/**
* Builds an SQL query to copy the given record. This honours permissions
* and will only copy columns for which 'view' access is available in the
* source record and 'edit' access is available in the destination record.
*
* Individual column failures (due to permissions) are recorded in the
* $warnings variable of this class. It will be an array of Dataface_Error
* objects.
*
* @param Dataface_Record $record The record being copied.
* @param array $valls Values that should be placed in the copied version.
* @param boolean $force If true this will perform the copy despite individual
* column warnings.
* @returns string The SQL query to copy the record.
*/
function buildCopyQuery($record, $vals = array(), $force = true)
{
$dummy = new Dataface_Record($record->_table->tablename, $vals);
if (!$record->checkPermission('view') || !$dummy->checkPermission('edit')) {
return Dataface_Error::permissionDenied("Failed to copy record '" . $record->getTitle() . "' because of insufficient permissions.");
}
$copy_fields = array_keys($record->_table->fields());
// Go through each field and see if we have copy permission.
// Copy permission is two-fold: 1- make sure the source is viewable
// 2- make sure the destination is editable.
$failed = false;
foreach ($copy_fields as $key => $fieldname) {
if (!$record->checkPermission('view', array('field' => $fieldname)) || !$dummy->checkPermission('edit', array('field' => $fieldname))) {
$this->warnings[] = Dataface_Error::permissionDenied("The field '{$fieldname}' could not be copied for record '" . $record->getTitle() . "' because of insufficient permissions.");
unset($copy_fields[$key]);
$failed = true;
}
}
// If we are not forcing completion, any failures will result in cancellation
// of the copy.
if (!$force and $failed) {
return Dataface_Error::permissionDenied("Failed to copy the record '" . $record->getTitle() . "' due to insufficient permissions on one or more of the columns.");
}
// We don't copy auto increment fields.
$auto_inc_field = $record->_table->getAutoIncrementField();
if ($auto_inc_field) {
$key = array_search($auto_inc_field, $copy_fields);
if ($key !== false) {
unset($copy_fields[$key]);
}
}
// Now we can build the query.
$sql = array();
$sql[] = "insert into `" . $record->_table->tablename . "`";
$sql[] = "(`" . implode('`,`', $copy_fields) . "`)";
$copy_values = array();
foreach ($copy_fields as $key => $val) {
if (isset($vals[$val])) {
$copy_values[$key] = "'" . addslashes($dummy->getSerializedValue($val)) . "' as `{$val}`";
} else {
$copy_values[$key] = "`" . $val . "`";
}
}
$sql[] = "select " . implode(', ', $copy_values) . " from `" . $record->_table->tablename . "`";
$qb = new Dataface_QueryBuilder($record->_table->tablename);
$keys = array_keys($record->_table->keys());
$q = array();
foreach ($keys as $key_fieldname) {
$q[$key_fieldname] = $record->strval($key_fieldname);
}
$where = $qb->_where($q);
$where = $qb->_secure($where);
$sql[] = $where;
return implode(' ', $sql);
}
function test_getSerializedValue()
{
$s = new Dataface_Record('Profiles', array());
$s->setValue('id', 10);
$s->setValue('datecreated', '19991224000000');
$this->assertEquals($s->getSerializedValue('id'), '10');
$this->assertEquals($s->getSerializedValue('datecreated'), '19991224000000');
}
