/** * pre processing work done here. * * @param * @return void * * @access public * */ function preProcess() { $this->_mode = CRM_Profile_Form::MODE_CREATE; //set the context for the profile $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); if ($this->_context) { $this->assign('context', $this->_context); } if ($this->get('skipPermission')) { $this->_skipPermission = true; } if ($this->get('edit')) { //this is edit mode. $this->_mode = CRM_Profile_Form::MODE_EDIT; // make sure we have right permission to edit this user $session =& CRM_Core_Session::singleton(); $userID = $session->get('userID'); $id = CRM_Utils_Request::retrieve('id', 'Positive', $this, false, $userID); require_once 'CRM/Contact/BAO/Contact/Utils.php'; if ($id != $userID) { // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228 require_once 'CRM/Contact/BAO/Contact/Permission.php'; $config =& CRM_Core_Config::singleton(); if ($config->userFrameworkFrontend) { CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($id, $this); } else { CRM_Contact_BAO_Contact_Permission::validateChecksumContact($id, $this); } $this->_isPermissionedChecksum = true; } } parent::preProcess(); // make sure the gid is set and valid if (!$this->_gid) { CRM_Core_Error::fatal(ts('The requested Profile (gid=%1) is disabled, OR there is no Profile with that ID, OR a valid \'gid=\' integer value is missing from the URL. Contact the site administrator if you need assistance.', array(1 => $this->_gid))); } // and also the profile is of type 'Profile' $query = "\nSELECT module\n FROM civicrm_uf_join\n WHERE module = 'Profile'\n AND uf_group_id = %1\n"; $params = array(1 => array($this->_gid, 'Integer')); $dao =& CRM_Core_DAO::executeQuery($query, $params); if (!$dao->fetch()) { CRM_Core_Error::fatal(ts('The requested Profile (gid=%1) is not configured to be used for \'Profile\' edit and view forms in its Settings. Contact the site administrator if you need assistance.', array(1 => $this->_gid))); } }
/** * Run the page. * * This method is called after the page is created. It checks for the * type of action and executes that action. * * @return void */ public function run() { $template = CRM_Core_Smarty::singleton(); if ($this->_id && $this->_gid) { // first check that id is part of the limit group id, CRM-4822 $limitListingsGroupsID = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'limit_listings_group_id'); $config = CRM_Core_Config::singleton(); if ($limitListingsGroupsID) { if (!CRM_Contact_BAO_GroupContact::isContactInGroup($this->_id, $limitListingsGroupsID)) { CRM_Utils_System::setTitle(ts('Profile View - Permission Denied')); return CRM_Core_Session::setStatus(ts('You do not have permission to view this contact record. Contact the site administrator if you need assistance.'), ts('Permission Denied'), 'error'); } } $session = CRM_Core_Session::singleton(); $userID = $session->get('userID'); $this->_isPermissionedChecksum = $allowPermission = FALSE; $permissionType = CRM_Core_Permission::VIEW; if (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id)) { $allowPermission = TRUE; } if ($this->_id != $userID) { // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228 if ($config->userFrameworkFrontend) { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE); if (!$this->_isPermissionedChecksum) { $this->_isPermissionedChecksum = $allowPermission; } } else { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE); } } // CRM-10853 // Users with create or edit permission should be allowed to view their own profile if ($this->_id == $userID || $this->_isPermissionedChecksum) { if (!CRM_Core_Permission::check('profile view')) { if (CRM_Core_Permission::check('profile create') || CRM_Core_Permission::check('profile edit')) { $this->_skipPermission = TRUE; } } } // make sure we dont expose all fields based on permission $admin = FALSE; if (!