include/Popups/Popup_picker.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38
  39
  40
  41
  42
  43
  44 class Popup_Picker
  45 {
  46         var $_popupMeta;
  47         var $_create = false;
  48         var $_hide_clear_button = false;
  49
  50         /**
  51          * Creates a new Popup_Picker object. Controls displaying of single select and multi select popups
  52          *
  53          */
  54         function Popup_Picker()
  55         {
  56                 global $currentModule, $popupMeta;
  57
  58                 // cn: bug 12269 - directory navigation attack - detect and stop.
  59                 if(isset($_REQUEST['metadata']) && strpos($_REQUEST['metadata'], "..") !== false)
  60                         die("Directory navigation attack denied.");
  61                 if(empty($popupMeta)){
  62                         if(!empty($_REQUEST['metadata']) && $_REQUEST['metadata'] != 'undefined') // if custom metadata is requested
  63                                 require_once('modules/' . $currentModule . '/metadata/' . $_REQUEST['metadata'] . '.php');
  64                         else
  65                                 require_once('modules/' . $currentModule . '/metadata/popupdefs.php');
  66                 }
  67                 $this->_popupMeta = $popupMeta;
  68
  69                 require_once('modules/' . $currentModule . '/' . $this->_popupMeta['moduleMain'] . '.php');
  70                 if(isset($this->_popupMeta['create']['formBase']) && isset($_REQUEST['create']) && $_REQUEST['create'] == 'true') { // include create form
  71                         require_once('modules/' . $currentModule . '/' . $this->_popupMeta['create']['formBase']);
  72                         $this->_create = true;
  73                 }
  74         }
  75
  76         /*
  77          *
  78          */
  79         function _get_where_clause()
  80         {
  81                 $where = '';
  82                 $whereClauses = array();
  83                 if(isset($_REQUEST['query']))
  84                 {
  85                         foreach(array_keys($this->_popupMeta['whereClauses']) as $key) {
  86                                 append_where_clause($whereClauses, $key, $this->_popupMeta['whereClauses'][$key]);
  87                         }
  88
  89                         $where = generate_where_statement($whereClauses);
  90                 }
  91                 if(!empty($this->_popupMeta['whereStatement'])){
  92             if(!empty($where))$where .= ' AND ';
  93             $where .= $this->_popupMeta['whereStatement'];
  94                 }
  95
  96                 return $where;
  97         }
  98
  99         /**
 100          *
 101          */
 102         function process_page()
 103         {
 104                 global $theme;
 105                 global $mod_strings;
 106                 global $app_strings;
 107                 global $currentModule;
 108                 global $app_list_strings, $sugar_version, $sugar_config;
 109
 110                 $output_html = "<script type=\"text/javascript\" src=\"" . getJSPath('include/javascript/sugar_3.js'). "\"></script>";
 111                 $where = '';
 112
 113                 if(empty($_REQUEST[$currentModule . '_' . strtoupper($this->_popupMeta['moduleMain']) . '_offset'])) {
 114                         $_POST[$currentModule . '_' . strtoupper($this->_popupMeta['moduleMain']) . '_offset'] = '';
 115                 }
 116                 if(empty($_REQUEST['saved_associated_data'])) {
 117                         $_POST['saved_associated_data'] = '';
 118                 }
 119                 $where = $this->_get_where_clause();
 120
 121                 // CREATE STUFF
 122                 if($this->_create) {
 123                         $formBase = new $this->_popupMeta['create']['formBaseClass']();
 124                         if(isset($_REQUEST['doAction']) && $_REQUEST['doAction'] == 'save')
 125                         {
 126                                 $formBase->handleSave('', false, true);
 127                         }
 128
 129                         $lbl_save_button_title = $app_strings['LBL_SAVE_BUTTON_TITLE'];
 130                         $lbl_save_button_key = $app_strings['LBL_SAVE_BUTTON_KEY'];
