PageRenderTime 27ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 1ms

/sites/all/modules/contrib/civicrm/ext/api4/Civi/Api4/Generic/Traits/DAOActionTrait.php

https://gitlab.com/virtualrealms/d7civicrm
PHP | 229 lines | 148 code | 32 blank | 49 comment | 34 complexity | 59e83b1f6990eb4c012d312398548bdb MD5 | raw file
    

  1. <?php
    2. 

  2. namespace Civi\Api4\Generic\Traits;
    3. 

  3. 

  4. use CRM_Utils_Array as UtilsArray;
    5. 

  5. use Civi\Api4\Utils\FormattingUtil;
    6. 

  6. use Civi\Api4\Query\Api4SelectQuery;
    7. 

  7. 

  8. trait DAOActionTrait {
    9. 

  9. 

  10.   /**
    11. 

  11.    * @return \CRM_Core_DAO|string
    12. 

  12.    */
    13. 

  13.   protected function getBaoName() {
    14. 

  14.     require_once 'api/v3/utils.php';
    15. 

  15.     return \_civicrm_api3_get_BAO($this->getEntityName());
    16. 

  16.   }
    17. 

  17. 

  18.   /**
    19. 

  19.    * Extract the true fields from a BAO
    20. 

  20.    *
    21. 

  21.    * (Used by create and update actions)
    22. 

  22.    * @param object $bao
    23. 

  23.    * @return array
    24. 

  24.    */
    25. 

  25.   public static function baoToArray($bao) {
    26. 

  26.     $fields = $bao->fields();
    27. 

  27.     $values = [];
    28. 

  28.     foreach ($fields as $key => $field) {
    29. 

  29.       $name = $field['name'];
    30. 

  30.       if (property_exists($bao, $name)) {
    31. 

  31.         $values[$name] = $bao->$name;
    32. 

  32.       }
    33. 

  33.     }
    34. 

  34.     return $values;
    35. 

  35.   }
    36. 

  36. 

  37.   /**
    38. 

  38.    * @return array|int
    39. 

  39.    */
    40. 

  40.   protected function getObjects() {
    41. 

  41.     $query = new Api4SelectQuery($this->getEntityName(), $this->getCheckPermissions());
    42. 

  42.     $query->select = $this->getSelect();
    43. 

  43.     $query->where = $this->getWhere();
    44. 

  44.     $query->orderBy = $this->getOrderBy();
    45. 

  45.     $query->limit = $this->getLimit();
    46. 

  46.     $query->offset = $this->getOffset();
    47. 

  47.     return $query->run();
    48. 

  48.   }
    49. 

  49. 

  50.   /**
    51. 

  51.    * Write a bao object as part of a create/update action.
    52. 

  52.    *
    53. 

  53.    * @param array $items
    54. 

  54.    *   The record to write to the DB.
    55. 

  55.    * @return array
    56. 

  56.    *   The record after being written to the DB (e.g. including newly assigned "id").
    57. 

  57.    * @throws \API_Exception
    58. 

  58.    */
    59. 

  59.   protected function writeObjects($items) {
    60. 

  60.     $baoName = $this->getBaoName();
    61. 

  61. 

  62.     // Some BAOs are weird and don't support a straightforward "create" method.
    63. 

  63.     $oddballs = [
    64. 

  64.       'Address' => 'add',
    65. 

  65.       'GroupContact' => 'add',
    66. 

  66.       'Website' => 'add',
    67. 

  67.     ];
    68. 

  68.     $method = UtilsArray::value($this->getEntityName(), $oddballs, 'create');
    69. 

  69.     if (!method_exists($baoName, $method)) {
    70. 

  70.       $method = 'add';
    71. 

  71.     }
    72. 

  72. 

  73.     $result = [];
    74. 

  74. 

  75.     foreach ($items as $item) {
    76. 

  76.       $entityId = UtilsArray::value('id', $item);
    77. 

