function vtws_retrieve($id, $user)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$entity = $handler->retrieve($id);
VTWS_PreserveGlobal::flush();
return $entity;
}
function vtws_setrelation($relateThisId, $withTheseIds, $user)
{
global $log, $adb;
list($moduleId, $elementId) = vtws_getIdComponents($relateThisId);
$webserviceObject = VtigerWebserviceObject::fromId($adb, $moduleId);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$moduleName = $meta->getObjectEntityName($relateThisId);
$types = vtws_listtypes(null, $user);
if (!in_array($moduleName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($moduleName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$UPDATE, $relateThisId)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
if (!$meta->exists($elementId)) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
vtws_internal_setrelation($elementId, $moduleName, $withTheseIds);
VTWS_PreserveGlobal::flush();
return true;
}
function vtws_update($element, $user)
{
global $log, $adb;
$idList = vtws_getIdComponents($element['id']);
$webserviceObject = VtigerWebserviceObject::fromId($adb, $idList[0]);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($element['id']);
$types = vtws_listtypes($user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$UPDATE, $element['id'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
if (!$meta->exists($idList[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if (!in_array($referenceObject->getEntityName(), $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied " . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
$meta->hasMandatoryFields($element);
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
$entity = $handler->update($element);
VTWS_PreserveGlobal::flush();
return $entity;
}
function vtws_retrieve($id, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$entity = $handler->retrieve($id);
//return product lines
if ($entityName == 'Quotes' || $entityName == 'PurchaseOrder' || $entityName == 'SalesOrder' || $entityName == 'Invoice') {
list($wsid, $recordid) = explode('x', $id);
$result = $adb->pquery('select * from vtiger_inventoryproductrel where id=?', array($recordid));
while ($row = $adb->getNextRow($result, false)) {
if ($row['discount_amount'] == NULL && $row['discount_percent'] == NULL) {
$discount = 0;
$discount_type = 0;
} else {
$discount = 1;
}
if ($row['discount_amount'] == NULL) {
$discount_amount = 0;
} else {
$discount_amount = $row['discount_amount'];
$discount_type = 'amount';
}
if ($row['discount_percent'] == NULL) {
$discount_percent = 0;
} else {
$discount_percent = $row['discount_percent'];
$discount_type = 'percentage';
}
$onlyPrd = array("productid" => $row['productid'], "comment" => $row['comment'], "qty" => $row['quantity'], "listprice" => $row['listprice'], 'discount' => $discount, "discount_type" => $discount_type, "discount_percentage" => $discount_percent, "discount_amount" => $discount_amount);
$entity['pdoInformation'][] = $onlyPrd;
}
}
VTWS_PreserveGlobal::flush();
return $entity;
}
function vtws_retrievedocattachment($all_ids, $returnfile, $user)
{
global $log, $adb;
$entities = array();
$docWSId = vtyiicpng_getWSEntityId('Documents');
$log->debug("Entering function vtws_retrievedocattachment");
$all_ids = "(" . str_replace($docWSId, '', $all_ids) . ")";
$query = "SELECT n.notesid, n.filename, n.filelocationtype\n FROM vtiger_notes n\n INNER JOIN vtiger_crmentity c ON c.crmid=n.notesid\n WHERE n.notesid in {$all_ids} and n.filelocationtype in ('I','E') and c.deleted=0";
$result = $adb->query($query);
$nr = $adb->num_rows($result);
for ($i = 0; $i < $nr; $i++) {
$id = $docWSId . $adb->query_result($result, $i, 'notesid');
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object ({$id}) is denied");
}
$ids = vtws_getIdComponents($id);
if (!$meta->exists($ids[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Document Record you are trying to access is not found");
}
$document_id = $ids[1];
$filetype = $adb->query_result($result, $i, 'filelocationtype');
if ($filetype == 'E') {
$entity["recordid"] = $adb->query_result($result, $i, 'notesid');
$entity["filetype"] = $fileType;
$entity["filename"] = $adb->query_result($result, $i, 'filename');
$entity["filesize"] = 0;
$entity["attachment"] = base64_encode('');
} elseif ($filetype == 'I') {
$entity = vtws_retrievedocattachment_get_attachment($document_id, true, $returnfile);
}
$entities[$id] = $entity;
VTWS_PreserveGlobal::flush();
}
// end for ids
$log->debug("Leaving function vtws_retrievedocattachment");
return $entities;
}
function cbws_getrecordimageinfo($id, $user)
{
global $log, $adb, $site_URL;
$log->debug("Entering function cbws_getrecordimageinfo({$id})");
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read entity is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$ids = vtws_getIdComponents($id);
$pdoid = $ids[1];
$rdo = array();
$query = 'select vtiger_attachments.name, vtiger_attachments.type, vtiger_attachments.attachmentsid, vtiger_attachments.path
from vtiger_attachments
inner join vtiger_crmentity on vtiger_crmentity.crmid = vtiger_attachments.attachmentsid
inner join vtiger_seattachmentsrel on vtiger_attachments.attachmentsid=vtiger_seattachmentsrel.attachmentsid
where (vtiger_crmentity.setype LIKE "%Image" or vtiger_crmentity.setype LIKE "%Attachment")
and deleted=0 and vtiger_seattachmentsrel.crmid=?';
$result_image = $adb->pquery($query, array($pdoid));
$rdo['results'] = $adb->num_rows($result_image);
$rdo['images'] = array();
while ($img = $adb->fetch_array($result_image)) {
$imga = array();
$imga['name'] = $img['name'];
$imga['path'] = $img['path'];
$imga['fullpath'] = $site_URL . '/' . $img['path'] . $img['attachmentsid'] . '_' . $img['name'];
$imga['type'] = $img['type'];
$imga['id'] = $img['attachmentsid'];
$rdo['images'][] = $imga;
}
VTWS_PreserveGlobal::flush();
$log->debug("Leaving function cbws_getrecordimageinfo");
return $rdo;
}
function vtws_query($q, $user)
{
static $vtws_query_cache = array();
$adb = PearDatabase::getInstance();
$log = vglobal('log');
// Cache the instance for re-use
$moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/";
$moduleName = '';
if (preg_match($moduleRegex, $q, $m)) {
$moduleName = trim($m[1]);
}
if (!isset($vtws_create_cache[$moduleName]['webserviceobject'])) {
$webserviceObject = VtigerWebserviceObject::fromQuery($adb, $q);
$vtws_query_cache[$moduleName]['webserviceobject'] = $webserviceObject;
} else {
$webserviceObject = $vtws_query_cache[$moduleName]['webserviceobject'];
}
// END
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
// Cache the instance for re-use
if (!isset($vtws_query_cache[$moduleName]['handler'])) {
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$vtws_query_cache[$moduleName]['handler'] = $handler;
} else {
$handler = $vtws_query_cache[$moduleName]['handler'];
}
// END
// Cache the instance for re-use
if (!isset($vtws_query_cache[$moduleName]['meta'])) {
$meta = $handler->getMeta();
$vtws_query_cache[$moduleName]['meta'] = $meta;
} else {