 131                         $lbl_save_button_label = $app_strings['LBL_SAVE_BUTTON_LABEL'];
 132
 133                         // TODO: cleanup the construction of $addform
 134                         $prefix = empty($this->_popupMeta['create']['getFormBodyParams'][0]) ? '' : $this->_popupMeta['create']['getFormBodyParams'][0];
 135                         $mod = empty($this->_popupMeta['create']['getFormBodyParams'][1]) ? '' : $this->_popupMeta['create']['getFormBodyParams'][1];
 136                         $formBody = empty($this->_popupMeta['create']['getFormBodyParams'][2]) ? '' : $this->_popupMeta['create']['getFormBodyParams'][2];
 137
 138                         $getFormMethod = (empty($this->_popupMeta['create']['getFormMethod']) ? 'getFormBody' : $this->_popupMeta['create']['getFormMethod']);
 139                         $formbody = $formBase->$getFormMethod($prefix, $mod, $formBody);
 140
 141                         $addform = '<table><tr><td nowrap="nowrap" valign="top">'
 142                                 . str_replace('<br>', '</td><td nowrap="nowrap" valign="top">&nbsp;', $formbody)
 143                                 . '</td></tr></table>'
 144                                 . '<input type="hidden" name="action" value="Popup" />';
 145                         $formSave = <<<EOQ
 146                         <input type="hidden" name="create" value="true">
 147                         <input type="hidden" name="popup" value="true">
 148                         <input type="hidden" name="to_pdf" value="true">
 149                         <input type="hidden" name="return_module" value="$currentModule">
 150                         <input type="hidden" name="return_action" value="Popup">
 151                         <input type="submit" name="button" class="button" title="$lbl_save_button_title" value="  $lbl_save_button_label  " />
 152                         <input type="button" name="button" class="button" title="{$app_strings['LBL_CANCEL_BUTTON_TITLE']}" accesskey="{$app_strings['LBL_CANCEL_BUTTON_KEY']}" value="{$app_strings['LBL_CANCEL_BUTTON_LABEL']}" onclick="toggleDisplay('addform');" />
 153 EOQ;
 154                         // if metadata contains custom inputs for the quickcreate
 155                         if(!empty($this->_popupMeta['customInput']) && is_array($this->_popupMeta['customInput'])) {
 156                                 foreach($this->_popupMeta['customInput'] as $key => $value)
 157                                         $formSave .= '<input type="hidden" name="' . $key . '" value="'. $value .'">\n';
 158                         }
 159             $createButtonTranslation = translate($this->_popupMeta['create']['createButton']);
 160                         $createButton = <<<EOQ
 161                         <input type="button" id="showAdd" name="showAdd" class="button" value="{$createButtonTranslation}" onclick="toggleDisplay('addform');" />
 162 EOQ;
 163                         $addformheader = get_form_header($createButtonTranslation, $formSave, false);
 164                 }
 165                 // END CREATE STUFF
 166
 167
 168                 // search request inputs
 169                 $searchInputs = array();
 170                 foreach($this->_popupMeta['searchInputs'] as $input)
 171                         $searchInputs[$input] = empty($_REQUEST[$input]) ? '' : $_REQUEST[$input];
 172
 173                 $request_data = empty($_REQUEST['request_data']) ? '' : $_REQUEST['request_data'];
 174                 $hide_clear_button = empty($_REQUEST['hide_clear_button']) && empty($this->_hide_clear_button) ? false : true;
 175                 $button = '<script>eval("var request_data = " + window.document.forms[\'popup_query_form\'].request_data.value);</script>';
 176
 177                 if(isset($_REQUEST['mass'])) {
 178                         foreach(array_unique($_REQUEST['mass']) as $record) {
 179                                 $button .= "<input style='display: none' checked type='checkbox' name='mass[]' value='$record'>\n";
 180                         }
 181                 }
 182
 183                 //START:FOR MULTI-SELECT
 184                 $multi_select = false;
 185                 if (!empty($_REQUEST['mode']) && strtoupper($_REQUEST['mode']) == 'MULTISELECT') {
