public function create($tracker_id, $submitted_by, $submitted_on, $use_artifact_permissions) { $tracker_id = $this->da->escapeInt($tracker_id); $use_artifact_permissions = $this->da->escapeInt($use_artifact_permissions); $submitted_on = $this->da->escapeInt($submitted_on); $submitted_by = $this->da->escapeInt($submitted_by); $this->startTransaction(); $sql = "SELECT IFNULL(MAX(per_tracker_artifact_id), 0) + 1 as per_tracker_artifact_id\n FROM tracker_artifact\n WHERE tracker_id = {$tracker_id}"; $row = $this->retrieveFirstRow($sql); $per_tracker_id = $row['per_tracker_artifact_id']; $id_sharing = new TrackerIdSharingDao(); if ($id = $id_sharing->generateArtifactId()) { if ($this->getPriorityManager()->putArtifactAtTheEnd($id)) { // We do not keep trace of the history change here because it doesn't have any sense to say // the newly created artifact has less priority than the one at the bottom of the priority chain. $sql = "INSERT INTO {$this->table_name}\n (id, tracker_id, per_tracker_artifact_id, submitted_by, submitted_on, use_artifact_permissions)\n VALUES ({$id}, {$tracker_id}, {$per_tracker_id}, {$submitted_by}, {$submitted_on}, {$use_artifact_permissions})"; if ($this->update($sql)) { $this->commit(); return $id; } } } $this->rollBack(); return false; }
public function create($tracker_id, $submitted_by, $use_artifact_permissions) { $tracker_id = $this->da->escapeInt($tracker_id); $use_artifact_permissions = $this->da->escapeInt($use_artifact_permissions); $submitted_on = $this->da->escapeInt($_SERVER['REQUEST_TIME']); $submitted_by = $this->da->escapeInt($submitted_by); $id_sharing = new TrackerIdSharingDao(); if ($id = $id_sharing->generateArtifactId()) { $priority_dao = new Tracker_Artifact_PriorityDao(); if ($priority_dao->putArtifactAtTheEnd($id)) { $sql = "INSERT INTO {$this->table_name}\n (id, tracker_id, submitted_by, submitted_on, use_artifact_permissions)\n VALUES ({$id}, {$tracker_id}, {$submitted_by}, {$submitted_on}, {$use_artifact_permissions})"; if ($this->update($sql)) { return $id; } } } return false; }
/** * Create a new artifact (and its values) in the db * * @param array $vfl the value-field-list. Array association pair of field_name => field_value. * If the function is called by the web-site submission form, the $vfl is set to false, and will be filled by the function extractFieldList function retrieving the HTTP parameters. * If $vfl is not false, the fields expected in this array are *all* the fields of this tracker that are allowed to be submited by the user. * @return boolean */ function create($vfl = false, $import = false, $row = 0) { global $ath, $art_field_fact, $Language; $group = $ath->getGroup(); $group_artifact_id = $ath->getID(); $error_message = $import ? $Language->getText('tracker_common_artifact', 'row', $row) : ""; // Retrieve HTTP GET variables and store them in $vfl array if (!$vfl) { $vfl = $art_field_fact->extractFieldList(); } // We check the submitted fields to see if the user has the permissions to submit it if (!$import) { while (list($key, $val) = each($vfl)) { $field = $art_field_fact->getFieldFromName($key); if ($field && !$field->getName() == 'comment_type_id') { // SR #684 we don't check the perms for the field comment type if (!$field->userCanSubmit($group->getID(), $group_artifact_id, user_getid())) { // The user does not have the permissions to update the current field, // we exit the function with an error message $this->setError($Language->getText('tracker_common_artifact', 'bad_field_permission_submission', $field->getLabel())); return false; } // we check if the given value is authorized for this field (for select box fields only) // we don't check here the none value, we check after it with the function checkEmptyFields, to get a better error message if the field required (instead of value 100 is not a valid valid value for the field) if ($field->isSelectBox() && $val != 100 && !