$meta = $vtws_query_cache[$moduleName]['meta'];
}
// END
$types = vtws_listtypes(null, $user);
if (!in_array($webserviceObject->getEntityName(), $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if (!$meta->hasReadAccess()) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read is denied");
}
$result = $handler->query($q);
VTWS_PreserveGlobal::flush();
return $result;
}
function vtws_describe($elementType, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$types = vtws_listtypes(null, $user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$entity = $handler->describe($elementType);
VTWS_PreserveGlobal::flush();
return $entity;
}
function getListing($user)
{
$modulewsids = Mobile_WS_Utils::getEntityModuleWSIds();
// Disallow modules
unset($modulewsids['Users']);
// Calendar & Events module will be merged
unset($modulewsids['Events']);
$listresult = vtws_listtypes(null, $user);
$listing = array();
foreach ($listresult['types'] as $index => $modulename) {
if (!isset($modulewsids[$modulename])) {
continue;
}
$listing[] = array('id' => $modulewsids[$modulename], 'name' => $modulename, 'isEntity' => $listresult['information'][$modulename]['isEntity'], 'label' => $listresult['information'][$modulename]['label'], 'singular' => $listresult['information'][$modulename]['singular']);
}
return $listing;
}
/**
* Function to get emails related modules
* @return <Array> - list of modules
*/
public function getEmailRelatedModules()
{
$userPrivModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
$relatedModules = vtws_listtypes(array('email'), Users_Record_Model::getCurrentUserModel());
$relatedModules = $relatedModules['types'];
foreach ($relatedModules as $key => $moduleName) {
if ($moduleName === 'Users') {
unset($relatedModules[$key]);
}
}
foreach ($relatedModules as $moduleName) {
$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
if ($userPrivModel->isAdminUser() || $userPrivModel->hasGlobalReadPermission() || $userPrivModel->hasModulePermission($moduleModel->getId())) {
$emailRelatedModules[] = $moduleName;
}
}
$emailRelatedModules[] = 'Users';
return $emailRelatedModules;
}
function vtws_query($q, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromQuery($adb, $q);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$types = vtws_listtypes(null, $user);
if (!in_array($webserviceObject->getEntityName(), $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if (!$meta->hasReadAccess()) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read is denied");
}
$result = $handler->query($q);
VTWS_PreserveGlobal::flush();
return $result;
}
/**
* @author MAK
*/
function vtws_deleteUser($id, $newOwnerId, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes($user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied, EntityName = " . $entityName);
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$DELETE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found, idComponent = " . $idComponents);
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$newIdComponents = vtws_getIdComponents($newOwnerId);
if (empty($newIdComponents[1])) {
//force the default user to be the default admin user.
//added cause eazybusiness team is sending this value empty
$newIdComponents[1] = 1;
}
vtws_transferOwnership($idComponents[1], $newIdComponents[1]);
//delete from user vtiger_table;
$sql = "delete from vtiger_users where id=?";
vtws_runQueryAsTransaction($sql, array($idComponents[1]), $result);
VTWS_PreserveGlobal::flush();
return array("status" => "successful");
}
function getListing($user)
{
function useSortBySettings($a, $b)
{
global $displayed_modules;
$posA = $displayed_modules[$a['name']];
$posB = $displayed_modules[$b['name']];
if ($posA == $posB) {
return 0;
}
return $posA < $posB ? -1 : 1;
}
//settings information
global $displayed_modules, $current_language, $app_strings;
$modulewsids = Mobile_WS_Utils::getEntityModuleWSIds();
// Disallow modules
unset($modulewsids['Users']);
include_once dirname(__FILE__) . '/../../Mobile.Config.php';
$CRM_Version = Mobile::config('crm_version');
if ($CRM_Version != '5.2.1') {
//we use this class only for privilege purposes on types
$listresult = vtws_listtypes(null, $user, 'en_us');
} else {
$listresult = vtws_listtypes($user);
}
$listing = array();
foreach ($listresult['types'] as $index => $modulename) {
if (!isset($modulewsids[$modulename])) {
continue;
}
if (in_array($modulename, $displayed_modules)) {
$listing[] = array('id' => $modulewsids[$modulename], 'name' => $modulename, 'isEntity' => $listresult['information'][$modulename]['isEntity'], 'label' => getTranslatedString($modulename, $modulename), 'singular' => getTranslatedString('SINGLE_' . $modulename, $modulename));
}
}
//make sure the active modules are displayed in the order of the $displayed_modules settings entry in MobileSettings.config.php
$displayed_modules = array_flip($displayed_modules);
usort($listing, 'useSortBySettings');
return $listing;
}
function cbws_getpdfdata($id, $user)
{
global $log, $adb;
$log->debug("Entering function vtws_getpdfdata");
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$objectName = $webserviceObject->getEntityName();
if (!in_array($objectName, array('Invoice', 'Quotes', 'SalesOrder', 'PurchaseOrder'))) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Only Inventory modules support PDF Output.");
}
$ids = vtws_getIdComponents($id);
$document_id = $ids[1];
$entity = get_module_pdf($objectName, $document_id);
VTWS_PreserveGlobal::flush();
$log->debug("Leaving function vtws_getpdfdata");
return $entity;
}
/**
* @author MAK
*/
function vtws_deleteUser($id, $newOwnerId, $user)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied, EntityName = " . $entityName);
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$DELETE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found, idComponent = " . $idComponents);
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$newIdComponents = vtws_getIdComponents($newOwnerId);
if (empty($newIdComponents[1])) {
//force the default user to be the default admin user.
$newIdComponents[1] = 1;
}
$userObj = new Users();
$userObj->transformOwnerShipAndDelete($idComponents[1], $newIdComponents[1]);
VTWS_PreserveGlobal::flush();
return array("status" => "successful");
}
function vtws_relatedtypes($elementType, $user)
{
global $adb, $log;
$allowedTypes = vtws_listtypes(null, $user);
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$tabid = $meta->getTabId();
$sql = "SELECT vtiger_relatedlists.label, vtiger_tab.name, vtiger_tab.isentitytype FROM vtiger_relatedlists \n INNER JOIN vtiger_tab ON vtiger_tab.tabid=vtiger_relatedlists.related_tabid \n WHERE vtiger_relatedlists.tabid=? AND vtiger_tab.presence = 0";
$params = array($tabid);
$rs = $adb->pquery($sql, $params);
$return = array('types' => array(), 'information' => array());
while ($row = $adb->fetch_array($rs)) {
if (in_array($row['name'], $allowedTypes['types'])) {
$return['types'][] = $row['name'];
// There can be same module related under different label - so label is our key.
