SearchKit - Use POST to send contact ids to action forms

Fixes dev/core#2736

diff --git a/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php b/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php
index b0ded1f45eeecf966080b0e74463cb9e47202e22..97fb5292f37ace6fd33005119cb8548f84a0b705 100644 (file)
--- a/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php
+++ b/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php
@@ -36,12 +36,14 @@ class GetSearchTasks extends \Civi\Api4\Generic\AbstractAction {
     $tasks = [$entity['name'] => []];
 
     if (array_key_exists($entity['name'], \CRM_Export_BAO_Export::getComponents())) {
+      $key = \CRM_Core_Key::get('CRM_Export_Controller_Standalone', TRUE);
       $tasks[$entity['name']]['export'] = [
         'title' => E::ts('Export %1', [1 => $entity['title_plural']]),
         'icon' => 'fa-file-excel-o',
         'crmPopup' => [
           'path' => "'civicrm/export/standalone'",
-          'query' => "{reset: 1, entity: '{$entity['name']}', id: ids.join(',')}",
+          'query' => "{reset: 1, entity: '{$entity['name']}'}",
+          'data' => "{id: ids.join(','), qfKey: '$key'}",
         ],
       ];
     }
@@ -99,12 +101,14 @@ class GetSearchTasks extends \Civi\Api4\Generic\AbstractAction {
           if ($task['url'] === 'civicrm/task/pick-profile') {
             $task['title'] = E::ts('Profile Update');
           }
+          $key = \CRM_Core_Key::get(\CRM_Utils_Array::first((array) $task['class']), TRUE);
           $tasks[$entity['name']]['contact.' . $id] = [
             'title' => $task['title'],
             'icon' => $task['icon'] ?? 'fa-gear',
             'crmPopup' => [
               'path' => "'{$task['url']}'",
-              'query' => "{reset: 1, cids: ids.join(',')}",
+              'query' => "{reset: 1}",
+              'data' => "{cids: ids.join(','), qfKey: '$key'}",
             ],
           ];
         }
@@ -136,12 +140,13 @@ class GetSearchTasks extends \Civi\Api4\Generic\AbstractAction {
       // FIXME: tasks() function always checks permissions, should respect `$this->checkPermissions`
       foreach (\CRM_Contribute_Task::tasks() as $id => $task) {
         if (!empty($task['url'])) {
+          $key = \CRM_Core_Key::get(\CRM_Utils_Array::first((array) $task['class']), TRUE);
           $tasks[$entity['name']]['contribution.' . $id] = [
             'title' => $task['title'],
             'icon' => $task['icon'] ?? 'fa-gear',
             'crmPopup' => [
               'path' => "'{$task['url']}'",
-              'query' => "{id: ids.join(',')}",
+              'data' => "{id: ids.join(','), qfKey: '$key'}",
             ],
           ];
         }

diff --git a/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js b/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js
index 4910dcdd1944a4ed379b7b3e740c1b66f331fd51..639bc4cfddf76d6cfd69b9c65563b4ccf9a1cfe6 100644 (file)
--- a/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js
+++ b/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js
@@ -67,7 +67,7 @@
         if (action.crmPopup) {
           var path = $scope.$eval(action.crmPopup.path, data),
             query = action.crmPopup.query && $scope.$eval(action.crmPopup.query, data);
-          CRM.loadForm(CRM.url(path, query))
+          CRM.loadForm(CRM.url(path, query), {post: action.crmPopup.data && $scope.$eval(action.crmPopup.data, data)})
             .on('crmFormSuccess', ctrl.refresh);
         }
         // If action uses dialogService

diff --git a/js/crm.ajax.js b/js/crm.ajax.js
index 4cb20cd03ee7b65c3fea57749294e07d8577166a..57ed34f9932a7d2f83a7c1573c10d20052dd7db5 100644 (file)
--- a/js/crm.ajax.js
+++ b/js/crm.ajax.js
@@ -202,6 +202,7 @@
     options: {
       url: null,
       block: true,
+      post: null,
       crmForm: null
     },
     _originalContent: null,
@@ -287,12 +288,22 @@
         return false;
       });
     },
+    _ajax: function(url) {
+      if (!this.options.post || !this.isOriginalUrl()) {
+        return $.getJSON(url);
+      }
+      return $.post({
+        url: url,
+        dataType: 'json',
+        data: this.options.post
+      });
+    },
     refresh: function() {
       var that = this;
       var url = this._formatUrl(this.options.url, 'json');
       if (this.options.crmForm) $('form', this.element).ajaxFormUnbind();
       if (this.options.block) this.element.block();
-      $.getJSON(url, function(data) {
+      this._ajax(url).then(function(data) {
         if (data.status === 'redirect') {
           that.options.url = data.userContext;
           return that.refresh();
@@ -321,7 +332,7 @@
             $('[name="'+formElement+'"]', that.element).crmError(msg);
           });
         }
-      }).fail(function(data, msg, status) {
+      }, function(data, msg, status) {
         that._onFailure(data, status);
       });
     },