2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
38 $portal_modules = array('Contacts', 'Accounts', 'Notes');
39 $portal_modules[] = 'Cases';
40 $portal_modules[] = 'Bugs';
51 function get_bugs_in_contacts($in, $orderBy = '')
53 //bail if the in is empty
54 if(empty($in) || $in =='()' || $in =="('')")return;
55 // First, get the list of IDs.
57 $query = "SELECT bug_id as id from contacts_bugs where contact_id IN $in AND deleted=0";
59 $query .= ' ORDER BY ' . $orderBy;
62 $sugar = new Contact();
63 set_module_in($sugar->build_related_in($query), 'Bugs');
66 function get_bugs_in_accounts($in, $orderBy = '')
68 //bail if the in is empty
69 if(empty($in) || $in =='()' || $in =="('')")return;
70 // First, get the list of IDs.
72 $query = "SELECT bug_id as id from accounts_bugs where account_id IN $in AND deleted=0";
74 $query .= ' ORDER BY ' . $orderBy;
77 $sugar = new Account();
79 set_module_in($sugar->build_related_in($query), 'Bugs');
86 function get_cases_in_contacts($in, $orderBy = '')
88 //bail if the in is empty
89 if(empty($in) || $in =='()' || $in =="('')")return;
90 // First, get the list of IDs.
92 $query = "SELECT case_id as id from contacts_cases where contact_id IN $in AND deleted=0";
94 $query .= ' ORDER BY ' . $orderBy;
97 $sugar = new Contact();
98 set_module_in($sugar->build_related_in($query), 'Cases');
101 function get_cases_in_accounts($in, $orderBy = '')
103 if(empty($_SESSION['viewable']['Accounts'])){
106 //bail if the in is empty
107 if(empty($in) || $in =='()' || $in =="('')")return;
108 // First, get the list of IDs.
109 $query = "SELECT id from cases where account_id IN $in AND deleted=0";
110 if(!empty($orderBy)){
111 $query .= ' ORDER BY ' . $orderBy;
114 $sugar = new Account();
115 set_module_in($sugar->build_related_in($query), 'Cases');
125 function get_notes_in_contacts($in, $orderBy = '')
127 //bail if the in is empty
128 if(empty($in) || $in =='()' || $in =="('')")return;
129 // First, get the list of IDs.
130 $query = "SELECT id from notes where contact_id IN $in AND deleted=0 AND portal_flag=1";
131 if(!empty($orderBy)){
132 $query .= ' ORDER BY ' . $orderBy;
135 $contact = new Contact();
137 return $contact->build_related_list($query, $note);
140 function get_notes_in_module($in, $module, $orderBy = '')
142 //bail if the in is empty
143 if(empty($in) || $in =='()' || $in =="('')")return;
144 // First, get the list of IDs.
145 $query = "SELECT id from notes where parent_id IN $in AND parent_type='$module' AND deleted=0 AND portal_flag = 1";
146 if(!empty($orderBy)){
147 $query .= ' ORDER BY ' . $orderBy;
149 global $beanList, $beanFiles;
151 if(!empty($beanList[$module])){
152 $class_name = $beanList[$module];
153 require_once($beanFiles[$class_name]);
154 $sugar = new $class_name();
160 return $sugar->build_related_list($query, $note);
163 function get_related_in_module($in, $module, $rel_module, $orderBy = '', $row_offset = 0, $limit= -1)
165 global $beanList, $beanFiles;
166 if(!empty($beanList[$rel_module])){
167 $class_name = $beanList[$rel_module];
168 require_once($beanFiles[$class_name]);
169 $rel = new $class_name();
174 //bail if the in is empty
175 if(empty($in) || $in =='()' || $in =="('')")return;
177 // First, get the list of IDs.
178 if ($module == 'KBDocuments' || $module == 'DocumentRevisions') {
179 $query = "SELECT dr.* from document_revisions dr
180 inner join kbdocument_revisions kr on kr.document_revision_id = dr.id AND kr.kbdocument_id IN ($in)
181 AND dr.file_mime_type is not null";
183 $query = "SELECT id from $rel->table_name where parent_id IN $in AND parent_type='".$GLOBALS['db']->quote($module)."' AND deleted=0 AND portal_flag = 1";
186 if(!empty($orderBy)){
187 require_once 'include/SugarSQLValidate.php';
188 $valid = new SugarSQLValidate();
189 $fakeWhere = " 1=1 ";
190 if($valid->validateQueryClauses($fakeWhere,$orderBy)) {
191 $query .= ' ORDER BY '. $orderBy;
193 $GLOBALS['log']->error("Bad order by: $orderBy");
198 if(!empty($beanList[$module])){
199 $class_name = $beanList[$module];
200 require_once($beanFiles[$class_name]);
201 $sugar = new $class_name();
207 $count_query = $sugar->create_list_count_query($query);
208 if(!empty($count_query))
210 // We have a count query. Run it and get the results.