$return['information'][$row['label']] = array('name' => $row['name'], 'label' => $row['label'], 'isEntity' => $row['isentitytype']);
}
}
return $return;
}
function vtws_create($elementType, $element, $user)
{
$types = vtws_listtypes(null, $user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
global $log, $adb;
if (!empty($element['relations'])) {
$relations = $element['relations'];
unset($element['relations']);
}
// Cache the instance for re-use
if (!isset($vtws_create_cache[$elementType]['webserviceobject'])) {
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$vtws_create_cache[$elementType]['webserviceobject'] = $webserviceObject;
} else {
$webserviceObject = $vtws_create_cache[$elementType]['webserviceobject'];
}
// END
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if ($referenceObject->getEntityName() == 'Users') {
if (!$meta->hasAssignPrivilege($element[$fieldName])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied" . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
if ($meta->hasMandatoryFields($element)) {
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
// Product line support
if (($elementType == 'Quotes' || $elementType == 'PurchaseOrder' || $elementType == 'SalesOrder' || $elementType == 'Invoice') && is_array($element['pdoInformation'])) {
include 'include/Webservices/ProductLines.php';
} else {
$_REQUEST['action'] = $elementType . 'Ajax';
}
if ($elementType == 'HelpDesk') {
//Added to construct the update log for Ticket history
$colflds = $element;
list($void, $colflds['assigned_user_id']) = explode('x', $colflds['assigned_user_id']);
$grp_name = fetchGroupName($colflds['assigned_user_id']);
$assigntype = $grp_name != '' ? 'T' : 'U';
$updlog = HelpDesk::getUpdateLogCreateMessage($colflds, $grp_name, $assigntype);
$updlog = from_html($updlog, false);
}
$entity = $handler->create($elementType, $element);
if ($elementType == 'HelpDesk') {
list($wsid, $newrecid) = vtws_getIdComponents($entity['id']);
$adb->pquery('update vtiger_troubletickets set update_log=? where ticketid=?', array($updlog, $newrecid));
}
// Establish relations
if (!empty($relations)) {
list($wsid, $newrecid) = vtws_getIdComponents($entity['id']);
$modname = $meta->getEntityName();
vtws_internal_setrelation($newrecid, $modname, $relations);
}
VTWS_PreserveGlobal::flush();
return $entity;
} else {
return null;
}
}
public function getReferenceList()
{
static $referenceList = array();
if ($this->referenceList === null) {
if (isset($referenceList[$this->getFieldId()])) {
$this->referenceList = $referenceList[$this->getFieldId()];
return $referenceList[$this->getFieldId()];
}
if (!isset(WebserviceField::$fieldTypeMapping[$this->getUIType()])) {
$this->getFieldTypeFromUIType();
}
$fieldTypeData = WebserviceField::$fieldTypeMapping[$this->getUIType()];
$referenceTypes = array();
if ($this->getUIType() != $this->genericUIType) {
$sql = "select * from vtiger_ws_referencetype where fieldtypeid=?";
$params = array($fieldTypeData['fieldtypeid']);
} else {
$sql = 'select relmodule as type from vtiger_fieldmodulerel where fieldid=?';
$params = array($this->getFieldId());
}
$result = $this->pearDB->pquery($sql, $params);
$numRows = $this->pearDB->num_rows($result);
for ($i = 0; $i < $numRows; ++$i) {
array_push($referenceTypes, $this->pearDB->query_result($result, $i, "type"));
}
//to handle hardcoding done for Calendar module todo activities.
if ($this->tabid == 9 && $this->fieldName == 'parent_id') {
$referenceTypes[] = 'Invoice';
$referenceTypes[] = 'Quotes';
$referenceTypes[] = 'PurchaseOrder';
$referenceTypes[] = 'SalesOrder';
$referenceTypes[] = 'Campaigns';
}
if ($this->getUIType() == 26) {
// DocumentFolders
$referenceTypes[] = 'DocumentFolders';
}
global $current_user;
$types = vtws_listtypes(null, $current_user);
$accessibleTypes = $types['types'];
if (!is_admin($current_user)) {
array_push($accessibleTypes, 'Users');
}
$referenceTypes = array_values(array_intersect($accessibleTypes, $referenceTypes));
$referenceList[$this->getFieldId()] = $referenceTypes;
$this->referenceList = $referenceTypes;
return $referenceTypes;
}
return $this->referenceList;
}
function vtws_update($element, $user)
{
global $log, $adb;
$idList = vtws_getIdComponents($element['id']);
$webserviceObject = VtigerWebserviceObject::fromId($adb, $idList[0]);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($element['id']);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$UPDATE, $element['id'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
if (!$meta->exists($idList[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if ($referenceObject->getEntityName() == 'Users') {
if (!$meta->hasAssignPrivilege($element[$fieldName])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied " . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
$meta->hasMandatoryFields($element);
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
// Product line support
if (($entityName == 'Quotes' || $entityName == 'PurchaseOrder' || $entityName == 'SalesOrder' || $entityName == 'Invoice') && is_array($element['pdoInformation'])) {
include_once 'include/Webservices/ProductLines.php';
} else {
$_REQUEST['action'] = $entityName . 'Ajax';
}
if ($entityName == 'HelpDesk') {
//Added to construct the update log for Ticket history
$colflds = $element;
list($void, $colflds['assigned_user_id']) = explode('x', $colflds['assigned_user_id']);
$updlog = HelpDesk::getUpdateLogEditMessage($idList[1], $colflds);
$updlog = from_html($updlog, true);
}
$entity = $handler->update($element);
if ($entityName == 'HelpDesk') {
$adb->pquery('update vtiger_troubletickets set update_log=? where ticketid=?', array($updlog, $idList[1]));
}
VTWS_PreserveGlobal::flush();
return $entity;
}
public function getReferenceList()
{
static $referenceList = array();
if ($this->referenceList === null) {
if (isset($referenceList[$this->getFieldId()])) {
$this->referenceList = $referenceList[$this->getFieldId()];
return $referenceList[$this->getFieldId()];
}
if (!isset(WebserviceField::$fieldTypeMapping[$this->getUIType()])) {
$this->getFieldTypeFromUIType();
}
$fieldTypeData = WebserviceField::$fieldTypeMapping[$this->getUIType()];
$current_user = vglobal('current_user');
$types = vtws_listtypes(null, $current_user);
$accessibleTypes = $types['types'];
//If it is non admin user or the edit and view is there for profile then users module will be accessible
if (!is_admin($current_user) && !in_array("Users", $accessibleTypes)) {
array_push($accessibleTypes, 'Users');
}
$referenceTypes = array();
if ($this->getUIType() != $this->genericUIType) {
$sql = "select vtiger_ws_referencetype.`type` from vtiger_ws_referencetype INNER JOIN vtiger_tab ON vtiger_tab.`name` = vtiger_ws_referencetype.`type` where fieldtypeid=? AND vtiger_tab.`presence` NOT IN (?)";
$params = array($fieldTypeData['fieldtypeid'], 1);
} else {
$sql = 'select relmodule as type from vtiger_fieldmodulerel INNER JOIN vtiger_tab ON vtiger_tab.`name` = vtiger_fieldmodulerel.`relmodule` WHERE fieldid=? AND vtiger_tab.`presence` NOT IN (?) ORDER BY sequence ASC';
$params = array($this->getFieldId(), 1);
}
$result = $this->pearDB->pquery($sql, $params);
$numRows = $this->pearDB->num_rows($result);
for ($i = 0; $i < $numRows; ++$i) {
$referenceType = $this->pearDB->query_result($result, $i, "type");
if (in_array($referenceType, $accessibleTypes)) {
array_push($referenceTypes, $referenceType);
}
}
$referenceTypesUnsorted = array_values(array_intersect($accessibleTypes, $referenceTypes));
$referenceTypesSorted = array();
foreach ($referenceTypesUnsorted as $key => $reference) {
$keySort = array_search($reference, $referenceTypes);
$referenceTypesSorted[$keySort] = $reference;
}
ksort($referenceTypesSorted);
$referenceList[$this->getFieldId()] = $referenceTypesSorted;
$this->referenceList = $referenceTypesSorted;
return $referenceTypesSorted;
}
return $this->referenceList;
}
public function getReferenceList()
{
static $referenceList = array();
if ($this->referenceList === null) {
if (isset($referenceList[$this->getFieldId()])) {
$this->referenceList = $referenceList[$this->getFieldId()];
return $referenceList[$this->getFieldId()];
}
if (!isset(WebserviceField::$fieldTypeMapping[$this->getUIType()])) {
$this->getFieldTypeFromUIType();
}
$fieldTypeData = WebserviceField::$fieldTypeMapping[$this->getUIType()];
$referenceTypes = array();
if ($this->getUIType() != $this->genericUIType) {
$sql = "select * from vtiger_ws_referencetype where fieldtypeid=?";
$params = array($fieldTypeData['fieldtypeid']);
} else {
$sql = 'select relmodule as type from vtiger_fieldmodulerel where fieldid=? ORDER BY sequence ASC';
$params = array($this->getFieldId());
}
$result = $this->pearDB->pquery($sql, $params);
$numRows = $this->pearDB->num_rows($result);
for ($i = 0; $i < $numRows; ++$i) {
array_push($referenceTypes, $this->pearDB->query_result($result, $i, "type"));
}
//to handle hardcoding done for Calendar module todo activities.
