Example #1
0
function vtws_setrelation($relateThisId, $withTheseIds, $user)
{
    global $log, $adb;
    list($moduleId, $elementId) = vtws_getIdComponents($relateThisId);
    $webserviceObject = VtigerWebserviceObject::fromId($adb, $moduleId);
    $handlerPath = $webserviceObject->getHandlerPath();
    $handlerClass = $webserviceObject->getHandlerClass();
    require_once $handlerPath;
    $handler = new $handlerClass($webserviceObject, $user, $adb, $log);
    $meta = $handler->getMeta();
    $moduleName = $meta->getObjectEntityName($relateThisId);
    $types = vtws_listtypes(null, $user);
    if (!in_array($moduleName, $types['types'])) {
        throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
    }
    if ($moduleName !== $webserviceObject->getEntityName()) {
        throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
    }
    if (!$meta->hasPermission(EntityMeta::$UPDATE, $relateThisId)) {
        throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
    }
    if (!$meta->exists($elementId)) {
        throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
    }
    if ($meta->hasWriteAccess() !== true) {
        throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
    }
    vtws_internal_setrelation($elementId, $moduleName, $withTheseIds);
    VTWS_PreserveGlobal::flush();
    return true;
}
Example #2
0
function vtws_create($elementType, $element, $user)
{
    $types = vtws_listtypes(null, $user);
    if (!in_array($elementType, $types['types'])) {
        throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
    }
    global $log, $adb;
    if (!empty($element['relations'])) {
        $relations = $element['relations'];
        unset($element['relations']);
    }
    // Cache the instance for re-use
    if (!isset($vtws_create_cache[$elementType]['webserviceobject'])) {
        $webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
        $vtws_create_cache[$elementType]['webserviceobject'] = $webserviceObject;
    } else {
        $webserviceObject = $vtws_create_cache[$elementType]['webserviceobject'];
    }
    // END
    $handlerPath = $webserviceObject->getHandlerPath();
    $handlerClass = $webserviceObject->getHandlerClass();
    require_once $handlerPath;
    $handler = new $handlerClass($webserviceObject, $user, $adb, $log);
    $meta = $handler->getMeta();
    if ($meta->hasWriteAccess() !== true) {
        throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
    }
    $referenceFields = $meta->getReferenceFieldDetails();
    foreach ($referenceFields as $fieldName => $details) {
        if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
            $ids = vtws_getIdComponents($element[$fieldName]);
            $elemTypeId = $ids[0];
            $elemId = $ids[1];
            $referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
            if (!in_array($referenceObject->getEntityName(), $details)) {
                throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
            }
            if ($referenceObject->getEntityName() == 'Users') {
                if (!$meta->hasAssignPrivilege($element[$fieldName])) {
                    throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
                }
            }
            if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') {
                throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied" . $referenceObject->getEntityName());
            }
        } else {
            if ($element[$fieldName] !== NULL) {
                unset($element[$fieldName]);
            }
        }
    }
    if ($meta->hasMandatoryFields($element)) {
        $ownerFields = $meta->getOwnerFields();
        if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
            foreach ($ownerFields as $ownerField) {
                if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
                    throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
                }
            }
        }
        //  Product line support
        if (($elementType == 'Quotes' || $elementType == 'PurchaseOrder' || $elementType == 'SalesOrder' || $elementType == 'Invoice') && is_array($element['pdoInformation'])) {
            include 'include/Webservices/ProductLines.php';
        } else {
            $_REQUEST['action'] = $elementType . 'Ajax';
        }
        if ($elementType == 'HelpDesk') {
            //Added to construct the update log for Ticket history
            $colflds = $element;
            list($void, $colflds['assigned_user_id']) = explode('x', $colflds['assigned_user_id']);
            $grp_name = fetchGroupName($colflds['assigned_user_id']);
            $assigntype = $grp_name != '' ? 'T' : 'U';
            $updlog = HelpDesk::getUpdateLogCreateMessage($colflds, $grp_name, $assigntype);
            $updlog = from_html($updlog, false);
        }
        $entity = $handler->create($elementType, $element);
        if ($elementType == 'HelpDesk') {
            list($wsid, $newrecid) = vtws_getIdComponents($entity['id']);
            $adb->pquery('update vtiger_troubletickets set update_log=? where ticketid=?', array($updlog, $newrecid));
        }
        // Establish relations
        if (!empty($relations)) {
            list($wsid, $newrecid) = vtws_getIdComponents($entity['id']);
            $modname = $meta->getEntityName();
            vtws_internal_setrelation($newrecid, $modname, $relations);
        }
        VTWS_PreserveGlobal::flush();
        return $entity;
    } else {
        return null;
    }
}