mirror of
https://github.com/salesagility/SuiteCRM.git
synced 2025-01-11 11:58:24 +00:00
380 lines
13 KiB
PHP
Executable file
380 lines
13 KiB
PHP
Executable file
<?php if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
|
|
/*********************************************************************************
|
|
* SugarCRM Community Edition is a customer relationship management program developed by
|
|
* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Affero General Public License version 3 as published by the
|
|
* Free Software Foundation with the addition of the following permission added
|
|
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
|
|
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
|
|
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along with
|
|
* this program; if not, see http://www.gnu.org/licenses or write to the Free
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301 USA.
|
|
*
|
|
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
|
|
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
|
|
*
|
|
* The interactive user interfaces in modified source and object code versions
|
|
* of this program must display Appropriate Legal Notices, as required under
|
|
* Section 5 of the GNU Affero General Public License version 3.
|
|
*
|
|
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
|
|
* these Appropriate Legal Notices must retain the display of the "Powered by
|
|
* SugarCRM" logo. If the display of the logo is not reasonably feasible for
|
|
* technical reasons, the Appropriate Legal Notices must display the words
|
|
* "Powered by SugarCRM".
|
|
********************************************************************************/
|
|
|
|
|
|
require_once('soap/SoapHelperFunctions.php');
|
|
$GLOBALS['log']->debug("JSON_SERVER:");
|
|
$global_registry_var_name = 'GLOBAL_REGISTRY';
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//// SUPPORTED METHODS
|
|
/*
|
|
* ADD NEW METHODS TO THIS ARRAY:
|
|
* then create a function called "function json_$method($request_id, &$params)"
|
|
* where $method is the method name
|
|
*/
|
|
$SUPPORTED_METHODS = array(
|
|
'retrieve',
|
|
'query',
|
|
);
|
|
|
|
/**
|
|
* Generic retrieve for getting data from a sugarbean
|
|
*/
|
|
function json_retrieve($request_id, $params) {
|
|
global $current_user;
|
|
global $beanFiles,$beanList;
|
|
$json = getJSONobj();
|
|
|
|
$record = $params[0]['record'];
|
|
|
|
require_once($beanFiles[$beanList[$params[0]['module']]]);
|
|
$focus = new $beanList[$params[0]['module']];
|
|
$focus->retrieve($record);
|
|
|
|
// to get a simplified version of the sugarbean
|
|
$module_arr = populateBean($focus);
|
|
|
|
$response = array();
|
|
$response['id'] = $request_id;
|
|
$response['result'] = array("status"=>"success","record"=>$module_arr);
|
|
$json_response = $json->encode($response, true);
|
|
print $json_response;
|
|
}
|
|
|
|
function json_query($request_id, $params) {
|
|
global $response, $sugar_config;
|
|
global $beanFiles, $beanList;
|
|
$json = getJSONobj();
|
|
|
|
if($sugar_config['list_max_entries_per_page'] < 31) // override query limits
|
|
$sugar_config['list_max_entries_per_page'] = 31;
|
|
|
|
$args = $params[0];
|
|
|
|
//decode condition parameter values..
|
|
if(is_array($args['conditions'])) {
|
|
foreach($args['conditions'] as $key=>$condition) {
|
|
if(!empty($condition['value'])) {
|
|
$where = $json->decode(utf8_encode($condition['value']));
|
|
// cn: bug 12693 - API change due to CSRF security changes.
|
|
$where = empty($where) ? $condition['value'] : $where;
|
|
$args['conditions'][$key]['value'] = $where;
|
|
}
|
|
}
|
|
}
|
|
|
|
$list_return = array();
|
|
|
|
if(! empty($args['module'])) {
|
|
$args['modules'] = array($args['module']);
|
|
}
|
|
|
|
foreach($args['modules'] as $module) {
|
|
require_once($beanFiles[$beanList[$module]]);
|
|
$focus = new $beanList[$module];
|
|
|
|
$query_orderby = '';
|
|
if(!empty($args['order'])) {
|
|
$query_orderby = preg_replace('/[^\w_.-]+/i', '', $args['order']['by']);
|
|
if(!empty($args['order']['desc'])) {
|
|
$query_orderby .= " DESC";
|
|
} else {
|
|
$query_orderby .= " ASC";
|
|
}
|
|
}
|
|
|
|
$query_limit = '';
|
|
if(!empty($args['limit'])) {
|
|
$query_limit = (int)$args['limit'];
|
|
}
|
|
$query_where = construct_where($args, $focus->table_name,$module);
|
|
$list_arr = array();
|
|
if($focus->ACLAccess('ListView', true)) {
|
|
$focus->ungreedy_count=false;
|
|
$curlist = $focus->get_list($query_orderby, $query_where, 0, $query_limit, -1, 0);
