function vtws_retrieve($id, $user) { $adb = PearDatabase::getInstance(); $log = vglobal('log'); $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($meta->hasReadAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } $idComponents = vtws_getIdComponents($id); if (!$meta->exists($idComponents[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } $entity = $handler->retrieve($id); VTWS_PreserveGlobal::flush(); return $entity; }
function vtws_setrelation($relateThisId, $withTheseIds, $user) { global $log, $adb; list($moduleId, $elementId) = vtws_getIdComponents($relateThisId); $webserviceObject = VtigerWebserviceObject::fromId($adb, $moduleId); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $moduleName = $meta->getObjectEntityName($relateThisId); $types = vtws_listtypes(null, $user); if (!in_array($moduleName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($moduleName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$UPDATE, $relateThisId)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } if (!$meta->exists($elementId)) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } if ($meta->hasWriteAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } vtws_internal_setrelation($elementId, $moduleName, $withTheseIds); VTWS_PreserveGlobal::flush(); return true; }
function vtws_update($element, $user) { global $log, $adb; $idList = vtws_getIdComponents($element['id']); $webserviceObject = VtigerWebserviceObject::fromId($adb, $idList[0]); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($element['id']); $types = vtws_listtypes($user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$UPDATE, $element['id'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } if (!$meta->exists($idList[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } if ($meta->hasWriteAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } $referenceFields = $meta->getReferenceFieldDetails(); foreach ($referenceFields as $fieldName => $details) { if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) { $ids = vtws_getIdComponents($element[$fieldName]); $elemTypeId = $ids[0]; $elemId = $ids[1]; $referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId); if (!in_array($referenceObject->getEntityName(), $details)) { throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}"); } if (!in_array($referenceObject->getEntityName(), $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied " . $referenceObject->getEntityName()); } } else { if ($element[$fieldName] !== NULL) { unset($element[$fieldName]); } } } $meta->hasMandatoryFields($element); $ownerFields = $meta->getOwnerFields(); if (is_array($ownerFields) && sizeof($ownerFields) > 0) { foreach ($ownerFields as $ownerField) { if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user"); } } } $entity = $handler->update($element); VTWS_PreserveGlobal::flush(); return $entity; }
function vtws_retrieve($id, $user) { global $log, $adb; $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($meta->hasReadAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } $idComponents = vtws_getIdComponents($id); if (!$meta->exists($idComponents[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } $entity = $handler->retrieve($id); //return product lines if ($entityName == 'Quotes' || $entityName == 'PurchaseOrder' || $entityName == 'SalesOrder' || $entityName == 'Invoice') { list($wsid, $recordid) = explode('x', $id); $result = $adb->pquery('select * from vtiger_inventoryproductrel where id=?', array($recordid)); while ($row = $adb->getNextRow($result, false)) { if ($row['discount_amount'] == NULL && $row['discount_percent'] == NULL) { $discount = 0; $discount_type = 0; } else { $discount = 1; } if ($row['discount_amount'] == NULL) { $discount_amount = 0; } else { $discount_amount = $row['discount_amount']; $discount_type = 'amount'; } if ($row['discount_percent'] == NULL) { $discount_percent = 0; } else { $discount_percent = $row['discount_percent']; $discount_type = 'percentage'; } $onlyPrd = array("productid" => $row['productid'], "comment" => $row['comment'], "qty" => $row['quantity'], "listprice" => $row['listprice'], 'discount' => $discount, "discount_type" => $discount_type, "discount_percentage" => $discount_percent, "discount_amount" => $discount_amount); $entity['pdoInformation'][] = $onlyPrd; } } VTWS_PreserveGlobal::flush(); return $entity; }
function vtws_retrievedocattachment($all_ids, $returnfile, $user) { global $log, $adb; $entities = array(); $docWSId = vtyiicpng_getWSEntityId('Documents'); $log->debug("Entering function vtws_retrievedocattachment"); $all_ids = "(" . str_replace($docWSId, '', $all_ids) . ")"; $query = "SELECT n.notesid, n.filename, n.filelocationtype\n FROM vtiger_notes n\n INNER JOIN vtiger_crmentity c ON c.crmid=n.notesid\n WHERE n.notesid in {$all_ids} and n.filelocationtype in ('I','E') and c.deleted=0"; $result = $adb->query($query); $nr = $adb->num_rows($result); for ($i = 0; $i < $nr; $i++) { $id = $docWSId . $adb->query_result($result, $i, 'notesid'); $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($meta->hasReadAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object ({$id}) is denied"); } $ids = vtws_getIdComponents($id); if (!$meta->exists($ids[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Document Record you are trying to access is not found"); } $document_id = $ids[1]; $filetype = $adb->query_result($result, $i, 'filelocationtype'); if ($filetype == 'E') { $entity["recordid"] = $adb->query_result($result, $i, 'notesid'); $entity["filetype"] = $fileType; $entity["filename"] = $adb->query_result($result, $i, 'filename'); $entity["filesize"] = 0; $entity["attachment"] = base64_encode(''); } elseif ($filetype == 'I') { $entity = vtws_retrievedocattachment_get_attachment($document_id, true, $returnfile); } $entities[$id] = $entity; VTWS_PreserveGlobal::flush(); } // end for ids $log->debug("Leaving function vtws_retrievedocattachment"); return $entities; }
function cbws_getrecordimageinfo($id, $user) { global $log, $adb, $site_URL; $log->debug("Entering function cbws_getrecordimageinfo({$id})"); $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($meta->hasReadAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read entity is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } $idComponents = vtws_getIdComponents($id); if (!$meta->exists($idComponents[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } $ids = vtws_getIdComponents($id); $pdoid = $ids[1]; $rdo = array(); $query = 'select vtiger_attachments.name, vtiger_attachments.type, vtiger_attachments.attachmentsid, vtiger_attachments.path from vtiger_attachments inner join vtiger_crmentity on vtiger_crmentity.crmid = vtiger_attachments.attachmentsid inner join vtiger_seattachmentsrel on vtiger_attachments.attachmentsid=vtiger_seattachmentsrel.attachmentsid where (vtiger_crmentity.setype LIKE "%Image" or vtiger_crmentity.setype LIKE "%Attachment") and deleted=0 and vtiger_seattachmentsrel.crmid=?'; $result_image = $adb->pquery($query, array($pdoid)); $rdo['results'] = $adb->num_rows($result_image); $rdo['images'] = array(); while ($img = $adb->fetch_array($result_image)) { $imga = array(); $imga['name'] = $img['name']; $imga['path'] = $img['path']; $imga['fullpath'] = $site_URL . '/' . $img['path'] . $img['attachmentsid'] . '_' . $img['name']; $imga['type'] = $img['type']; $imga['id'] = $img['attachmentsid']; $rdo['images'][] = $imga; } VTWS_PreserveGlobal::flush(); $log->debug("Leaving function cbws_getrecordimageinfo"); return $rdo; }
