eggsurplus · June 3, 2014 18:15
diff --git a/Save.php b/Save.php
 <?php
 //   This file goes in /custom/modules/Employees/Save.php 
 //   For SugarCRM CE 6.5.16 - the relevant code is in the CUSTOM CODE section commented below
 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');

 require_once('modules/MySettings/TabController.php');

 $tabs_def = urldecode(isset($_REQUEST['display_tabs_def']) ? $_REQUEST['display_tabs_def'] : '');
 $DISPLAY_ARR = array();
 parse_str($tabs_def,$DISPLAY_ARR);

 //there was an issue where a non-admin user could use a proxy tool to intercept the save on their own Employee
 //record and swap out their record_id with the admin employee_id which would cause the email address
 //of the non-admin user to be associated with the admin user thereby allowing the non-admin to reset the password
 //of the admin user.
 if(isset($_POST['record']) && !is_admin($GLOBALS['current_user']) && !$GLOBALS['current_user']->isAdminForModule('Employees') && ($_POST['record'] != $GLOBALS['current_user']->id))
 {
    sugar_die("Unauthorized access to administration.");
 }
 elseif (!isset($_POST['record']) && !is_admin($GLOBALS['current_user']) && !$GLOBALS['current_user']->isAdminForModule('Employees'))
 {
    sugar_die ("Unauthorized access to user administration.");
 }

 $focus = new Employee();

 $focus->retrieve($_POST['record']);

 //rrs bug: 30035 - I am not sure how this ever worked b/c old_reports_to_id was not populated.
 $old_reports_to_id = $focus->reports_to_id;

 populateFromRow($focus,$_POST);

 $focus->save();
 $return_id = $focus->id;

 /** CUSTOM CODE TO SAVE PHOTO FIELDS */
 //from SugarController->pre_save...only do for type = photo
 require_once('include/SugarFields/SugarFieldHandler.php');
 $sfh = new SugarFieldHandler();
 foreach($focus->field_defs as $field => $properties) {
    $type = !empty($properties['custom_type']) ? $properties['custom_type'] : $properties['type'];
    if($type != 'photo') {
        continue; //to be safe
    }
    $sf = $sfh->getSugarField(ucfirst($type), true);
    if(isset($_POST[$field])) {
        if(is_array($_POST[$field]) && !empty($properties['isMultiSelect'])) {
            if(empty($_POST[$field][0])) {
                unset($_POST[$field][0]);
            }
            $_POST[$field] = encodeMultienumValue($_POST[$field]);
        }
        $focus->$field = $_POST[$field];
    } else if(!empty($properties['isMultiSelect']) && !isset($_POST[$field]) && isset($_POST[$field . '_multiselect'])) {
        $focus->$field = '';
    }
    if($sf != null){
        $sf->save($focus, $_POST, $field, $properties);
    }
 }
 $focus->save();
 /** END - CUSTOM CODE TO SAVE PHOTO FIELDS */

 if(isset($_POST['return_module']) && $_POST['return_module'] != "") $return_module = $_POST['return_module'];
 else $return_module = "Employees";
 if(isset($_POST['return_action']) && $_POST['return_action'] != "") $return_action = $_POST['return_action'];
 else $return_action = "DetailView";
 if(isset($_POST['return_id']) && $_POST['return_id'] != "") $return_id = $_POST['return_id'];

 $GLOBALS['log']->debug("Saved record with id of ".$return_id);


 header("Location: index.php?action=$return_action&module=$return_module&record=$return_id");


 function populateFromRow(&$focus,$row){


    //only employee specific field values need to be copied.
    $e_fields=array('first_name','last_name','reports_to_id','description','phone_home','phone_mobile','phone_work','phone_other','phone_fax','address_street','address_city','address_state','address_country','address_country', 'address_postalcode', 'messenger_id','messenger_type');
    if ( is_admin($GLOBALS['current_user']) ) {
        $e_fields = array_merge($e_fields,array('title','department','employee_status'));
    }
    // Also add custom fields
    foreach ($focus->field_defs as $fieldName => $field ) {
        if ( isset($field['source']) && $field['source'] == 'custom_fields' ) {
            $e_fields[] = $fieldName;
        }
    }
    $nullvalue='';
    foreach($e_fields as $field)
    {
        $rfield = $field; // fetch returns it in lowercase only
        if(isset($row[$rfield]))
        {
            $focus->$field = $row[$rfield];
        }
    }
 }
 ?>
	<?php
	// This file goes in /custom/modules/Employees/Save.php
	// For SugarCRM CE 6.5.16 - the relevant code is in the CUSTOM CODE section commented below
	if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');

	require_once('modules/MySettings/TabController.php');

