function vtws_query_related($query, $id, $relatedLabel, $user, $filterClause = null)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
// Extract related module name from query.
$relatedType = null;
if (preg_match("/FROM\\s+([^\\s]+)/i", $query, $m)) {
$relatedType = trim($m[1]);
}
// Check for presence of expected relation.
$found = false;
$relatedTypes = vtws_relatedtypes($entityName, $user);
foreach ($relatedTypes['information'] as $label => $information) {
if ($label == $relatedLabel && $information['name'] == $relatedType) {
$found = true;
break;
}
}
if (!$found) {
throw new WebServiceException(WebServiceErrorCode::$UNKOWNENTITY, "Relation specified is incorrect");
}
vtws_preserveGlobal('currentModule', $entityName);
// Fetch related record IDs - so we can further retrieve complete information using vtws_query
$relatedWebserviceObject = VtigerWebserviceObject::fromName($adb, $relatedType);
$relatedHandlerPath = $relatedWebserviceObject->getHandlerPath();
$relatedHandlerClass = $relatedWebserviceObject->getHandlerClass();
require_once $relatedHandlerPath;
$relatedHandler = new $relatedHandlerClass($relatedWebserviceObject, $user, $adb, $log);
$relatedIds = $handler->relatedIds($id, $relatedType, $relatedLabel, $relatedHandler);
// Initialize return value
$relatedRecords = array();
// Rewrite query and extract related records if there at least one.
if (!empty($relatedIds)) {
$relatedIdClause = "id IN ('" . implode("','", $relatedIds) . "')";
if (stripos($query, 'WHERE') == false) {
$query .= " WHERE " . $relatedIdClause;
} else {
$queryParts = explode('WHERE', $query);
$query = $queryParts[0] . " WHERE " . $relatedIdClause;
$query .= " AND " . $queryParts[1];
}
if (!empty($filterClause)) {
$query .= " " . $filterClause;
}
$query .= ";";
$relatedRecords = vtws_query($query, $user);
}
VTWS_PreserveGlobal::flush();
return $relatedRecords;
}
/**
*
* @param WebserviceId $id
* @param String $oldPassword
* @param String $newPassword
* @param String $confirmPassword
* @param Users $user
*
*/
function vtws_changePassword($id, $oldPassword, $newPassword, $confirmPassword, $user)
{
vtws_preserveGlobal('current_user', $user);
$idComponents = vtws_getIdComponents($id);
if ($idComponents[1] == $user->id || is_admin($user)) {
$newUser = new Users();
$newUser->retrieve_entity_info($idComponents[1], 'Users');
if (!is_admin($user)) {
if (empty($oldPassword)) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDOLDPASSWORD, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$INVALIDOLDPASSWORD));
}
if (!$user->verifyPassword($oldPassword)) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDOLDPASSWORD, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$INVALIDOLDPASSWORD));
}
}
if (strcmp($newPassword, $confirmPassword) === 0) {
$success = $newUser->change_password($oldPassword, $newPassword);
$error = $newUser->db->hasFailedTransaction();
if ($error) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$DATABASEQUERYERROR));
}
if (!$success) {
throw new WebServiceException(WebServiceErrorCode::$CHANGEPASSWORDFAILURE, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$CHANGEPASSWORDFAILURE));
}
} else {
throw new WebServiceException(WebServiceErrorCode::$CHANGEPASSWORDFAILURE, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$CHANGEPASSWORDFAILURE));
}
VTWS_PreserveGlobal::flush();
return array('message' => 'Changed password successfully');
}
}
function vtws_retrieve($id, $user)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$entity = $handler->retrieve($id);
VTWS_PreserveGlobal::flush();
return $entity;
}
function vtws_setrelation($relateThisId, $withTheseIds, $user)
{
global $log, $adb;
list($moduleId, $elementId) = vtws_getIdComponents($relateThisId);
$webserviceObject = VtigerWebserviceObject::fromId($adb, $moduleId);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$moduleName = $meta->getObjectEntityName($relateThisId);
$types = vtws_listtypes(null, $user);
if (!in_array($moduleName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($moduleName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$UPDATE, $relateThisId)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
if (!$meta->exists($elementId)) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
vtws_internal_setrelation($elementId, $moduleName, $withTheseIds);
VTWS_PreserveGlobal::flush();
return true;
}
function vtws_update($element, $user)
{
global $log, $adb;
$idList = vtws_getIdComponents($element['id']);
$webserviceObject = VtigerWebserviceObject::fromId($adb, $idList[0]);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($element['id']);
$types = vtws_listtypes($user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$UPDATE, $element['id'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
if (!$meta->exists($idList[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if (!in_array($referenceObject->getEntityName(), $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied " . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
$meta->hasMandatoryFields($element);
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
$entity = $handler->update($element);
VTWS_PreserveGlobal::flush();
return $entity;
}
function vtws_retrieve($id, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$entity = $handler->retrieve($id);
//return product lines
if ($entityName == 'Quotes' || $entityName == 'PurchaseOrder' || $entityName == 'SalesOrder' || $entityName == 'Invoice') {
list($wsid, $recordid) = explode('x', $id);
$result = $adb->pquery('select * from vtiger_inventoryproductrel where id=?', array($recordid));
while ($row = $adb->getNextRow($result, false)) {
if ($row['discount_amount'] == NULL && $row['discount_percent'] == NULL) {
$discount = 0;
$discount_type = 0;
} else {
$discount = 1;
}
if ($row['discount_amount'] == NULL) {
$discount_amount = 0;
} else {
$discount_amount = $row['discount_amount'];
$discount_type = 'amount';
}
if ($row['discount_percent'] == NULL) {
$discount_percent = 0;
} else {
$discount_percent = $row['discount_percent'];
$discount_type = 'percentage';
}
