/** * TODO: How many checks do we need to do? Should we check to make sure the * activity is the right type? That the cid and aid are associated? Seems like * if you are messing with URL params you are kind of asking for trouble... */ function preProcess() { $this->_aid = CRM_Utils_Request::retrieve('aid', 'Positive', $this, FALSE); $this->_cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE); $this->_vid = CRM_Utils_Request::retrieve('vid', 'Positive', $this, FALSE); if (!CRM_Volunteer_Permission::checkProjectPerms(CRM_Core_Action::UPDATE, $this->_vid)) { CRM_Utils_System::permissionDenied(); } if (!$this->_aid && !($this->_cid && $this->_vid)) { CRM_Core_Error::fatal("Form expects an activity ID or both a contact and a volunteer project ID."); } $check = array('Activity' => $this->_aid, 'Contact' => $this->_cid, 'VolunteerProject' => $this->_vid); $errors = array(); foreach ($check as $entityType => $entityID) { if (!$this->entityExists($entityType, $entityID)) { $errors[] = "No {$entityType} with ID {$entityID} exists."; } } if (count($errors)) { CRM_Core_Error::fatal("Invalid parameter(s) passed to commendation form: " . implode(' ', $errors)); } $contact_display_name = civicrm_api3('Contact', 'getvalue', array('id' => $this->_cid, 'return' => 'display_name')); CRM_Utils_System::setTitle(ts('Commend %1', array(1 => $contact_display_name, 'domain' => 'org.civicrm.volunteer'))); parent::preProcess(); }
/** * build all the data structures needed to build the form * * @return void * @access public */ function preProcess() { $this->_vid = CRM_Utils_Request::retrieve('vid', 'Positive', $this, TRUE); if (!CRM_Volunteer_Permission::checkProjectPerms(CRM_Core_Action::UPDATE, $this->_vid)) { CRM_Utils_System::permissionDenied(); } $this->_batchInfo['item_count'] = 50; $params = array('project_id' => $this->_vid); $this->_volunteerData = CRM_Volunteer_BAO_Assignment::retrieve($params); $projects = CRM_Volunteer_BAO_Project::retrieve(array('id' => $this->_vid)); $project = $projects[$this->_vid]; $this->_entityID = $project->entity_id; $this->_entityTable = $project->entity_table; $this->_title = $project->title; $this->_title .= ' ( ' . CRM_Utils_Date::customFormat($project->start_date); $this->_start_date = $project->start_date; if ($project->end_date) { $this->_title .= ' - ' . CRM_Utils_Date::customFormat($project->end_date) . ' )'; } else { $this->_title .= ' )'; } /* * Because CiviCRM's asset management framework isn't mature yet (e.g., adding * assets to forms rendered in pop-ups using CRM_Core_Resources doesn't work), * we pass a URL fragment to the template and include them via HTML. */ $this->assign('extResourceURL', CRM_Core_Resources::singleton()->getUrl('org.civicrm.volunteer')); $this->assign('vid', $this->_vid); }
/** * create a Volunteer Need * takes an associative array and creates a Need object * * This function is invoked from within the web form layer and also from the api layer * * @param array $params (reference ) an assoc array of name/value pairs * * @return CRM_Volunteer_BAO_Need object * @access public * @static */ static function &create($params) { $projectId = CRM_Utils_Array::value('project_id', $params); $op = CRM_Core_Action::UPDATE; if (!empty($params['check_permissions']) && !CRM_Volunteer_Permission::checkProjectPerms($op, $projectId)) { CRM_Utils_System::permissionDenied(); // FIXME: If we don't return here, the script keeps executing. This is not // what I expect from CRM_Utils_System::permissionDenied(). return FALSE; } if (empty($params)) { return; } $need = new CRM_Volunteer_DAO_Need(); $need->copyValues($params); $need->save(); return $need; }
