*/
public function postProcess() {
$config = CRM_Core_Config::singleton();
- $contactID = $this->_userID;
+ $contactID = $this->getContactID();
// add a description field at the very beginning
$this->_params['description'] = ts('Online Contribution') . ': ' . (($this->_pcpInfo['title']) ? $this->_pcpInfo['title'] : $this->_values['title']);
}
}
- if (!isset($contactID)) {
+ if (empty($contactID)) {
$dupeParams = $params;
if (CRM_Utils_Array::value('onbehalf', $dupeParams)) {
unset($dupeParams['onbehalf']);
$this->assign('isConfirmEnabled', CRM_Utils_Array::value('is_confirm_enabled', $this->_values));
// make sure we have right permission to edit this user
- $csContactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE, $this->_userID);
+ $csContactID = $this->getContactID();
$reset = CRM_Utils_Request::retrieve('reset', 'Boolean', CRM_Core_DAO::$_nullObject);
$mainDisplay = CRM_Utils_Request::retrieve('_qf_Main_display', 'Boolean', CRM_Core_DAO::$_nullObject);
- if ($csContactID != $this->_userID) {
- if (CRM_Contact_BAO_Contact_Permission::validateChecksumContact($csContactID, $this)) {
- $session = CRM_Core_Session::singleton();
- $session->set('userID', $csContactID);
- $this->_userID = $csContactID;
- }
- }
-
if ($reset) {
$this->assign('reset', $reset);
}
function setDefaultValues() {
// check if the user is registered and we have a contact ID
- $contactID = $this->_userID;
+ $contactID = $this->getContactID();
- if ($contactID) {
+ if (!empty($contactID)) {
$fields = array();
$removeCustomFieldTypes = array('Contribution', 'Membership');
$contribFields = CRM_Contribute_BAO_Contribution::getContributionFields();
// get the submitted form values.
$params = $this->controller->exportValues($this->_name);
+
if (CRM_Utils_Array::value('priceSetId', $params)) {
$is_quick_config = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_PriceSet', $this->_priceSetId, 'is_quick_config');
$formValue = array();
$stateCountryMap = array();
if ($id) {
- $contactID = $this->_userID;
+ $contactID = $this->getContactID();
// we don't allow conflicting fields to be
// configured via profile - CRM 2100
}
}
}
+
+/**
+ * Get contact if for a form object. Prioritise
+ * - cid in URL if 0 (on behalf on someoneelse)
+ * (@todo consider setting a variable if onbehalf for clarity of downstream 'if's
+ * - logged in user id if it matches the one in the cid in the URL
+ * - contact id validated from a checksum from a checksum
+ * - cid from the url if the caller has ACL permission to view
+ * - fallback is logged in user (or ? NULL if no logged in user) (@todo wouldn't 0 be more intuitive?)
+ *
+ * @return Ambigous <mixed, NULL, value, unknown, array, number>|unknown
+ */
+ function getContactID() {
+ $tempID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
+
+ // force to ignore the authenticated user
+ if ($tempID === '0') {
+ return $tempID;
+ }
+
+ // check if the user is logged in and has a contact ID
+ $session = CRM_Core_Session::singleton();
+ $userID = $session->get('userID');
+
+ if ($tempID == $userID) {
+ return $userID;
+ }
+
+ //check if this is a checksum authentication
+ $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this);
+ if ($userChecksum) {
+ //check for anonymous user.
+ $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($tempID, $userChecksum);
+ if ($validUser) {
+ return $tempID;
+ }
+ }
+ // check if user has permission, CRM-12062
+ else if ($tempID && CRM_Contact_BAO_Contact_Permission::allow($tempID)) {
+ return $tempID;
+ }
+
+ return $userID;
+ }
}
//have been skip the additional participant.
if ($button == 'skip') {
$field['is_required'] = FALSE;
- }
+ }
// CRM-11316 Is ReCAPTCHA enabled for this profile AND is this an anonymous visitor
elseif ($field['add_captcha'] && !$contactID) {
// only add captcha for first page
return $fileName ? $fileName : parent::overrideExtraTemplateFileName();
}
- function getContactID() {
- $tempID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
-
- // force to ignore the authenticated user
- if ($tempID === '0') {
- return $tempID;
- }
-
- // check if the user is logged in and has a contact ID
- $session = CRM_Core_Session::singleton();
- $userID = $session->get('userID');
-
- if ($tempID == $userID) {
- return $userID;
- }
-
- //check if this is a checksum authentication
- $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this);
- if ($userChecksum) {
- //check for anonymous user.
- $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($tempID, $userChecksum);
- if ($validUser) {
- return $tempID;
- }
- }
- // check if user has permission, CRM-12062
- else if ($tempID && CRM_Contact_BAO_Contact_Permission::allow($tempID)) {
- return $tempID;
- }
-
- return $userID;
- }
-
- /* Validate price set submitted params for price option limit,
+ /**
+ * Validate price set submitted params for price option limit,
* as well as user should select at least one price field option.
- *
+ * @param unknown_type $form
+ * @param unknown_type $params
+ * @return multitype:|Ambigous <multitype:, string, string>
*/
static function validatePriceSet(&$form, $params) {
$errors = array();
projects / civicrm-core.git / commitdiff