$config->userFrameworkFrontend && $allowPermission || $this->_id == $userID || $this->_isPermissionedChecksum) { $admin = TRUE; } $values = array(); $fields = CRM_Core_BAO_UFGroup::getFields($this->_profileIds, FALSE, CRM_Core_Action::VIEW, NULL, NULL, FALSE, $this->_restrict, $this->_skipPermission, NULL, $permissionType); if ($this->_multiRecord & CRM_Core_Action::VIEW && $this->_recordId && !$this->_allFields) { CRM_Core_BAO_UFGroup::shiftMultiRecordFields($fields, $multiRecordFields); $fields = $multiRecordFields; } if ($this->_isContactActivityProfile && $this->_gid) { $errors = CRM_Profile_Form::validateContactActivityProfile($this->_activityId, $this->_id, $this->_gid); if (!empty($errors)) { CRM_Core_Error::fatal(array_pop($errors)); } } //reformat fields array foreach ($fields as $name => $field) { // also eliminate all formatting fields if (CRM_Utils_Array::value('field_type', $field) == 'Formatting') { unset($fields[$name]); } // make sure that there is enough permission to expose this field if (!$admin && $field['visibility'] == 'User and User Admin Only') { unset($fields[$name]); } } if ($this->_isContactActivityProfile) { $contactFields = $activityFields = array(); foreach ($fields as $fieldName => $field) { if (CRM_Utils_Array::value('field_type', $field) == 'Activity') { $activityFields[$fieldName] = $field; } else { $contactFields[$fieldName] = $field; } } CRM_Core_BAO_UFGroup::getValues($this->_id, $contactFields, $values); if ($this->_activityId) { CRM_Core_BAO_UFGroup::getValues(NULL, $activityFields, $values, TRUE, array(array('activity_id', '=', $this->_activityId, 0, 0))); } } else { $customWhereClause = NULL; if ($this->_multiRecord & CRM_Core_Action::VIEW && $this->_recordId) { if ($this->_allFields) { $copyFields = $fields; CRM_Core_BAO_UFGroup::shiftMultiRecordFields($copyFields, $multiRecordFields); $fieldKey = key($multiRecordFields); } else { $fieldKey = key($fields); } if ($fieldID = CRM_Core_BAO_CustomField::getKeyID($fieldKey)) { $tableColumnGroup = CRM_Core_BAO_CustomField::getTableColumnGroup($fieldID); $columnName = "{$tableColumnGroup[0]}.id"; $customWhereClause = $columnName . ' = ' . $this->_recordId; } } CRM_Core_BAO_UFGroup::getValues($this->_id, $fields, $values, TRUE, NULL, FALSE, $customWhereClause); } // $profileFields array can be used for customized display of field labels and values in Profile/View.tpl $profileFields = array(); $labels = array(); foreach ($fields as $name => $field) { //CRM-14338 // Create a unique, non-empty index for each field. $index = $field['title']; if ($index === '') { $index = ' '; } while (array_key_exists($index, $labels)) { $index .= ' '; } $labels[$index] = preg_replace('/\\s+|\\W+/', '_', $name); } foreach ($values as $title => $value) { $profileFields[$labels[$title]] = array('label' => $title, 'value' => $value); } $template->assign_by_ref('row', $values); $template->assign_by_ref('profileFields', $profileFields); } $name = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'name'); $this->assign('ufGroupName', $name); CRM_Utils_Hook::viewProfile($name); if (strtolower($name) == 'summary_overlay') { $template->assign('overlayProfile', TRUE); } if ($this->_multiRecord & CRM_Core_Action::VIEW && $this->_recordId && !$this->_allFields) { $fieldDetail = reset($fields); $fieldId = CRM_Core_BAO_CustomField::getKeyID($fieldDetail['name']); $customGroupDetails = CRM_Core_BAO_CustomGroup::getGroupTitles(array($fieldId)); $multiRecTitle = $customGroupDetails[$fieldId]['groupTitle']; } else { $title = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'title'); } //CRM-4131. $displayName = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $this->_id, 'display_name'); if ($displayName) { $session = CRM_Core_Session::singleton(); $config = CRM_Core_Config::singleton(); if ($session->get('userID') && CRM_Core_Permission::check('access CiviCRM') && CRM_Contact_BAO_Contact_Permission::allow($session->get('userID'), CRM_Core_Permission::VIEW) && !