function vtws_query($q, $user) { static $vtws_query_cache = array(); $adb = PearDatabase::getInstance(); $log = vglobal('log'); // Cache the instance for re-use $moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/"; $moduleName = ''; if (preg_match($moduleRegex, $q, $m)) { $moduleName = trim($m[1]); } if (!isset($vtws_create_cache[$moduleName]['webserviceobject'])) { $webserviceObject = VtigerWebserviceObject::fromQuery($adb, $q); $vtws_query_cache[$moduleName]['webserviceobject'] = $webserviceObject; } else { $webserviceObject = $vtws_query_cache[$moduleName]['webserviceobject']; } // END $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; // Cache the instance for re-use if (!isset($vtws_query_cache[$moduleName]['handler'])) { $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $vtws_query_cache[$moduleName]['handler'] = $handler; } else { $handler = $vtws_query_cache[$moduleName]['handler']; } // END // Cache the instance for re-use if (!isset($vtws_query_cache[$moduleName]['meta'])) { $meta = $handler->getMeta(); $vtws_query_cache[$moduleName]['meta'] = $meta; } else { $meta = $vtws_query_cache[$moduleName]['meta']; } // END $types = vtws_listtypes(null, $user); if (!in_array($webserviceObject->getEntityName(), $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if (!$meta->hasReadAccess()) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read is denied"); } $result = $handler->query($q); VTWS_PreserveGlobal::flush(); return $result; }
function vtws_describe($elementType, $user) { global $log, $adb; $webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $types = vtws_listtypes(null, $user); if (!in_array($elementType, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } $entity = $handler->describe($elementType); VTWS_PreserveGlobal::flush(); return $entity; }
function getListing($user) { $modulewsids = Mobile_WS_Utils::getEntityModuleWSIds(); // Disallow modules unset($modulewsids['Users']); // Calendar & Events module will be merged unset($modulewsids['Events']); $listresult = vtws_listtypes(null, $user); $listing = array(); foreach ($listresult['types'] as $index => $modulename) { if (!isset($modulewsids[$modulename])) { continue; } $listing[] = array('id' => $modulewsids[$modulename], 'name' => $modulename, 'isEntity' => $listresult['information'][$modulename]['isEntity'], 'label' => $listresult['information'][$modulename]['label'], 'singular' => $listresult['information'][$modulename]['singular']); } return $listing; }
/** * Function to get emails related modules * @return <Array> - list of modules */ public function getEmailRelatedModules() { $userPrivModel = Users_Privileges_Model::getCurrentUserPrivilegesModel(); $relatedModules = vtws_listtypes(array('email'), Users_Record_Model::getCurrentUserModel()); $relatedModules = $relatedModules['types']; foreach ($relatedModules as $key => $moduleName) { if ($moduleName === 'Users') { unset($relatedModules[$key]); } } foreach ($relatedModules as $moduleName) { $moduleModel = Vtiger_Module_Model::getInstance($moduleName); if ($userPrivModel->isAdminUser() || $userPrivModel->hasGlobalReadPermission() || $userPrivModel->hasModulePermission($moduleModel->getId())) { $emailRelatedModules[] = $moduleName; } } $emailRelatedModules[] = 'Users'; return $emailRelatedModules; }
function vtws_query($q, $user) { global $log, $adb; $webserviceObject = VtigerWebserviceObject::fromQuery($adb, $q); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $types = vtws_listtypes(null, $user); if (!in_array($webserviceObject->getEntityName(), $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if (!$meta->hasReadAccess()) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read is denied"); } $result = $handler->query($q); VTWS_PreserveGlobal::flush(); return $result; }
/** * @author MAK */ function vtws_deleteUser($id, $newOwnerId, $user) { global $log, $adb; $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes($user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied, EntityName = " . $entityName); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$DELETE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } $idComponents = vtws_getIdComponents($id); if (!$meta->exists($idComponents[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found, idComponent = " . $idComponents); } if ($meta->hasWriteAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } $newIdComponents = vtws_getIdComponents($newOwnerId); if (empty($newIdComponents[1])) { //force the default user to be the default admin user. //added cause eazybusiness team is sending this value empty $newIdComponents[1] = 1; } vtws_transferOwnership($idComponents[1], $newIdComponents[1]); //delete from user vtiger_table; $sql = "delete from vtiger_users where id=?"; vtws_runQueryAsTransaction($sql, array($idComponents[1]), $result); VTWS_PreserveGlobal::flush(); return array("status" => "successful"); }
function getListing($user) { function useSortBySettings($a, $b) { global $displayed_modules; $posA = $displayed_modules[$a['name']]; $posB = $displayed_modules[$b['name']]; if ($posA == $posB) { return 0; } return $posA < $posB ? -1 : 1; } //settings information global $displayed_modules, $current_language, $app_strings; $modulewsids = Mobile_WS_Utils::getEntityModuleWSIds(); // Disallow modules unset($modulewsids['Users']); include_once dirname(__FILE__) . '/../../Mobile.Config.php'; $CRM_Version = Mobile::config('crm_version'); if ($CRM_Version != '5.2.1') { //we use this class only for privilege purposes on types $listresult = vtws_listtypes(null, $user, 'en_us'); } else { $listresult = vtws_listtypes($user); } $listing = array(); foreach ($listresult['types'] as $index => $modulename) { if (!isset($modulewsids[$modulename])) { continue; } if (in_array($modulename, $displayed_modules)) { $listing[] = array('id' => $modulewsids[$modulename], 'name' => $modulename, 'isEntity' => $listresult['information'][$modulename]['isEntity'], 'label' => getTranslatedString($modulename, $modulename), 'singular' => getTranslatedString('SINGLE_' . $modulename, $modulename)); } } //make sure the active modules are displayed in the order of the $displayed_modules settings entry in MobileSettings.config.php $displayed_modules = array_flip($displayed_modules); usort($listing, 'useSortBySettings'); return $listing; }
function cbws_getpdfdata($id, $user) { global $log, $adb; $log->debug("Entering function vtws_getpdfdata"); $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($meta->hasReadAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } $idComponents = vtws_getIdComponents($id); if (!$meta->exists($idComponents[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } $objectName = $webserviceObject->getEntityName(); if (!in_array($objectName, array('Invoice', 'Quotes', 'SalesOrder', 'PurchaseOrder'))) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Only Inventory modules support PDF Output."); } $ids = vtws_getIdComponents($id); $document_id = $ids[1]; $entity = get_module_pdf($objectName, $document_id); VTWS_PreserveGlobal::flush(); $log->debug("Leaving function vtws_getpdfdata"); return $entity; }
