Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 381 lines (313 sloc) 13.16 kb
c91080d Release 6.5.0
John Mertic authored
1 <?php if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
2 /*********************************************************************************
3 * SugarCRM Community Edition is a customer relationship management program developed by
4 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU Affero General Public License version 3 as published by the
8 * Free Software Foundation with the addition of the following permission added
9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12 *
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16 * details.
17 *
18 * You should have received a copy of the GNU Affero General Public License along with
19 * this program; if not, see http://www.gnu.org/licenses or write to the Free
20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 * 02110-1301 USA.
22 *
23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
25 *
26 * The interactive user interfaces in modified source and object code versions
27 * of this program must display Appropriate Legal Notices, as required under
28 * Section 5 of the GNU Affero General Public License version 3.
29 *
30 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31 * these Appropriate Legal Notices must retain the display of the "Powered by
32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
33 * technical reasons, the Appropriate Legal Notices must display the words
34 * "Powered by SugarCRM".
35 ********************************************************************************/
36
37
38 require_once('soap/SoapHelperFunctions.php');
39 $GLOBALS['log']->debug("JSON_SERVER:");
40 $global_registry_var_name = 'GLOBAL_REGISTRY';
41
42 ///////////////////////////////////////////////////////////////////////////////
43 //// SUPPORTED METHODS
44 /*
45 * ADD NEW METHODS TO THIS ARRAY:
46 * then create a function called "function json_$method($request_id, &$params)"
47 * where $method is the method name
48 */
49 $SUPPORTED_METHODS = array(
50 'retrieve',
51 'query',
52 );
53
54 /**
55 * Generic retrieve for getting data from a sugarbean
56 */
57 function json_retrieve($request_id, $params) {
58 global $current_user;
59 global $beanFiles,$beanList;
60 $json = getJSONobj();
61
62 $record = $params[0]['record'];
63
64 require_once($beanFiles[$beanList[$params[0]['module']]]);
65 $focus = new $beanList[$params[0]['module']];
66 $focus->retrieve($record);
67
68 // to get a simplified version of the sugarbean
69 $module_arr = populateBean($focus);
70
71 $response = array();
72 $response['id'] = $request_id;
73 $response['result'] = array("status"=>"success","record"=>$module_arr);
74 $json_response = $json->encode($response, true);
75 print $json_response;
76 }
77
78 function json_query($request_id, $params) {
79 global $response, $sugar_config;
80 global $beanFiles, $beanList;
81 $json = getJSONobj();
82
83 if($sugar_config['list_max_entries_per_page'] < 31) // override query limits
84 $sugar_config['list_max_entries_per_page'] = 31;
85
86 $args = $params[0];
87
88 //decode condition parameter values..
89 if(is_array($args['conditions'])) {
90 foreach($args['conditions'] as $key=>$condition) {
91 if(!empty($condition['value'])) {
92 $where = $json->decode(utf8_encode($condition['value']));
93 // cn: bug 12693 - API change due to CSRF security changes.
94 $where = empty($where) ? $condition['value'] : $where;
95 $args['conditions'][$key]['value'] = $where;
96 }
97 }
98 }
99
100 $list_return = array();
101
102 if(! empty($args['module'])) {
103 $args['modules'] = array($args['module']);
104 }
105
106 foreach($args['modules'] as $module) {
107 require_once($beanFiles[$beanList[$module]]);
108 $focus = new $beanList[$module];
109
110 $query_orderby = '';
111 if(!empty($args['order'])) {
112 $query_orderby = preg_replace('/[^\w_.-]+/i', '', $args['order']['by']);
113 if(!empty($args['order']['desc'])) {
114 $query_orderby .= " DESC";
115 } else {
116 $query_orderby .= " ASC";
117 }
118 }
119
120 $query_limit = '';
121 if(!empty($args['limit'])) {
122 $query_limit = (int)$args['limit'];
123 }
124 $query_where = construct_where($args, $focus->table_name,$module);
125 $list_arr = array();
126 if($focus->ACLAccess('ListView', true)) {
127 $focus->ungreedy_count=false;
128 $curlist = $focus->get_list($query_orderby, $query_where, 0, $query_limit, -1, 0);
129 $list_return = array_merge($list_return,$curlist['list']);
130 }
131 }
132
133 $app_list_strings = null;
134
135 for($i = 0;$i < count($list_return);$i++) {
136 if(isset($list_return[$i]->emailAddress) && is_object($list_return[$i]->emailAddress)) {