$onlyPrd = array("productid" => $row['productid'], "comment" => $row['comment'], "qty" => $row['quantity'], "listprice" => $row['listprice'], 'discount' => $discount, "discount_type" => $discount_type, "discount_percentage" => $discount_percent, "discount_amount" => $discount_amount);
$entity['pdoInformation'][] = $onlyPrd;
}
}
VTWS_PreserveGlobal::flush();
return $entity;
}
function vtws_retrievedocattachment($all_ids, $returnfile, $user)
{
global $log, $adb;
$entities = array();
$docWSId = vtyiicpng_getWSEntityId('Documents');
$log->debug("Entering function vtws_retrievedocattachment");
$all_ids = "(" . str_replace($docWSId, '', $all_ids) . ")";
$query = "SELECT n.notesid, n.filename, n.filelocationtype\n FROM vtiger_notes n\n INNER JOIN vtiger_crmentity c ON c.crmid=n.notesid\n WHERE n.notesid in {$all_ids} and n.filelocationtype in ('I','E') and c.deleted=0";
$result = $adb->query($query);
$nr = $adb->num_rows($result);
for ($i = 0; $i < $nr; $i++) {
$id = $docWSId . $adb->query_result($result, $i, 'notesid');
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object ({$id}) is denied");
}
$ids = vtws_getIdComponents($id);
if (!$meta->exists($ids[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Document Record you are trying to access is not found");
}
$document_id = $ids[1];
$filetype = $adb->query_result($result, $i, 'filelocationtype');
if ($filetype == 'E') {
$entity["recordid"] = $adb->query_result($result, $i, 'notesid');
$entity["filetype"] = $fileType;
$entity["filename"] = $adb->query_result($result, $i, 'filename');
$entity["filesize"] = 0;
$entity["attachment"] = base64_encode('');
} elseif ($filetype == 'I') {
$entity = vtws_retrievedocattachment_get_attachment($document_id, true, $returnfile);
}
$entities[$id] = $entity;
VTWS_PreserveGlobal::flush();
}
// end for ids
$log->debug("Leaving function vtws_retrievedocattachment");
return $entities;
}
function cbws_getrecordimageinfo($id, $user)
{
global $log, $adb, $site_URL;
$log->debug("Entering function cbws_getrecordimageinfo({$id})");
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read entity is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$ids = vtws_getIdComponents($id);
$pdoid = $ids[1];
$rdo = array();
$query = 'select vtiger_attachments.name, vtiger_attachments.type, vtiger_attachments.attachmentsid, vtiger_attachments.path
from vtiger_attachments
inner join vtiger_crmentity on vtiger_crmentity.crmid = vtiger_attachments.attachmentsid
inner join vtiger_seattachmentsrel on vtiger_attachments.attachmentsid=vtiger_seattachmentsrel.attachmentsid
where (vtiger_crmentity.setype LIKE "%Image" or vtiger_crmentity.setype LIKE "%Attachment")
and deleted=0 and vtiger_seattachmentsrel.crmid=?';
$result_image = $adb->pquery($query, array($pdoid));
$rdo['results'] = $adb->num_rows($result_image);
$rdo['images'] = array();
while ($img = $adb->fetch_array($result_image)) {
$imga = array();
$imga['name'] = $img['name'];
$imga['path'] = $img['path'];
$imga['fullpath'] = $site_URL . '/' . $img['path'] . $img['attachmentsid'] . '_' . $img['name'];
$imga['type'] = $img['type'];
$imga['id'] = $img['attachmentsid'];
$rdo['images'][] = $imga;
}
VTWS_PreserveGlobal::flush();
$log->debug("Leaving function cbws_getrecordimageinfo");
return $rdo;
}
function vtws_listtypes($user)
{
try {
global $adb, $log;
vtws_preserveGlobal('current_user', $user);
//get All the modules the current user is permitted to Access.
$allModuleNames = getPermittedModuleNames();
if (array_search('Calendar', $allModuleNames) !== false) {
array_push($allModuleNames, 'Events');
}
//get All the CRM entity names.
$webserviceEntities = vtws_getWebserviceEntities();
$accessibleModules = array_values(array_intersect($webserviceEntities['module'], $allModuleNames));
$entities = $webserviceEntities['entity'];
$accessibleEntities = array();
foreach ($entities as $entity) {
$webserviceObject = VtigerWebserviceObject::fromName($adb, $entity);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
if ($meta->hasAccess() === true) {
array_push($accessibleEntities, $entity);
}
}
} catch (WebServiceException $exception) {
throw $exception;
} catch (Exception $exception) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, "An Database error occured while performing the operation");
}
$default_language = VTWS_PreserveGlobal::getGlobal('default_language');
$current_language = vtws_preserveGlobal('current_language', $default_language);
$appStrings = return_application_language($current_language);
$appListString = return_app_list_strings_language($current_language);
vtws_preserveGlobal('app_strings', $appStrings);
vtws_preserveGlobal('app_list_strings', $appListString);
$informationArray = array();
foreach ($accessibleModules as $module) {
$vtigerModule = $module == 'Events' ? 'Calendar' : $module;
$informationArray[$module] = array('isEntity' => true, 'label' => getTranslatedString($module, $vtigerModule), 'singular' => getTranslatedString('SINGLE_' . $module, $vtigerModule));
}
foreach ($accessibleEntities as $entity) {
$label = isset($appStrings[$entity]) ? $appStrings[$entity] : $entity;
$singular = isset($appStrings['SINGLE_' . $entity]) ? $appStrings['SINGLE_' . $entity] : $entity;
$informationArray[$entity] = array('isEntity' => false, 'label' => $label, 'singular' => $singular);
}
VTWS_PreserveGlobal::flush();
return array("types" => array_merge($accessibleModules, $accessibleEntities), 'information' => $informationArray);
}
function vtws_query($q, $user)
{
static $vtws_query_cache = array();
$adb = PearDatabase::getInstance();
$log = vglobal('log');
// Cache the instance for re-use
$moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/";
$moduleName = '';
if (preg_match($moduleRegex, $q, $m)) {
$moduleName = trim($m[1]);
}
if (!isset($vtws_create_cache[$moduleName]['webserviceobject'])) {
$webserviceObject = VtigerWebserviceObject::fromQuery($adb, $q);
$vtws_query_cache[$moduleName]['webserviceobject'] = $webserviceObject;
} else {
$webserviceObject = $vtws_query_cache[$moduleName]['webserviceobject'];
}
// END
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
// Cache the instance for re-use
if (!isset($vtws_query_cache[$moduleName]['handler'])) {