/** * create a Volunteer Need * takes an associative array and creates a Need object * * This function is invoked from within the web form layer and also from the api layer * * @param array $params (reference ) an assoc array of name/value pairs * * @return CRM_Volunteer_BAO_Need object * @access public * @static */ static function &create($params) { $need = new CRM_Volunteer_BAO_Need(); $need->copyValues($params); $projectId = $need->getProjectId(); if ($projectId === FALSE) { CRM_Core_Error::fatal('Missing required Need ID or Project ID'); } // creating a Need constitutes updating a Project $op = CRM_Core_Action::UPDATE; if (!empty($params['check_permissions']) && !CRM_Volunteer_Permission::checkProjectPerms($op, $projectId)) { CRM_Utils_System::permissionDenied(); // FIXME: If we don't return here, the script keeps executing. This is not // what I expect from CRM_Utils_System::permissionDenied(). return FALSE; } if (empty($params)) { return; } $need->save(); return $need; }
/** * Delete an existing project contact * * This method is used to delete the relationship(s) between a contact and a * project. * * @param array $params array containing id of the project * to be deleted * * @return array returns flag true if successfull, error * message otherwise * {@getfields volunteer_project_delete} * @access public */ function civicrm_api3_volunteer_project_contact_delete($params) { $projectId = CRM_Core_DAO::getFieldValue("CRM_Volunteer_DAO_ProjectContact", $params['id'], "project_id"); if (!$params['check_permissions'] || CRM_Volunteer_Permission::checkProjectPerms(CRM_Core_Action::UPDATE, $projectId)) { return _civicrm_api3_basic_delete(_civicrm_api3_get_BAO(__FUNCTION__), $params); } else { return civicrm_api3_create_error(ts('You do not have permission to modify contacts for this project')); } }
/** * Implements hook_civicrm_alterAPIPermissions */ function volunteer_civicrm_alterAPIPermissions($entity, $action, &$params, &$permissions) { // note: unsetting the below would require the default 'administer CiviCRM' permission $permissions['volunteer_need']['default'] = array('create volunteer projects'); $permissions['volunteer_need']['getsearchresult'] = array('register to volunteer'); $permissions['volunteer_assignment']['default'] = array('edit own volunteer projects'); $permissions['volunteer_commendation']['default'] = array('edit own volunteer projects'); $permissions['volunteer_project']['default'] = array('create volunteer projects'); $permissions['volunteer_project']['get'] = array('register to volunteer'); $permissions['volunteer_project']['getlocblockdata'] = array('edit own volunteer projects'); $permissions['volunteer_util']['default'] = array('edit own volunteer projects'); $permissions['volunteer_project_contact']['default'] = array('edit own volunteer projects'); // allow fairly liberal access to the volunteer opp listing UI, which uses lots of API calls if (_isVolListingApiCall($entity, $action) && CRM_Volunteer_Permission::checkProjectPerms(CRM_Core_Action::VIEW)) { $params['check_permissions'] = FALSE; } }
/** * Create a Volunteer Project * * Takes an associative array and creates a Project object. This function is * invoked from within the web form layer and also from the API layer. Allows * the creation of project contacts, e.g.: * * $params['project_contacts'] = array( * $relationship_type_name_or_id => $arr_contact_ids, * ); * * @param array $params an assoc array of name/value pairs * * @return CRM_Volunteer_BAO_Project object * @access public * @static */ static function create(array $params) { $projectId = CRM_Utils_Array::value('id', $params); $op = empty($projectId) ? CRM_Core_Action::ADD : CRM_Core_Action::UPDATE; if (!empty($params['check_permissions']) && !CRM_Volunteer_Permission::checkProjectPerms($op, $projectId)) { CRM_Utils_System::permissionDenied(); // FIXME: If we don't return here, the script keeps executing. This is not // what I expect from CRM_Utils_System::permissionDenied(). return FALSE; } // check required params if (!self::dataExists($params)) { CRM_Core_Error::fatal('Not enough data to create volunteer project object.'); } // default to active unless explicitly turned off $params['is_active'] = CRM_Utils_Array::value('is_active', $params, TRUE); $project = new CRM_Volunteer_BAO_Project(); $project->copyValues($params); $project->save(); $projectContacts = CRM_Utils_Array::value('project_contacts', $params, array()); foreach ($projectContacts as $relationshipType => $contactIds) { foreach ($contactIds as $id) { civicrm_api3('VolunteerProjectContact', 'create', array('contact_id' => $id, 'project_id' => $project->id, 'relationship_type_id' => $relationshipType)); } } return $project; }