if ($this->tabid == 9 && $this->fieldName == 'parent_id') {
$referenceTypes[] = 'Invoice';
$referenceTypes[] = 'Quotes';
$referenceTypes[] = 'PurchaseOrder';
$referenceTypes[] = 'SalesOrder';
$referenceTypes[] = 'Campaigns';
}
global $current_user;
$types = vtws_listtypes(null, $current_user);
$accessibleTypes = $types['types'];
//If it is non admin user or the edit and view is there for profile then users module will be accessible
if (!is_admin($current_user) && !in_array("Users", $accessibleTypes)) {
array_push($accessibleTypes, 'Users');
}
$referenceTypesUnsorted = array_values(array_intersect($accessibleTypes, $referenceTypes));
$referenceTypesSorted = array();
foreach ($referenceTypesUnsorted as $key => $reference) {
$keySort = array_search($reference, $referenceTypes);
$referenceTypesSorted[$keySort] = $reference;
}
ksort($referenceTypesSorted);
$referenceList[$this->getFieldId()] = $referenceTypesSorted;
$this->referenceList = $referenceTypesSorted;
return $referenceTypesSorted;
}
return $this->referenceList;
}
function vtws_sync($mtime, $elementType, $syncType, $user)
{
global $adb, $recordString, $modifiedTimeString;
$numRecordsLimit = 100;
$ignoreModules = array("Users");
$typed = true;
$dformat = "Y-m-d H:i:s";
$datetime = date($dformat, $mtime);
$setypeArray = array();
$setypeData = array();
$setypeHandler = array();
$setypeNoAccessArray = array();
$output = array();
$output["updated"] = array();
$output["deleted"] = array();
$applicationSync = false;
if (is_object($syncType) && $syncType instanceof Users) {
$user = $syncType;
} else {
if ($syncType == 'application') {
$applicationSync = true;
} else {
if ($syncType == 'userandgroup') {
$userAndGroupSync = true;
}
}
}
if ($applicationSync && !is_admin($user)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Only admin users can perform application sync");
}
$ownerIds = array($user->id);
// To get groupids in which this user exist
if ($userAndGroupSync) {
$groupresult = $adb->pquery("select groupid from vtiger_users2group where userid=?", array($user->id));
$numOfRows = $adb->num_rows($groupresult);
if ($numOfRows > 0) {
for ($i = 0; $i < $numOfRows; $i++) {
$ownerIds[count($ownerIds)] = $adb->query_result($groupresult, $i, "groupid");
}
}
}
// End
if (!isset($elementType) || $elementType == '' || $elementType == null) {
$typed = false;
}
$adb->startTransaction();
$accessableModules = array();
$entityModules = array();
$modulesDetails = vtws_listtypes(null, $user);
$moduleTypes = $modulesDetails['types'];
$modulesInformation = $modulesDetails["information"];
foreach ($modulesInformation as $moduleName => $entityInformation) {
if ($entityInformation["isEntity"]) {
$entityModules[] = $moduleName;
}
}
if (!$typed) {
$accessableModules = $entityModules;
} else {
if (!in_array($elementType, $entityModules)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$accessableModules[] = $elementType;
}
$accessableModules = array_diff($accessableModules, $ignoreModules);
if (count($accessableModules) <= 0) {
$output['lastModifiedTime'] = $mtime;
$output['more'] = false;
return $output;
}
if ($typed) {
$handler = vtws_getModuleHandlerFromName($elementType, $user);
$moduleMeta = $handler->getMeta();
$entityDefaultBaseTables = $moduleMeta->getEntityDefaultTableList();
//since there will be only one base table for all entities
$baseCRMTable = $entityDefaultBaseTables[0];
if ($elementType == "Calendar" || $elementType == "Events") {
$baseCRMTable = getSyncQueryBaseTable($elementType);
}
} else {
$baseCRMTable = " vtiger_crmentity ";
}
//modifiedtime - next token
$q = "SELECT modifiedtime FROM {$baseCRMTable} WHERE modifiedtime>? and setype IN(" . generateQuestionMarks($accessableModules) . ") ";
$params = array($datetime);
foreach ($accessableModules as $entityModule) {
if ($entityModule == "Events") {
$entityModule = "Calendar";
}
$params[] = $entityModule;
}
if (!$applicationSync) {
$q .= ' and smownerid IN(' . generateQuestionMarks($ownerIds) . ')';
$params = array_merge($params, $ownerIds);
}
$q .= " order by modifiedtime limit {$numRecordsLimit}";
$result = $adb->pquery($q, $params);
$modTime = array();
for ($i = 0; $i < $adb->num_rows($result); $i++) {
$modTime[] = $adb->query_result($result, $i, 'modifiedtime');
}
if (!empty($modTime)) {
$maxModifiedTime = max($modTime);
}
if (!$maxModifiedTime) {
$maxModifiedTime = $datetime;
}
foreach ($accessableModules as $elementType) {
$handler = vtws_getModuleHandlerFromName($elementType, $user);
$moduleMeta = $handler->getMeta();
$deletedQueryCondition = $moduleMeta->getEntityDeletedQuery();
preg_match_all("/(?:\\s+\\w+[ \t\n\r]+)?([^=]+)\\s*=([^\\s]+|'[^']+')/", $deletedQueryCondition, $deletedFieldDetails);
$fieldNameDetails = $deletedFieldDetails[1];
$deleteFieldValues = $deletedFieldDetails[2];
$deleteColumnNames = array();
foreach ($fieldNameDetails as $tableName_fieldName) {
$fieldComp = explode(".", $tableName_fieldName);
$deleteColumnNames[$tableName_fieldName] = $fieldComp[1];
}
$params = array($moduleMeta->getTabName(), $datetime, $maxModifiedTime);
$queryGenerator = new QueryGenerator($elementType, $user);
$fields = array();
$moduleFields = $moduleMeta->getModuleFields();
$moduleFieldNames = getSelectClauseFields($elementType, $moduleMeta, $user);
$moduleFieldNames[] = 'id';
$queryGenerator->setFields($moduleFieldNames);
$selectClause = "SELECT " . $queryGenerator->getSelectClauseColumnSQL();