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$vtws_query_cache[$moduleName]['handler'] = $handler;
} else {
$handler = $vtws_query_cache[$moduleName]['handler'];
}
// END
// Cache the instance for re-use
if (!isset($vtws_query_cache[$moduleName]['meta'])) {
$meta = $handler->getMeta();
$vtws_query_cache[$moduleName]['meta'] = $meta;
} else {
$meta = $vtws_query_cache[$moduleName]['meta'];
}
// END
$types = vtws_listtypes(null, $user);
if (!in_array($webserviceObject->getEntityName(), $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if (!$meta->hasReadAccess()) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read is denied");
}
$result = $handler->query($q);
VTWS_PreserveGlobal::flush();
return $result;
}
function vtws_describe($elementType, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$types = vtws_listtypes(null, $user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$entity = $handler->describe($elementType);
VTWS_PreserveGlobal::flush();
return $entity;
}
function cbws_SearchGlobalVar($gvname, $defaultvalue, $gvmodule, $user)
{
global $log, $adb, $current_user;
$entityName = 'GlobalVariable';
$webserviceObject = VtigerWebserviceObject::fromName($adb, $entityName);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
if ($meta->hasReadAccess() !== true) {
return $defaultvalue;
}
require_once 'modules/GlobalVariable/GlobalVariable.php';
$rdo = GlobalVariable::getVariable($gvname, $defaultvalue, $gvmodule, $user->id);
VTWS_PreserveGlobal::flush();
return $rdo;
}
function vtws_query($q, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromQuery($adb, $q);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$types = vtws_listtypes(null, $user);
if (!in_array($webserviceObject->getEntityName(), $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if (!$meta->hasReadAccess()) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read is denied");
}
$result = $handler->query($q);
VTWS_PreserveGlobal::flush();
return $result;
}
/**
* @author MAK
*/
function vtws_deleteUser($id, $newOwnerId, $user)
{
global $log, $adb;
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes($user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied, EntityName = " . $entityName);
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$DELETE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found, idComponent = " . $idComponents);
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$newIdComponents = vtws_getIdComponents($newOwnerId);
if (empty($newIdComponents[1])) {
//force the default user to be the default admin user.
//added cause eazybusiness team is sending this value empty
$newIdComponents[1] = 1;
}
vtws_transferOwnership($idComponents[1], $newIdComponents[1]);
//delete from user vtiger_table;
$sql = "delete from vtiger_users where id=?";
vtws_runQueryAsTransaction($sql, array($idComponents[1]), $result);
VTWS_PreserveGlobal::flush();
return array("status" => "successful");
}
function cbws_getpdfdata($id, $user)
{
global $log, $adb;
$log->debug("Entering function vtws_getpdfdata");
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$objectName = $webserviceObject->getEntityName();
if (!in_array($objectName, array('Invoice', 'Quotes', 'SalesOrder', 'PurchaseOrder'))) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Only Inventory modules support PDF Output.");
}
$ids = vtws_getIdComponents($id);
$document_id = $ids[1];
$entity = get_module_pdf($objectName, $document_id);
VTWS_PreserveGlobal::flush();
$log->debug("Leaving function vtws_getpdfdata");
return $entity;
}
/**
* @author MAK
*/
function vtws_deleteUser($id, $newOwnerId, $user)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied, EntityName = " . $entityName);
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$DELETE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found, idComponent = " . $idComponents);
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$newIdComponents = vtws_getIdComponents($newOwnerId);
if (empty($newIdComponents[1])) {
//force the default user to be the default admin user.
$newIdComponents[1] = 1;
}
$userObj = new Users();
$userObj->transformOwnerShipAndDelete($idComponents[1], $newIdComponents[1]);
VTWS_PreserveGlobal::flush();
return array("status" => "successful");
}
function vtws_sync($mtime, $elementType, $user)
{
global $adb, $recordString, $modifiedTimeString;
$ignoreModules = array("");
$typed = true;
$dformat = "Y-m-d H:i:s";
$datetime = date($dformat, $mtime);
$setypeArray = array();
$setypeData = array();
$setypeHandler = array();
$setypeNoAccessArray = array();
if (!isset($elementType) || $elementType == '' || $elementType == null) {
$typed = false;
}
$adb->startTransaction();
$q = "select crmid,setype from vtiger_crmentity where modifiedtime >? and smownerid=? and deleted=0";
$params = array($datetime, $user->id);
if ($typed) {
$q = $q . " and setype=?";
array_push($params, $elementType);
}
$result = $adb->pquery($q, $params);
do {
if ($arre) {
if (strpos($arre["setype"], " ") === FALSE) {
if ($arre["setype"] == 'Calendar') {
$seType = vtws_getCalendarEntityType($arre['crmid']);
} else {
$seType = $arre["setype"];
}
if (array_search($seType, $ignoreModules) === FALSE) {
$setypeArray[$arre["crmid"]] = $seType;
if (!$setypeData[$seType]) {
$webserviceObject = VtigerWebserviceObject::fromName($adb, $seType);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$setypeHandler[$seType] = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $setypeHandler[$seType]->getMeta();
$setypeData[$seType] = new VtigerCRMObject(getTabId($meta->getEntityName()), true);
}
}
}
}
$arre = $adb->fetchByAssoc($result);
} while ($arre);
$output = array();
$output["updated"] = array();
foreach ($setypeArray as $key => $val) {
$handler = $setypeHandler[$val];
$meta = $handler->getMeta();
if (!$meta->hasAccess() || !$meta->hasWriteAccess() || !$meta->hasPermission(EntityMeta::$RETRIEVE, $key)) {
if (!$setypeNoAccessArray[$val]) {
$setypeNoAccessArray[] = $val;
}
continue;
}
try {
$error = $setypeData[$val]->read($key);
if (!$error) {
//Ignore records whose fetch results in an error.
