api/v3/Generic/Setvalue.php

   1 <?php
   2 /**
   3  * Set a single value using the api.
   4  *
   5  * This function is called when no specific setvalue api exists.
   6  * Params must contain at least id=xx & {one of the fields from getfields}=value
   7  *
   8  * @param array $apiRequest
   9  *
  10  * @throws API_Exception
  11  * @return array
  12  */
  13 function civicrm_api3_generic_setValue($apiRequest) {
  14   $entity = $apiRequest['entity'];
  15   $params = $apiRequest['params'];
  16   // we can't use _spec, doesn't work with generic
  17   civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value'));
  18   $id = $params['id'];
  19   if (!is_numeric($id)) {
  20     return civicrm_api3_create_error(ts('Please enter a number'), array(
  21       'error_code' => 'NaN',
  22       'field' => "id",
  23     ));
  24   }
  25
  26   $field = CRM_Utils_String::munge($params['field']);
  27   $value = $params['value'];
  28
  29   $fields = civicrm_api($entity, 'getFields', array(
  30     'version' => 3,
  31     'action' => 'create',
  32     "sequential")
  33   );
  34   // getfields error, shouldn't happen.
  35   if ($fields['is_error']) {
  36     return $fields;
  37   }
  38   $fields = $fields['values'];
  39
  40   $isCustom = strpos($field, 'custom_') === 0;
  41   // Trim off the id portion of a multivalued custom field name
  42   $fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field;
  43   if (!array_key_exists($fieldKey, $fields)) {
  44     return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields)));
  45   }
  46
  47   $def = $fields[$fieldKey];
  48   $title = CRM_Utils_Array::value('title', $def, ts('Field'));
  49   // Disallow empty values except for the number zero.
  50   // TODO: create a utility for this since it's needed in many places
  51   if (!empty($def['required']) || !empty($def['is_required'])) {
  52     if ((empty($value) || $value === 'null') && $value !== '0' && $value !== 0) {
  53       return civicrm_api3_create_error(ts('%1 is a required field.', array(1 => $title)), array("error_code" => "required", "field" => $field));
  54     }
  55   }
  56
  57   switch ($def['type']) {
  58     case CRM_Utils_Type::T_FLOAT:
  59       if (!is_numeric($value) && !empty($value) && $value !== 'null') {
  60         return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
  61       }
  62       break;
  63
  64     case CRM_Utils_Type::T_INT:
  65       if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') {
  66         return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
  67       }
  68       break;
  69
  70     case CRM_Utils_Type::T_STRING:
  71     case CRM_Utils_Type::T_TEXT:
  72       if (!CRM_Utils_Rule::xssString($value)) {
  73         return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS'));
  74       }
  75       if (array_key_exists('maxlength', $def)) {
  76         $value = substr($value, 0, $def['maxlength']);
  77       }
  78       break;
  79
  80     case CRM_Utils_Type::T_DATE:
  81       $value = CRM_Utils_Type::escape($value, "Date", FALSE);
  82       if (!$value) {
  83         return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
  84       }
  85       break;
  86
  87     case CRM_Utils_Type::T_BOOLEAN:
  88       // Allow empty value for non-required fields
  89       if ($value === '' || $value === 'null') {
  90         $value = '';
  91       }
  92       else {
  93         $value = (boolean) $value;
  94       }
  95       break;
  96
  97     default:
  98       return civicrm_api3_create_error("Param '$field' is of a type not managed yet (" . $def['type'] . "). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED'));
  99   }
 100
 101   $dao_name = _civicrm_api3_get_DAO($entity);
 102   $params = array('id' => $id, $field => $value);
 103
 104   if ((!empty($def['pseudoconstant']) || !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') {
 105     _civicrm_api3_api_match_pseudoconstant($params[$field], $entity, $field, $def);
 106   }
 107
 108   CRM_Utils_Hook::pre('edit', $entity, $id, $params);
 109
 110   // Custom fields
 111   if ($isCustom) {
 112     CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID');
 113     // Treat 'null' as empty value. This is awful but the rest of the code supports it.
 114     if ($params[$field] === 'null') {
 115       $params[$field] = '';
 116     }
 117     CRM_Core_BAO_CustomValueTable::setValues($params);
 118     CRM_Utils_Hook::post('edit', $entity, $id, CRM_Core_DAO::$_nullObject);
 119   }
 120   // Core fields
 121   elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) {
 122     $entityDAO = new $dao_name();
 123     $entityDAO->copyValues($params);
 124     CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
 125   }
 126   else {
 127     return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)");
 128   }
 129
 130   // Add changelog entry - TODO: Should we do this for other entities as well?
 131   if (strtolower($entity) === 'contact') {
 132     CRM_Core_BAO_Log::register($id, 'civicrm_contact', $id);
 133   }
 134
 135   return civicrm_api3_create_success($params);
 136 }