/** * @author MAK */ function vtws_deleteUser($id, $newOwnerId, $user) { $adb = PearDatabase::getInstance(); $log = vglobal('log'); $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied, EntityName = " . $entityName); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$DELETE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } $idComponents = vtws_getIdComponents($id); if (!$meta->exists($idComponents[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found, idComponent = " . $idComponents); } if ($meta->hasWriteAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } $newIdComponents = vtws_getIdComponents($newOwnerId); if (empty($newIdComponents[1])) { //force the default user to be the default admin user. $newIdComponents[1] = 1; } $userObj = new Users(); $userObj->transformOwnerShipAndDelete($idComponents[1], $newIdComponents[1]); VTWS_PreserveGlobal::flush(); return array("status" => "successful"); }
function vtws_relatedtypes($elementType, $user) { global $adb, $log; $allowedTypes = vtws_listtypes(null, $user); $webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $tabid = $meta->getTabId(); $sql = "SELECT vtiger_relatedlists.label, vtiger_tab.name, vtiger_tab.isentitytype FROM vtiger_relatedlists \n INNER JOIN vtiger_tab ON vtiger_tab.tabid=vtiger_relatedlists.related_tabid \n WHERE vtiger_relatedlists.tabid=? AND vtiger_tab.presence = 0"; $params = array($tabid); $rs = $adb->pquery($sql, $params); $return = array('types' => array(), 'information' => array()); while ($row = $adb->fetch_array($rs)) { if (in_array($row['name'], $allowedTypes['types'])) { $return['types'][] = $row['name']; // There can be same module related under different label - so label is our key. $return['information'][$row['label']] = array('name' => $row['name'], 'label' => $row['label'], 'isEntity' => $row['isentitytype']); } } return $return; }
function vtws_create($elementType, $element, $user) { $types = vtws_listtypes(null, $user); if (!in_array($elementType, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } global $log, $adb; if (!empty($element['relations'])) { $relations = $element['relations']; unset($element['relations']); } // Cache the instance for re-use if (!isset($vtws_create_cache[$elementType]['webserviceobject'])) { $webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType); $vtws_create_cache[$elementType]['webserviceobject'] = $webserviceObject; } else { $webserviceObject = $vtws_create_cache[$elementType]['webserviceobject']; } // END $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); if ($meta->hasWriteAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } $referenceFields = $meta->getReferenceFieldDetails(); foreach ($referenceFields as $fieldName => $details) { if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) { $ids = vtws_getIdComponents($element[$fieldName]); $elemTypeId = $ids[0]; $elemId = $ids[1]; $referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId); if (!in_array($referenceObject->getEntityName(), $details)) { throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}"); } if ($referenceObject->getEntityName() == 'Users') { if (!$meta->hasAssignPrivilege($element[$fieldName])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user"); } } if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied" . $referenceObject->getEntityName()); } } else { if ($element[$fieldName] !== NULL) { unset($element[$fieldName]); } } } if ($meta->hasMandatoryFields($element)) { $ownerFields = $meta->getOwnerFields(); if (is_array($ownerFields) && sizeof($ownerFields) > 0) { foreach ($ownerFields as $ownerField) { if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user"); } } } // Product line support if (($elementType == 'Quotes' || $elementType == 'PurchaseOrder' || $elementType == 'SalesOrder' || $elementType == 'Invoice') && is_array($element['pdoInformation'])) { include 'include/Webservices/ProductLines.php'; } else { $_REQUEST['action'] = $elementType . 'Ajax'; } if ($elementType == 'HelpDesk') { //Added to construct the update log for Ticket history $colflds = $element; list($void, $colflds['assigned_user_id']) = explode('x', $colflds['assigned_user_id']); $grp_name = fetchGroupName($colflds['assigned_user_id']); $assigntype = $grp_name != '' ? 'T' : 'U'; $updlog = HelpDesk::getUpdateLogCreateMessage($colflds, $grp_name, $assigntype); $updlog = from_html($updlog, false); } $entity = $handler->create($elementType, $element); if ($elementType == 'HelpDesk') { list($wsid, $newrecid) = vtws_getIdComponents($entity['id']); $adb->pquery('update vtiger_troubletickets set update_log=? where ticketid=?', array($updlog, $newrecid)); } // Establish relations if (!empty($relations)) { list($wsid, $newrecid) = vtws_getIdComponents($entity['id']); $modname = $meta->getEntityName(); vtws_internal_setrelation($newrecid, $modname, $relations); } VTWS_PreserveGlobal::flush(); return $entity; } else { return null; } }
public function getReferenceList() { static $referenceList = array(); if ($this->referenceList === null) { if (isset($referenceList[$this->getFieldId()])) { $this->referenceList = $referenceList[$this->getFieldId()]; return $referenceList[$this->getFieldId()]; } if (!isset(WebserviceField::$fieldTypeMapping[$this->getUIType()])) { $this->getFieldTypeFromUIType(); } $fieldTypeData = WebserviceField::$fieldTypeMapping[$this->getUIType()]; $referenceTypes = array(); if ($this->getUIType() != $this->genericUIType) { $sql = "select * from vtiger_ws_referencetype where fieldtypeid=?"; $params = array($fieldTypeData['fieldtypeid']); } else { $sql = 'select relmodule as type from vtiger_fieldmodulerel where fieldid=?'; $params = array($this->getFieldId()); } $result = $this->pearDB->pquery($sql, $params); $numRows = $this->pearDB->num_rows($result); for ($i = 0; $i < $numRows; ++$i) { array_push($referenceTypes, $this->pearDB->query_result($result, $i, "type")); } //to handle hardcoding done for Calendar module todo activities. if ($this->tabid == 9 && $this->fieldName == 'parent_id') { $referenceTypes[] = 'Invoice'; $referenceTypes[] = 'Quotes'; $referenceTypes[] = 'PurchaseOrder'; $referenceTypes[] = 'SalesOrder'; $referenceTypes[] = 'Campaigns'; } if ($this->getUIType() == 26) { // DocumentFolders $referenceTypes[] = 'DocumentFolders'; } global $current_user; $types = vtws_listtypes(null, $current_user); $accessibleTypes = $types['types']; if (!is_admin($current_user)) { array_push($accessibleTypes, 'Users'); } $referenceTypes = array_values(array_intersect($accessibleTypes, $referenceTypes)); $referenceList[$this->getFieldId()] = $referenceTypes; $this->referenceList = $referenceTypes; return $referenceTypes; } return $this->referenceList; }
