2 /*********************************************************************************
3 * SugarCRM is a customer relationship management program developed by
4 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU Affero General Public License version 3 as published by the
8 * Free Software Foundation with the addition of the following permission added
9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
18 * You should have received a copy of the GNU Affero General Public License along with
19 * this program; if not, see http://www.gnu.org/licenses or write to the Free
20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26 * The interactive user interfaces in modified source and object code versions
27 * of this program must display Appropriate Legal Notices, as required under
28 * Section 5 of the GNU Affero General Public License version 3.
30 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31 * these Appropriate Legal Notices must retain the display of the "Powered by
32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
33 * technical reasons, the Appropriate Legal Notices must display the words
34 * "Powered by SugarCRM".
35 ********************************************************************************/
37 require_once('include/MVC/View/SugarView.php');
40 class SugarController{
42 * remap actions in here
43 * e.g. make all detail views go to edit views
44 * $action_remap = array('detailview'=>'editview');
46 protected $action_remap = array('index'=>'listview');
48 * The name of the current module.
50 public $module = 'Home';
52 * The name of the target module.
54 public $target_module = null;
56 * The name of the current action.
58 public $action = 'index';
60 * The id of the current record.
64 * The name of the return module.
66 public $return_module = null;
68 * The name of the return action.
70 public $return_action = null;
72 * The id of the return record.
74 public $return_id = null;
76 * If the action was remapped it will be set to do_action and then we will just
77 * use do_action for the actual action to perform.
79 protected $do_action = 'index';
81 * If a bean is present that set it.
87 public $redirect_url = '';
89 * any subcontroller can modify this to change the view
91 public $view = 'classic';
93 * this array will hold the mappings between a key and an object for use within the view.
95 public $view_object_map = array();
98 * This array holds the methods that handleAction() will invoke, in sequence.
100 protected $tasks = array(
106 * List of options to run through within the process() method.
107 * This list is meant to easily allow additions for new functionality as well as
108 * the ability to add a controller's own handling.
110 public $process_tasks = array(
119 * Whether or not the action has been handled by $process_tasks
123 protected $_processed = false;
125 * Map an action directly to a file
128 * Map an action directly to a file. This will be loaded from action_file_map.php
130 protected $action_file_map = array();
132 * Map an action directly to a view
135 * Map an action directly to a view. This will be loaded from action_view_map.php
137 protected $action_view_map = array();
140 * This can be set from the application to tell us whether we have authorization to
141 * process the action. If this is set we will default to the noaccess view.
143 public $hasAccess = true;
146 * Map case sensitive filenames to action. This is used for linux/unix systems
147 * where filenames are case sensitive
149 public static $action_case_file = array(
150 'editview'=>'EditView',
151 'detailview'=>'DetailView',
152 'listview'=>'ListView'
156 * Constructor. This ie meant tot load up the module, action, record as well
157 * as the mapping arrays.
159 function SugarController(){
163 * Called from SugarApplication and is meant to perform the setup operations
167 public function setup($module = ''){
168 if(empty($module) && !empty($_REQUEST['module']))
169 $module = $_REQUEST['module'];
172 $this->setModule($module);
174 if(!empty($_REQUEST['target_module']) && $_REQUEST['target_module'] != 'undefined') {
175 $this->target_module = $_REQUEST['target_module'];
177 //set properties on the controller from the $_REQUEST
178 $this->loadPropertiesFromRequest();
179 //load the mapping files
180 $this->loadMappings();
183 * Set the module on the Controller
185 * @param object $module
187 public function setModule($module){
188 $this->module = $module;
192 * Set properties on the Controller from the $_REQUEST
195 private function loadPropertiesFromRequest(){
196 if(!empty($_REQUEST['action']))
197 $this->action = $_REQUEST['action'];
198 if(!empty($_REQUEST['record']))
199 $this->record = $_REQUEST['record'];
200 if(!empty($_REQUEST['view']))
201 $this->view = $_REQUEST['view'];
202 if(!empty($_REQUEST['return_module']))
203 $this->return_module = $_REQUEST['return_module'];
204 if(!empty($_REQUEST['return_action']))
205 $this->return_action = $_REQUEST['return_action'];
206 if(!empty($_REQUEST['return_id']))
207 $this->return_id = $_REQUEST['return_id'];
211 * Load map files for use within the Controller
214 private function loadMappings(){
215 $this->loadMapping('action_view_map');
216 $this->loadMapping('action_file_map');
217 $this->loadMapping('action_remap', true);
221 * Given a record id load the bean. This bean is accessible from any sub controllers.