continue;
}
$output["updated"][] = DataTransform::filterAndSanitize($setypeData[$val]->getFields(), $meta);
} catch (WebServiceException $e) {
//ignore records the user doesn't have access to.
continue;
} catch (Exception $e) {
throw new WebServiceException(WebServiceErrorCode::$INTERNALERROR, "Unknown Error while processing request");
}
}
$setypeArray = array();
$setypeData = array();
$q = "select crmid,setype,modifiedtime from vtiger_crmentity where modifiedtime >? and smownerid=? and deleted=1";
$params = array($datetime, $user->id);
if ($typed) {
$q = $q . " and setype=?";
array_push($params, $elementType);
}
$result = $adb->pquery($q, $params);
do {
if ($arre) {
if (strpos($arre["setype"], " ") === FALSE) {
if ($arre["setype"] == 'Calendar') {
$seType = vtws_getCalendarEntityType($arre['crmid']);
} else {
$seType = $arre["setype"];
}
if (array_search($seType, $ignoreModules) === FALSE) {
$setypeArray[$arre["crmid"]] = $seType;
if (!$setypeData[$seType]) {
$webserviceObject = VtigerWebserviceObject::fromName($adb, $seType);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$setypeHandler[$seType] = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $setypeHandler[$seType]->getMeta();
$setypeData[$seType] = new VtigerCRMObject(getTabId($meta->getEntityName()), true);
}
}
}
}
$arre = $adb->fetchByAssoc($result);
} while ($arre);
$output["deleted"] = array();
foreach ($setypeArray as $key => $val) {
$handler = $setypeHandler[$val];
$meta = $handler->getMeta();
if (!$meta->hasAccess() || !$meta->hasWriteAccess()) {
if (!$setypeNoAccessArray[$val]) {
$setypeNoAccessArray[] = $val;
}
continue;
}
$output["deleted"][] = vtws_getId($meta->getEntityId(), $key);
}
$q = "select max(modifiedtime) as modifiedtime from vtiger_crmentity where modifiedtime >? and smownerid=?";
$params = array($datetime, $user->id);
if ($typed) {
$q = $q . " and setype=?";
array_push($params, $elementType);
} else {
if (sizeof($setypeNoAccessArray) > 0) {
$q = $q . " and setype not in ('" . generateQuestionMarks($setypeNoAccessArray) . "')";
array_push($params, $setypeNoAccessArray);
}
}
$result = $adb->pquery($q, $params);
$arre = $adb->fetchByAssoc($result);
$modifiedtime = $arre['modifiedtime'];
if (!$modifiedtime) {
$modifiedtime = $mtime;
} else {
$modifiedtime = vtws_getSeconds($modifiedtime);
}
if (is_string($modifiedtime)) {
$modifiedtime = intval($modifiedtime);
}
$output['lastModifiedTime'] = $modifiedtime;
$error = $adb->hasFailedTransaction();
$adb->completeTransaction();
if ($error) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, "Database error while performing required operation");
}
VTWS_PreserveGlobal::flush();
return $output;
}
/**
* @param String $term: search term
* @param String $filter: operator to use: eq, neq, startswith, endswith, contains
* @param String $searchinmodule: valid module to search in
* @param String $fields: comma separated list of fields to search in
* @param String $returnfields: comma separated list of fields to return as result, if empty $fields will be returned
* @param Number $limit: maximum number of values to return
* @param Users $user
* @return Array values found: crmid => array($returnfields)
*/
function getFieldAutocomplete($term, $filter, $searchinmodule, $fields, $returnfields, $limit, $user)
{
global $current_user, $log, $adb, $default_charset;
$respuesta = array();
if (empty($searchinmodule) or empty($fields)) {
return $respuesta;
}
if (!(vtlib_isModuleActive($searchinmodule) and isPermitted($searchinmodule, 'DetailView'))) {
return $respuesta;
}
if (empty($returnfields)) {
$returnfields = $fields;
}
if (empty($limit)) {
$limit = 30;
}
// hard coded default
if (empty($term)) {
$term = '%';
$op = 'like';
} else {
switch ($filter) {
case 'eq':
$op = 'e';
break;
case 'neq':
$op = 'n';
break;
case 'startswith':
$op = 's';
break;
case 'endswith':
$op = 'ew';
break;
case 'contains':
$op = 'c';
break;
default:
$op = 'e';
break;
}
}
$current_user = VTWS_PreserveGlobal::preserveGlobal('current_user', $user);
$smod = new $searchinmodule();
$sindex = $smod->table_index;
$queryGenerator = new QueryGenerator($searchinmodule, $current_user);
$sfields = explode(',', $fields);
$rfields = explode(',', $returnfields);
$flds = array_unique(array_merge($rfields, $sfields, array('id')));
$queryGenerator->setFields($flds);
foreach ($sfields as $sfld) {
$queryGenerator->addCondition($sfld, $term, $op);
}
$query = $queryGenerator->getQuery();
$rsemp = $adb->query($query);
global $log;
$log->fatal($rsemp);
$wsid = vtyiicpng_getWSEntityId($searchinmodule);
while ($emp = $adb->fetch_array($rsemp)) {
$rsp = array();
foreach ($rfields as $rf) {
$rsp[$rf] = html_entity_decode($emp[$rf], ENT_QUOTES, $default_charset);
}
$respuesta[] = array('crmid' => $wsid . $emp[$sindex], 'crmfields' => $rsp);
if (count($respuesta) >= $limit) {
break;
}
}
VTWS_PreserveGlobal::flush();
return $respuesta;
}
function vtws_update($element, $user)
{
global $log, $adb;
$idList = vtws_getIdComponents($element['id']);
$webserviceObject = VtigerWebserviceObject::fromId($adb, $idList[0]);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($element['id']);
$types = vtws_listtypes(null, $user);
if (!in_array($entityName, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$UPDATE, $element['id'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
if (!$meta->exists($idList[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if ($referenceObject->getEntityName() == 'Users') {