 186                         $multi_select = true;
 187                         $button .= "<input type='hidden' name='mode' value='MultiSelect'>";
 188                         $button .= "<input type='button' name='button' class='button' onclick=\"send_back_selected('$currentModule',document.MassUpdate,'mass[]','" .$app_strings['ERR_NOTHING_SELECTED']."', request_data.field_to_name_array);\" title='"
 189                                 .$app_strings['LBL_SELECT_BUTTON_TITLE']."' value='  "
 190                                 .$app_strings['LBL_SELECT_BUTTON_LABEL']."  ' />\n";
 191                 }
 192
 193                 //END:FOR MULTI-SELECT
 194                 if(!$hide_clear_button)
 195                 {
 196                         $button .= "<input type='button' name='button' class='button' onclick=\"send_back('','');\" title='"
 197                                 .$app_strings['LBL_CLEAR_BUTTON_TITLE']."' value='  "
 198                                 .$app_strings['LBL_CLEAR_BUTTON_LABEL']."  ' />\n";
 199                 }
 200                 $button .= "<input type='submit' name='button' class='button' onclick=\"window.close();\" title='"
 201                         .$app_strings['LBL_CANCEL_BUTTON_TITLE']."' value='  "
 202                         .$app_strings['LBL_CANCEL_BUTTON_LABEL']."  ' />\n";
 203
 204                 if(isset($this->_popupMeta['templateForm'])) {
 205                         $form = new XTemplate($this->_popupMeta['templateForm']);
 206                 }
 207                 else {
 208                         $form = new XTemplate('modules/' . $currentModule . '/Popup_picker.html');
 209                 }
 210
 211                 $form->assign('MOD', $mod_strings);
 212                 $form->assign('APP', $app_strings);
 213                 $form->assign('THEME', $theme);
 214                 $form->assign('MODULE_NAME', $currentModule);
 215                 $form->assign('request_data', $request_data);
 216
 217                 // CREATE STUFF
 218                 if($this->_create) {
 219                         $form->assign('CREATEBUTTON', $createButton);
 220                         $form->assign('ADDFORMHEADER', $addformheader);
 221                         $form->assign('ADDFORM', $addform);
 222                 }
 223                 // CREATE STUFF
 224
 225                 if(isset($this->_popupMeta['className'])) $seed_bean = new $this->_popupMeta['className']();
 226                 else $seed_bean = new $this->_popupMeta['moduleMain']();
 227
 228                 // assign search inputs to xtemplates
 229                 foreach(array_keys($searchInputs) as $key) {
 230                         if(!empty($_REQUEST[$key]) && (isset($seed_bean->field_name_map[$key]['type']) && $seed_bean->field_name_map[$key]['type'] == 'bool')) {
 231                                 $form->assign(strtoupper($key), ' checked ');
 232                         } else {
 233                                 $form->assign(strtoupper($key), $searchInputs[$key]);
 234                         }
 235                 }
 236
 237                 if($this->_create) $form->assign('CREATE', 'true');
 238                 else $form->assign('CREATE', 'false');
 239
 240                 // fill any doms
 241                 if(isset($this->_popupMeta['selectDoms']))
 242                         foreach($this->_popupMeta['selectDoms'] as $key => $value) {
 243                                 $form->assign($key, get_select_options_with_id($app_list_strings[$value['dom']], $value['searchInput']));
 244                         }
 245
 246                 $form->assign('MULTI_SELECT', !empty($_REQUEST['mode']) ? strtoupper($_REQUEST['mode']) : '');
 247
 248                 ob_start();
 249                 insert_popup_header($theme);
 250                 $output_html .= ob_get_contents();
 251                 ob_end_clean();
 252
 253                 $output_html .= get_form_header($mod_strings['LBL_SEARCH_FORM_TITLE'], '', false);
 254
 255                 $form->parse('main.SearchHeader');
 256                 $output_html .= $form->text('main.SearchHeader');
 257
 258                 // Reset the sections that are already in the page so that they do not print again later.