223 public function loadBean(){
224 if(!empty($GLOBALS['beanList'][$this->module])){
225 $class = $GLOBALS['beanList'][$this->module];
226 if(!empty($GLOBALS['beanFiles'][$class])){
227 require_once($GLOBALS['beanFiles'][$class]);
228 $this->bean = new $class();
229 if(!empty($this->record)){
230 $this->bean->retrieve($this->record);
232 $GLOBALS['FOCUS'] = $this->bean;
239 * Generic load method to load mapping arrays.
241 private function loadMapping($var, $merge = false){
242 $$var = sugar_cache_retrieve("CONTROLLER_". $var . "_".$this->module);
244 if($merge && !empty($this->$var)){
249 if(file_exists('include/MVC/Controller/'. $var . '.php')){
250 require('include/MVC/Controller/'. $var . '.php');
252 if(file_exists('modules/'.$this->module.'/'. $var . '.php')){
253 require('modules/'.$this->module.'/'. $var . '.php');
255 if(file_exists('custom/modules/'.$this->module.'/'. $var . '.php')){
256 require('custom/modules/'.$this->module.'/'. $var . '.php');
258 if(file_exists('custom/include/MVC/Controller/'. $var . '.php')){
259 require('custom/include/MVC/Controller/'. $var . '.php');
262 sugar_cache_put("CONTROLLER_". $var . "_".$this->module, $$var);
268 * This method is called from SugarApplication->execute and it will bootstrap the entire controller process
270 final public function execute(){
272 if(!empty($this->view)){
273 $this->processView();
274 }elseif(!empty($this->redirect_url)){
280 * Display the appropriate view.
282 private function processView(){
283 $view = ViewFactory::loadView($this->view, $this->module, $this->bean, $this->view_object_map, $this->target_module);
284 $GLOBALS['current_view'] = $view;
285 if(!empty($this->bean) && !$this->bean->ACLAccess($view->type) && $view->type != 'list'){
286 ACLController::displayNoAccess(true);
289 if(isset($this->errors)){
290 $view->errors = $this->errors;
296 * Meant to be overridden by a subclass and allows for specific functionality to be
297 * injected prior to the process() method being called.
299 public function preProcess()
303 * if we have a function to support the action use it otherwise use the default action
306 * 2) check for action
308 public function process(){
309 $GLOBALS['action'] = $this->action;
310 $GLOBALS['module'] = $this->module;
312 //check to ensure we have access to the module.
313 if($this->hasAccess){
314 $this->do_action = $this->action;
316 $file = self::getActionFilename($this->do_action);
321 foreach($this->process_tasks as $process){
323 if($this->_processed)
334 * This method is called from the process method. I could also be called within an action_* method.
335 * It allows a developer to override any one of these methods contained within,
336 * or if the developer so chooses they can override the entire action_* method.
338 * @return true if any one of the pre_, do_, or post_ methods have been defined,
339 * false otherwise. This is important b/c if none of these methods exists, then we will run the
340 * action_default() method.
342 protected function handle_action(){
344 foreach($this->tasks as $task){
345 $processed = ($this->$task() || $processed);
347 $this->_processed = $processed;
351 * Perform an action prior to the specified action.