if (!$meta->hasAssignPrivilege($element[$fieldName])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied " . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
$meta->hasMandatoryFields($element);
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
// Product line support
if (($entityName == 'Quotes' || $entityName == 'PurchaseOrder' || $entityName == 'SalesOrder' || $entityName == 'Invoice') && is_array($element['pdoInformation'])) {
include_once 'include/Webservices/ProductLines.php';
} else {
$_REQUEST['action'] = $entityName . 'Ajax';
}
if ($entityName == 'HelpDesk') {
//Added to construct the update log for Ticket history
$colflds = $element;
list($void, $colflds['assigned_user_id']) = explode('x', $colflds['assigned_user_id']);
$updlog = HelpDesk::getUpdateLogEditMessage($idList[1], $colflds);
$updlog = from_html($updlog, true);
}
$entity = $handler->update($element);
if ($entityName == 'HelpDesk') {
$adb->pquery('update vtiger_troubletickets set update_log=? where ticketid=?', array($updlog, $idList[1]));
}
VTWS_PreserveGlobal::flush();
return $entity;
}
function vtws_listtypes($fieldTypeList, $user)
{
// Bulk Save Mode: For re-using information
static $webserviceEntities = false;
// END
static $types = array();
if (!empty($fieldTypeList)) {
$fieldTypeList = array_map(strtolower, $fieldTypeList);
sort($fieldTypeList);
$fieldTypeString = implode(',', $fieldTypeList);
} else {
$fieldTypeString = 'all';
}
if (!empty($types[$user->id][$fieldTypeString])) {
return $types[$user->id][$fieldTypeString];
}
try {
global $log;
/**
* @var PearDatabase
*/
$db = PearDatabase::getInstance();
vtws_preserveGlobal('current_user', $user);
//get All the modules the current user is permitted to Access.
$allModuleNames = getPermittedModuleNames();
if (array_search('Calendar', $allModuleNames) !== false) {
array_push($allModuleNames, 'Events');
}
if (!empty($fieldTypeList)) {
$sql = "SELECT distinct(vtiger_field.tabid) as tabid FROM vtiger_field LEFT JOIN vtiger_ws_fieldtype ON " . "vtiger_field.uitype=vtiger_ws_fieldtype.uitype\n\t\t\t\t INNER JOIN vtiger_profile2field ON vtiger_field.fieldid = vtiger_profile2field.fieldid\n\t\t\t\t INNER JOIN vtiger_def_org_field ON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t\t INNER JOIN vtiger_role2profile ON vtiger_profile2field.profileid = vtiger_role2profile.profileid\n\t\t\t\t INNER JOIN vtiger_user2role ON vtiger_user2role.roleid = vtiger_role2profile.roleid\n\t\t\t\t where vtiger_profile2field.visible=0 and vtiger_def_org_field.visible = 0\n\t\t\t\t and vtiger_field.presence in (0,2)\n\t\t\t\t and vtiger_user2role.userid=? and fieldtype in (" . generateQuestionMarks($fieldTypeList) . ')';
$params = array();
$params[] = $user->id;
foreach ($fieldTypeList as $fieldType) {
$params[] = $fieldType;
}
$result = $db->pquery($sql, $params);
$it = new SqlResultIterator($db, $result);
$moduleList = array();
foreach ($it as $row) {
$moduleList[] = getTabModuleName($row->tabid);
}
$allModuleNames = array_intersect($moduleList, $allModuleNames);
$params = $fieldTypeList;
$sql = "select name from vtiger_ws_entity inner join vtiger_ws_entity_tables on " . "vtiger_ws_entity.id=vtiger_ws_entity_tables.webservice_entity_id inner join " . "vtiger_ws_entity_fieldtype on vtiger_ws_entity_fieldtype.table_name=" . "vtiger_ws_entity_tables.table_name where fieldtype=(" . generateQuestionMarks($fieldTypeList) . ')';
$result = $db->pquery($sql, $params);
$it = new SqlResultIterator($db, $result);
$entityList = array();
foreach ($it as $row) {
$entityList[] = $row->name;
}
}
//get All the CRM entity names.
if ($webserviceEntities === false || !CRMEntity::isBulkSaveMode()) {
// Bulk Save Mode: For re-using information
$webserviceEntities = vtws_getWebserviceEntities();
}
$accessibleModules = array_values(array_intersect($webserviceEntities['module'], $allModuleNames));
$entities = $webserviceEntities['entity'];
$accessibleEntities = array();
if (empty($fieldTypeList)) {
foreach ($entities as $entity) {
$webserviceObject = VtigerWebserviceObject::fromName($db, $entity);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $db, $log);
$meta = $handler->getMeta();
if ($meta->hasAccess() === true) {
array_push($accessibleEntities, $entity);
}
}
}
} catch (WebServiceException $exception) {
throw $exception;
} catch (Exception $exception) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, "An Database error occured while performing the operation");
}
$default_language = VTWS_PreserveGlobal::getGlobal('default_language');
global $current_language;
if (empty($current_language)) {
$current_language = $default_language;
}
$current_language = vtws_preserveGlobal('current_language', $current_language);
$appStrings = return_application_language($current_language);
$appListString = return_app_list_strings_language($current_language);
vtws_preserveGlobal('app_strings', $appStrings);
vtws_preserveGlobal('app_list_strings', $appListString);
$informationArray = array();
foreach ($accessibleModules as $module) {
$vtigerModule = $module == 'Events' ? 'Calendar' : $module;
$informationArray[$module] = array('isEntity' => true, 'label' => getTranslatedString($module, $vtigerModule), 'singular' => getTranslatedString('SINGLE_' . $module, $vtigerModule));
}
foreach ($accessibleEntities as $entity) {
$label = isset($appStrings[$entity]) ? $appStrings[$entity] : $entity;
$singular = isset($appStrings['SINGLE_' . $entity]) ? $appStrings['SINGLE_' . $entity] : $entity;
$informationArray[$entity] = array('isEntity' => false, 'label' => $label, 'singular' => $singular);
}
VTWS_PreserveGlobal::flush();