function vtws_update($element, $user) { global $log, $adb; $idList = vtws_getIdComponents($element['id']); $webserviceObject = VtigerWebserviceObject::fromId($adb, $idList[0]); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($element['id']); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$UPDATE, $element['id'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } if (!$meta->exists($idList[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } if ($meta->hasWriteAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } $referenceFields = $meta->getReferenceFieldDetails(); foreach ($referenceFields as $fieldName => $details) { if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) { $ids = vtws_getIdComponents($element[$fieldName]); $elemTypeId = $ids[0]; $elemId = $ids[1]; $referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId); if (!in_array($referenceObject->getEntityName(), $details)) { throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}"); } if ($referenceObject->getEntityName() == 'Users') { if (!$meta->hasAssignPrivilege($element[$fieldName])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user"); } } if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied " . $referenceObject->getEntityName()); } } else { if ($element[$fieldName] !== NULL) { unset($element[$fieldName]); } } } $meta->hasMandatoryFields($element); $ownerFields = $meta->getOwnerFields(); if (is_array($ownerFields) && sizeof($ownerFields) > 0) { foreach ($ownerFields as $ownerField) { if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user"); } } } // Product line support if (($entityName == 'Quotes' || $entityName == 'PurchaseOrder' || $entityName == 'SalesOrder' || $entityName == 'Invoice') && is_array($element['pdoInformation'])) { include_once 'include/Webservices/ProductLines.php'; } else { $_REQUEST['action'] = $entityName . 'Ajax'; } if ($entityName == 'HelpDesk') { //Added to construct the update log for Ticket history $colflds = $element; list($void, $colflds['assigned_user_id']) = explode('x', $colflds['assigned_user_id']); $updlog = HelpDesk::getUpdateLogEditMessage($idList[1], $colflds); $updlog = from_html($updlog, true); } $entity = $handler->update($element); if ($entityName == 'HelpDesk') { $adb->pquery('update vtiger_troubletickets set update_log=? where ticketid=?', array($updlog, $idList[1])); } VTWS_PreserveGlobal::flush(); return $entity; }
public function getReferenceList() { static $referenceList = array(); if ($this->referenceList === null) { if (isset($referenceList[$this->getFieldId()])) { $this->referenceList = $referenceList[$this->getFieldId()]; return $referenceList[$this->getFieldId()]; } if (!isset(WebserviceField::$fieldTypeMapping[$this->getUIType()])) { $this->getFieldTypeFromUIType(); } $fieldTypeData = WebserviceField::$fieldTypeMapping[$this->getUIType()]; $current_user = vglobal('current_user'); $types = vtws_listtypes(null, $current_user); $accessibleTypes = $types['types']; //If it is non admin user or the edit and view is there for profile then users module will be accessible if (!is_admin($current_user) && !in_array("Users", $accessibleTypes)) { array_push($accessibleTypes, 'Users'); } $referenceTypes = array(); if ($this->getUIType() != $this->genericUIType) { $sql = "select vtiger_ws_referencetype.`type` from vtiger_ws_referencetype INNER JOIN vtiger_tab ON vtiger_tab.`name` = vtiger_ws_referencetype.`type` where fieldtypeid=? AND vtiger_tab.`presence` NOT IN (?)"; $params = array($fieldTypeData['fieldtypeid'], 1); } else { $sql = 'select relmodule as type from vtiger_fieldmodulerel INNER JOIN vtiger_tab ON vtiger_tab.`name` = vtiger_fieldmodulerel.`relmodule` WHERE fieldid=? AND vtiger_tab.`presence` NOT IN (?) ORDER BY sequence ASC'; $params = array($this->getFieldId(), 1); } $result = $this->pearDB->pquery($sql, $params); $numRows = $this->pearDB->num_rows($result); for ($i = 0; $i < $numRows; ++$i) { $referenceType = $this->pearDB->query_result($result, $i, "type"); if (in_array($referenceType, $accessibleTypes)) { array_push($referenceTypes, $referenceType); } } $referenceTypesUnsorted = array_values(array_intersect($accessibleTypes, $referenceTypes)); $referenceTypesSorted = array(); foreach ($referenceTypesUnsorted as $key => $reference) { $keySort = array_search($reference, $referenceTypes); $referenceTypesSorted[$keySort] = $reference; } ksort($referenceTypesSorted); $referenceList[$this->getFieldId()] = $referenceTypesSorted; $this->referenceList = $referenceTypesSorted; return $referenceTypesSorted; } return $this->referenceList; }
public function getReferenceList() { static $referenceList = array(); if ($this->referenceList === null) { if (isset($referenceList[$this->getFieldId()])) { $this->referenceList = $referenceList[$this->getFieldId()]; return $referenceList[$this->getFieldId()]; } if (!isset(WebserviceField::$fieldTypeMapping[$this->getUIType()])) { $this->getFieldTypeFromUIType(); } $fieldTypeData = WebserviceField::$fieldTypeMapping[$this->getUIType()]; $referenceTypes = array(); if ($this->getUIType() != $this->genericUIType) { $sql = "select * from vtiger_ws_referencetype where fieldtypeid=?"; $params = array($fieldTypeData['fieldtypeid']); } else { $sql = 'select relmodule as type from vtiger_fieldmodulerel where fieldid=? ORDER BY sequence ASC'; $params = array($this->getFieldId()); } $result = $this->pearDB->pquery($sql, $params); $numRows = $this->pearDB->num_rows($result); for ($i = 0; $i < $numRows; ++$i) { array_push($referenceTypes, $this->pearDB->query_result($result, $i, "type")); } //to handle hardcoding done for Calendar module todo activities. if ($this->tabid == 9 && $this->fieldName == 'parent_id') { $referenceTypes[] = 'Invoice'; $referenceTypes[] = 'Quotes'; $referenceTypes[] = 'PurchaseOrder'; $referenceTypes[] = 'SalesOrder'; $referenceTypes[] = 'Campaigns'; } global $current_user; $types = vtws_listtypes(null, $current_user); $accessibleTypes = $types['types']; //If it is non admin user or the edit and view is there for profile then users module will be accessible if (!is_admin($current_user) && !in_array("Users", $accessibleTypes)) { array_push($accessibleTypes, 'Users'); } $referenceTypesUnsorted = array_values(array_intersect($accessibleTypes, $referenceTypes)); $referenceTypesSorted = array(); foreach ($referenceTypesUnsorted as $key => $reference) { $keySort = array_search($reference, $referenceTypes); $referenceTypesSorted[$keySort] = $reference; } ksort($referenceTypesSorted); $referenceList[$this->getFieldId()] = $referenceTypesSorted; $this->referenceList = $referenceTypesSorted; return $referenceTypesSorted; } return $this->referenceList; }