352 * This can be overridde in a sub-class
354 private function pre_action(){
355 $function = 'pre_' . $this->action;
356 if($this->hasFunction($function)){
357 $GLOBALS['log']->debug('Performing pre_action');
365 * Perform the specified action.
366 * This can be overridde in a sub-class
368 private function do_action(){
369 $function = 'action_'. strtolower($this->do_action);
370 if($this->hasFunction($function)){
371 $GLOBALS['log']->debug('Performing action: '.$function.' MODULE: '.$this->module);
379 * Perform an action after to the specified action has occurred.
380 * This can be overridde in a sub-class
382 private function post_action(){
383 $function = 'post_' . $this->action;
384 if($this->hasFunction($function)){
385 $GLOBALS['log']->debug('Performing post_action');
393 * If there is no action found then display an error to the user.
395 protected function no_action(){
396 sugar_die($GLOBALS['app_strings']['LBL_NO_ACTION']);
400 * The default action handler for instances where we do not have access to process.
402 protected function no_access(){
403 $this->view = 'noaccess';
406 ///////////////////////////////////////////////
407 /////// HELPER FUNCTIONS
408 ///////////////////////////////////////////////
411 * Determine if a given function exists on the objects
412 * @param function - the function to check
413 * @return true if the method exists on the object, false otherwise
415 protected function hasFunction($function){
416 return method_exists($this, $function);
421 * Set the url to which we will want to redirect
423 * @param string url - the url to which we will want to redirect
425 protected function set_redirect($url){
426 $this->redirect_url = $url;
430 * Perform redirection based on the redirect_url
433 protected function redirect(){
435 if(!empty($this->redirect_url))
436 SugarApplication::redirect($this->redirect_url);
439 ////////////////////////////////////////////////////////
440 ////// DEFAULT ACTIONS
441 ///////////////////////////////////////////////////////
448 * Do some processing before saving the bean to the database.
450 public function pre_save(){
451 if(!empty($_POST['assigned_user_id']) && $_POST['assigned_user_id'] != $this->bean->assigned_user_id && $_POST['assigned_user_id'] != $GLOBALS['current_user']->id && empty($GLOBALS['sugar_config']['exclude_notifications'][$this->bean->module_dir])){
452 $this->bean->notify_on_save = true;
454 $GLOBALS['log']->debug("SugarController:: performing pre_save.");
455 require_once('include/SugarFields/SugarFieldHandler.php');
456 $sfh = new SugarFieldHandler();
457 foreach($this->bean->field_defs as $field => $properties) {
458 $type = !empty($properties['custom_type']) ? $properties['custom_type'] : $properties['type'];
459 $sf = $sfh->getSugarField(ucfirst($type), true);
461 $sf->save($this->bean, $_POST, $field, $properties);
463 if(isset($_POST[$field])) {
464 if(is_array($_POST[$field]) && !empty($properties['isMultiSelect'])) {
465 if(empty($_POST[$field][0])) {
466 unset($_POST[$field][0]);
468 $_POST[$field] = encodeMultienumValue($_POST[$field]);
470 $this->bean->$field = $_POST[$field];
471 } else if(!empty($properties['isMultiSelect']) && !isset($_POST[$field]) && isset($_POST[$field . '_multiselect'])) {
472 $this->bean->$field = '';
476 foreach($this->bean->relationship_fields as $field=>$link){
477 if(!empty($_POST[$field])){
478 $this->bean->$field = $_POST[$field];
481 if(!$this->bean->ACLAccess('save')){
482 ACLController::displayNoAccess(true);
485 $this->bean->unformat_all_fields();
489 * Perform the actual save
491 public function action_save(){
492 $this->bean->save(!empty($this->bean->notify_on_save));
496 * Specify what happens after the save has occurred.