$types[$user->id][$fieldTypeString] = array("types" => array_merge($accessibleModules, $accessibleEntities), 'information' => $informationArray);
return $types[$user->id][$fieldTypeString];
}
function vtws_create($elementType, $element, $user)
{
$types = vtws_listtypes(null, $user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$adb = PearDatabase::getInstance();
$log = vglobal('log');
// Cache the instance for re-use
if (!isset($vtws_create_cache[$elementType]['webserviceobject'])) {
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$vtws_create_cache[$elementType]['webserviceobject'] = $webserviceObject;
} else {
$webserviceObject = $vtws_create_cache[$elementType]['webserviceobject'];
}
// END
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if ($referenceObject->getEntityName() == 'Users') {
if (!$meta->hasAssignPrivilege($element[$fieldName])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied" . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
if ($meta->hasMandatoryFields($element)) {
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
$entity = $handler->create($elementType, $element);
VTWS_PreserveGlobal::flush();
return $entity;
} else {
return null;
}
}
function vtws_sync($mtime, $elementType, $syncType, $user)
{
global $adb, $recordString, $modifiedTimeString;
$numRecordsLimit = 100;
$ignoreModules = array("Users");
$typed = true;
$dformat = "Y-m-d H:i:s";
$datetime = date($dformat, $mtime);
$setypeArray = array();
$setypeData = array();
$setypeHandler = array();
$setypeNoAccessArray = array();
$output = array();
$output["updated"] = array();
$output["deleted"] = array();
$applicationSync = false;
if (is_object($syncType) && $syncType instanceof Users) {
$user = $syncType;
} else {
if ($syncType == 'application') {
$applicationSync = true;
} else {
if ($syncType == 'userandgroup') {
$userAndGroupSync = true;
}
}
}
if ($applicationSync && !is_admin($user)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Only admin users can perform application sync");
}
$ownerIds = array($user->id);
// To get groupids in which this user exist
if ($userAndGroupSync) {
$groupresult = $adb->pquery("select groupid from vtiger_users2group where userid=?", array($user->id));
$numOfRows = $adb->num_rows($groupresult);
if ($numOfRows > 0) {
for ($i = 0; $i < $numOfRows; $i++) {
$ownerIds[count($ownerIds)] = $adb->query_result($groupresult, $i, "groupid");
}
}
}
// End
if (!isset($elementType) || $elementType == '' || $elementType == null) {
$typed = false;
}
$adb->startTransaction();
$accessableModules = array();
$entityModules = array();
$modulesDetails = vtws_listtypes(null, $user);
$moduleTypes = $modulesDetails['types'];
$modulesInformation = $modulesDetails["information"];
foreach ($modulesInformation as $moduleName => $entityInformation) {
if ($entityInformation["isEntity"]) {
$entityModules[] = $moduleName;
}
}
if (!$typed) {
$accessableModules = $entityModules;
} else {
if (!in_array($elementType, $entityModules)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
$accessableModules[] = $elementType;
}
$accessableModules = array_diff($accessableModules, $ignoreModules);
if (count($accessableModules) <= 0) {
$output['lastModifiedTime'] = $mtime;
$output['more'] = false;
return $output;
}
if ($typed) {
$handler = vtws_getModuleHandlerFromName($elementType, $user);
$moduleMeta = $handler->getMeta();
$entityDefaultBaseTables = $moduleMeta->getEntityDefaultTableList();
//since there will be only one base table for all entities
$baseCRMTable = $entityDefaultBaseTables[0];
if ($elementType == "Calendar" || $elementType == "Events") {
$baseCRMTable = getSyncQueryBaseTable($elementType);
}
} else {
$baseCRMTable = " vtiger_crmentity ";
}
//modifiedtime - next token
$q = "SELECT modifiedtime FROM {$baseCRMTable} WHERE modifiedtime>? and setype IN(" . generateQuestionMarks($accessableModules) . ") ";
$params = array($datetime);
foreach ($accessableModules as $entityModule) {
if ($entityModule == "Events") {
$entityModule = "Calendar";
}
$params[] = $entityModule;
}
if (!$applicationSync) {
$q .= ' and smownerid IN(' . generateQuestionMarks($ownerIds) . ')';
$params = array_merge($params, $ownerIds);
}
$q .= " order by modifiedtime limit {$numRecordsLimit}";
$result = $adb->pquery($q, $params);
$modTime = array();
for ($i = 0; $i < $adb->num_rows($result); $i++) {
$modTime[] = $adb->query_result($result, $i, 'modifiedtime');
}
if (!empty($modTime)) {
$maxModifiedTime = max($modTime);
}
if (!$maxModifiedTime) {
$maxModifiedTime = $datetime;
}
foreach ($accessableModules as $elementType) {
$handler = vtws_getModuleHandlerFromName($elementType, $user);
$moduleMeta = $handler->getMeta();
$deletedQueryCondition = $moduleMeta->getEntityDeletedQuery();
preg_match_all("/(?:\\s+\\w+[ \t\n\r]+)?([^=]+)\\s*=([^\\s]+|'[^']+')/", $deletedQueryCondition, $deletedFieldDetails);
$fieldNameDetails = $deletedFieldDetails[1];
$deleteFieldValues = $deletedFieldDetails[2];
$deleteColumnNames = array();
foreach ($fieldNameDetails as $tableName_fieldName) {
$fieldComp = explode(".", $tableName_fieldName);
$deleteColumnNames[$tableName_fieldName] = $fieldComp[1];
}
$params = array($moduleMeta->getTabName(), $datetime, $maxModifiedTime);
$queryGenerator = new QueryGenerator($elementType, $user);
$fields = array();
$moduleFields = $moduleMeta->getModuleFields();
$moduleFieldNames = getSelectClauseFields($elementType, $moduleMeta, $user);
$moduleFieldNames[] = 'id';
$queryGenerator->setFields($moduleFieldNames);
$selectClause = "SELECT " . $queryGenerator->getSelectClauseColumnSQL();