$field->checkValueInPredefinedValues($this->ArtifactType->getID(), $val)) { $this->setError($Language->getText('tracker_common_artifact', 'bad_field_value', array($field->getLabel(), $val))); return false; } if ($field->isMultiSelectBox()) { foreach ($val as $a_value) { if ($a_value != 100 && !$field->checkValueInPredefinedValues($this->ArtifactType->getID(), $a_value)) { $this->setError($Language->getText('tracker_common_artifact', 'bad_field_value', array($field->getLabel(), $val))); return false; } } } } } //When user is not autorised to submit some fields //we should block those artifact with mandatory fields and default value set to "None" $fieldsNotShown = $art_field_fact->getAllFieldsNotShownOnAdd(); if ($art_field_fact->checkEmptyFields($fieldsNotShown, false) == false) { $this->setError($Language->getText('tracker_common_artifact', 'mandatory_not_set')); return false; } } if (!$import) { // make sure required fields are not empty if ($art_field_fact->checkEmptyFields($vfl) == false) { $this->setError($art_field_fact->getErrorMessage()); exit_missing_param(); } } // we don't force them to be logged in to submit a bug if (!user_isloggedin()) { $user = 100; } else { $user = user_getid(); } // add default values for fields that have not been shown $add_fields = $art_field_fact->getAllFieldsNotShownOnAdd(); while (list($key, $def_val) = each($add_fields)) { if (!array_key_exists($key, $vfl)) { $vfl[$key] = $def_val; } } if ($import && $vfl['submitted_by'] && $vfl['submitted_by'] != "") { $user = $vfl['submitted_by']; } // first make sure this wasn't double-submitted $field = $art_field_fact->getFieldFromName('summary'); if ($field && $field->isUsed()) { $res = db_query("SELECT * \n FROM artifact \n WHERE group_artifact_id = " . db_ei($ath->getID()) . " \n AND submitted_by=" . db_ei($user) . " \n AND summary='" . db_es(htmlspecialchars($vfl['summary'])) . "'"); if ($res && db_numrows($res) > 0) { $this->setError($Language->getText('tracker_common_artifact', 'double_subm', db_result($res, 0, 'artifact_id'))); return false; } } // // Create the insert statement for standard field // //Reference manager for cross reference $reference_manager =& ReferenceManager::instance(); reset($vfl); $vfl_cols = ''; $vfl_values = ''; $text_value_list = array(); while (list($field_name, $value) = each($vfl)) { //echo "<br>field_name=$field_name, value=$value"; $field = $art_field_fact->getFieldFromName($field_name); if ($field && $field->isStandardField()) { // skip over special fields if ($field->isSpecial()) { continue; } $vfl_cols .= ',' . $field->getName(); $is_text = $field->isTextField() || $field->isTextArea(); if ($is_text) { $value = htmlspecialchars($value); //Log for Cross references $text_value_list[] = $value; } else { if ($field->isDateField()) { // if it's a date we must convert the format to unix time list($value, $ok) = util_date_to_unixtime($value); } } $vfl_values .= ',\'' . db_es($value) . '\''; } } // while // Add all special fields that were not handled in the previous block $fixed_cols = 'open_date,last_update_date,group_artifact_id,submitted_by'; if ($import) { if (!isset($vfl['open_date']) || !$vfl['open_date'] || $vfl['open_date'] == "") { $open_date = time(); } else { list($open_date, $ok) = util_date_to_unixtime($vfl['open_date']); } $fixed_values = "'" . db_ei($open_date) . "','" . time() . "','" . db_ei($group_artifact_id) . "','" . db_ei($user) . "'"; } else { $fixed_values = "'" . time() . "','" . time() . "','" . db_ei($group_artifact_id) . "','" . db_ei($user) . "'"; } // // Finally, build the full SQL query and insert the artifact itself // $id_sharing = new TrackerIdSharingDao(); if ($artifact_id = $id_sharing->generateArtifactId()) { $sql = "INSERT INTO artifact (artifact_id, {$fixed_cols} {$vfl_cols}) VALUES ({$artifact_id}, {$fixed_values} {$vfl_values})"; //echo "<br>DBG - SQL insert artifact: $sql"; $result = db_query($sql); $was_error = false; if (!