From 505d27184b21c035e2d2a031f3a2251a0e799666 Mon Sep 17 00:00:00 2001 From: Kurund Jalmi Date: Mon, 21 Aug 2023 16:31:31 +0100 Subject: [PATCH] process the form after viewing, strict check for valid submission --- .../Api4/Action/Afform/AbstractProcessor.php | 12 +++++++++++- .../core/Civi/Api4/Action/Afform/Submit.php | 16 +++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ext/afform/core/Civi/Api4/Action/Afform/AbstractProcessor.php b/ext/afform/core/Civi/Api4/Action/Afform/AbstractProcessor.php index bbd741f7e7..d2fbf53f31 100644 --- a/ext/afform/core/Civi/Api4/Action/Afform/AbstractProcessor.php +++ b/ext/afform/core/Civi/Api4/Action/Afform/AbstractProcessor.php @@ -117,11 +117,21 @@ abstract class AbstractProcessor extends \Civi\Api4\Generic\AbstractAction { */ protected function prePopulateSubmissionData($sortedEntities) { // if submission id is passed then get the data from submission - $afformSubmissionData = \Civi\Api4\AfformSubmission::get(TRUE) + // we should prepopulate only pending submissions + $afformSubmissionData = \Civi\Api4\AfformSubmission::get(FALSE) ->addSelect('data') ->addWhere('id', '=', $this->args['sid']) + ->addWhere('afform_name', '=', $this->name) + ->addWhere('status_id:name', '=', 'Pending') ->execute()->first(); + // do nothing and return early for invalid submission id + if (empty($afformSubmissionData)) { + // unset sid from args + $this->args['sid'] = NULL; + return; + } + foreach ($sortedEntities as $entityName) { foreach ($afformSubmissionData['data'] as $entity => $data) { if ($entity == $entityName) { diff --git a/ext/afform/core/Civi/Api4/Action/Afform/Submit.php b/ext/afform/core/Civi/Api4/Action/Afform/Submit.php index ffea5c188f..abb3ea3088 100644 --- a/ext/afform/core/Civi/Api4/Action/Afform/Submit.php +++ b/ext/afform/core/Civi/Api4/Action/Afform/Submit.php @@ -42,8 +42,8 @@ class Submit extends AbstractProcessor { } // Save submission record - if (!empty($this->_afform['create_submission'])) { - $status = 'Processed'; + $status = 'Processed'; + if (!empty($this->_afform['create_submission']) && empty($this->args['sid'])) { if (!empty($this->_afform['manual_processing'])) { $status = 'Pending'; } @@ -56,8 +56,8 @@ class Submit extends AbstractProcessor { ->execute()->first(); } - // let's not save the data in other CiviCRM table if email verification is needed. - if (!empty($this->_afform['manual_processing'])) { + // let's not save the data in other CiviCRM table if manual verification is needed. + if (!empty($this->_afform['manual_processing']) && empty($this->args['sid'])) { return []; } @@ -67,9 +67,15 @@ class Submit extends AbstractProcessor { $submissionData = $this->combineValuesAndIds($this->getValues(), $this->_entityIds); // Update submission record with entity IDs. if (!empty($this->_afform['create_submission'])) { + $submissionId = $submission['id']; + if (!empty($this->args['sid'])) { + $submissionId = $this->args['sid']; + } + AfformSubmission::update(FALSE) - ->addWhere('id', '=', $submission['id']) + ->addWhere('id', '=', $submissionId) ->addValue('data', $submissionData) + ->addValue('status_id:name', $status) ->execute(); } -- 2.25.1