()` for documentation of `$index` param
187 * @return $this
188 */
189 public function addChain($name, AbstractAction $apiRequest, $index = NULL) {
190 $this->chain[$name] = [$apiRequest->getEntityName(), $apiRequest->getActionName(), $apiRequest->getParams(), $index];
191 return $this;
192 }
193
194 /**
195 * Magic function to provide automatic getter/setter for params.
196 *
197 * @param $name
198 * @param $arguments
199 * @return static|mixed
200 * @throws \API_Exception
201 */
202 public function __call($name, $arguments) {
203 $param = lcfirst(substr($name, 3));
204 if (!$param || $param[0] == '_') {
205 throw new \API_Exception('Unknown api parameter: ' . $name);
206 }
207 $mode = substr($name, 0, 3);
208 if ($this->paramExists($param)) {
209 switch ($mode) {
210 case 'get':
211 return $this->$param;
212
213 case 'set':
214 $this->$param = $arguments[0];
215 return $this;
216 }
217 }
218 throw new \API_Exception('Unknown api parameter: ' . $name);
219 }
220
221 /**
222 * Invoke api call.
223 *
224 * At this point all the params have been sent in and we initiate the api call & return the result.
225 * This is basically the outer wrapper for api v4.
226 *
227 * @return \Civi\Api4\Generic\Result
228 * @throws \API_Exception
229 * @throws \Civi\API\Exception\UnauthorizedException
230 */
231 public function execute() {
232 /** @var \Civi\API\Kernel $kernel */
233 $kernel = \Civi::service('civi_api_kernel');
234 $result = $kernel->runRequest($this);
235 if ($this->debug && (!$this->checkPermissions || \CRM_Core_Permission::check('view debug output'))) {
236 $result->debug['actionClass'] = get_class($this);
237 $result->debug = array_merge($result->debug, $this->_debugOutput);
238 }
239 else {
240 $result->debug = NULL;
241 }
242 return $result;
243 }
244
245 /**
246 * @param \Civi\Api4\Generic\Result $result
247 */
248 abstract public function _run(Result $result);
249
250 /**
251 * Serialize this object's params into an array
252 * @return array
253 */
254 public function getParams() {
255 $params = [];
256 $magicProperties = $this->getMagicProperties();
257 foreach ($magicProperties as $name => $bool) {
258 $params[$name] = $this->$name;
259 }
260 return $params;
261 }
262
263 /**
264 * Get documentation for one or all params
265 *
266 * @param string $param
267 * @return array of arrays [description, type, default, (comment)]
268 */
269 public function getParamInfo($param = NULL) {
270 if (!isset($this->_paramInfo)) {
271 $defaults = $this->getParamDefaults();
272 $vars = [
273 'entity' => $this->getEntityName(),
274 'action' => $this->getActionName(),
275 ];
276 // For actions like "getFields" and "getActions" they are not getting the entity itself.
277 // So generic docs will make more sense like this:
278 if (substr($vars['action'], 0, 3) === 'get' && substr($vars['action'], -1) === 's') {
279 $vars['entity'] = lcfirst(substr($vars['action'], 3, -1));
280 }
281 foreach ($this->reflect()->getProperties(\ReflectionProperty::IS_PROTECTED) as $property) {
282 $name = $property->getName();
283 if ($name != 'version' && $name[0] != '_') {
284 $this->_paramInfo[$name] = ReflectionUtils::getCodeDocs($property, 'Property', $vars);
285 $this->_paramInfo[$name]['default'] = $defaults[$name];
286 }
287 }
288 }
289 return $param ? $this->_paramInfo[$param] : $this->_paramInfo;
290 }
291
292 /**
293 * @return string
294 */
295 public function getEntityName() {
296 return $this->_entityName;
297 }
298
299 /**
300 *
301 * @return string
302 */
303 public function getActionName() {
304 return $this->_actionName;
305 }
306
307 /**
308 * @param string $param
309 * @return bool
310 */
311 public function paramExists($param) {
312 return array_key_exists($param, $this->getMagicProperties());
313 }
314
315 /**
316 * @return array
317 */
318 protected function getParamDefaults() {
319 return array_intersect_key($this->reflect()->getDefaultProperties(), $this->getMagicProperties());
320 }
321
322 /**
323 * @inheritDoc
324 */