137 $list_return[$i]->emailAddress->handleLegacyRetrieve($list_return[$i]);
138 }
139
140 $list_arr[$i]= array();
141 $list_arr[$i]['fields']= array();
142 $list_arr[$i]['module']= $list_return[$i]->object_name;
143
144 foreach($args['field_list'] as $field) {
8881f89 John Mertic Release 6.5.3
jmertic authored
145 if(!empty($list_return[$i]->field_name_map[$field]['sensitive'])) {
146 continue;
147 }
c91080d Release 6.5.0
John Mertic authored
148 // handle enums
149 if( (isset($list_return[$i]->field_name_map[$field]['type']) && $list_return[$i]->field_name_map[$field]['type'] == 'enum') ||
150 (isset($list_return[$i]->field_name_map[$field]['custom_type']) && $list_return[$i]->field_name_map[$field]['custom_type'] == 'enum')) {
151
152 // get fields to match enum vals
153 if(empty($app_list_strings)) {
154 if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') $current_language = $_SESSION['authenticated_user_language'];
155 else $current_language = $sugar_config['default_language'];
156 $app_list_strings = return_app_list_strings_language($current_language);
157 }
158
159 // match enum vals to text vals in language pack for return
160 if(!empty($app_list_strings[$list_return[$i]->field_name_map[$field]['options']])) {
161 $list_return[$i]->$field = $app_list_strings[$list_return[$i]->field_name_map[$field]['options']][$list_return[$i]->$field];
162 }
163 }
164
165 $list_arr[$i]['fields'][$field] = $list_return[$i]->$field;
166 }
167 }
168
169
170 $response['id'] = $request_id;
171 $response['result'] = array("list"=>$list_arr);
172 $json_response = $json->encode($response, true);
173 echo $json_response;
174 }
175
176 //// END SUPPORTED METHODS
177 ///////////////////////////////////////////////////////////////////////////////
178
179 // ONLY USED FOR MEETINGS
180 // HAS MEETING SPECIFIC CODE:
181 function populateBean(&$focus) {
182 $all_fields = $focus->column_fields;
183 // MEETING SPECIFIC
184 $all_fields = array_merge($all_fields,array('required','accept_status','name')); // need name field for contacts and users
185 //$all_fields = array_merge($focus->column_fields,$focus->additional_column_fields);
186
187 $module_arr = array();
188
189 $module_arr['module'] = $focus->object_name;
190
191 $module_arr['fields'] = array();
192
193 foreach($all_fields as $field)
194 {
195 if(isset($focus->$field) && !is_object($focus->$field))
196 {
197 $focus->$field = from_html($focus->$field);
198 $focus->$field = preg_replace("/\r\n/","<BR>",$focus->$field);
199 $focus->$field = preg_replace("/\n/","<BR>",$focus->$field);
200 $module_arr['fields'][$field] = $focus->$field;
201 }
202 }
203 $GLOBALS['log']->debug("JSON_SERVER:populate bean:");
204 return $module_arr;
205 }
206
207 ///////////////////////////////////////////////////////////////////////////////
208 //// UTILS
209 function authenticate() {
210 global $sugar_config;
211
212 $user_unique_key =(isset($_SESSION['unique_key'])) ? $_SESSION['unique_key'] : "";
213 $server_unique_key =(isset($sugar_config['unique_key'])) ? $sugar_config['unique_key'] : "";
214
215 if($user_unique_key != $server_unique_key) {
216 $GLOBALS['log']->debug("JSON_SERVER: user_unique_key:".$user_unique_key."!=".$server_unique_key);
217 session_destroy();
218 return null;
219 }
220
221 if(!isset($_SESSION['authenticated_user_id'])) {
222 $GLOBALS['log']->debug("JSON_SERVER: authenticated_user_id NOT SET. DESTROY");
223 session_destroy();
224 return null;
225 }
226
227 $current_user = new User();
228
229 $result = $current_user->retrieve($_SESSION['authenticated_user_id']);
230 $GLOBALS['log']->debug("JSON_SERVER: retrieved user from SESSION");
231
232
233 if($result == null) {
234 $GLOBALS['log']->debug("JSON_SERVER: could get a user from SESSION. DESTROY");
235 session_destroy();
236 return null;
237 }
238
239 return $result;
240 }
241
8881f89 John Mertic Release 6.5.3
jmertic authored
242 function construct_where(&$query_obj, $table='',$module=null)
243 {
c91080d Release 6.5.0
John Mertic authored
244 if(! empty($table)) {
245 $table .= ".";
246 }
247 $cond_arr = array();
248
249 if(! is_array($query_obj['conditions'])) {
250 $query_obj['conditions'] = array();
251 }
252
253 foreach($query_obj['conditions'] as $condition) {
8881f89 John Mertic Release 6.5.3
jmertic authored
254 if($condition['name'] == 'user_hash') {
255 continue;
256 }
c91080d Release 6.5.0
John Mertic authored
257 if ($condition['name']=='email1' or $condition['name']=='email2') {
258
259 $email1_value=strtoupper($condition['value']);
260 $email1_condition = " {$table}id in ( SELECT er.bean_id AS id FROM email_addr_bean_rel er, " .
261 "email_addresses ea WHERE ea.id = er.email_address_id " .
