if (!empty($_GET['excludeCaseIds'])) {
$excludeCaseIds = explode(',', CRM_Utils_Type::escape($_GET['excludeCaseIds'], 'String'));
}
- $unclosedCases = CRM_Case_BAO_Case::getUnclosedCases($params, $excludeCaseIds);
+ $unclosedCases = CRM_Case_BAO_Case::getUnclosedCases($params, $excludeCaseIds, TRUE, TRUE);
$results = array();
foreach ($unclosedCases as $caseId => $details) {
$results[] = array(
'id' => $caseId,
- 'text' => $details['sort_name'] . ' (' . $details['case_type'] . ': ' . $details['case_subject'] . ')',
+ 'label' => $details['sort_name'] . ' - ' . $details['case_type'] . ($details['end_date'] ? ' (' . ts('closed') . ')' : ''),
+ 'label_class' => $details['end_date'] ? 'strikethrough' : '',
+ 'description' => array($details['case_subject'] . ' (' . $details['case_status'] . ')'),
'extra' => $details,
);
}
- print json_encode($results);
- CRM_Utils_System::civiExit();
+ CRM_Utils_JSON::output($results);
}
function processCaseTags() {
- $caseId = CRM_Utils_Type::escape($_POST['case_id'], 'Integer');
+ $caseId = CRM_Utils_Type::escape($_POST['case_id'], 'Positive');
$tags = CRM_Utils_Type::escape($_POST['tag'], 'String');
$tagList = $_POST['taglist'];
- if (empty($caseId)) {
- echo 'false';
- CRM_Utils_System::civiExit();
+ if (!CRM_Case_BAO_Case::accessCase($caseId)) {
+ CRM_Utils_System::permissionDenied();
}
$tagIds = array();
}
function caseDetails() {
- $caseId = CRM_Utils_Type::escape($_GET['caseId'], 'Integer');
+ $caseId = CRM_Utils_Type::escape($_GET['caseId'], 'Positive');
+
+ if (!CRM_Case_BAO_Case::accessCase($caseId, FALSE)) {
+ CRM_Utils_System::permissionDenied();
+ }
+
$sql = "SELECT civicrm_case.*, civicrm_case_type.title as case_type
FROM civicrm_case
INNER JOIN civicrm_case_type ON civicrm_case.case_type_id = civicrm_case_type.id
<tr><td>" . ts('Case Status') . "</td><td>{$cs}</td></tr>
<tr><td>" . ts('Case Start Date') . "</td><td>" . CRM_Utils_Date::customFormat($dao->start_date) . "</td></tr>
<tr><td>" . ts('Case End Date') . "</td><td></td></tr>" . CRM_Utils_Date::customFormat($dao->end_date) . "</table>";
- echo $caseDetails;
+ if (CRM_Utils_Array::value('snippet', $_GET) == 'json') {
+ CRM_Core_Page_AJAX::returnJsonResponse($caseDetails);
+ }
+ else {
+ echo $caseDetails;
+ }
}
else {
- echo ts('Could not find valid Case!');
+ CRM_Core_Error::fatal('Could not find valid Case.');
}
CRM_Utils_System::civiExit();
}
function addClient() {
- $caseId = CRM_Utils_Type::escape($_POST['caseID'], 'Integer');
- $contactId = CRM_Utils_Type::escape($_POST['contactID'], 'Integer');
+ $caseId = CRM_Utils_Type::escape($_POST['caseID'], 'Positive');
+ $contactId = CRM_Utils_Type::escape($_POST['contactID'], 'Positive');
+
+ if (!$contactId || !CRM_Case_BAO_Case::accessCase($caseId)) {
+ CRM_Utils_System::permissionDenied();
+ }
$params = array(
'case_id' => $caseId,
);
CRM_Case_BAO_Case::processCaseActivity($caseParams);
- echo json_encode(TRUE);
- CRM_Utils_System::civiExit();
+ CRM_Utils_JSON::output(TRUE);
}
/**
- * Function to delete relationships specific to case and relationship type
+ * Delete relationships specific to case and relationship type
*/
static function deleteCaseRoles() {
- $caseId = CRM_Utils_Type::escape($_POST['case_id'], 'Integer');
- $relType = CRM_Utils_Type::escape($_POST['rel_type'], 'Integer');
+ $caseId = CRM_Utils_Type::escape($_POST['case_id'], 'Positive');
+ $relType = CRM_Utils_Type::escape($_POST['rel_type'], 'Positive');
+
+ if (!$relType || !CRM_Case_BAO_Case::accessCase($caseId)) {
+ CRM_Utils_System::permissionDenied();
+ }
$sql = "DELETE FROM civicrm_relationship WHERE case_id={$caseId} AND relationship_type_id={$relType}";
CRM_Core_DAO::executeQuery($sql);