  77.       FormattingUtil::formatWriteParams($item, $this->getEntityName(), $this->getEntityFields());
    78. 

  78.       $this->formatCustomParams($item, $entityId);
    79. 

  79.       $item['check_permissions'] = $this->getCheckPermissions();
    80. 

  80. 

  81.       $apiKeyPermission = $this->getEntityName() != 'Contact' || !$this->getCheckPermissions() || array_key_exists('api_key', $this->getEntityFields())
    82. 

  82.         || ($entityId && \CRM_Core_Permission::check('edit own api keys') && \CRM_Core_Session::getLoggedInContactID() == $entityId);
    83. 

  83. 

  84.       if (!$apiKeyPermission && array_key_exists('api_key', $item)) {
    85. 

  85.         throw new \Civi\API\Exception\UnauthorizedException('Permission denied to modify api key');
    86. 

  86.       }
    87. 

  87. 

  88.       // For some reason the contact bao requires this
    89. 

  89.       if ($entityId && $this->getEntityName() == 'Contact') {
    90. 

  90.         $item['contact_id'] = $entityId;
    91. 

  91.       }
    92. 

  92. 

  93.       if ($this->getCheckPermissions() && $entityId) {
    94. 

  94.         $this->checkContactPermissions($baoName, $item);
    95. 

  95.       }
    96. 

  96. 

  97.       if (method_exists($baoName, $method)) {
    98. 

  98.         $createResult = $baoName::$method($item);
    99. 

  99.       }
    100. 

  100.       else {
    101. 

  101.         $createResult = $this->genericCreateMethod($item);
    102. 

  102.       }
    103. 

  103. 

  104.       if (!$createResult) {
    105. 

  105.         $errMessage = sprintf('%s write operation failed', $this->getEntityName());
    106. 

  106.         throw new \API_Exception($errMessage);
    107. 

  107.       }
    108. 

  108. 

  109.       if (!empty($this->reload) && is_a($createResult, 'CRM_Core_DAO')) {
    110. 

  110.         $createResult->find(TRUE);
    111. 

  111.       }
    112. 

  112. 

  113.       // trim back the junk and just get the array:
    114. 

  114.       $resultArray = $this->baoToArray($createResult);
    115. 

  115. 

  116.       if (!$apiKeyPermission && array_key_exists('api_key', $resultArray)) {
    117. 

  117.         unset($resultArray['api_key']);
    118. 

  118.       }
    119. 

  119. 

  120.       $result[] = $resultArray;
    121. 

  121.     }
    122. 

  122.     return $result;
    123. 

  123.   }
    124. 

  124. 

  125.   /**
    126. 

  126.    * Fallback when a BAO does not contain create or add functions
    127. 

  127.    *
    128. 

  128.    * @param $params
    129. 

  129.    * @return mixed
    130. 

  130.    */
    131. 

  131.   private function genericCreateMethod($params) {
    132. 

  132.     $baoName = $this->getBaoName();
    133. 

  133.     $hook = empty($params['id']) ? 'create' : 'edit';
    134. 

  134. 

  135.     \CRM_Utils_Hook::pre($hook, $this->getEntityName(), UtilsArray::value('id', $params), $params);
    136. 

  136.     /** @var \CRM_Core_DAO $instance */
    137. 

  137.     $instance = new $baoName();
    138. 

  138.     $instance->copyValues($params, TRUE);
    139. 

  139.     $instance->save();
    140. 

  140.     \CRM_Utils_Hook::post($hook, $this->getEntityName(), $instance->id, $instance);
    141. 

  141. 

  142.     return $instance;
    143. 

  143.   }
    144. 

  144. 

  145.   /**
    146. 

  146.    * @param array $params
    147. 

  147.    * @param int $entityId
    148. 

  148.    * @return mixed
    149. 

  149.    */
    150. 

  150.   private function formatCustomParams(&$params, $entityId) {
    151. 

  151.     $customParams = [];
    152. 