$result || db_affected_rows($result) == 0) { $this->setError($Language->getText('tracker_common_artifact', 'insert_err', $sql)); $was_error = true; } else { // // Insert the field values for no standard field // $fields = $art_field_fact->getAllUsedFields(); while (list($field_name, $field) = each($fields)) { // skip over special fields if ($field->isSpecial() || $field->isStandardField()) { continue; } if (array_key_exists($field_name, $vfl) && isset($vfl[$field_name]) && $vfl[$field_name]) { // The field has a value from the user input $value = $vfl[$field_name]; $is_text = $field->isTextField() || $field->isTextArea(); if ($is_text) { $value = htmlspecialchars($value); //Log for Cross references $text_value_list[] = $value; } else { if ($field->isDateField()) { // if it's a date we must convert the format to unix time list($value, $ok) = util_date_to_unixtime($value); } } // Insert the field value if (!$field->insertValue($artifact_id, $value)) { $error_message .= $Language->getText('tracker_common_artifact', 'field_err', array($field->getLabel(), $value)); $was_error = true; $this->setError($error_message); } } else { // The field hasn't a value from the user input // We need to insert default value for this field // because all SQL queries (from Report or Artifact read/update) don't allow // empty record (we must use join and not left join for performance reasons). if (!$field->insertValue($artifact_id, $field->getDefaultValue())) { $error_message .= $Language->getText('tracker_common_artifact', 'def_err', array($field->getLabel(), $field->getDefaultValue())); $was_error = true; $this->setError($error_message); } } } // while } //Add Cross Reference for ($i = 0; $i < sizeof($text_value_list); $i++) { $reference_manager->extractCrossRef($text_value_list[$i], $artifact_id, ReferenceManager::REFERENCE_NATURE_ARTIFACT, $ath->getGroupID()); } // artifact permissions $request = HTTPRequest::instance(); $this->data_array['artifact_id'] = $artifact_id; // cheat $this->setPermissions($request->get('use_artifact_permissions_name'), $request->get('ugroups')); // All ok then reload the artifact data to make sure it is cached // correctly in memory $this->fetchData($artifact_id); } else { $this->setError($Language->getText('tracker_common_artifact', 'insert_err', $sql)); $was_error = true; } return !$was_error; }
function copyArtifact($from_atid, $from_aid) { $aid = 0; $res = true; // copy common artifact fields $id_sharing = new TrackerIdSharingDao(); if ($aid = $id_sharing->generateArtifactId()) { $result = db_query("INSERT INTO artifact (artifact_id, group_artifact_id,status_id,submitted_by,open_date,close_date,summary,details,severity) " . "SELECT {$aid}, " . db_ei($this->getID()) . ",status_id,submitted_by," . time() . ",close_date,summary,details,severity " . "FROM artifact " . "WHERE artifact_id='" . db_ei($from_aid) . "' " . "AND group_artifact_id='" . db_ei($from_atid) . "'"); if (!$result || db_affected_rows($result) == 0) { $this->setError(db_error()); return false; } // copy specific artifact fields $result = db_query("INSERT INTO artifact_field_value (field_id,artifact_id,valueInt,valueText,valueFloat,valueDate) " . "SELECT field_id," . db_ei($aid) . ",valueInt,valueText,valueFloat,valueDate " . "FROM artifact_field_value " . "WHERE artifact_id = '" . db_ei($from_aid) . "'"); if (!$result || db_affected_rows($result) <= 0) { $this->setError(db_error()); $res = false; } //copy cc addresses $result = db_query("INSERT INTO artifact_cc (artifact_id,email,added_by,comment,date) " . "SELECT " . db_ei($aid) . ",email,added_by,comment,date " . "FROM artifact_cc " . "WHERE artifact_id='" . db_ei($from_aid) . "'"); if (!$result || db_affected_rows($result) <= 0) { $this->setError(db_error()); $res = false; } //copy artifact files db_query("INSERT INTO artifact_file (artifact_id,description,bin_data,filename,filesize,filetype,adddate,submitted_by) " . "SELECT " . $aid . ",description,bin_data,filename,filesize,filetype,adddate,submitted_by " . "FROM artifact_file " . "WHERE artifact_id='" . db_ei($from_aid) . "'"); if (!$result || db_affected_rows($result) <= 0) { $this->setError(db_error()); $res = false; } return $res; } return false; }