/**
* @dataProvider getQueries
*/
public function testCheckQuery($where, $order_by, $ok)
{
$helper = new SugarSQLValidate();
$res = $helper->validateQueryClauses($where, $order_by);
if ($ok) {
$this->assertTrue($res);
} else {
$this->assertFalse($res);
}
}
/**
* @dataProvider getQueries
* @outputBuffering disabled
*/
public function testCheckQuery($where, $order_by, $ok)
{
$helper = new SugarSQLValidate();
$res = $helper->validateQueryClauses($where, $order_by);
$params = array($where, $order_by);
if ($ok) {
$this->assertTrue($res, string_format("Failed asserting that where: {0} and order by: {1} is valid", $params));
} else {
$this->assertFalse($res, string_format("Failed asserting that where: {0} and order by: {1} is invalid", $params));
}
}
function checkQuery($errorObject, $query, $order_by = '')
{
require_once 'include/SugarSQLValidate.php';
$valid = new SugarSQLValidate();
if (!$valid->validateQueryClauses($query, $order_by)) {
$GLOBALS['log']->error("SoapHelperWebServices->checkQuery - bad query: {$query} {$order_by}");
$errorObject->set_error('no_access');
$this->setFaultObject($errorObject);
return false;
}
return true;
}
function get_related_list($in, $template, $where, $order_by, $row_offset = 0, $limit = "")
{
$q = '';
//if $in is empty then pass in a query to get the list of related list
if (empty($in) || $in == '()' || $in == "('')") {
$in = '';
//build the query to pass into the template list function
$q = 'select id from ' . $template->table_name . ' where deleted = 0 ';
//add where statement if it is not empty
if (!empty($where)) {
require_once 'include/SugarSQLValidate.php';
$valid = new SugarSQLValidate();
if (!$valid->validateQueryClauses($where)) {
$GLOBALS['log']->error("Bad query: {$where}");
// No way to directly pass back an error.
return array();
}
$q .= ' and ( ' . $where . ' ) ';
}
}
return $template->build_related_list_where($q, $template, $where, $in, $order_by, $limit, $row_offset);
}
/**
* Retrieve number of records in a given module
*
* @param session the session id of the authenticated user
* @param module_name module to retrieve number of records from
* @param query allows webservice user to provide a WHERE clause
* @param deleted specify whether or not to include deleted records
*
@return get_entries_count_result - this is a complex type as defined in SoapTypes.php
*/
function get_entries_count($session, $module_name, $query, $deleted)
{
global $beanList, $beanFiles, $current_user;
$error = new SoapError();
if (!validate_authenticated($session)) {
$error->set_error('invalid_login');
return array('result_count' => -1, 'error' => $error->get_soap_array());
}
if (empty($beanList[$module_name])) {
$error->set_error('no_module');
return array('result_count' => -1, 'error' => $error->get_soap_array());
}
if (!check_modules_access($current_user, $module_name, 'list')) {
$error->set_error('no_access');
return array('result_count' => -1, 'error' => $error->get_soap_array());
}
$class_name = $beanList[$module_name];
require_once $beanFiles[$class_name];
$seed = new $class_name();
if (!$seed->ACLAccess('ListView')) {
$error->set_error('no_access');
return array('result_count' => -1, 'error' => $error->get_soap_array());
}
$sql = 'SELECT COUNT(*) result_count FROM ' . $seed->table_name . ' ';
$customJoin = $seed->getCustomJoin();
$sql .= $customJoin['join'];
// build WHERE clauses, if any
$where_clauses = array();
if (!empty($query)) {
require_once 'include/SugarSQLValidate.php';
$valid = new SugarSQLValidate();
if (!$valid->validateQueryClauses($query)) {
$GLOBALS['log']->error("Bad query: {$query}");
$error->set_error('no_access');
return array('result_count' => -1, 'error' => $error->get_soap_array());
}
$where_clauses[] = $query;
}
if ($deleted == 0) {
$where_clauses[] = $seed->table_name . '.deleted = 0';
}
// if WHERE clauses exist, add them to query
if (!empty($where_clauses)) {
$sql .= ' WHERE ' . implode(' AND ', $where_clauses);
}
$res = $GLOBALS['db']->query($sql);
$row = $GLOBALS['db']->fetchByAssoc($res);
return array('result_count' => $row['result_count'], 'error' => $error->get_soap_array());
}
/**
* testGetEntryListThunderbirdPlugin
*
* This method tests the SugarSQLValidate.php's validateQuery method.
