api/v3/Generic/Setvalue.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2019                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  * @package CiviCRM_APIv3
  30  */
  31
  32 /**
  33  * Set a single value using the api.
  34  *
  35  * This function is called when no specific setvalue api exists.
  36  * Params must contain at least id=xx & {one of the fields from getfields}=value
  37  *
  38  * @param array $apiRequest
  39  *
  40  * @throws API_Exception
  41  * @return array
  42  */
  43 function civicrm_api3_generic_setValue($apiRequest) {
  44   $entity = $apiRequest['entity'];
  45   $params = $apiRequest['params'];
  46   $id = $params['id'];
  47   if (!is_numeric($id)) {
  48     return civicrm_api3_create_error(ts('Please enter a number'), array(
  49       'error_code' => 'NaN',
  50       'field' => "id",
  51     ));
  52   }
  53
  54   $field = CRM_Utils_String::munge($params['field']);
  55   $value = $params['value'];
  56
  57   $fields = civicrm_api($entity, 'getFields', array(
  58     'version' => 3,
  59     'action' => 'create',
  60     "sequential")
  61   );
  62   // getfields error, shouldn't happen.
  63   if ($fields['is_error']) {
  64     return $fields;
  65   }
  66   $fields = $fields['values'];
  67
  68   $isCustom = strpos($field, 'custom_') === 0;
  69   // Trim off the id portion of a multivalued custom field name
  70   $fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field;
  71   if (!array_key_exists($fieldKey, $fields)) {
  72     return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields)));
  73   }
  74
  75   $def = $fields[$fieldKey];
  76   $title = CRM_Utils_Array::value('title', $def, ts('Field'));
  77   // Disallow empty values except for the number zero.
  78   // TODO: create a utility for this since it's needed in many places
  79   if (!empty($def['required']) || !empty($def['is_required'])) {
  80     if ((empty($value) || $value === 'null') && $value !== '0' && $value !== 0) {
  81       return civicrm_api3_create_error(ts('%1 is a required field.', array(1 => $title)), array("error_code" => "required", "field" => $field));
  82     }
  83   }
  84
  85   switch ($def['type']) {
  86     case CRM_Utils_Type::T_FLOAT:
  87       if (!is_numeric($value) && !empty($value) && $value !== 'null') {
  88         return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
  89       }
  90       break;
  91
  92     case CRM_Utils_Type::T_INT:
  93       if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') {
  94         return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
  95       }
  96       break;
  97
  98     case CRM_Utils_Type::T_STRING:
  99     case CRM_Utils_Type::T_TEXT:
 100       if (!CRM_Utils_Rule::xssString($value)) {
 101         return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS'));
 102       }
 103       if (array_key_exists('maxlength', $def)) {
 104         $value = substr($value, 0, $def['maxlength']);
 105       }
 106       break;
 107
 108     case CRM_Utils_Type::T_DATE:
 109       $value = CRM_Utils_Type::escape($value, "Date", FALSE);
 110       if (!$value) {
 111         return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
 112       }
 113       break;
 114
 115     case CRM_Utils_Type::T_BOOLEAN:
 116       // Allow empty value for non-required fields
 117       if ($value === '' || $value === 'null') {
 118         $value = '';
 119       }
 120       else {
 121         $value = (boolean) $value;
 122       }
 123       break;
 124
 125     default:
 126       return civicrm_api3_create_error("Param '$field' is of a type not managed yet (" . $def['type'] . "). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED'));
 127   }
 128
 129   $dao_name = _civicrm_api3_get_DAO($entity);
 130   $params = array('id' => $id, $field => $value);
 131
 132   if ((!empty($def['pseudoconstant']) || !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') {
 133     _civicrm_api3_api_match_pseudoconstant($params[$field], $entity, $field, $def);
 134   }
 135
 136   CRM_Utils_Hook::pre('edit', $entity, $id, $params);
 137
 138   // Custom fields
 139   if ($isCustom) {
 140     CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID');
 141     // Treat 'null' as empty value. This is awful but the rest of the code supports it.
 142     if ($params[$field] === 'null') {
 143       $params[$field] = '';
 144     }
 145     CRM_Core_BAO_CustomValueTable::setValues($params);
 146     CRM_Utils_Hook::post('edit', $entity, $id);
 147   }
 148   // Core fields
 149   elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) {
 150     $entityDAO = new $dao_name();
 151     $entityDAO->copyValues($params);
 152     CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
 153   }
 154   else {
 155     return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)");
 156   }
 157
 158   // Add changelog entry - TODO: Should we do this for other entities as well?
 159   if (strtolower($entity) === 'contact') {
 160     CRM_Core_BAO_Log::register($id, 'civicrm_contact', $id);
 161   }
 162
 163   return civicrm_api3_create_success($params);
 164 }