// adding the fieldnames that are present in the delete condition to the select clause
// since not all fields present in delete condition will be present in the fieldnames of the module
foreach ($deleteColumnNames as $table_fieldName => $columnName) {
if (!in_array($columnName, $moduleFieldNames)) {
$selectClause .= ", " . $table_fieldName;
}
}
if ($elementType == "Emails") {
$fromClause = vtws_getEmailFromClause();
} else {
$fromClause = $queryGenerator->getFromClause();
}
$fromClause .= " INNER JOIN (select modifiedtime, crmid,deleted,setype FROM {$baseCRMTable} WHERE setype=? and modifiedtime >? and modifiedtime<=?";
if (!$applicationSync) {
$fromClause .= 'and smownerid IN(' . generateQuestionMarks($ownerIds) . ')';
$params = array_merge($params, $ownerIds);
}
$fromClause .= ' ) vtiger_ws_sync ON (vtiger_crmentity.crmid = vtiger_ws_sync.crmid)';
$q = $selectClause . " " . $fromClause;
$result = $adb->pquery($q, $params);
$recordDetails = array();
$deleteRecordDetails = array();
while ($arre = $adb->fetchByAssoc($result)) {
$key = $arre[$moduleMeta->getIdColumn()];
if (vtws_isRecordDeleted($arre, $deleteColumnNames, $deleteFieldValues)) {
if (!$moduleMeta->hasAccess()) {
continue;
}
$output["deleted"][] = vtws_getId($moduleMeta->getEntityId(), $key);
} else {
if (!$moduleMeta->hasAccess() || !$moduleMeta->hasPermission(EntityMeta::$RETRIEVE, $key)) {
continue;
}
try {
$output["updated"][] = DataTransform::sanitizeDataWithColumn($arre, $moduleMeta);
} catch (WebServiceException $e) {
//ignore records the user doesn't have access to.
continue;
} catch (Exception $e) {
throw new WebServiceException(WebServiceErrorCode::$INTERNALERROR, "Unknown Error while processing request");
}
}
}
}
$q = "SELECT crmid FROM {$baseCRMTable} WHERE modifiedtime>? and setype IN(" . generateQuestionMarks($accessableModules) . ")";
$params = array($maxModifiedTime);
foreach ($accessableModules as $entityModule) {
if ($entityModule == "Events") {
$entityModule = "Calendar";
}
$params[] = $entityModule;
}
if (!$applicationSync) {
$q .= 'and smownerid IN(' . generateQuestionMarks($ownerIds) . ')';
$params = array_merge($params, $ownerIds);
}
$result = $adb->pquery($q, $params);
if ($adb->num_rows($result) > 0) {
$output['more'] = true;
} else {
$output['more'] = false;
}
if (!$maxModifiedTime) {
$modifiedtime = $mtime;
} else {
$modifiedtime = vtws_getSeconds($maxModifiedTime);
}
if (is_string($modifiedtime)) {
$modifiedtime = intval($modifiedtime);
}
$output['lastModifiedTime'] = $modifiedtime;
$error = $adb->hasFailedTransaction();
$adb->completeTransaction();
if ($error) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$DATABASEQUERYERROR));
}
VTWS_PreserveGlobal::flush();
return $output;
}
function vtws_create($elementType, $element, $user)
{
$types = vtws_listtypes(null, $user);
if (!in_array($elementType, $types['types'])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied");
}
global $log, $adb;
if (!empty($element['relations'])) {
$relations = $element['relations'];
unset($element['relations']);
}
// Cache the instance for re-use
if (!isset($vtws_create_cache[$elementType]['webserviceobject'])) {
$webserviceObject = VtigerWebserviceObject::fromName($adb, $elementType);
$vtws_create_cache[$elementType]['webserviceobject'] = $webserviceObject;
} else {
$webserviceObject = $vtws_create_cache[$elementType]['webserviceobject'];
}
// END
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
if ($meta->hasWriteAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
$referenceFields = $meta->getReferenceFieldDetails();
foreach ($referenceFields as $fieldName => $details) {
if (isset($element[$fieldName]) && strlen($element[$fieldName]) > 0) {
$ids = vtws_getIdComponents($element[$fieldName]);
$elemTypeId = $ids[0];
$elemId = $ids[1];
$referenceObject = VtigerWebserviceObject::fromId($adb, $elemTypeId);
if (!in_array($referenceObject->getEntityName(), $details)) {
throw new WebServiceException(WebServiceErrorCode::$REFERENCEINVALID, "Invalid reference specified for {$fieldName}");
}
if ($referenceObject->getEntityName() == 'Users') {
if (!$meta->hasAssignPrivilege($element[$fieldName])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
if (!in_array($referenceObject->getEntityName(), $types['types']) && $referenceObject->getEntityName() != 'Users') {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access reference type is denied" . $referenceObject->getEntityName());
}
} else {
if ($element[$fieldName] !== NULL) {
unset($element[$fieldName]);
}
}
}
if ($meta->hasMandatoryFields($element)) {
$ownerFields = $meta->getOwnerFields();
if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
foreach ($ownerFields as $ownerField) {
if (isset($element[$ownerField]) && $element[$ownerField] !== null && !$meta->hasAssignPrivilege($element[$ownerField])) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Cannot assign record to the given user");
}
}
}
// Product line support
if (($elementType == 'Quotes' || $elementType == 'PurchaseOrder' || $elementType == 'SalesOrder' || $elementType == 'Invoice') && is_array($element['pdoInformation'])) {
include 'include/Webservices/ProductLines.php';
} else {
$_REQUEST['action'] = $elementType . 'Ajax';
}
if ($elementType == 'HelpDesk') {
//Added to construct the update log for Ticket history
$colflds = $element;
list($void, $colflds['assigned_user_id']) = explode('x', $colflds['assigned_user_id']);
$grp_name = fetchGroupName($colflds['assigned_user_id']);
$assigntype = $grp_name != '' ? 'T' : 'U';