325 public function offsetExists($offset) {
326 return in_array($offset, ['entity', 'action', 'params', 'version', 'check_permissions', 'id']) || isset($this->_arrayStorage[$offset]);
327 }
328
329 /**
330 * @inheritDoc
331 */
332 public function &offsetGet($offset) {
333 $val = NULL;
334 if (in_array($offset, ['entity', 'action'])) {
335 $offset .= 'Name';
336 }
337 if (in_array($offset, ['entityName', 'actionName', 'params', 'version'])) {
338 $getter = 'get' . ucfirst($offset);
339 $val = $this->$getter();
340 return $val;
341 }
342 if ($offset == 'check_permissions') {
343 return $this->checkPermissions;
344 }
345 if ($offset == 'id') {
346 return $this->_id;
347 }
348 if (isset($this->_arrayStorage[$offset])) {
349 return $this->_arrayStorage[$offset];
350 }
351 return $val;
352 }
353
354 /**
355 * @inheritDoc
356 */
357 public function offsetSet($offset, $value) {
358 if (in_array($offset, ['entity', 'action', 'entityName', 'actionName', 'params', 'version', 'id'])) {
359 throw new \API_Exception('Cannot modify api4 state via array access');
360 }
361 if ($offset == 'check_permissions') {
362 $this->setCheckPermissions($value);
363 }
364 else {
365 $this->_arrayStorage[$offset] = $value;
366 }
367 }
368
369 /**
370 * @inheritDoc
371 */
372 public function offsetUnset($offset) {
373 if (in_array($offset, ['entity', 'action', 'entityName', 'actionName', 'params', 'check_permissions', 'version', 'id'])) {
374 throw new \API_Exception('Cannot modify api4 state via array access');
375 }
376 unset($this->_arrayStorage[$offset]);
377 }
378
379 /**
380 * Is this api call permitted?
381 *
382 * This function is called if checkPermissions is set to true.
383 *
384 * @return bool
385 * @internal Implement/override in civicrm-core.git only. Signature may evolve.
386 */
387 public function isAuthorized(): bool {
388 $permissions = $this->getPermissions();
389 return \CRM_Core_Permission::check($permissions);
390 }
391
392 /**
393 * @return array
394 */
395 public function getPermissions() {
396 $permissions = call_user_func([CoreUtil::getApiClass($this->_entityName), 'permissions']);
397 $permissions += [
398 // applies to getFields, getActions, etc.
399 'meta' => ['access CiviCRM'],
400 // catch-all, applies to create, get, delete, etc.
401 'default' => ['administer CiviCRM'],
402 ];
403 $action = $this->getActionName();
404 // Map specific action names to more generic versions
405 $map = [
406 'getActions' => 'meta',
407 'getFields' => 'meta',
408 'replace' => 'delete',
409 'save' => 'create',
410 ];
411 $generic = $map[$action] ?? 'default';
412 return $permissions[$action] ?? $permissions[$generic] ?? $permissions['default'];
413 }
414
415 /**
416 * Returns schema fields for this entity & action.
417 *
418 * Here we bypass the api wrapper and run the getFields action directly.
419 * This is because we DON'T want the wrapper to check permissions as this is an internal op.
420 * @see \Civi\Api4\Action\Contact\GetFields
421 *
422 * @throws \API_Exception
423 * @return array
424 */
425 public function entityFields() {
426 if (!$this->_entityFields) {
427 $allowedTypes = ['Field', 'Filter', 'Extra'];
428 if (method_exists($this, 'getCustomGroup')) {
429 $allowedTypes[] = 'Custom';
430 }
431 $getFields = \Civi\API\Request::create($this->getEntityName(), 'getFields', [
432 'version' => 4,
433 'checkPermissions' => FALSE,
434 'action' => $this->getActionName(),
435 'where' => [['type', 'IN', $allowedTypes]],
436 ]);
437 $result = new Result();
438 // Pass TRUE for the private $isInternal param
439 $getFields->_run($result, TRUE);
440 $this->_entityFields = (array) $result->indexBy('name');
441 }
442 return $this->_entityFields;
443 }
444
445 /**
446 * @return \ReflectionClass
447 */
448 public function reflect() {
449 if (!$this->_reflection) {
450 $this->_reflection = new \ReflectionClass($this);
451 }
452 return $this->_reflection;
453 }
454
455 /**
456 * Validates required fields for actions which create a new object.