function vtws_sync($mtime, $elementType, $syncType, $user) { global $adb, $recordString, $modifiedTimeString; $numRecordsLimit = 100; $ignoreModules = array("Users"); $typed = true; $dformat = "Y-m-d H:i:s"; $datetime = date($dformat, $mtime); $setypeArray = array(); $setypeData = array(); $setypeHandler = array(); $setypeNoAccessArray = array(); $output = array(); $output["updated"] = array(); $output["deleted"] = array(); $applicationSync = false; if (is_object($syncType) && $syncType instanceof Users) { $user = $syncType; } else { if ($syncType == 'application') { $applicationSync = true; } else { if ($syncType == 'userandgroup') { $userAndGroupSync = true; } } } if ($applicationSync && !is_admin($user)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Only admin users can perform application sync"); } $ownerIds = array($user->id); // To get groupids in which this user exist if ($userAndGroupSync) { $groupresult = $adb->pquery("select groupid from vtiger_users2group where userid=?", array($user->id)); $numOfRows = $adb->num_rows($groupresult); if ($numOfRows > 0) { for ($i = 0; $i < $numOfRows; $i++) { $ownerIds[count($ownerIds)] = $adb->query_result($groupresult, $i, "groupid"); } } } // End if (!isset($elementType) || $elementType == '' || $elementType == null) { $typed = false; } $adb->startTransaction(); $accessableModules = array(); $entityModules = array(); $modulesDetails = vtws_listtypes(null, $user); $moduleTypes = $modulesDetails['types']; $modulesInformation = $modulesDetails["information"]; foreach ($modulesInformation as $moduleName => $entityInformation) { if ($entityInformation["isEntity"]) { $entityModules[] = $moduleName; } } if (!$typed) { $accessableModules = $entityModules; } else { if (!in_array($elementType, $entityModules)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } $accessableModules[] = $elementType; } $accessableModules = array_diff($accessableModules, $ignoreModules); if (count($accessableModules) <= 0) { $output['lastModifiedTime'] = $mtime; $output['more'] = false; return $output; } if ($typed) { $handler = vtws_getModuleHandlerFromName($elementType, $user); $moduleMeta = $handler->getMeta(); $entityDefaultBaseTables = $moduleMeta->getEntityDefaultTableList(); //since there will be only one base table for all entities $baseCRMTable = $entityDefaultBaseTables[0]; if ($elementType == "Calendar" || $elementType == "Events") { $baseCRMTable = getSyncQueryBaseTable($elementType); } } else { $baseCRMTable = " vtiger_crmentity "; } //modifiedtime - next token $q = "SELECT modifiedtime FROM {$baseCRMTable} WHERE modifiedtime>? and setype IN(" . generateQuestionMarks($accessableModules) . ") "; $params = array($datetime); foreach ($accessableModules as $entityModule) { if ($entityModule == "Events") { $entityModule = "Calendar"; } $params[] = $entityModule; } if (!$applicationSync) { $q .= ' and smownerid IN(' . generateQuestionMarks($ownerIds) . ')'; $params = array_merge($params, $ownerIds); } $q .= " order by modifiedtime limit {$numRecordsLimit}"; $result = $adb->pquery($q, $params); $modTime = array(); for ($i = 0; $i < $adb->num_rows($result); $i++) { $modTime[] = $adb->query_result($result, $i, 'modifiedtime'); } if (!empty($modTime)) { $maxModifiedTime = max($modTime); } if (!$maxModifiedTime) { $maxModifiedTime = $datetime; } foreach ($accessableModules as $elementType) { $handler = vtws_getModuleHandlerFromName($elementType, $user); $moduleMeta = $handler->getMeta(); $deletedQueryCondition = $moduleMeta->getEntityDeletedQuery(); preg_match_all("/(?:\\s+\\w+[ \t\n\r]+)?([^=]+)\\s*=([^\\s]+|'[^']+')/", $deletedQueryCondition, $deletedFieldDetails); $fieldNameDetails = $deletedFieldDetails[1]; $deleteFieldValues = $deletedFieldDetails[2]; $deleteColumnNames = array(); foreach ($fieldNameDetails as $tableName_fieldName) { $fieldComp = explode(".", $tableName_fieldName); $deleteColumnNames[$tableName_fieldName] = $fieldComp[1]; } $params = array($moduleMeta->getTabName(), $datetime, $maxModifiedTime); $queryGenerator = new QueryGenerator($elementType, $user); $fields = array(); $moduleFields = $moduleMeta->getModuleFields(); $moduleFieldNames = getSelectClauseFields($elementType, $moduleMeta, $user); $moduleFieldNames[] = 'id'; $queryGenerator->setFields($moduleFieldNames); $selectClause = "SELECT " . $queryGenerator->getSelectClauseColumnSQL(); // adding the fieldnames that are present in the delete condition to the select clause // since not all fields present in delete condition will be present in the fieldnames of the module foreach ($deleteColumnNames as $table_fieldName => $columnName) { if (!in_array($columnName, $moduleFieldNames)) { $selectClause .= ", " . $table_fieldName; } } if ($elementType == "Emails") { $fromClause = vtws_getEmailFromClause(); } else { $fromClause = $queryGenerator->getFromClause(); } $fromClause .= " INNER JOIN (select modifiedtime, crmid,deleted,setype FROM {$baseCRMTable} WHERE setype=? and modifiedtime >? and modifiedtime<=?"; if (!$applicationSync) { $fromClause .= 'and smownerid IN(' . generateQuestionMarks($ownerIds) . ')'; $params = array_merge($params, $ownerIds); } $fromClause .= ' ) vtiger_ws_sync ON (vtiger_crmentity.crmid = vtiger_ws_sync.crmid)'; $q = $selectClause . " " . $fromClause; $result = $adb->pquery($q, $params); $recordDetails = array(); $deleteRecordDetails = array(); while ($arre = $adb->fetchByAssoc($result)) { $key = $arre[$moduleMeta->getIdColumn()]; if (vtws_isRecordDeleted($arre, $deleteColumnNames, $deleteFieldValues)) { if (!$moduleMeta->hasAccess()) { continue; } $output["deleted"][] = vtws_getId($moduleMeta->getEntityId(), $key); } else { if (!$moduleMeta->hasAccess() || !$moduleMeta->hasPermission(EntityMeta::$RETRIEVE, $key)) { continue; } try { $output["updated"][] = DataTransform::sanitizeDataWithColumn($arre, $moduleMeta); } catch (WebServiceException $e) { //ignore records the user doesn't have access to. continue; } catch (Exception $e) { throw new WebServiceException(WebServiceErrorCode::$INTERNALERROR, "Unknown Error while processing request"); } } } } $q = "SELECT crmid FROM {$baseCRMTable} WHERE modifiedtime>? and setype IN(" . generateQuestionMarks($accessableModules) . ")"; $params = array($maxModifiedTime); foreach ($accessableModules as $entityModule) { if ($entityModule == "Events") { $entityModule = "Calendar"; } $params[] = $entityModule; } if (!$applicationSync) { $q .= 'and smownerid IN(' . generateQuestionMarks($ownerIds) . ')'; $params = array_merge($params, $ownerIds); } $result = $adb->pquery($q, $params); if ($adb->num_rows($result) > 0) { $output['more'] = true; } else { $output['more'] = false; } if (!$maxModifiedTime) { $modifiedtime = $mtime; } else { $modifiedtime = vtws_getSeconds($maxModifiedTime); } if (is_string($modifiedtime)) { $modifiedtime = intval($modifiedtime); } $output['lastModifiedTime'] = $modifiedtime; $error = $adb->hasFailedTransaction(); $adb->completeTransaction(); if ($error) { throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$DATABASEQUERYERROR)); } VTWS_PreserveGlobal::flush(); return $output; }
function isRecordExistInDB($fieldData, $moduleMeta, $user) { $adb = PearDatabase::getInstance(); $log = vglobal('log'); $moduleFields = $moduleMeta->getModuleFields(); $isRecordExist = false; if (array_key_exists('productid', $fieldData)) { $fieldName = 'productid'; $fieldValue = $fieldData[$fieldName]; $fieldInstance = $moduleFields[$fieldName]; if ($fieldInstance->getFieldDataType() == 'reference') { $entityId = false; if (!empty($fieldValue)) { if (strpos($fieldValue, '::::') > 0) { $fieldValueDetails = explode('::::', $fieldValue); } else { if (strpos($fieldValue, ':::') > 0) { $fieldValueDetails = explode(':::', $fieldValue); } else { $fieldValueDetails = $fieldValue; } } if (count($fieldValueDetails) > 1) { $referenceModuleName = trim($fieldValueDetails[0]); $entityLabel = trim($fieldValueDetails[1]); $entityId = getEntityId($referenceModuleName, $entityLabel); } else { $referencedModules = $fieldInstance->getReferenceList(); $entityLabel = $fieldValue; foreach ($referencedModules as $referenceModule) { $referenceModuleName = $referenceModule; $referenceEntityId = getEntityId($referenceModule, $entityLabel); if ($referenceEntityId != 0) { $entityId = $referenceEntityId; break; } } } if (!empty($entityId) && $entityId != 0) { $types = vtws_listtypes(null, $user); $accessibleModules = $types['types']; if (in_array($referenceModuleName, $accessibleModules)) { $isRecordExist = true; } } } } } return $isRecordExist; }