211 $result = $sugar->db->query($count_query, true, "Error running count query for $sugar->object_name List: ");
212 $assoc = $sugar->db->fetchByAssoc($result);
213 if(!empty($assoc['c']))
215 $rows_found = $assoc['c'];
218 $list = $sugar->build_related_list($query, $rel, $row_offset, $limit);
219 $list['result_count'] = $rows_found;
223 function get_accounts_from_contact($contact_id, $orderBy = '')
225 // First, get the list of IDs.
226 $query = "SELECT account_id as id from accounts_contacts where contact_id='".$GLOBALS['db']->quote($contact_id)."' AND deleted=0";
227 if(!empty($orderBy)){
228 $query .= ' ORDER BY ' . $orderBy;
230 $sugar = new Contact();
231 set_module_in($sugar->build_related_in($query), 'Accounts');
234 function get_contacts_from_account($account_id, $orderBy = '')
236 // First, get the list of IDs.
237 $query = "SELECT contact_id as id from accounts_contacts where account_id='".$GLOBALS['db']->quote($account_id)."' AND deleted=0";
238 if(!empty($orderBy)){
239 $query .= ' ORDER BY ' . $orderBy;
241 $sugar = new Account();
242 set_module_in($sugar->build_related_in($query), 'Contacts');
245 function get_related_list($in, $template, $where, $order_by, $row_offset = 0, $limit = ""){
248 //if $in is empty then pass in a query to get the list of related list
249 if(empty($in) || $in =='()' || $in =="('')"){
251 //build the query to pass into the template list function
252 $q = 'select id from '.$template->table_name.' where deleted = 0 ';
253 //add where statement if it is not empty
255 require_once 'include/SugarSQLValidate.php';
256 $valid = new SugarSQLValidate();
257 if(!$valid->validateQueryClauses($where)) {
258 $GLOBALS['log']->error("Bad query: $where");
259 // No way to directly pass back an error.
263 $q .= ' and ( '.$where.' ) ';
267 return $template->build_related_list_where($q, $template, $where, $in, $order_by, $limit, $row_offset);
271 function build_relationship_tree($contact){
272 global $sugar_config;
273 $contact->retrieve($contact->id);
275 get_accounts_from_contact($contact->id);
277 set_module_in(array('list'=>array($contact->id), 'in'=> "('".$GLOBALS['db']->quote($contact->id)."')"), 'Contacts');
279 $accounts = $_SESSION['viewable']['Accounts'];
280 foreach($accounts as $id){
281 if(!isset($sugar_config['portal_view']) || $sugar_config['portal_view'] != 'single_user'){
282 get_contacts_from_account($id);
287 function get_contacts_in(){
288 return $_SESSION['viewable']['contacts_in'];
291 function get_accounts_in(){
292 return $_SESSION['viewable']['accounts_in'];
295 function get_module_in($module_name){
296 if(!isset($_SESSION['viewable'][$module_name])){
300 $module_name_in = array_keys($_SESSION['viewable'][$module_name]);
301 $module_name_list = array();
302 foreach ( $module_name_in as $name ) {
303 $module_name_list[] = $GLOBALS['db']->quote($name);
306 $mod_in = "('" . join("','", $module_name_list) . "')";
307 $_SESSION['viewable'][strtolower($module_name).'_in'] = $mod_in;
312 function set_module_in($arrayList, $module_name){
314 if(!isset($_SESSION['viewable'][$module_name])){
315 $_SESSION['viewable'][$module_name] = array();
317 foreach($arrayList['list'] as $id){
318 $_SESSION['viewable'][$module_name][$id] = $id;
320 if($module_name == 'Accounts' && isset($id)){
321 $_SESSION['account_id'] = $id;
324 if(!empty($_SESSION['viewable'][strtolower($module_name).'_in'])){
325 if($arrayList['in'] != '()') {
327 if ( is_array($_SESSION['viewable'][strtolower($module_name).'_in']) ) {
328 foreach($_SESSION['viewable'][strtolower($module_name).'_in'] as $name ) {
329 $newList[] = $GLOBALS['db']->quote($name);
332 if ( is_array($arrayList['list']) ) {
333 foreach ( $arrayList['list'] as $name ) {
334 $newList[] = $GLOBALS['db']->quote($name);
337 $_SESSION['viewable'][strtolower($module_name).'_in'] = "('" . implode("', '", $newList) . "')";
340 $_SESSION['viewable'][strtolower($module_name).'_in'] = $arrayList['in'];
345 * Given the user auth, attempt to log the user in.