498 protected function post_save(){
499 $module = (!empty($this->return_module) ? $this->return_module : $this->module);
500 $action = (!empty($this->return_action) ? $this->return_action : 'DetailView');
501 $id = (!empty($this->return_id) ? $this->return_id : $this->bean->id);
503 $url = "index.php?module=".$module."&action=".$action."&record=".$id;
504 $this->set_redirect($url);
512 * Perform the actual deletion.
514 protected function action_delete(){
515 //do any pre delete processing
516 //if there is some custom logic for deletion.
517 if(!empty($_REQUEST['record'])){
518 if(!$this->bean->ACLAccess('Delete')){
519 ACLController::displayNoAccess(true);
522 $this->bean->mark_deleted($_REQUEST['record']);
524 sugar_die("A record number must be specified to delete");
529 * Specify what happens after the deletion has occurred.
531 protected function post_delete(){
532 $return_module = isset($_REQUEST['return_module']) ?
533 $_REQUEST['return_module'] :
534 $GLOBALS['sugar_config']['default_module'];
535 $return_action = isset($_REQUEST['return_action']) ?
536 $_REQUEST['return_action'] :
537 $GLOBALS['sugar_config']['default_action'];
538 $return_id = isset($_REQUEST['return_id']) ?
539 $_REQUEST['return_id'] :
541 $url = "index.php?module=".$return_module."&action=".$return_action."&record=".$return_id;
542 $this->set_redirect($url);
545 * Perform the actual massupdate.
547 protected function action_massupdate(){
548 if(!empty($_REQUEST['massupdate']) && $_REQUEST['massupdate'] == 'true' && (!empty($_REQUEST['uid']) || !empty($_REQUEST['entire']))){
549 if(!empty($_REQUEST['Delete']) && $_REQUEST['Delete']=='true' && !$this->bean->ACLAccess('delete')
550 || (empty($_REQUEST['Delete']) || $_REQUEST['Delete']!='true') && !$this->bean->ACLAccess('save')){
551 ACLController::displayNoAccess(true);
555 set_time_limit(0);//I'm wondering if we will set it never goes timeout here.
556 // until we have more efficient way of handling MU, we have to disable the limit
557 $GLOBALS['db']->setQueryLimit(0);
558 require_once("include/MassUpdate.php");
559 require_once('modules/MySettings/StoreQuery.php');
560 $seed = loadBean($_REQUEST['module']);
561 $mass = new MassUpdate();
562 $mass->setSugarBean($seed);
563 if(isset($_REQUEST['entire']) && empty($_POST['mass'])) {
564 $mass->generateSearchWhere($_REQUEST['module'], $_REQUEST['current_query_by_page']);
566 $mass->handleMassUpdate();
567 $storeQuery = new StoreQuery();//restore the current search. to solve bug 24722 for multi tabs massupdate.
568 $temp_req = array('current_query_by_page' => $_REQUEST['current_query_by_page'], 'return_module' => $_REQUEST['return_module'], 'return_action' => $_REQUEST['return_action']);
569 if($_REQUEST['return_module'] == 'Emails') {
570 if(!empty($_REQUEST['type']) && !empty($_REQUEST['ie_assigned_user_id'])) {
571 $this->req_for_email = array('type' => $_REQUEST['type'], 'ie_assigned_user_id' => $_REQUEST['ie_assigned_user_id']); //specificly for My Achieves
575 $_REQUEST = unserialize(base64_decode($temp_req['current_query_by_page']));
576 unset($_REQUEST[$seed->module_dir.'2_'.strtoupper($seed->object_name).'_offset']);//after massupdate, the page should redirect to no offset page
577 $storeQuery->saveFromRequest($_REQUEST['module']);
578 $_REQUEST = array('return_module' => $temp_req['return_module'], 'return_action' => $temp_req['return_action']);//for post_massupdate, to go back to original page.
580 sugar_die("You must massupdate at least one record");
584 * Specify what happens after the massupdate has occurred.
586 protected function post_massupdate(){
587 $return_module = isset($_REQUEST['return_module']) ?