$updlog = HelpDesk::getUpdateLogCreateMessage($colflds, $grp_name, $assigntype);
$updlog = from_html($updlog, false);
}
$entity = $handler->create($elementType, $element);
if ($elementType == 'HelpDesk') {
list($wsid, $newrecid) = vtws_getIdComponents($entity['id']);
$adb->pquery('update vtiger_troubletickets set update_log=? where ticketid=?', array($updlog, $newrecid));
}
// Establish relations
if (!empty($relations)) {
list($wsid, $newrecid) = vtws_getIdComponents($entity['id']);
$modname = $meta->getEntityName();
vtws_internal_setrelation($newrecid, $modname, $relations);
}
VTWS_PreserveGlobal::flush();
return $entity;
} else {
return null;
}
}
function vtws_addTicketFaqComment($id, $values, $user)
{
global $log, $adb, $current_user;
$webserviceObject = VtigerWebserviceObject::fromId($adb, $id);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($id);
if ($entityName !== 'HelpDesk' and $entityName !== 'Faq') {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Invalid module specified. Must be HelpDesk or Faq");
}
if ($meta->hasReadAccess() !== true) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to write is denied");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $id)) {
throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to read given object is denied");
}
$idComponents = vtws_getIdComponents($id);
if (!$meta->exists($idComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$comment = trim($values['comments']);
if (empty($comment)) {
throw new WebServiceException(WebServiceErrorCode::$MANDFIELDSMISSING, "Comment empty.");
}
$current_time = $adb->formatDate(date('Y-m-d H:i:s'), true);
if ($entityName == 'HelpDesk') {
if ($values['from_portal'] != 1) {
$ownertype = 'user';
if (!empty($user)) {
$ownerId = $user->id;
} elseif (!empty($current_user)) {
$ownerId = $current_user->id;
} else {
$ownerId = 1;
}
//get the user email
$result = $adb->pquery("SELECT email1 FROM vtiger_users WHERE id=?", array($ownerId));
$fromname = getUserFullName($ownerId);
} else {
$ownertype = 'customer';
$webserviceObject = VtigerWebserviceObject::fromId($adb, $values['parent_id']);
$handlerPath = $webserviceObject->getHandlerPath();
$handlerClass = $webserviceObject->getHandlerClass();
require_once $handlerPath;
$handler = new $handlerClass($webserviceObject, $user, $adb, $log);
$meta = $handler->getMeta();
$entityName = $meta->getObjectEntityName($values['parent_id']);
if ($entityName !== 'Contacts') {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Invalid owner module specified. Must be Contacts");
}
if ($entityName !== $webserviceObject->getEntityName()) {
throw new WebServiceException(WebServiceErrorCode::$INVALIDID, "Id specified is incorrect");
}
$pidComponents = vtws_getIdComponents($values['parent_id']);
if (!$meta->exists($pidComponents[1])) {
throw new WebServiceException(WebServiceErrorCode::$RECORDNOTFOUND, "Record you are trying to access is not found");
}
$ownerId = $pidComponents[1];
//get the contact email id who creates the ticket from portal and use this email as from email id in email
$result = $adb->pquery("SELECT email FROM vtiger_contactdetails WHERE contactid=?", array($ownerId));
$ename = getEntityName('Contacts', $ownerId);
$fromname = $ename[$ownerId];
}
$sql = "insert into vtiger_ticketcomments values(?,?,?,?,?,?)";
$params = array('', $idComponents[1], $comment, $ownerId, $ownertype, $current_time);
//send mail to the assigned to user when customer add comment
$toresult = $adb->pquery("SELECT email1,first_name\n\t\t\t\t\tFROM vtiger_users\n\t\t\t\t\tINNER JOIN vtiger_crmentity on smownerid=id\n\t\t\t\t\tINNER JOIN vtiger_troubletickets on ticketid=crmid\n\t\t\t\t\tWHERE ticketid=?", array($idComponents[1]));
$to_email = $adb->query_result($toresult, 0, 0);
$ownerName = $adb->query_result($toresult, 0, 1);
$moduleName = 'HelpDesk';
$subject = getTranslatedString('LBL_RESPONDTO_TICKETID', $moduleName) . "##" . $idComponents[1] . "##" . getTranslatedString('LBL_CUSTOMER_PORTAL', $moduleName);
$contents = getTranslatedString('Dear', $moduleName) . " " . $ownerName . "," . "<br><br>" . getTranslatedString('LBL_CUSTOMER_COMMENTS', $moduleName) . "<br><br>\n\t\t\t\t\t<b>" . $comment . "</b><br><br>" . getTranslatedString('LBL_RESPOND', $moduleName) . "<br><br>" . getTranslatedString('LBL_REGARDS', $moduleName) . "<br>" . getTranslatedString('LBL_SUPPORT_ADMIN', $moduleName);
$from_email = $adb->query_result($result, 0, 0);
//send mail to assigned to user
$mail_status = send_mail('HelpDesk', $to_email, $fromname, $from_email, $subject, $contents);
} else {
$sql = "insert into vtiger_faqcomments values(?, ?, ?, ?)";
$params = array('', $idComponents[1], $comment, $current_time);
}
$adb->pquery($sql, $params);
VTWS_PreserveGlobal::flush();
return array('success' => true);
}
function retrieveMeta()
{
require_once 'modules/CustomView/CustomView.php';
$current_user = vtws_preserveGlobal('current_user', $this->user);
$theme = vtws_preserveGlobal('theme', $this->user->theme);
$default_language = VTWS_PreserveGlobal::getGlobal('default_language');
$current_language = vtws_preserveGlobal('current_language', $default_language);
$this->computeAccess();
$cv = new CustomView();
$module_info = $cv->getCustomViewModuleInfo($this->getTabName());
$blockArray = array();
foreach ($cv->module_list[$this->getTabName()] as $label => $blockList) {
$blockArray = array_merge($blockArray, explode(',', $blockList));
}
$this->retrieveMetaForBlock($blockArray);
$this->meta = true;
VTWS_PreserveGlobal::flush();
}