$url_string = ''; $smarty = new vtigerCRM_Smarty(); $smarty->assign("subject", $_REQUEST['subject']); $smarty->assign("description", $_REQUEST['description']); Zend_Json::$useBuiltinEncoderDecoder = true; $json = new Zend_Json(); $elementType = $_REQUEST['module']; global $log, $adb; $webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $current_user, $adb, $log); $meta = $handler->getMeta(); $meta->retrieveMeta(); $types = vtws_listtypes($current_user); if (!in_array($elementType, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } $wsFieldDetails = $handler->getField('parent_id'); $moduleEntityNameDetails = array(); $moduleEmailFieldDetails = array(); foreach ($wsFieldDetails['type']['refersTo'] as $type) { $referenceModuleHandler = vtws_getModuleHandlerFromName($type, $current_user); $referenceModuleMeta = $referenceModuleHandler->getMeta(); $nameFields = explode(',', $referenceModuleMeta->getNameFields()); $moduleFields = $referenceModuleMeta->getModuleFields(); $accessibleFields = array_keys($moduleFields); $accessibleNameFields = array_intersect($nameFields, $accessibleFields); $moduleEntityNameDetails[$type] = $accessibleNameFields; $moduleEmailFieldDetails[$type] = $referenceModuleMeta->getEmailFields();
$url_string = ''; $smarty = new vtigerCRM_Smarty(); $smarty->assign("subject", $_REQUEST['subject']); $smarty->assign("description", $_REQUEST['description']); Zend_Json::$useBuiltinEncoderDecoder = true; $json = new Zend_Json(); $elementType = $_REQUEST['module']; global $log, $adb; $webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $current_user, $adb, $log); $meta = $handler->getMeta(); $meta->retrieveMeta(); $types = vtws_listtypes(null, $current_user); if (!in_array($elementType, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } $wsFieldDetails = $handler->getField('parent_id'); $moduleEntityNameDetails = array(); $moduleEmailFieldDetails = array(); foreach ($wsFieldDetails['type']['refersTo'] as $type) { $referenceModuleHandler = vtws_getModuleHandlerFromName($type, $current_user); $referenceModuleMeta = $referenceModuleHandler->getMeta(); $nameFields = explode(',', $referenceModuleMeta->getNameFields()); $moduleFields = $referenceModuleMeta->getModuleFields(); $accessibleFields = array_keys($moduleFields); $accessibleNameFields = array_intersect($nameFields, $accessibleFields); $moduleEntityNameDetails[$type] = $accessibleNameFields; $moduleEmailFieldDetails[$type] = $referenceModuleMeta->getEmailFields();
function __getRLQuery($id, $module, $relatedModule, $queryParameters, $user) { global $adb, $currentModule, $log, $current_user; // Initialize required globals $currentModule = $module; // END if (empty($queryParameters['productDiscriminator'])) { $queryParameters['productDiscriminator'] = ''; } if (empty($queryParameters['columns'])) { $queryParameters['columns'] = '*'; } $productDiscriminator = strtolower($queryParameters['productDiscriminator']); // check modules $webserviceObject = VtigerWebserviceObject::fromName($adb, $relatedModule); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $relatedModule = $meta->getEntityName(); if (!$meta->isModuleEntity()) { throw new WebserviceException('INVALID_MODULE', "Given related module ({$relatedModule}) cannot be found"); } $relatedModuleId = getTabid($relatedModule); $webserviceObject = VtigerWebserviceObject::fromName($adb, $module); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $module = $meta->getEntityName(); if (!$meta->isModuleEntity()) { throw new WebserviceException('INVALID_MODULE', "Given module ({$module}) cannot be found"); } $moduleId = getTabid($module); // check permission on module $webserviceObject = VtigerWebserviceObject::fromId($adb, $id); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation on module ({$module}) is denied"); } if ($entityName !== $webserviceObject->getEntityName()) { throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect"); } if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } $idComponents = vtws_getIdComponents($id); if (!$meta->exists($idComponents[1])) { throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found"); } $crmid = $idComponents[1]; // check permission on related module and pickup meta data for further processing $webserviceObject = VtigerWebserviceObject::fromName($adb, $relatedModule); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); if (!in_array($relatedModule, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation on module ({$relatedModule}) is denied"); } if (!$meta->hasReadAccess()) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied"); } // user has enough permission to start process $query = ''; switch ($relatedModule) { case 'ModComments': $wsUserIdrs = $adb->query("select id from vtiger_ws_entity where name='Users'"); $wsUserId = $adb->query_result($wsUserIdrs, 0, 0) . 'x'; $wsContactIdrs = $adb->query("select id from vtiger_ws_entity where name='Contacts'"); $wsContactId = $adb->query_result($wsContactIdrs, 0, 0) . 'x'; switch ($module) { case 'HelpDesk': $query = "select\n\t\t\t\t\t\tconcat(case when (ownertype = 'user') then '{$wsUserId}' else '{$wsContactId}' end,ownerid) as creator,\n\t\t\t\t\t\tconcat(case when (ownertype = 'user') then '{$wsUserId}' else '{$wsContactId}' end,ownerid) as assigned_user_id,\n\t\t\t\t\t\t'TicketComments' as setype,\n\t\t\t\t\t\tcreatedtime,\n\t\t\t\t\t\tcreatedtime as modifiedtime,\n\t\t\t\t\t\t0 as id,\n\t\t\t\t\t\tcomments as commentcontent, \n\t\t\t\t\t\t'{$id}' as related_to, \n\t\t\t\t\t\t'' as parent_comments,\n\t\t\t\t\t\townertype,\n\t\t\t\t\t\tcase when (ownertype = 'user') then vtiger_users.user_name else vtiger_portalinfo.user_name end as owner_name \n\t\t\t\t\t from vtiger_ticketcomments\n\t\t\t\t\t left join vtiger_users on vtiger_users.id = ownerid\n\t\t\t\t\t left join vtiger_portalinfo on vtiger_portalinfo.id = ownerid\n\t\t\t\t\t where ticketid={$crmid}"; break; case 'Faq': $query = "select\n\t\t\t\t\t\t0 as creator,\n\t\t\t\t\t\t0 as assigned_user_id,\n\t\t\t\t\t\t'FaqComments' as setype,\n\t\t\t\t\t\tcreatedtime,\n\t\t\t\t\t\tcreatedtime as modifiedtime,\n\t\t\t\t\t\t0 as id,\n\t\t\t\t\t\tcomments as commentcontent, \n\t\t\t\t\t\t'{$id}' as related_to, \n\t\t\t\t\t\t'' as parent_comments\n\t\t\t\t\t from vtiger_faqcomments where faqid={$crmid}"; break; default: $entityInstance = CRMEntity::getInstance($relatedModule); $queryCriteria = ''; $criteria = 'All'; // currently hard coded to all ** TODO ** switch ($criteria) { // currently hard coded to all ** TODO ** case 'All': $queryCriteria = ''; break; case 'Last5': $queryCriteria = sprintf(" ORDER BY %s.%s DESC LIMIT 5", $entityInstance->table_name, $entityInstance->table_index); break; case 'Mine': $queryCriteria = ' AND vtiger_crmentity.smownerid=' . $current_user->id; break; } $query = $entityInstance->getListQuery($moduleName, sprintf(" AND %s.related_to={$crmid}", $entityInstance->table_name)); $query .