// adding the fieldnames that are present in the delete condition to the select clause
// since not all fields present in delete condition will be present in the fieldnames of the module
foreach ($deleteColumnNames as $table_fieldName => $columnName) {
if (!in_array($columnName, $moduleFieldNames)) {
$selectClause .= ", " . $table_fieldName;
}
}
if ($elementType == "Emails") {
$fromClause = vtws_getEmailFromClause();
} else {
$fromClause = $queryGenerator->getFromClause();
}
$fromClause .= " INNER JOIN (select modifiedtime, crmid,deleted,setype FROM {$baseCRMTable} WHERE setype=? and modifiedtime >? and modifiedtime<=?";
if (!$applicationSync) {
$fromClause .= 'and smownerid IN(' . generateQuestionMarks($ownerIds) . ')';
$params = array_merge($params, $ownerIds);
}
$fromClause .= ' ) vtiger_ws_sync ON (vtiger_crmentity.crmid = vtiger_ws_sync.crmid)';
$q = $selectClause . " " . $fromClause;
$result = $adb->pquery($q, $params);
$recordDetails = array();
$deleteRecordDetails = array();
while ($arre = $adb->fetchByAssoc($result)) {
$key = $arre[$moduleMeta->getIdColumn()];
if (vtws_isRecordDeleted($arre, $deleteColumnNames, $deleteFieldValues)) {
if (!$moduleMeta->hasAccess()) {
continue;
}
$output["deleted"][] = vtws_getId($moduleMeta->getEntityId(), $key);
} else {
if (!$moduleMeta->hasAccess() || !$moduleMeta->hasPermission(EntityMeta::$RETRIEVE, $key)) {
continue;
}
try {
$output["updated"][] = DataTransform::sanitizeDataWithColumn($arre, $moduleMeta);
} catch (WebServiceException $e) {
//ignore records the user doesn't have access to.
continue;
} catch (Exception $e) {
throw new WebServiceException(WebServiceErrorCode::$INTERNALERROR, "Unknown Error while processing request");
}
}
}
}
$q = "SELECT crmid FROM {$baseCRMTable} WHERE modifiedtime>? and setype IN(" . generateQuestionMarks($accessableModules) . ")";
$params = array($maxModifiedTime);
foreach ($accessableModules as $entityModule) {
if ($entityModule == "Events") {
$entityModule = "Calendar";
}
$params[] = $entityModule;
}
if (!$applicationSync) {
$q .= 'and smownerid IN(' . generateQuestionMarks($ownerIds) . ')';
$params = array_merge($params, $ownerIds);
}
$result = $adb->pquery($q, $params);
if ($adb->num_rows($result) > 0) {
$output['more'] = true;
} else {
$output['more'] = false;
}
if (!$maxModifiedTime) {
$modifiedtime = $mtime;
} else {
$modifiedtime = vtws_getSeconds($maxModifiedTime);
}
if (is_string($modifiedtime)) {
$modifiedtime = intval($modifiedtime);
}
$output['lastModifiedTime'] = $modifiedtime;
$error = $adb->hasFailedTransaction();
$adb->completeTransaction();
if ($error) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$DATABASEQUERYERROR));
}
VTWS_PreserveGlobal::flush();
return $output;
}
function isRecordExistInDB($fieldData, $moduleMeta, $user)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$moduleFields = $moduleMeta->getModuleFields();
$isRecordExist = false;
if (array_key_exists('productid', $fieldData)) {
$fieldName = 'productid';
$fieldValue = $fieldData[$fieldName];
$fieldInstance = $moduleFields[$fieldName];
if ($fieldInstance->getFieldDataType() == 'reference') {
$entityId = false;
if (!empty($fieldValue)) {
if (strpos($fieldValue, '::::') > 0) {
$fieldValueDetails = explode('::::', $fieldValue);
} else {
if (strpos($fieldValue, ':::') > 0) {
$fieldValueDetails = explode(':::', $fieldValue);
} else {
$fieldValueDetails = $fieldValue;
}
}
if (count($fieldValueDetails) > 1) {
$referenceModuleName = trim($fieldValueDetails[0]);
$entityLabel = trim($fieldValueDetails[1]);
$entityId = getEntityId($referenceModuleName, $entityLabel);
} else {
$referencedModules = $fieldInstance->getReferenceList();
$entityLabel = $fieldValue;
foreach ($referencedModules as $referenceModule) {
$referenceModuleName = $referenceModule;
$referenceEntityId = getEntityId($referenceModule, $entityLabel);
if ($referenceEntityId != 0) {
$entityId = $referenceEntityId;
break;
}
}
}
if (!empty($entityId) && $entityId != 0) {
$types = vtws_listtypes(null, $user);
$accessibleModules = $types['types'];
if (in_array($referenceModuleName, $accessibleModules)) {
$isRecordExist = true;
}
}
}
}
}
return $isRecordExist;
}
$url_string = '';
$smarty = new vtigerCRM_Smarty();
$smarty->assign("subject", $_REQUEST['subject']);
$smarty->assign("description", $_REQUEST['description']);
Zend_Json::$useBuiltinEncoderDecoder = true;
$json = new Zend_Json();
$elementType = $_REQUEST['module'];
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $current_user, $adb, $log);
$meta = $handler->getMeta();
$meta->retrieveMeta();
$types = vtws_listtypes($current_user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$wsFieldDetails = $handler->getField('parent_id');
$moduleEntityNameDetails = array();
$moduleEmailFieldDetails = array();
foreach ($wsFieldDetails['type']['refersTo'] as $type) {
$referenceModuleHandler = vtws_getModuleHandlerFromName($type, $current_user);
$referenceModuleMeta = $referenceModuleHandler->getMeta();
$nameFields = explode(',', $referenceModuleMeta->getNameFields());
$moduleFields = $referenceModuleMeta->getModuleFields();
$accessibleFields = array_keys($moduleFields);
$accessibleNameFields = array_intersect($nameFields, $accessibleFields);
$moduleEntityNameDetails[$type] = $accessibleNameFields;
$moduleEmailFieldDetails[$type] = $referenceModuleMeta->getEmailFields();
$url_string = '';
$smarty = new vtigerCRM_Smarty();