/** * delete an existing project * * This method is used to delete any existing project. id of the project * to be deleted is required field in $params array * * @param array $params array containing id of the project * to be deleted * * @return array returns flag true if successfull, error * message otherwise * {@getfields volunteer_project_delete} * @access public */ function civicrm_api3_volunteer_project_delete($params) { if (CRM_Volunteer_Permission::checkProjectPerms(CRM_Core_Action::DELETE, $params['id'])) { return _civicrm_api3_basic_delete(_civicrm_api3_get_BAO(__FUNCTION__), $params); } else { return civicrm_api3_create_error(ts('You do not have permission to delete this event')); } }
/** * Helper function to determine whether the current user should be allowed * to retrieve a project. * * @param int $projectId * @return boolean */ private static function allowedToRetrieve($projectId = NULL) { $userCanView = CRM_Volunteer_Permission::checkProjectPerms(CRM_Core_Action::VIEW); $userCanViewRoster = FALSE; if (!$userCanView && !empty($projectId)) { $userCanViewRoster = CRM_Volunteer_Permission::checkProjectPerms(CRM_Volunteer_Permission::VIEW_ROSTER, $projectId); } return $userCanView || $userCanViewRoster; }
/** * Get a list of Projects matching the params. * * This function is invoked from within the web form layer and also from the * API layer. Special params include: * <ol> * <li>project_contacts (@see CRM_Volunteer_BAO_Project::create() and * CRM_Volunteer_BAO_Project::buildContactJoin)</li> * <li>proximity (@see CRM_Volunteer_BAO_Project::buildProximityWhere)</li> * </ol> * * NOTE: This method does not return data related to the special params * outlined above; however, these parameters can be used to filter the list * of Projects that is returned. * * @param array $params * @return array of CRM_Volunteer_BAO_Project objects */ public static function retrieve(array $params) { $result = array(); $checkPerms = CRM_Utils_Array::value('check_permissions', $params); if ($checkPerms && !CRM_Volunteer_Permission::checkProjectPerms(CRM_Core_Action::VIEW)) { CRM_Utils_System::permissionDenied(); return; } $query = CRM_Utils_SQL_Select::from('`civicrm_volunteer_project` vp')->select('DISTINCT vp.*'); if (!empty($params['project_contacts'])) { $contactJoin = self::buildContactJoin($params['project_contacts']); if ($contactJoin) { $query->join('vpc', $contactJoin); } } if (!empty($params['proximity'])) { $query->join('loc', 'INNER JOIN `civicrm_loc_block` loc ON loc.id = vp.loc_block_id')->join('civicrm_address', 'INNER JOIN `civicrm_address` ON civicrm_address.id = loc.address_id')->where(self::buildProximityWhere($params['proximity'])); } // This step is here to support both naming conventions for specifying params // (e.g., volunteer_project_id and id) while normalizing how we access them // (e.g., $project->id) $project = new CRM_Volunteer_BAO_Project(); $project->copyValues($params); foreach ($project->fields() as $field) { $fieldName = $field['name']; if (!empty($project->{$fieldName})) { $query->where('!column = @value', array('column' => $fieldName, 'value' => $project->{$fieldName})); } } $dao = self::executeQuery($query->toSQL()); while ($dao->fetch()) { $fetchedProject = new CRM_Volunteer_BAO_Project(); $fetchedProject->copyValues(clone $dao); $result[(int) $dao->id] = $fetchedProject; } $dao->free(); return $result; }