|
|
$list_return = array_merge($list_return,$curlist['list']);
|
|
}
|
|
}
|
|
|
|
$app_list_strings = null;
|
|
|
|
for($i = 0;$i < count($list_return);$i++) {
|
|
if(isset($list_return[$i]->emailAddress) && is_object($list_return[$i]->emailAddress)) {
|
|
$list_return[$i]->emailAddress->handleLegacyRetrieve($list_return[$i]);
|
|
}
|
|
|
|
$list_arr[$i]= array();
|
|
$list_arr[$i]['fields']= array();
|
|
$list_arr[$i]['module']= $list_return[$i]->object_name;
|
|
|
|
foreach($args['field_list'] as $field) {
|
|
if(!empty($list_return[$i]->field_name_map[$field]['sensitive'])) {
|
|
continue;
|
|
}
|
|
// handle enums
|
|
if( (isset($list_return[$i]->field_name_map[$field]['type']) && $list_return[$i]->field_name_map[$field]['type'] == 'enum') ||
|
|
(isset($list_return[$i]->field_name_map[$field]['custom_type']) && $list_return[$i]->field_name_map[$field]['custom_type'] == 'enum')) {
|
|
|
|
// get fields to match enum vals
|
|
if(empty($app_list_strings)) {
|
|
if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') $current_language = $_SESSION['authenticated_user_language'];
|
|
else $current_language = $sugar_config['default_language'];
|
|
$app_list_strings = return_app_list_strings_language($current_language);
|
|
}
|
|
|
|
// match enum vals to text vals in language pack for return
|
|
if(!empty($app_list_strings[$list_return[$i]->field_name_map[$field]['options']])) {
|
|
$list_return[$i]->$field = $app_list_strings[$list_return[$i]->field_name_map[$field]['options']][$list_return[$i]->$field];
|
|
}
|
|
}
|
|
|
|
$list_arr[$i]['fields'][$field] = $list_return[$i]->$field;
|
|
}
|
|
}
|
|
|
|
|
|
$response['id'] = $request_id;
|
|
$response['result'] = array("list"=>$list_arr);
|
|
$json_response = $json->encode($response, true);
|
|
echo $json_response;
|
|
}
|
|
|
|
//// END SUPPORTED METHODS
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
// ONLY USED FOR MEETINGS
|
|
// HAS MEETING SPECIFIC CODE:
|
|
function populateBean(&$focus) {
|
|
$all_fields = $focus->column_fields;
|
|
// MEETING SPECIFIC
|
|
$all_fields = array_merge($all_fields,array('required','accept_status','name')); // need name field for contacts and users
|
|
//$all_fields = array_merge($focus->column_fields,$focus->additional_column_fields);
|
|
|
|
$module_arr = array();
|
|
|
|
$module_arr['module'] = $focus->object_name;
|
|
|
|
$module_arr['fields'] = array();
|
|
|
|
foreach($all_fields as $field)
|
|
{
|
|
if(isset($focus->$field) && !is_object($focus->$field))
|
|
{
|
|
$focus->$field = from_html($focus->$field);
|
|
$focus->$field = preg_replace("/\r\n/","<BR>",$focus->$field);
|
|
$focus->$field = preg_replace("/\n/","<BR>",$focus->$field);
|
|
$module_arr['fields'][$field] = $focus->$field;
|
|
}
|
|
}
|
|
$GLOBALS['log']->debug("JSON_SERVER:populate bean:");
|
|
return $module_arr;
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//// UTILS
|
|
function authenticate() {
|
|
global $sugar_config;
|
|
|
|
$user_unique_key =(isset($_SESSION['unique_key'])) ? $_SESSION['unique_key'] : "";
|
|
$server_unique_key =(isset($sugar_config['unique_key'])) ? $sugar_config['unique_key'] : "";
|
|
|
|
if($user_unique_key != $server_unique_key) {
|
|
$GLOBALS['log']->debug("JSON_SERVER: user_unique_key:".$user_unique_key."!=".$server_unique_key);
|
|
session_destroy();
|
|
return null;
|
|
}
|
|
|
|
if(!isset($_SESSION['authenticated_user_id'])) {
|
|
$GLOBALS['log']->debug("JSON_SERVER: authenticated_user_id NOT SET. DESTROY");
|
|
session_destroy();
|
|
return null;
|
|
}
|
|
|
|
$current_user = new User();
|
|
|
|
$result = $current_user->retrieve($_SESSION['authenticated_user_id']);
|
|
$GLOBALS['log']->debug("JSON_SERVER: retrieved user from SESSION");
|
|
|
|
|
|
if($result == null) {
|
|
$GLOBALS['log']->debug("JSON_SERVER: could get a user from SESSION. DESTROY");
|
|
session_destroy();
|
|
return null;
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
function construct_where(&$query_obj, $table='',$module=null)
|
|
{
|
|
if(! empty($table)) {
|
|
$table .= ".";
|
|
}
|
|
$cond_arr = array();
|
|
|
|
if(! is_array($query_obj['conditions'])) {
|
|
$query_obj['conditions'] = array();
|
|
}
|
|
|
|
foreach($query_obj['conditions'] as $condition) {
|
|
if($condition['name'] == 'user_hash') {
|
|
continue;
|
|
}
|
|
if ($condition['name']=='email1' or $condition['name']=='email2') {
|
|
|
|
$email1_value=strtoupper($condition['value']);
|
|
$email1_condition = " {$table}id in ( SELECT er.bean_id AS id FROM email_addr_bean_rel er, " .