$smarty->assign("subject", $_REQUEST['subject']);
$smarty->assign("description", $_REQUEST['description']);
Zend_Json::$useBuiltinEncoderDecoder = true;
$json = new Zend_Json();
$elementType = $_REQUEST['module'];
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $current_user, $adb, $log);
$meta = $handler->getMeta();
$meta->retrieveMeta();
$types = vtws_listtypes(null, $current_user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$wsFieldDetails = $handler->getField('parent_id');
$moduleEntityNameDetails = array();
$moduleEmailFieldDetails = array();
foreach ($wsFieldDetails['type']['refersTo'] as $type) {
$referenceModuleHandler = vtws_getModuleHandlerFromName($type, $current_user);
$referenceModuleMeta = $referenceModuleHandler->getMeta();
$nameFields = explode(',', $referenceModuleMeta->getNameFields());
$moduleFields = $referenceModuleMeta->getModuleFields();
$accessibleFields = array_keys($moduleFields);
$accessibleNameFields = array_intersect($nameFields, $accessibleFields);
$moduleEntityNameDetails[$type] = $accessibleNameFields;
$moduleEmailFieldDetails[$type] = $referenceModuleMeta->getEmailFields();
function __getRLQuery($id, $module, $relatedModule, $queryParameters, $user)
{
global $adb, $currentModule, $log, $current_user;
// Initialize required globals
$currentModule = $module;
// END
if (empty($queryParameters['productDiscriminator'])) {
$queryParameters['productDiscriminator'] = '';
}
if (empty($queryParameters['columns'])) {
$queryParameters['columns'] = '*';
}
$productDiscriminator = strtolower($queryParameters['productDiscriminator']);
// check modules
$webserviceObject = VtigerWebserviceObject::fromName($adb, $relatedModule);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$relatedModule = $meta->getEntityName();
if (!$meta->isModuleEntity()) {
throw new WebserviceException('INVALID_MODULE', "Given related module ({$relatedModule}) cannot be found");
}
$relatedModuleId = getTabid($relatedModule);
$webserviceObject = VtigerWebserviceObject::fromName($adb, $module);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$module = $meta->getEntityName();
if (!$meta->isModuleEntity()) {
throw new WebserviceException('INVALID_MODULE', "Given module ({$module}) cannot be found");
}
$moduleId = getTabid($module);
// check permission on module
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation on module ({$module}) is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$crmid = $idComponents[1];
// check permission on related module and pickup meta data for further processing
$webserviceObject = VtigerWebserviceObject::fromName($adb, $relatedModule);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
if (!in_array($relatedModule, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation on module ({$relatedModule}) is denied");
}
if (!$meta->hasReadAccess()) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
// user has enough permission to start process
$query = '';
switch ($relatedModule) {
case 'ModComments':
$wsUserIdrs = $adb->query("select id from vtiger_ws_entity where name='Users'");
$wsUserId = $adb->query_result($wsUserIdrs, 0, 0) . 'x';
$wsContactIdrs = $adb->query("select id from vtiger_ws_entity where name='Contacts'");
$wsContactId = $adb->query_result($wsContactIdrs, 0, 0) . 'x';
switch ($module) {
case 'HelpDesk':
$query = "select\n\t\t\t\t\t\tconcat(case when (ownertype = 'user') then '{$wsUserId}' else '{$wsContactId}' end,ownerid) as creator,\n\t\t\t\t\t\tconcat(case when (ownertype = 'user') then '{$wsUserId}' else '{$wsContactId}' end,ownerid) as assigned_user_id,\n\t\t\t\t\t\t'TicketComments' as setype,\n\t\t\t\t\t\tcreatedtime,\n\t\t\t\t\t\tcreatedtime as modifiedtime,\n\t\t\t\t\t\t0 as id,\n\t\t\t\t\t\tcomments as commentcontent, \n\t\t\t\t\t\t'{$id}' as related_to, \n\t\t\t\t\t\t'' as parent_comments,\n\t\t\t\t\t\townertype,\n\t\t\t\t\t\tcase when (ownertype = 'user') then vtiger_users.user_name else vtiger_portalinfo.user_name end as owner_name \n\t\t\t\t\t from vtiger_ticketcomments\n\t\t\t\t\t left join vtiger_users on vtiger_users.id = ownerid\n\t\t\t\t\t left join vtiger_portalinfo on vtiger_portalinfo.id = ownerid\n\t\t\t\t\t where ticketid={$crmid}";
break;
case 'Faq':
$query = "select\n\t\t\t\t\t\t0 as creator,\n\t\t\t\t\t\t0 as assigned_user_id,\n\t\t\t\t\t\t'FaqComments' as setype,\n\t\t\t\t\t\tcreatedtime,\n\t\t\t\t\t\tcreatedtime as modifiedtime,\n\t\t\t\t\t\t0 as id,\n\t\t\t\t\t\tcomments as commentcontent, \n\t\t\t\t\t\t'{$id}' as related_to, \n\t\t\t\t\t\t'' as parent_comments\n\t\t\t\t\t from vtiger_faqcomments where faqid={$crmid}";
break;
default:
$entityInstance = CRMEntity::getInstance($relatedModule);
$queryCriteria = '';
$criteria = 'All';
// currently hard coded to all ** TODO **
switch ($criteria) {
// currently hard coded to all ** TODO **
case 'All':
$queryCriteria = '';
break;
case 'Last5':
$queryCriteria = sprintf(" ORDER BY %s.%s DESC LIMIT 5", $entityInstance->table_name, $entityInstance->table_index);
break;
case 'Mine':
$queryCriteria = ' AND vtiger_crmentity.smownerid=' . $current_user->id;
break;
}
$query = $entityInstance->getListQuery($moduleName, sprintf(" AND %s.related_to={$crmid}", $entityInstance->table_name));
$query .= $queryCriteria;
$qfields = __getRLQueryFields($meta, $queryParameters['columns']);
// Remove all the \n, \r and white spaces to keep the space between the words consistent.