= $queryCriteria; $qfields = __getRLQueryFields($meta, $queryParameters['columns']); // Remove all the \n, \r and white spaces to keep the space between the words consistent. $query = preg_replace("/[\n\r\\s]+/", " ", $query); $query = "select {$qfields} " . substr($query, stripos($query, ' FROM '), strlen($query)); break; } // end switch ModComments break; default: $relation_criteria = ''; switch ($relatedModule) { case 'Products': if ($module == 'Products') { // Product Bundles if (!empty($productDiscriminator) and $productDiscriminator == 'productparent') { $relation_criteria = " and label like '%parent%'"; } else { $relation_criteria = " and label like '%bundle%'"; // bundle by default } } break; case 'Calendar': $relation_criteria = " and label like '%Activities%'"; // History not supported //$relation_criteria = " and label like '%History%'"; break; } // special product relation with Q/SO/I/PO if ($relatedModule == 'Products' and in_array($module, array('Invoice', 'Quotes', 'SalesOrder', 'PurchaseOrder'))) { $query = 'select productid as id,sequence_no,quantity,listprice,discount_percent,discount_amount,comment,description,tax1,tax2,tax3 FROM vtiger_inventoryproductrel where id=' . $crmid; } else { $relationResult = $adb->pquery("SELECT * FROM vtiger_relatedlists WHERE tabid=? AND related_tabid=? {$relation_criteria}", array($moduleId, $relatedModuleId)); if (!$relationResult || !$adb->num_rows($relationResult)) { throw new WebserviceException('MODULES_NOT_RELATED', "Cannot find relation between {$module} and {$relatedModule}"); } if ($adb->num_rows($relationResult) > 1) { throw new WebserviceException('MANY_RELATIONS', "More than one relation exists between {$module} and {$relatedModule}"); } $relationInfo = $adb->fetch_array($relationResult); $moduleInstance = CRMEntity::getInstance($module); $params = array($crmid, $moduleId, $relatedModuleId); $relationData = call_user_method_array($relationInfo['name'], $moduleInstance, $params); $query = $relationData['query']; // select the fields the user has access to and prepare query $qfields = __getRLQueryFields($meta, $queryParameters['columns']); // Remove all the \n, \r and white spaces to keep the space between the words consistent. $query = preg_replace("/[\n\r\\s]+/", " ", $query); $query = "select {$qfields} " . substr($query, stripos($query, ' FROM '), strlen($query)); // Append additional joins for some queries $query = __getRLQueryFromJoins($query, $meta); //Appending Access Control if ($relatedModule != 'Faq' && $relatedModule != 'PriceBook' && $relatedModule != 'Vendors' && $relatedModule != 'Users') { $secQuery = getNonAdminAccessControlQuery($relatedModule, $current_user); if (strlen($secQuery) > 1) { $query = appendFromClauseToQuery($query, $secQuery); } } // This is for getting products related to Account/Contact through their Quote/SO/Invoice if (($module == 'Accounts' or $module == 'Contacts') and ($relatedModule == 'Products' or $relatedModule == 'Services') and in_array($productDiscriminator, array('productlineinvoice', 'productlinesalesorder', 'productlinequote', 'productlineall', 'productlineinvoiceonly', 'productlinesalesorderonly', 'productlinequoteonly'))) { // Here we add list of products contained in related invoice, so and quotes $relatedField = $module == 'Accounts' ? 'accountid' : 'contactid'; $pstable = $meta->getEntityBaseTable(); $psfield = $meta->getIdColumn(); if (substr($productDiscriminator, -4) == 'only') { $productDiscriminator = substr($productDiscriminator, 0, strlen($productDiscriminator) - 4); $query = ''; } if ($productDiscriminator == 'productlinequote' or $productDiscriminator == 'productlineall') { $q = "select distinct {$qfields} from vtiger_quotes\n\t\t\t\t\t\tinner join vtiger_crmentity as crmq on crmq.crmid=vtiger_quotes.quoteid\n\t\t\t\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_quotes.quoteid\n\t\t\t\t\t\tinner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_inventoryproductrel.productid \n\t\t\t\t\t\tleft join {$pstable} on {$pstable}.{$psfield} = vtiger_inventoryproductrel.productid \n\t\t\t\t\t\twhere vtiger_inventoryproductrel.productid = {$pstable}.{$psfield} AND crmq.deleted=0\n\t\t\t\t\t\t and {$relatedField} = {$crmid}"; $query .= ($query == '' ? '' : ' UNION DISTINCT ') . $q; } if ($productDiscriminator == 'productlineinvoice' or $productDiscriminator == 'productlineall') { $q = "select distinct {$qfields} from vtiger_invoice\n\t\t\t\t\t\tinner join vtiger_crmentity as crmi on crmi.crmid=vtiger_invoice.invoiceid\n\t\t\t\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_invoice.invoiceid\n\t\t\t\t\t\tinner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_inventoryproductrel.productid\n\t\t\t\t\t\tleft join {$pstable} on {$pstable}.{$psfield} = vtiger_inventoryproductrel.productid\n\t\t\t\t\t\twhere vtiger_inventoryproductrel.productid = {$pstable}.{$psfield} AND crmi.deleted=0\n\t\t\t\t\t\t and {$relatedField} = {$crmid}"; $query .= ($query == '' ? '' : ' UNION DISTINCT ') . $q; } if ($productDiscriminator == 'productlinesalesorder' or $productDiscriminator == 'productlineall') { $q = "select distinct {$qfields} from vtiger_salesorder \n\t\t\t\t\tinner join vtiger_crmentity as crms on crms.crmid=vtiger_salesorder.salesorderid\n\t\t\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_salesorder.salesorderid\n\t\t\t\t\tinner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_inventoryproductrel.productid\n\t\t\t\t\tleft join {$pstable} on {$pstable}.{$psfield} = vtiger_inventoryproductrel.productid\n\t\t\t\t\twhere vtiger_inventoryproductrel.productid = {$pstable}.{$psfield} AND crms.deleted=0\n\t\t\t\t\tand {$relatedField} = {$crmid}"; $query .= ($query == '' ? '' : ' UNION DISTINCT ') . $q; } } } // q/so/i/po-product relation break; } // end switch $relatedModule // now we add order by if needed if ($query != '' and !empty($queryParameters['orderby'])) { $query .= ' order by ' . $queryParameters['orderby']; } // now we add limit and offset if needed if ($query != '' and !empty($queryParameters['limit'])) { $query .= ' limit ' . $queryParameters['limit']; if (!empty($queryParameters['offset'])) { $query .= ',' . $queryParameters['offset']; } } return $query; }