*
* @param $sql String of the test SQL to simulate the Word plugin
*
* @outputBuffering disabled
* @dataProvider getEntryListThunderbirdPluginQueries
*/
public function testGetEntryListThunderbirdPlugin($sql)
{
$this->markTestIncomplete('Need to resolve the above query or investigate a workaround for Opacus');
$valid = new SugarSQLValidate();
$this->assertTrue($valid->validateQueryClauses($sql), "SugarSQLValidate found Bad query: {$sql}");
}
function sync_get_entries($session, $module_name, $from_date, $to_date, $offset, $max_results, $select_fields, $query, $deleted)
{
$name = strtolower($module_name);
global $current_user;
$error = new SoapError();
if (!validate_authenticated($session)) {
$error->set_error('invalid_login');
return array('result_count' => -1, 'entry_list' => array(), 'error' => $error->get_soap_array());
}
global $current_user;
if (!check_modules_access($current_user, $module_name, 'read')) {
$error->set_error('no_access');
return array('result_count' => -1, 'entry_list' => array(), 'error' => $error->get_soap_array());
}
if ($max_results > 0) {
global $sugar_config;
$sugar_config['list_max_entries_per_page'] = $max_results;
}
$seed = BeanFactory::getBean($module_name);
if (empty($seed)) {
$error->set_error('no_module');
return array('result_count' => -1, 'entry_list' => array(), 'error' => $error->get_soap_array());
}
if ($offset == '' || $offset == -1) {
$offset = 0;
}
$table_name = $seed->table_name;
if (!empty($query)) {
require_once 'include/SugarSQLValidate.php';
$valid = new SugarSQLValidate();
if (!$valid->validateQueryClauses($query)) {
$GLOBALS['log']->error("Bad query: {$query}");
$error->set_error('no_access');
return array('result_count' => -1, 'entry_list' => array(), 'error' => $error->get_soap_array());
}
$query = "( {$query} ) AND ";
}
$response = $seed->get_list('', $query . "{$table_name}.date_modified > " . db_convert("'" . $GLOBALS['db']->quote($from_date) . "'", 'datetime') . " AND {$table_name}.date_modified <= " . db_convert("'" . $GLOBALS['db']->quote($to_date) . "'", 'datetime'), $offset, -1, -1, $deleted);
$output_list = array();
$field_list = array();
//now handle updating info on teams who we no longer have access to
$seed->disable_row_level_security = true;
if ($seed->is_AuditEnabled() && $offset == 0) {
//embeded selects would have been better
$query_team = "SELECT audit_table.parent_id FROM " . $seed->get_audit_table_name() . " audit_table RIGHT JOIN team_memberships on team_memberships.deleted = 0 AND team_memberships.team_id = audit_table.before_value_string AND team_memberships.user_id = '{$current_user->id}' where audit_table.field_name = 'team_id' AND audit_table.date_created > " . db_convert("'" . $GLOBALS['db']->quote($from_date) . "'", 'datetime') . " AND audit_table.date_created <= " . db_convert("'" . $GLOBALS['db']->quote($to_date) . "'", 'datetime');
$team_results = $seed->db->query($query_team);
$team_result_ids = array();
$team_response = array('list' => array());
while ($row = $seed->db->fetchByAssoc($team_results)) {
$team_result_ids[] = $row['parent_id'];
}
if (!empty($team_result_ids)) {
$query = " {$seed->table_name}.id IN ('" . implode("', '", $team_result_ids) . "') ";
$team_response = $seed->get_list('', $query, 0, -99, -1, $deleted);
}
foreach ($team_response['list'] as $value) {
$output_list[] = get_return_value($value, $module_name, false);
if (empty($field_list)) {
$field_list = get_field_list($value);
}
}
}
$list = $response['list'];
$total_count = $response['row_count'];
$next_offset = $response['next_offset'];
foreach ($list as $value) {
//bug: 31668 - rrs ensure we are sending back the email address along with the bean when performing a sync.
if (isset($value->emailAddress)) {
$value->emailAddress->handleLegacyRetrieve($value);
}
$output_list[] = get_return_value($value, $module_name);
if (empty($field_list)) {
$field_list = get_field_list($value);
}
}
/* now get the fields that have had there teams changed*/
$output_list = filter_return_list($output_list, $select_fields, $module_name);
$field_list = filter_field_list($field_list, $select_fields, $module_name);
$myfields = get_encoded($field_list);
$myoutput = get_encoded($output_list);
return array('result_count' => sizeof($output_list), 'next_offset' => $next_offset, 'total_count' => $total_count, 'field_list' => $field_list, 'entry_list' => $myoutput, 'error' => $error->get_soap_array());
}