588 $_REQUEST['return_module'] :
589 $GLOBALS['sugar_config']['default_module'];
590 $return_action = isset($_REQUEST['return_action']) ?
591 $_REQUEST['return_action'] :
592 $GLOBALS['sugar_config']['default_action'];
593 $url = "index.php?module=".$return_module."&action=".$return_action;
594 if($return_module == 'Emails'){//specificly for My Achieves
595 if(!empty($this->req_for_email['type']) && !empty($this->req_for_email['ie_assigned_user_id'])) {
596 $url = $url . "&type=".$this->req_for_email['type']."&assigned_user_id=".$this->req_for_email['ie_assigned_user_id'];
599 $this->set_redirect($url);
602 * Perform the listview action
604 protected function action_listview(){
605 $this->view_object_map['bean'] = $this->bean;
606 $this->view = 'list';
611 //THIS IS HANDLED IN ACTION_REMAP WHERE INDEX IS SET TO LISTVIEW
612 function action_index(){
617 * Action to handle when using a file as was done in previous versions of Sugar.
619 protected function action_default(){
620 $this->view = 'classic';
624 * this method id used within a Dashlet when performing an ajax call
626 protected function action_callmethoddashlet(){
627 if(!empty($_REQUEST['id'])) {
628 $id = $_REQUEST['id'];
629 $requestedMethod = $_REQUEST['method'];
630 $dashletDefs = $GLOBALS['current_user']->getPreference('dashlets', 'Home'); // load user's dashlets config
631 if(!empty($dashletDefs[$id])) {
632 require_once($dashletDefs[$id]['fileLocation']);
634 $dashlet = new $dashletDefs[$id]['className']($id, (isset($dashletDefs[$id]['options']) ? $dashletDefs[$id]['options'] : array()));
636 if(method_exists($dashlet, $requestedMethod) || method_exists($dashlet, '__call')) {
637 echo $dashlet->$requestedMethod();
647 * this method is used within a Dashlet when the options configuration is posted
649 protected function action_configuredashlet(){
650 global $current_user, $mod_strings;
652 if(!empty($_REQUEST['id'])) {
653 $id = $_REQUEST['id'];
654 $dashletDefs = $current_user->getPreference('dashlets', $_REQUEST['module']); // load user's dashlets config
655 require_once($dashletDefs[$id]['fileLocation']);
657 $dashlet = new $dashletDefs[$id]['className']($id, (isset($dashletDefs[$id]['options']) ? $dashletDefs[$id]['options'] : array()));
658 if(!empty($_REQUEST['configure']) && $_REQUEST['configure']) { // save settings
659 $dashletDefs[$id]['options'] = $dashlet->saveOptions($_REQUEST);
660 $current_user->setPreference('dashlets', $dashletDefs, 0, $_REQUEST['module']);
662 else { // display options
663 $json = getJSONobj();
664 return 'result = ' . $json->encode((array('header' => $dashlet->title . ' : ' . $mod_strings['LBL_OPTIONS'],
665 'body' => $dashlet->displayOptions())));
677 public static function getActionFilename($action) {
678 if(isset(self::$action_case_file[$action])) {
679 return self::$action_case_file[$action];
684 /********************************************************************/
686 /********************************************************************/
689 * Given the module and action, determine whether the super/admin has prevented access
690 * to this url. In addition if any links specified for this module, load the links into
693 * @return true if we want to stop processing, false if processing should continue
695 private function blockFileAccess(){
696 //check if the we have enabled file_access_control and if so then check the mappings on the request;
697 if(!empty($GLOBALS['sugar_config']['admin_access_control']) && $GLOBALS['sugar_config']['admin_access_control']){
698 $this->loadMapping('file_access_control_map');
699 //since we have this turned on, check the mapping file
700 $module = strtolower($this->module);
701 $action = strtolower($this->do_action);
702 if(!empty($this->file_access_control_map['modules'][$module]['links'])){