function __FQNExtendedQueryGetQuery($q, $user) { global $adb, $log; $moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)(.*)/"; preg_match($moduleRegex, $q, $m); $mainModule = trim($m[1]); // pickup meta data of module $webserviceObject = VtigerWebserviceObject::fromName($adb, $mainModule); $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); $mainModule = $meta->getTabName(); // normalize module name // check modules if (!$meta->isModuleEntity()) { throw new WebserviceException('INVALID_MODULE', "Given main module ({$mainModule}) cannot be found"); } // check permission on module $entityName = $meta->getEntityName(); $types = vtws_listtypes(null, $user); if (!in_array($entityName, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation on module ({$mainModule}) is denied"); } if (!$meta->hasReadAccess()) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read module is denied"); } // user has enough permission to start process $fieldcolumn = $meta->getFieldColumnMapping(); $queryGenerator = new QueryGenerator($mainModule, $user); $queryColumns = trim(substr($q, 6, stripos($q, ' from ') - 5)); $queryColumns = explode(',', $queryColumns); $queryColumns = array_map(trim, $queryColumns); $countSelect = $queryColumns == array('count(*)'); $queryRelatedModules = array(); foreach ($queryColumns as $k => $field) { if (strpos($field, '.') > 0) { list($m, $f) = explode('.', $field); if (!isset($queryRelatedModules[$m])) { $relhandler = vtws_getModuleHandlerFromName($m, $user); $relmeta = $relhandler->getMeta(); $mn = $relmeta->getTabName(); // normalize module name $queryRelatedModules[$mn] = $relmeta; if ($m != $mn) { $queryColumns[$k] = $mn . '.' . $f; } } } } $queryColumns[] = 'id'; // add ID column to follow REST interface behaviour $queryGenerator->setFields($queryColumns); // take apart conditionals $queryConditions = trim($m[2], ' ;'); $moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)(.*)/"; preg_match($moduleRegex, $q, $m); $queryConditions = trim($m[2], ' ;'); if (strtolower(substr($queryConditions, 0, 5)) == 'where') { $queryConditions = substr($queryConditions, 6); } $orderbyCond = "/([oO][rR][dD][eE][rR]\\s+[bB][yY]\\s+)+(.*)/"; preg_match($orderbyCond, $queryConditions, $ob); $obflds = isset($ob[2]) ? $ob[2] : ''; if (stripos($obflds, ' limit ') > 0) { $obflds = substr($obflds, 0, stripos($obflds, ' limit ')); } $limitCond = "/([lL][iI][mM][iI][tT]\\s+)+(.*)/"; preg_match($limitCond, $queryConditions, $lm); $lmoc = isset($lm[2]) ? $lm[2] : ''; if (stripos($lmoc, ' order ') > 0) { $lmoc = substr($lmoc, 0, stripos($lmoc, ' order ')); } if (stripos($queryConditions, ' order ') > 0) { $queryConditions = substr($queryConditions, 0, stripos($queryConditions, ' order ')); } if (stripos($queryConditions, ' limit ') > 0) { $queryConditions = substr($queryConditions, 0, stripos($queryConditions, ' limit ')); } $qcst = strtolower(substr(trim($queryConditions), 0, 5)); if ($qcst == 'order' or $qcst == 'limit') { $queryConditions = ''; } // $queryConditions has all the where conditions // $obflds has the list of order by fields // $limit is the full correct limit SQL part // transform REST ids $relatedCond = "/=\\s*'*\\d+x(\\d+)'*/"; $afterwhere = preg_replace($relatedCond, ' = $1 ', $afterwhere); // where if (strlen($queryConditions) > 0) { $queryGenerator->startGroup(); $qc = trim($queryConditions); if (substr($qc, 0, 1) == '(') { $queryGenerator->startGroup(); $qc = substr($qc, 1); } $inopRegex = "/\\s+in\\s+\\(/"; $posand = stripos($qc, ' and '); $posor = stripos($qc, ' or '); $glue = ''; while ($posand > 0 or $posor > 0 or strlen($qc)) { $endgroup = false; preg_match($inopRegex, $qc, $qcop); $inop = count($qcop) > 0; $lasttwo = ''; if ($inop) { $lasttwo = str_replace(' ', '', $qc); $lasttwo = substr($lasttwo, -2); } if ($posand == 0 and $posor == 0) { if (!$inop and substr($qc, -1) == ')' or $inop and $lasttwo == '))') { $qc = substr($qc, 0, strlen($qc) - 1); $endgroup = true; } __FQNExtendedQueryAddCondition($queryGenerator, $qc, $glue, $mainModule, $fieldcolumn, $user); $qc = ''; } elseif ($posand == 0 or $posand > $posor and $posor != 0) { $qcond = trim(substr($qc, 0, $posor)); if (!$inop and substr($qcond, -1) == ')' or $inop and $lasttwo == '))') { $qcond = substr($qcond, 0, strlen($qcond) - 1); $endgroup = true; } __FQNExtendedQueryAddCondition($queryGenerator, $qcond, $glue, $mainModule, $fieldcolumn, $user); $glue = $queryGenerator::$OR; $qc = trim(substr($qc, $posor + 4)); } else { $qcond = trim(substr($qc, 0, $posand)); if (!$inop and substr($qcond, -1) == ')' or $inop and $lasttwo == '))') { $qcond = substr($qcond, 0, strlen($qcond) - 1); $endgroup = true; } __FQNExtendedQueryAddCondition($queryGenerator, $qcond, $glue, $mainModule, $fieldcolumn, $user); $glue = $queryGenerator::$AND; $qc = trim(substr($qc, $posand + 5)); } if ($endgroup) { $queryGenerator->endGroup(); } if (substr($qc, 0, 1) == '(') { $queryGenerator->startGroup($glue); $glue = ''; $qc = substr($qc, 1); } $posand = stripos($qc, ' and '); $posor = stripos($qc, ' or '); } $queryGenerator->endGroup(); } $query = 'select '; if ($countSelect) { $query .= 'count(*) '; } else { $query .= $queryGenerator->getSelectClauseColumnSQL() . ' '; } $query .= $queryGenerator->getFromClause() . ' '; $query .= $queryGenerator->getWhereClause() . ' '; // limit and order if (!empty($obflds)) { $obflds = trim($obflds); if (strtolower(substr($obflds, -3)) == 'asc') { $dir = ' asc '; $obflds = trim(substr($obflds, 0, strlen($obflds) - 3)); } elseif (strtolower(substr($obflds, -4)) == 'desc') { $dir = ' desc '; $obflds = trim(substr($obflds, 0, strlen($obflds) - 4)); } else { $dir = ''; } $obflds = explode(',', $obflds); foreach ($obflds as $k => $field) { $obflds[$k] = __FQNExtendedQueryField2Column($field, $mainModule, $fieldcolumn, $user); } $query .= ' order by ' . implode(',', $obflds) . $dir . ' '; } if (!empty($lmoc)) { $query .= " limit {$lmoc} "; } return array($query, $queryRelatedModules); }
function vtws_create($elementType, $element, $user) { $types = vtws_listtypes(null, $user); if (!in_array($elementType, $types['types'])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied"); } $adb = PearDatabase::getInstance(); $log = vglobal('log'); // Cache the instance for re-use if (!isset($vtws_create_cache[$elementType]['webserviceobject'])) { $webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType); $vtws_create_cache[$elementType]['webserviceobject'] = $webserviceObject; } else { $webserviceObject = $vtws_create_cache[$elementType]['webserviceobject']; } // END $handlerPath = $webserviceObject->getHandlerPath(); $handlerClass = $webserviceObject->getHandlerClass(); require_once $handlerPath; $handler = new $handlerClass($webserviceObject, $user, $adb, $log); $meta = $handler->getMeta(); if ($meta->hasWriteAccess() !== true) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied"); } $referenceFields = $meta->getReferenceFieldDetails(); foreach ($referenceFields as $fieldName => $details) { if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) { $ids = vtws_getIdComponents($element[$fieldName]); $elemTypeId = $ids[0]; $elemId = $ids[1]; $referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId); if (!in_array($referenceObject->getEntityName(), $details)) { throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}"); } if ($referenceObject->getEntityName() == 'Users') { if (!$meta->hasAssignPrivilege($element[$fieldName])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user"); } } if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied" . $referenceObject->getEntityName()); } } else { if ($element[$fieldName] !== NULL) { unset($element[$fieldName]); } } } if ($meta->hasMandatoryFields($element)) { $ownerFields = $meta->getOwnerFields(); if (is_array($ownerFields) && sizeof($ownerFields) > 0) { foreach ($ownerFields as $ownerField) { if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) { throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user"); } } } $entity = $handler->create($elementType, $element); VTWS_PreserveGlobal::flush(); return $entity; } else { return null; } }