346 * used by SoapPortalUsers.php
348 function login_user($portal_auth){
349 $error = new SoapError();
351 $user = $user->retrieve_by_string_fields(array('user_name'=>$portal_auth['user_name'],'user_hash'=>$portal_auth['password'], 'deleted'=>0, 'status'=>'Active', 'portal_only'=>1) );
354 global $current_user;
355 $current_user = $user;
358 $GLOBALS['log']->fatal('SECURITY: User authentication for '. $portal_auth['user_name']. ' failed');
364 function portal_get_entry_list_limited($session, $module_name,$where, $order_by, $select_fields, $row_offset, $limit){
365 global $beanList, $beanFiles, $portal_modules;
366 $error = new SoapError();
367 if(! portal_validate_authenticated($session)){
368 $error->set_error('invalid_session');
369 return array('result_count'=>-1, 'entry_list'=>array(), 'error'=>$error->get_soap_array());
371 if($_SESSION['type'] == 'lead' ){
372 $error->set_error('no_access');
373 return array('result_count'=>-1, 'entry_list'=>array(), 'error'=>$error->get_soap_array());
375 if(empty($beanList[$module_name])){
376 $error->set_error('no_module');
377 return array('result_count'=>-1, 'entry_list'=>array(), 'error'=>$error->get_soap_array());
379 if($module_name == 'Cases'){
381 //if the related cases have not yet been loaded into the session object,
382 //then call the methods that will load the cases related to the contact/accounts for this user
383 if(!isset($_SESSION['viewable'][$module_name])){
384 //retrieve the contact/account id's for this user
385 $c =get_contacts_in();
386 $a = get_accounts_in();
387 if(!empty($c)) {get_cases_in_contacts($c);}
388 if(!empty($a)) { get_cases_in_accounts($a);}
391 $sugar = new aCase();
394 //if no Cases have been loaded into the session as viewable, then do not issue query, just return empty list
395 //issuing a query with no cases loaded in session will return ALL the Cases, which is not a good thing
396 if(!empty($_SESSION['viewable'][$module_name])){
397 $list = get_related_list(get_module_in($module_name), new aCase(), $where,$order_by, $row_offset, $limit);
400 }else if($module_name == 'Contacts'){
401 $sugar = new Contact();
402 $list = get_related_list(get_module_in($module_name), new Contact(), $where,$order_by);
403 }else if($module_name == 'Accounts'){
404 $sugar = new Account();
405 $list = get_related_list(get_module_in($module_name), new Account(), $where,$order_by);
406 }else if($module_name == 'Bugs'){
408 //if the related bugs have not yet been loaded into the session object,
409 //then call the methods that will load the bugs related to the contact/accounts for this user
410 if(!isset($_SESSION['viewable'][$module_name])){
411 //retrieve the contact/account id's for this user
412 $c =get_contacts_in();
413 $a = get_accounts_in();
414 if(!empty($c)) {get_bugs_in_contacts($c);}
415 if(!empty($a)) {get_bugs_in_accounts($a);}
419 //if no Bugs have been loaded into the session as viewable, then do not issue query, just return empty list
420 //issuing a query with no bugs loaded in session will return ALL the Bugs, which is not a good thing
421 if(!empty($_SESSION['viewable'][$module_name])){
422 $list = get_related_list(get_module_in($module_name), new Bug(), $where, $order_by, $row_offset, $limit);
424 } else if ($module_name == 'KBDocuments') {
425 } else if ($module_name == 'FAQ') {
427 $error->set_error('no_module_support');
428 return array('result_count'=>-1, 'entry_list'=>array(), 'error'=>$error->get_soap_array());
432 $output_list = Array();
433 $field_list = array();
434 foreach($list as $value)
437 //$loga->fatal("Adding another account to the list");
438 $output_list[] = get_return_value($value, $module_name);
439 $_SESSION['viewable'][$module_name][$value->id] = $value->id;
440 if(empty($field_list)){
441 $field_list = get_field_list($value);
444 $output_list = filter_return_list($output_list, $select_fields, $module_name);
445 $field_list = filter_field_list($field_list,$select_fields, $module_name);
447 return array('result_count'=>sizeof($output_list), 'next_offset'=>0,'field_list'=>$field_list, 'entry_list'=>$output_list, 'error'=>$error->get_soap_array());
450 $invalid_contact_fields = array('portal_name'=>1, 'portal_password'=>1, 'portal_active'=>1);
451 $valid_modules_for_contact = array('Contacts'=>1, 'Cases'=>1, 'Notes'=>1, 'Bugs'=>1, 'Accounts'=>1, 'Leads'=>1, 'KBDocuments'=>1);