$query = preg_replace("/[\n\r\\s]+/", " ", $query);
$query = "select {$qfields} " . substr($query, stripos($query, ' FROM '), strlen($query));
break;
}
// end switch ModComments
break;
default:
$relation_criteria = '';
switch ($relatedModule) {
case 'Products':
if ($module == 'Products') {
// Product Bundles
if (!empty($productDiscriminator) and $productDiscriminator == 'productparent') {
$relation_criteria = " and label like '%parent%'";
} else {
$relation_criteria = " and label like '%bundle%'";
// bundle by default
}
}
break;
case 'Calendar':
$relation_criteria = " and label like '%Activities%'";
// History not supported
//$relation_criteria = " and label like '%History%'";
break;
}
// special product relation with Q/SO/I/PO
if ($relatedModule == 'Products' and in_array($module, array('Invoice', 'Quotes', 'SalesOrder', 'PurchaseOrder'))) {
$query = 'select productid as id,sequence_no,quantity,listprice,discount_percent,discount_amount,comment,description,tax1,tax2,tax3 FROM vtiger_inventoryproductrel where id=' . $crmid;
} else {
$relationResult = $adb->pquery("SELECT * FROM vtiger_relatedlists WHERE tabid=? AND related_tabid=? {$relation_criteria}", array($moduleId, $relatedModuleId));
if (!$relationResult || !$adb->num_rows($relationResult)) {
throw new WebserviceException('MODULES_NOT_RELATED', "Cannot find relation between {$module} and {$relatedModule}");
}
if ($adb->num_rows($relationResult) > 1) {
throw new WebserviceException('MANY_RELATIONS', "More than one relation exists between {$module} and {$relatedModule}");
}
$relationInfo = $adb->fetch_array($relationResult);
$moduleInstance = CRMEntity::getInstance($module);
$params = array($crmid, $moduleId, $relatedModuleId);
$relationData = call_user_method_array($relationInfo['name'], $moduleInstance, $params);
$query = $relationData['query'];
// select the fields the user has access to and prepare query
$qfields = __getRLQueryFields($meta, $queryParameters['columns']);
// Remove all the \n, \r and white spaces to keep the space between the words consistent.
$query = preg_replace("/[\n\r\\s]+/", " ", $query);
$query = "select {$qfields} " . substr($query, stripos($query, ' FROM '), strlen($query));
// Append additional joins for some queries
$query = __getRLQueryFromJoins($query, $meta);
//Appending Access Control
if ($relatedModule != 'Faq' && $relatedModule != 'PriceBook' && $relatedModule != 'Vendors' && $relatedModule != 'Users') {
$secQuery = getNonAdminAccessControlQuery($relatedModule, $current_user);
if (strlen($secQuery) > 1) {
$query = appendFromClauseToQuery($query, $secQuery);
}
}
// This is for getting products related to Account/Contact through their Quote/SO/Invoice
if (($module == 'Accounts' or $module == 'Contacts') and ($relatedModule == 'Products' or $relatedModule == 'Services') and in_array($productDiscriminator, array('productlineinvoice', 'productlinesalesorder', 'productlinequote', 'productlineall', 'productlineinvoiceonly', 'productlinesalesorderonly', 'productlinequoteonly'))) {
// Here we add list of products contained in related invoice, so and quotes
$relatedField = $module == 'Accounts' ? 'accountid' : 'contactid';
$pstable = $meta->getEntityBaseTable();
$psfield = $meta->getIdColumn();
if (substr($productDiscriminator, -4) == 'only') {
$productDiscriminator = substr($productDiscriminator, 0, strlen($productDiscriminator) - 4);
$query = '';
}
if ($productDiscriminator == 'productlinequote' or $productDiscriminator == 'productlineall') {
$q = "select distinct {$qfields} from vtiger_quotes\n\t\t\t\t\t\tinner join vtiger_crmentity as crmq on crmq.crmid=vtiger_quotes.quoteid\n\t\t\t\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_quotes.quoteid\n\t\t\t\t\t\tinner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_inventoryproductrel.productid \n\t\t\t\t\t\tleft join {$pstable} on {$pstable}.{$psfield} = vtiger_inventoryproductrel.productid \n\t\t\t\t\t\twhere vtiger_inventoryproductrel.productid = {$pstable}.{$psfield} AND crmq.deleted=0\n\t\t\t\t\t\t and {$relatedField} = {$crmid}";
$query .= ($query == '' ? '' : ' UNION DISTINCT ') . $q;
}
if ($productDiscriminator == 'productlineinvoice' or $productDiscriminator == 'productlineall') {
$q = "select distinct {$qfields} from vtiger_invoice\n\t\t\t\t\t\tinner join vtiger_crmentity as crmi on crmi.crmid=vtiger_invoice.invoiceid\n\t\t\t\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_invoice.invoiceid\n\t\t\t\t\t\tinner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_inventoryproductrel.productid\n\t\t\t\t\t\tleft join {$pstable} on {$pstable}.{$psfield} = vtiger_inventoryproductrel.productid\n\t\t\t\t\t\twhere vtiger_inventoryproductrel.productid = {$pstable}.{$psfield} AND crmi.deleted=0\n\t\t\t\t\t\t and {$relatedField} = {$crmid}";
$query .= ($query == '' ? '' : ' UNION DISTINCT ') . $q;
}
if ($productDiscriminator == 'productlinesalesorder' or $productDiscriminator == 'productlineall') {
$q = "select distinct {$qfields} from vtiger_salesorder \n\t\t\t\t\tinner join vtiger_crmentity as crms on crms.crmid=vtiger_salesorder.salesorderid\n\t\t\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_salesorder.salesorderid\n\t\t\t\t\tinner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_inventoryproductrel.productid\n\t\t\t\t\tleft join {$pstable} on {$pstable}.{$psfield} = vtiger_inventoryproductrel.productid\n\t\t\t\t\twhere vtiger_inventoryproductrel.productid = {$pstable}.{$psfield} AND crms.deleted=0\n\t\t\t\t\tand {$relatedField} = {$crmid}";
$query .= ($query == '' ? '' : ' UNION DISTINCT ') . $q;
}
}
}
// q/so/i/po-product relation
break;
}
// end switch $relatedModule
// now we add order by if needed
if ($query != '' and !empty($queryParameters['orderby'])) {
$query .= ' order by ' . $queryParameters['orderby'];
}
// now we add limit and offset if needed
if ($query != '' and !empty($queryParameters['limit'])) {
$query .= ' limit ' . $queryParameters['limit'];
if (!empty($queryParameters['offset'])) {
$query .= ',' . $queryParameters['offset'];
}
}
return $query;
}
function __FQNExtendedQueryGetQuery($q, $user)
{
global $adb, $log;
$moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)(.*)/";
preg_match($moduleRegex, $q, $m);
$mainModule = trim($m[1]);
// pickup meta data of module
$webserviceObject = VtigerWebserviceObject::fromName($adb, $mainModule);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$mainModule = $meta->getTabName();
// normalize module name
// check modules
if (!$meta->isModuleEntity()) {