$config->userFrameworkFrontend) { $contactViewUrl = CRM_Utils_System::url('civicrm/contact/view', "action=view&reset=1&cid={$this->_id}", TRUE); $this->assign('displayName', $displayName); $displayName = "<a href=\"{$contactViewUrl}\">{$displayName}</a>"; } $title .= ' - ' . $displayName; } $title = isset($multiRecTitle) ? ts('View %1 Record', array(1 => $multiRecTitle)) : $title; CRM_Utils_System::setTitle($title); // invoke the pagRun hook, CRM-3906 CRM_Utils_Hook::pageRun($this); return trim($template->fetch($this->getHookedTemplateFileName())); }
/** * Pre processing work done here. * * @param * * @return void */ public function preProcess() { $this->_mode = CRM_Profile_Form::MODE_CREATE; $this->_onPopupClose = CRM_Utils_Request::retrieve('onPopupClose', 'String', $this); $this->assign('onPopupClose', $this->_onPopupClose); //set the context for the profile $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); //set the block no $this->_blockNo = CRM_Utils_Request::retrieve('blockNo', 'String', $this); //set the prefix $this->_prefix = CRM_Utils_Request::retrieve('prefix', 'String', $this); $this->assign('context', $this->_context); if ($this->_blockNo) { $this->assign('blockNo', $this->_blockNo); $this->assign('prefix', $this->_prefix); } $this->assign('createCallback', CRM_Utils_Request::retrieve('createCallback', 'String', $this)); if ($this->get('skipPermission')) { $this->_skipPermission = TRUE; } if ($this->get('edit')) { // make sure we have right permission to edit this user $session = CRM_Core_Session::singleton(); $userID = $session->get('userID'); // Set the ID from the query string, otherwise default to the current user $id = CRM_Utils_Request::retrieve('id', 'Positive', $this, FALSE, $userID); if ($id) { // this is edit mode. $this->_mode = CRM_Profile_Form::MODE_EDIT; if ($id != $userID) { // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228 $config = CRM_Core_Config::singleton(); if ($config->userFrameworkFrontend) { CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($id, $this); } else { CRM_Contact_BAO_Contact_Permission::validateChecksumContact($id, $this); } $this->_isPermissionedChecksum = TRUE; } } else { CRM_Core_Error::fatal(ts('No user/contact ID was specified, so the Profile cannot be used in edit mode.')); } } parent::preProcess(); // and also the profile is of type 'Profile' $query = "\nSELECT module,is_reserved\n FROM civicrm_uf_group\n LEFT JOIN civicrm_uf_join ON uf_group_id = civicrm_uf_group.id\n WHERE civicrm_uf_group.id = %1\n"; $params = array(1 => array($this->_gid, 'Integer')); $dao = CRM_Core_DAO::executeQuery($query, $params); $isProfile = FALSE; while ($dao->fetch()) { $isProfile = $isProfile || $dao->module == "Profile"; } //Check that the user has the "add contacts" Permission $canAdd = CRM_Core_Permission::check("add contacts"); //Remove need for Profile module type when using reserved profiles [CRM-14488] if (!$dao->N || !$isProfile && !($dao->is_reserved && $canAdd)) { CRM_Core_Error::fatal(ts('The requested Profile (gid=%1) is not configured to be used for \'Profile\' edit and view forms in its Settings. Contact the site administrator if you need assistance.', array(1 => $this->_gid))); } }