262 "AND ea.deleted = 0 AND er.deleted = 0 AND er.bean_module = '{$module}' AND email_address_caps LIKE '%{$email1_value}%' )";
263
264 array_push($cond_arr,$email1_condition);
265 }
266 else {
267 if($condition['op'] == 'contains') {
3112d63 Release 6.5.1
John Mertic authored
268 $cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '%".$GLOBALS['db']->quote($condition['value'])."%'";
c91080d Release 6.5.0
John Mertic authored
269 }
270 if($condition['op'] == 'like_custom') {
271 $like = '';
272 if(!empty($condition['begin'])) $like .= $GLOBALS['db']->quote($condition['begin']);
273 $like .= $GLOBALS['db']->quote($condition['value']);
274 if(!empty($condition['end'])) $like .= $GLOBALS['db']->quote($condition['end']);
3112d63 Release 6.5.1
John Mertic authored
275 $cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '$like'";
c91080d Release 6.5.0
John Mertic authored
276 } else { // starts_with
3112d63 Release 6.5.1
John Mertic authored
277 $cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '".$GLOBALS['db']->quote($condition['value'])."%'";
c91080d Release 6.5.0
John Mertic authored
278 }
279 }
280 }
281
282 if($table == 'users.') {
283 $cond_arr[] = $table."status='Active'";
284 }
8881f89 John Mertic Release 6.5.3
jmertic authored
285 $group = strtolower(trim($query_obj['group']));
286 if($group != "and" && $group != "or") {
287 $group = "and";
288 }
c91080d Release 6.5.0
John Mertic authored
289
8881f89 John Mertic Release 6.5.3
jmertic authored
290 return implode(" $group ",$cond_arr);
c91080d Release 6.5.0
John Mertic authored
291 }
292
293 //// END UTILS
294 ///////////////////////////////////////////////////////////////////////////////
295
296
297 ///////////////////////////////////////////////////////////////////////////////
298 //// JSON SERVER HANDLER LOGIC
299 //ignore notices
300 error_reporting(E_ALL & ~E_NOTICE);
301 ob_start();
302 insert_charset_header();
303 global $sugar_config;
304 if(!empty($sugar_config['session_dir'])) {
305 session_save_path($sugar_config['session_dir']);
306 $GLOBALS['log']->debug("JSON_SERVER:session_save_path:".$sugar_config['session_dir']);
307 }
308
309 session_start();
310 $GLOBALS['log']->debug("JSON_SERVER:session started");
311
312 $current_language = 'en_us'; // defaulting - will be set by user, then sys prefs
313
314 // create json parser
315 $json = getJSONobj();
316
317 // if the language is not set yet, then set it to the default language.
318 if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') {
319 $current_language = $_SESSION['authenticated_user_language'];
320 } else {
321 $current_language = $sugar_config['default_language'];
322 }
323
324 $locale = new Localization();
325
326 $GLOBALS['log']->debug("JSON_SERVER: current_language:".$current_language);
327
328 // if this is a get, than this is spitting out static javascript as if it was a file
329 // wp: DO NOT USE THIS. Include the javascript inline using include/json_config.php
330 // using <script src=json_server.php></script> does not cache properly on some browsers
331 // resulting in 2 or more server hits per page load. Very bad for SSL.
332 if(strtolower($_SERVER['REQUEST_METHOD'])== 'get') {
333 echo "alert('DEPRECATED API\nPlease report as a bug.');";
334 } else {
335 // else act as a JSON-RPC server for SugarCRM
336 // create result array
337 $response = array();
338 $response['result'] = null;
339 $response['id'] = "-1";
340
341 // authenticate user
342 $current_user = authenticate();
343
344 if(empty($current_user)) {
345 $response['error'] = array("error_msg"=>"not logged in");
346 print $json->encode($response, true);
347 print "not logged in";
348 }
349
350 // extract request
351 if(isset($GLOBALS['HTTP_RAW_POST_DATA']))
352 $request = $json->decode($GLOBALS['HTTP_RAW_POST_DATA'], true);
353 else
354 $request = $json->decode(file_get_contents("php://input"), true);
355
356
357 if(!is_array($request)) {
358 $response['error'] = array("error_msg"=>"malformed request");
359 print $json->encode($response, true);
360 }
361
362 // make sure required RPC fields are set
363 if(empty($request['method']) || empty($request['id'])) {
364 $response['error'] = array("error_msg"=>"missing parameters");
365 print $json->encode($response, true);
366 }
367
368 $response['id'] = $request['id'];
369
370 if(in_array($request['method'], $SUPPORTED_METHODS)) {
371 call_user_func('json_'.$request['method'],$request['id'],$request['params']);
372 } else {
373 $response['error'] = array("error_msg"=>"method:".$request["method"]." not supported");
374 print $json->encode($response, true);
375 }
376 }
377
378 ob_end_flush();
379 sugar_cleanup();
380 exit();
Something went wrong with that request. Please try again.