throw new WebserviceException('INVALID_MODULE', "Given main module ({$mainModule}) cannot be found");
}
// check permission on module
$entityName = $meta->getEntityName();
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation on module ({$mainModule}) is denied");
}
if (!$meta->hasReadAccess()) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read module is denied");
}
// user has enough permission to start process
$fieldcolumn = $meta->getFieldColumnMapping();
$queryGenerator = new QueryGenerator($mainModule, $user);
$queryColumns = trim(substr($q, 6, stripos($q, ' from ') - 5));
$queryColumns = explode(',', $queryColumns);
$queryColumns = array_map(trim, $queryColumns);
$countSelect = $queryColumns == array('count(*)');
$queryRelatedModules = array();
foreach ($queryColumns as $k => $field) {
if (strpos($field, '.') > 0) {
list($m, $f) = explode('.', $field);
if (!isset($queryRelatedModules[$m])) {
$relhandler = vtws_getModuleHandlerFromName($m, $user);
$relmeta = $relhandler->getMeta();
$mn = $relmeta->getTabName();
// normalize module name
$queryRelatedModules[$mn] = $relmeta;
if ($m != $mn) {
$queryColumns[$k] = $mn . '.' . $f;
}
}
}
}
$queryColumns[] = 'id';
// add ID column to follow REST interface behaviour
$queryGenerator->setFields($queryColumns);
// take apart conditionals
$queryConditions = trim($m[2], ' ;');
$moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)(.*)/";
preg_match($moduleRegex, $q, $m);
$queryConditions = trim($m[2], ' ;');
if (strtolower(substr($queryConditions, 0, 5)) == 'where') {
$queryConditions = substr($queryConditions, 6);
}
$orderbyCond = "/([oO][rR][dD][eE][rR]\\s+[bB][yY]\\s+)+(.*)/";
preg_match($orderbyCond, $queryConditions, $ob);
$obflds = isset($ob[2]) ? $ob[2] : '';
if (stripos($obflds, ' limit ') > 0) {
$obflds = substr($obflds, 0, stripos($obflds, ' limit '));
}
$limitCond = "/([lL][iI][mM][iI][tT]\\s+)+(.*)/";
preg_match($limitCond, $queryConditions, $lm);
$lmoc = isset($lm[2]) ? $lm[2] : '';
if (stripos($lmoc, ' order ') > 0) {
$lmoc = substr($lmoc, 0, stripos($lmoc, ' order '));
}
if (stripos($queryConditions, ' order ') > 0) {
$queryConditions = substr($queryConditions, 0, stripos($queryConditions, ' order '));
}
if (stripos($queryConditions, ' limit ') > 0) {
$queryConditions = substr($queryConditions, 0, stripos($queryConditions, ' limit '));
}
$qcst = strtolower(substr(trim($queryConditions), 0, 5));
if ($qcst == 'order' or $qcst == 'limit') {
$queryConditions = '';
}
// $queryConditions has all the where conditions
// $obflds has the list of order by fields
// $limit is the full correct limit SQL part
// transform REST ids
$relatedCond = "/=\\s*'*\\d+x(\\d+)'*/";
$afterwhere = preg_replace($relatedCond, ' = $1 ', $afterwhere);
// where
if (strlen($queryConditions) > 0) {
$queryGenerator->startGroup();
$qc = trim($queryConditions);
if (substr($qc, 0, 1) == '(') {
$queryGenerator->startGroup();
$qc = substr($qc, 1);
}
$inopRegex = "/\\s+in\\s+\\(/";
$posand = stripos($qc, ' and ');
$posor = stripos($qc, ' or ');
$glue = '';
while ($posand > 0 or $posor > 0 or strlen($qc)) {
$endgroup = false;
preg_match($inopRegex, $qc, $qcop);
$inop = count($qcop) > 0;
$lasttwo = '';
if ($inop) {
$lasttwo = str_replace(' ', '', $qc);
$lasttwo = substr($lasttwo, -2);
}
if ($posand == 0 and $posor == 0) {
if (!$inop and substr($qc, -1) == ')' or $inop and $lasttwo == '))') {
$qc = substr($qc, 0, strlen($qc) - 1);
$endgroup = true;
}
__FQNExtendedQueryAddCondition($queryGenerator, $qc, $glue, $mainModule, $fieldcolumn, $user);
$qc = '';
} elseif ($posand == 0 or $posand > $posor and $posor != 0) {
$qcond = trim(substr($qc, 0, $posor));
if (!$inop and substr($qcond, -1) == ')' or $inop and $lasttwo == '))') {
$qcond = substr($qcond, 0, strlen($qcond) - 1);
$endgroup = true;
}
__FQNExtendedQueryAddCondition($queryGenerator, $qcond, $glue, $mainModule, $fieldcolumn, $user);
$glue = $queryGenerator::$OR;
$qc = trim(substr($qc, $posor + 4));
} else {
$qcond = trim(substr($qc, 0, $posand));
if (!$inop and substr($qcond, -1) == ')' or $inop and $lasttwo == '))') {
$qcond = substr($qcond, 0, strlen($qcond) - 1);
$endgroup = true;
}
__FQNExtendedQueryAddCondition($queryGenerator, $qcond, $glue, $mainModule, $fieldcolumn, $user);
$glue = $queryGenerator::$AND;
$qc = trim(substr($qc, $posand + 5));
}
if ($endgroup) {
$queryGenerator->endGroup();
}
if (substr($qc, 0, 1) == '(') {
$queryGenerator->startGroup($glue);
$glue = '';
$qc = substr($qc, 1);
}
$posand = stripos($qc, ' and ');
$posor = stripos($qc, ' or ');
}
$queryGenerator->endGroup();
}
$query = 'select ';
if ($countSelect) {
$query .= 'count(*) ';
} else {
$query .= $queryGenerator->getSelectClauseColumnSQL() . ' ';
}
$query .= $queryGenerator->getFromClause() . ' ';
$query .= $queryGenerator->getWhereClause() . ' ';
// limit and order
if (!empty($obflds)) {
$obflds = trim($obflds);
if (strtolower(substr($obflds, -3)) == 'asc') {
$dir = ' asc ';
$obflds = trim(substr($obflds, 0, strlen($obflds) - 3));
} elseif (strtolower(substr($obflds, -4)) == 'desc') {
$dir = ' desc ';
$obflds = trim(substr($obflds, 0, strlen($obflds) - 4));
} else {
$dir = '';
}
$obflds = explode(',', $obflds);
foreach ($obflds as $k => $field) {
$obflds[$k] = __FQNExtendedQueryField2Column($field, $mainModule, $fieldcolumn, $user);
}
$query .= ' order by ' . implode(',', $obflds) . $dir . ' ';
}
if (!empty($lmoc)) {
$query .= " limit {$lmoc} ";
}
return array($query, $queryRelatedModules);
}
function vtws_create($elementType, $element, $user)
{
$types = vtws_listtypes(null, $user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$adb = PearDatabase::getInstance();
$log = vglobal('log');
// Cache the instance for re-use
if (!isset($vtws_create_cache[$elementType]['webserviceobject'])) {
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$vtws_create_cache[$elementType]['webserviceobject'] = $webserviceObject;
} else {
$webserviceObject = $vtws_create_cache[$elementType]['webserviceobject'];
}
// END
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if ($referenceObject->getEntityName() == 'Users') {
if (!$meta->hasAssignPrivilege($element[$fieldName])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied" . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
if ($meta->hasMandatoryFields($element)) {
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
$entity = $handler->create($elementType, $element);
VTWS_PreserveGlobal::flush();
return $entity;
} else {
return null;
}
}