  152. 

  153.     // $customValueID is the ID of the custom value in the custom table for this
    154. 

  154.     // entity (i guess this assumes it's not a multi value entity)
    155. 

  155.     foreach ($params as $name => $value) {
    156. 

  156.       if (strpos($name, '.') === FALSE) {
    157. 

  157.         continue;
    158. 

  158.       }
    159. 

  159. 

  160.       list($customGroup, $customField) = explode('.', $name);
    161. 

  161. 

  162.       $customFieldId = \CRM_Core_BAO_CustomField::getFieldValue(
    163. 

  163.         \CRM_Core_DAO_CustomField::class,
    164. 

  164.         $customField,
    165. 

  165.         'id',
    166. 

  166.         'name'
    167. 

  167.       );
    168. 

  168.       $customFieldType = \CRM_Core_BAO_CustomField::getFieldValue(
    169. 

  169.         \CRM_Core_DAO_CustomField::class,
    170. 

  170.         $customField,
    171. 

  171.         'html_type',
    172. 

  172.         'name'
    173. 

  173.       );
    174. 

  174.       $customFieldExtends = \CRM_Core_BAO_CustomGroup::getFieldValue(
    175. 

  175.         \CRM_Core_DAO_CustomGroup::class,
    176. 

  176.         $customGroup,
    177. 

  177.         'extends',
    178. 

  178.         'name'
    179. 

  179.       );
    180. 

  180. 

  181.       // todo are we sure we don't want to allow setting to NULL? need to test
    182. 

  182.       if ($customFieldId && NULL !== $value) {
    183. 

  183. 

  184.         if ($customFieldType == 'CheckBox') {
    185. 

  185.           // this function should be part of a class
    186. 

  186.           formatCheckBoxField($value, 'custom_' . $customFieldId, $this->getEntityName());
    187. 

  187.         }
    188. 

  188. 

  189.         \CRM_Core_BAO_CustomField::formatCustomField(
    190. 

  190.           $customFieldId,
    191. 

  191.           $customParams,
    192. 

  192.           $value,
    193. 

  193.           $customFieldExtends,
    194. 

  194.           NULL, // todo check when this is needed
    195. 

  195.           $entityId,
    196. 

  196.           FALSE,
    197. 

  197.           FALSE,
    198. 

  198.           TRUE
    199. 

  199.         );
    200. 

  200.       }
    201. 

  201.     }
    202. 

  202. 

  203.     if ($customParams) {
    204. 

  204.       $params['custom'] = $customParams;
    205. 

  205.     }
    206. 

  206.   }
    207. 

  207. 

  208.   /**
    209. 

  209.    * Check edit/delete permissions for contacts and related entities.
    210. 

  210.    *
    211. 

  211.    * @param $baoName
    212. 

  212.    * @param $item
    213. 

  213.    * @throws \Civi\API\Exception\UnauthorizedException
    214. 

  214.    */
    215. 

  215.   protected function checkContactPermissions($baoName, $item) {
    216. 

  216.     if ($baoName == 'CRM_Contact_BAO_Contact') {
    217. 

  217.       $permission = $this->getActionName() == 'delete' ? \CRM_Core_Permission::DELETE : \CRM_Core_Permission::EDIT;
    218. 

  218.       if (!\CRM_Contact_BAO_Contact_Permission::allow($item['id'], $permission)) {
    219. 

  219.         throw new \Civi\API\Exception\UnauthorizedException('Permission denied to modify contact record');
    220. 

  220.       }
    221. 

  221.     }
    222. 

  222.     else {
    223. 

  223.       // Fixme: decouple from v3
    224. 

  224.       require_once 'api/v3/utils.php';
    225. 

  225.       _civicrm_api3_check_edit_permissions($baoName, ['check_permissions' => 1] + $item);
    226. 

  226.     }
    227. 

  227.   }
    228. 

  228. 

  229. }
    230. 

  230.