/** * Run the page. * * This method is called after the page is created. It checks for the * type of action and executes that action. * * @return void * @access public * */ function run() { $template = CRM_Core_Smarty::singleton(); if ($this->_id && $this->_gid) { // first check that id is part of the limit group id, CRM-4822 $limitListingsGroupsID = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'limit_listings_group_id'); $config = CRM_Core_Config::singleton(); if ($limitListingsGroupsID) { if (!CRM_Contact_BAO_GroupContact::isContactInGroup($this->_id, $limitListingsGroupsID)) { CRM_Utils_System::setTitle(ts('Profile View - Permission Denied')); return CRM_Core_Session::setStatus(ts('You do not have permission to view this contact record. Contact the site administrator if you need assistance.')); } } $values = array(); $fields = CRM_Core_BAO_UFGroup::getFields($this->_profileIds, FALSE, CRM_Core_Action::VIEW, NULL, NULL, FALSE, $this->_restrict, $this->_skipPermission, NULL, CRM_Core_Permission::VIEW); if ($this->_isContactActivityProfile && $this->_gid) { $errors = CRM_Profile_Form::validateContactActivityProfile($this->_activityId, $this->_id, $this->_gid); if (!empty($errors)) { CRM_Core_Error::fatal(array_pop($errors)); } } $session = CRM_Core_Session::singleton(); $userID = $session->get('userID'); $this->_isPermissionedChecksum = FALSE; if ($this->_id != $userID) { // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228 if ($config->userFrameworkFrontend) { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE); } else { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE); } } // make sure we dont expose all fields based on permission $admin = FALSE; if (!$config->userFrameworkFrontend && (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id, CRM_Core_Permission::VIEW)) || $this->_id == $userID || $this->_isPermissionedChecksum) { $admin = TRUE; } if (!$admin) { foreach ($fields as $name => $field) { // make sure that there is enough permission to expose this field if ($field['visibility'] == 'User and User Admin Only') { unset($fields[$name]); } } } // also eliminate all formatting fields foreach ($fields as $name => $field) { if (CRM_Utils_Array::value('field_type', $field) == 'Formatting') { unset($fields[$name]); } } if ($this->_isContactActivityProfile) { $contactFields = $activityFields = array(); foreach ($fields as $fieldName => $field) { if (CRM_Utils_Array::value('field_type', $field) == 'Activity') { $activityFields[$fieldName] = $field; } else { $contactFields[$fieldName] = $field; } } CRM_Core_BAO_UFGroup::getValues($this->_id, $contactFields, $values); if ($this->_activityId) { CRM_Core_BAO_UFGroup::getValues(NULL, $activityFields, $values, TRUE, array(array('activity_id', '=', $this->_activityId, 0, 0))); } } else { CRM_Core_BAO_UFGroup::getValues($this->_id, $fields, $values); } // $profileFields array can be used for customized display of field labels and values in Profile/View.tpl $profileFields = array(); $labels = array(); foreach ($fields as $name => $field) { $labels[$field['title']] = preg_replace('/\\s+|\\W+/', '_', $name); } foreach ($values as $title => $value) { $profileFields[$labels[$title]] = array('label' => $title, 'value' => $value); } $template->assign_by_ref('row', $values); $template->assign_by_ref('profileFields', $profileFields); } $name = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'name'); if (strtolower($name) == 'summary_overlay') { $template->assign('overlayProfile', TRUE); } $title = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'title'); //CRM-4131. $displayName = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $this->_id, 'display_name'); if ($displayName) { $session = CRM_Core_Session::singleton(); $config = CRM_Core_Config::singleton(); if ($session->get('userID') && CRM_Core_Permission::check('access CiviCRM') && CRM_Contact_BAO_Contact_Permission::allow($session->get('userID'), CRM_Core_Permission::VIEW) && !$config->userFrameworkFrontend) { $contactViewUrl = CRM_Utils_System::url('civicrm/contact/view', "action=view&reset=1&cid={$this->_id}", TRUE); $this->assign('displayName', $displayName); $displayName = "<a href=\"{$contactViewUrl}\">{$displayName}</a>"; } $title .= ' - ' . $displayName; } CRM_Utils_System::setTitle($title); // invoke the pagRun hook, CRM-3906 CRM_Utils_Hook::pageRun($this); return trim($template->fetch($this->getTemplateFileName())); }