457 *
458 * @param $values
459 * @return array
460 * @throws \API_Exception
461 */
462 protected function checkRequiredFields($values) {
463 $unmatched = [];
464 foreach ($this->entityFields() as $fieldName => $fieldInfo) {
465 if (!isset($values[$fieldName]) || $values[$fieldName] === '') {
466 if (!empty($fieldInfo['required']) && !isset($fieldInfo['default_value'])) {
467 $unmatched[] = $fieldName;
468 }
469 elseif (!empty($fieldInfo['required_if'])) {
470 if ($this->evaluateCondition($fieldInfo['required_if'], ['values' => $values])) {
471 $unmatched[] = $fieldName;
472 }
473 }
474 }
475 }
476 return $unmatched;
477 }
478
479 /**
480 * Replaces pseudoconstants in input values
481 *
482 * @param array $record
483 * @throws \API_Exception
484 */
485 protected function formatWriteValues(&$record) {
486 $optionFields = [];
487 // Collect fieldnames with a :pseudoconstant suffix & remove them from $record array
488 foreach (array_keys($record) as $expr) {
489 $suffix = strrpos($expr, ':');
490 if ($suffix) {
491 $fieldName = substr($expr, 0, $suffix);
492 $field = $this->entityFields()[$fieldName] ?? NULL;
493 if ($field) {
494 $optionFields[$fieldName] = [
495 'val' => $record[$expr],
496 'expr' => $expr,
497 'field' => $field,
498 'suffix' => substr($expr, $suffix + 1),
499 'depends' => $field['input_attrs']['control_field'] ?? NULL,
500 ];
501 unset($record[$expr]);
502 }
503 }
504 }
505 // Sort option lookups by dependency, so e.g. country_id is processed first, then state_province_id, then county_id
506 uasort($optionFields, function ($a, $b) {
507 return $a['field']['name'] === $b['depends'] ? -1 : 1;
508 });
509 // Replace pseudoconstants. Note this is a reverse lookup as we are evaluating input not output.
510 foreach ($optionFields as $fieldName => $info) {
511 $options = FormattingUtil::getPseudoconstantList($info['field'], $info['expr'], $record, 'create');
512 $record[$fieldName] = FormattingUtil::replacePseudoconstant($options, $info['val'], TRUE);
513 }
514 }
515
516 /**
517 * This function is used internally for evaluating field annotations.
518 *
519 * It should never be passed raw user input.
520 *
521 * @param string $expr
522 * Conditional in php format e.g. $foo > $bar
523 * @param array $vars
524 * Variable name => value
525 * @return bool
526 * @throws \API_Exception
527 * @throws \Exception
528 */
529 protected function evaluateCondition($expr, $vars) {
530 if (strpos($expr, '}') !== FALSE || strpos($expr, '{') !== FALSE) {
531 throw new \API_Exception('Illegal character in expression');
532 }
533 $tpl = "{if $expr}1{else}0{/if}";
534 return (bool) trim(\CRM_Core_Smarty::singleton()->fetchWith('string:' . $tpl, $vars));
535 }
536
537 /**
538 * When in debug mode, this logs the callback function being used by a Basic*Action class.
539 *
540 * @param callable $callable
541 */
542 protected function addCallbackToDebugOutput($callable) {
543 if ($this->debug && empty($this->_debugOutput['callback'])) {
544 if (is_scalar($callable)) {
545 $this->_debugOutput['callback'] = (string) $callable;
546 }
547 elseif (is_array($callable)) {
548 foreach ($callable as $key => $unit) {
549 $this->_debugOutput['callback'][$key] = is_object($unit) ? get_class($unit) : (string) $unit;
550 }
551 }
552 elseif (is_object($callable)) {
553 $this->_debugOutput['callback'] = get_class($callable);
554 }
555 }
556 }
557
558 }