|
|
"email_addresses ea WHERE ea.id = er.email_address_id " .
|
|
"AND ea.deleted = 0 AND er.deleted = 0 AND er.bean_module = '{$module}' AND email_address_caps LIKE '%{$email1_value}%' )";
|
|
|
|
array_push($cond_arr,$email1_condition);
|
|
}
|
|
else {
|
|
if($condition['op'] == 'contains') {
|
|
$cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '%".$GLOBALS['db']->quote($condition['value'])."%'";
|
|
}
|
|
if($condition['op'] == 'like_custom') {
|
|
$like = '';
|
|
if(!empty($condition['begin'])) $like .= $GLOBALS['db']->quote($condition['begin']);
|
|
$like .= $GLOBALS['db']->quote($condition['value']);
|
|
if(!empty($condition['end'])) $like .= $GLOBALS['db']->quote($condition['end']);
|
|
$cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '$like'";
|
|
} else { // starts_with
|
|
$cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '".$GLOBALS['db']->quote($condition['value'])."%'";
|
|
}
|
|
}
|
|
}
|
|
|
|
if($table == 'users.') {
|
|
$cond_arr[] = $table."status='Active'";
|
|
}
|
|
$group = strtolower(trim($query_obj['group']));
|
|
if($group != "and" && $group != "or") {
|
|
$group = "and";
|
|
}
|
|
|
|
return implode(" $group ",$cond_arr);
|
|
}
|
|
|
|
//// END UTILS
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//// JSON SERVER HANDLER LOGIC
|
|
//ignore notices
|
|
error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT);
|
|
ob_start();
|
|
insert_charset_header();
|
|
global $sugar_config;
|
|
if(!empty($sugar_config['session_dir'])) {
|
|
session_save_path($sugar_config['session_dir']);
|
|
$GLOBALS['log']->debug("JSON_SERVER:session_save_path:".$sugar_config['session_dir']);
|
|
}
|
|
|
|
session_start();
|
|
$GLOBALS['log']->debug("JSON_SERVER:session started");
|
|
|
|
$current_language = 'en_us'; // defaulting - will be set by user, then sys prefs
|
|
|
|
// create json parser
|
|
$json = getJSONobj();
|
|
|
|
// if the language is not set yet, then set it to the default language.
|
|
if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') {
|
|
$current_language = $_SESSION['authenticated_user_language'];
|
|
} else {
|
|
$current_language = $sugar_config['default_language'];
|
|
}
|
|
|
|
$locale = new Localization();
|
|
|
|
$GLOBALS['log']->debug("JSON_SERVER: current_language:".$current_language);
|
|
|
|
// if this is a get, than this is spitting out static javascript as if it was a file
|
|
// wp: DO NOT USE THIS. Include the javascript inline using include/json_config.php
|
|
// using <script src=json_server.php></script> does not cache properly on some browsers
|
|
// resulting in 2 or more server hits per page load. Very bad for SSL.
|
|
if(strtolower($_SERVER['REQUEST_METHOD'])== 'get') {
|
|
echo "alert('DEPRECATED API\nPlease report as a bug.');";
|
|
} else {
|
|
// else act as a JSON-RPC server for SugarCRM
|
|
// create result array
|
|
$response = array();
|
|
$response['result'] = null;
|
|
$response['id'] = "-1";
|
|
|
|
// authenticate user
|
|
$current_user = authenticate();
|
|
|
|
if(empty($current_user)) {
|
|
$response['error'] = array("error_msg"=>"not logged in");
|
|
print $json->encode($response, true);
|
|
print "not logged in";
|
|
}
|
|
|
|
// extract request
|
|
if(isset($GLOBALS['HTTP_RAW_POST_DATA']))
|
|
$request = $json->decode($GLOBALS['HTTP_RAW_POST_DATA'], true);
|
|
else
|
|
$request = $json->decode(file_get_contents("php://input"), true);
|
|
|
|
|
|
if(!is_array($request)) {
|
|
$response['error'] = array("error_msg"=>"malformed request");
|
|
print $json->encode($response, true);
|
|
}
|
|
|
|
// make sure required RPC fields are set
|
|
if(empty($request['method']) || empty($request['id'])) {
|
|
$response['error'] = array("error_msg"=>"missing parameters");
|
|
print $json->encode($response, true);
|
|
}
|
|
|
|
$response['id'] = $request['id'];
|
|
|
|
if(in_array($request['method'], $SUPPORTED_METHODS)) {
|
|
call_user_func('json_'.$request['method'],$request['id'],$request['params']);
|
|
} else {
|
|
$response['error'] = array("error_msg"=>"method:".$request["method"]." not supported");
|
|
print $json->encode($response, true);
|
|
}
|
|
}
|
|
|
|
ob_end_flush();
|
|
sugar_cleanup();
|
|
exit();
|