703 $GLOBALS['admin_access_control_links'] = $this->file_access_control_map['modules'][$module]['links'];
706 if(!empty($this->file_access_control_map['modules'][$module]['actions']) && (in_array($action, $this->file_access_control_map['modules'][$module]['actions']) || !empty($this->file_access_control_map['modules'][$module]['actions'][$action]))){
708 if(!empty($this->file_access_control_map['modules'][$module]['actions'][$action]['params'])){
710 $params = $this->file_access_control_map['modules'][$module]['actions'][$action]['params'];
711 foreach($params as $param => $paramVals){
712 if(!empty($_REQUEST[$param])){
713 if(!in_array($_REQUEST[$param], $paramVals)){
720 $this->_processed = true;
724 $this->_processed = true;
729 $this->_processed = false;
733 * This code is part of the entry points reworking. We have consolidated all
734 * entry points to go through index.php. Now in order to bring up an entry point
735 * it will follow the format:
736 * 'index.php?entryPoint=download'
737 * the download entry point is mapped in the following file: entry_point_registry.php
740 private function handleEntryPoint(){
741 if(!empty($_REQUEST['entryPoint'])){
742 $this->loadMapping('entry_point_registry');
743 $entryPoint = $_REQUEST['entryPoint'];
745 if(!empty($this->entry_point_registry[$entryPoint])){
746 require_once($this->entry_point_registry[$entryPoint]['file']);
747 $this->_processed = true;
754 * Checks to see if the requested entry point requires auth
756 * @param $entrypoint string name of the entrypoint
757 * @return bool true if auth is required, false if not
759 public function checkEntryPointRequiresAuth($entryPoint)
761 $this->loadMapping('entry_point_registry');
763 if ( isset($this->entry_point_registry[$entryPoint]['auth'])
764 && !$this->entry_point_registry[$entryPoint]['auth'] )
770 * Meant to handle old views e.g. DetailView.php.
773 protected function callLegacyCode()
775 $file = self::getActionFilename($this->do_action);
776 if ( isset($this->action_view_map[strtolower($this->do_action)]) ) {
777 $action = $this->action_view_map[strtolower($this->do_action)];
780 $action = $this->do_action;
782 // index actions actually maps to the view.list.php view
783 if ( $action == 'index' ) {
787 if ((file_exists('modules/' . $this->module . '/'. $file . '.php')
788 && !file_exists('modules/' . $this->module . '/views/view.'. $action . '.php'))
789 || (file_exists('custom/modules/' . $this->module . '/'. $file . '.php')
790 && !file_exists('custom/modules/' . $this->module . '/views/view.'. $action . '.php'))
792 // A 'classic' module, using the old pre-MVC display files
793 // We should now discard the bean we just obtained for tracking as the pre-MVC module will instantiate its own
794 unset($GLOBALS['FOCUS']);
795 $GLOBALS['log']->debug('Module:' . $this->module . ' using file: '. $file);
796 $this->action_default();
797 $this->_processed = true;
802 * If the action has been remapped to a different action as defined in
803 * action_file_map.php or action_view_map.php load those maps here.
806 private function handleActionMaps(){
807 if(!empty($this->action_file_map[strtolower($this->do_action)])){
809 $GLOBALS['log']->debug('Using Action File Map:' . $this->action_file_map[strtolower($this->do_action)]);
810 require_once($this->action_file_map[strtolower($this->do_action)]);
811 $this->_processed = true;
812 }elseif(!empty($this->action_view_map[strtolower($this->do_action)])){
813 $GLOBALS['log']->debug('Using Action View Map:' . $this->action_view_map[strtolower($this->do_action)]);
814 $this->view = $this->action_view_map[strtolower($this->do_action)];
815 $this->_processed = true;
821 * Actually remap the action if required.
824 protected function remapAction(){
825 if(!empty($this->action_remap[$this->do_action])){
826 $this->action = $this->action_remap[$this->do_action];
827 $this->do_action = $this->action;