 259                 $form->reset('main.SearchHeader');
 260
 261                 $ListView = new ListView();
 262                 $ListView->show_select_menu = false;
 263                 $ListView->show_delete_button = false;
 264                 $ListView->show_export_button = false;
 265                 $ListView->process_for_popups = true;
 266                 $ListView->setXTemplate($form);
 267
 268                 $ListView->multi_select_popup = $multi_select;
 269                 $ListView->xTemplate->assign('TAG_TYPE', 'A');
 270                 if(isset($this->_popupMeta['listTitle'])) {
 271                         $ListView->setHeaderTitle($this->_popupMeta['listTitle']);
 272                 }
 273                 else {
 274                         $ListView->setHeaderTitle($mod_strings['LBL_LIST_FORM_TITLE']);
 275                 }
 276                 $ListView->setHeaderText($button);
 277                 $ListView->setQuery($where, '', $this->_popupMeta['orderBy'], $this->_popupMeta['varName']);
 278                 $ListView->setModStrings($mod_strings);
 279
 280                 ob_start();
 281                 $ListView->processListView($seed_bean, 'main', $this->_popupMeta['varName']);
 282                 $output_html .= ob_get_contents();
 283                 ob_end_clean();
 284                 $json = getJSONobj();
 285
 286                 // decode then encode to escape "'s
 287                 $output_html .= "</form>
 288                 <script type=\"text/javascript\">
 289                 function save_checks(offset) {
 290                         checked_ids = Array();
 291                         for (i = 0; i < document.MassUpdate.elements.length; i++){
 292                                 if(document.MassUpdate.elements[i].name == 'mass[]' && document.MassUpdate.elements[i].checked) {
 293                                         temp_string = '';
 294                                         temp_string += '\"' + document.MassUpdate.elements[i].value + '\": {';
 295                                         for(the_key in associated_javascript_data[document.MassUpdate.elements[i].value]) {
 296                                                 temp_string += '\"' + the_key + '\":\"' + associated_javascript_data[document.MassUpdate.elements[i].value][the_key] + '\",';
 297                                         }
 298                                         temp_string = temp_string.substring(0,temp_string.length - 1);
 299                                         temp_string += '}';
 300                                         checked_ids.push(temp_string);
 301                                 }
 302                         }
 303                         document.MassUpdate.saved_associated_data.value = escape('{' + checked_ids.join(',') + '}');
 304
 305                         document.MassUpdate.action.value = \"Popup\";
 306                         document.MassUpdate.$currentModule" . '_' . strtoupper($this->_popupMeta['moduleMain']) . '_offset.value = offset;
 307                         document.MassUpdate.submit();
 308                 }
 309                 // reassigned the saved data from the saved checks
 310                 if(typeof(document.MassUpdate) != \'undefined\' && document.MassUpdate.saved_associated_data.value != \'\') {
 311                         temp_array = ' . (!empty($_REQUEST['saved_associated_data']) ? $json->encode($json->decode(urldecode($_REQUEST['saved_associated_data']))) : '\'\'') . ';
 312                         for(the_key in temp_array) {
 313                                 associated_javascript_data[the_key] = temp_array[the_key];
 314                         }
 315                 }
 316
 317                 // save checks across pages for multiselects
 318                 if(typeof(document.MassUpdate) != "undefined") {
 319                         checked_items = Array();
 320                         inputs_array = document.MassUpdate.elements;
 321
 322                         for(wp = 0 ; wp < inputs_array.length; wp++) {
 323                                 if(inputs_array[wp].name == "mass[]" && inputs_array[wp].style.display == "none") {
 324                                         checked_items.push(inputs_array[wp].value);
 325                                 }
 326                         }
 327                         for(i in checked_items) {
 328                                 for(wp = 0 ; wp < inputs_array.length; wp++) {
 329                                         if(inputs_array[wp].name == "mass[]" && inputs_array[wp].value == checked_items[i]) {
 330                                                 inputs_array[wp].checked = true;
 331                                         }
 332                                 }
 333                         }
 334                 }
 335                 </script>';
 336                 $output_html .= insert_popup_footer();
 337         return $output_html;
 338         }
 339 } // end of class Popup_Picker
 340 ?>
 341