	$tabs_def = urldecode(isset($_REQUEST['display_tabs_def']) ? $_REQUEST['display_tabs_def'] : '');
	$DISPLAY_ARR = array();
	parse_str($tabs_def,$DISPLAY_ARR);

	//there was an issue where a non-admin user could use a proxy tool to intercept the save on their own Employee
	//record and swap out their record_id with the admin employee_id which would cause the email address
	//of the non-admin user to be associated with the admin user thereby allowing the non-admin to reset the password
	//of the admin user.
	if(isset($_POST['record']) && !is_admin($GLOBALS['current_user']) && !$GLOBALS['current_user']->isAdminForModule('Employees') && ($_POST['record'] != $GLOBALS['current_user']->id))
	{
	sugar_die("Unauthorized access to administration.");
	}
	elseif (!isset($_POST['record']) && !is_admin($GLOBALS['current_user']) && !$GLOBALS['current_user']->isAdminForModule('Employees'))
	{
	sugar_die ("Unauthorized access to user administration.");
	}

	$focus = new Employee();

	$focus->retrieve($_POST['record']);

	//rrs bug: 30035 - I am not sure how this ever worked b/c old_reports_to_id was not populated.
	$old_reports_to_id = $focus->reports_to_id;

	populateFromRow($focus,$_POST);

	$focus->save();
	$return_id = $focus->id;

	/** CUSTOM CODE TO SAVE PHOTO FIELDS */
	//from SugarController->pre_save...only do for type = photo
	require_once('include/SugarFields/SugarFieldHandler.php');
	$sfh = new SugarFieldHandler();
	foreach($focus->field_defs as $field => $properties) {
	$type = !empty($properties['custom_type']) ? $properties['custom_type'] : $properties['type'];
	if($type != 'photo') {
	continue; //to be safe
	}
	$sf = $sfh->getSugarField(ucfirst($type), true);
	if(isset($_POST[$field])) {
	if(is_array($_POST[$field]) && !empty($properties['isMultiSelect'])) {
	if(empty($_POST[$field][0])) {
	unset($_POST[$field][0]);
	}
	$_POST[$field] = encodeMultienumValue($_POST[$field]);
	}
	$focus->$field = $_POST[$field];
	} else if(!empty($properties['isMultiSelect']) && !isset($_POST[$field]) && isset($_POST[$field . '_multiselect'])) {
	$focus->$field = '';
	}
	if($sf != null){
	$sf->save($focus, $_POST, $field, $properties);
	}
	}
	$focus->save();
	/** END - CUSTOM CODE TO SAVE PHOTO FIELDS */

	if(isset($_POST['return_module']) && $_POST['return_module'] != "") $return_module = $_POST['return_module'];
	else $return_module = "Employees";
	if(isset($_POST['return_action']) && $_POST['return_action'] != "") $return_action = $_POST['return_action'];
	else $return_action = "DetailView";
	if(isset($_POST['return_id']) && $_POST['return_id'] != "") $return_id = $_POST['return_id'];

	$GLOBALS['log']->debug("Saved record with id of ".$return_id);


	header("Location: index.php?action=$return_action&module=$return_module&record=$return_id");


	function populateFromRow(&$focus,$row){


	//only employee specific field values need to be copied.
	$e_fields=array('first_name','last_name','reports_to_id','description','phone_home','phone_mobile','phone_work','phone_other','phone_fax','address_street','address_city','address_state','address_country','address_country', 'address_postalcode', 'messenger_id','messenger_type');
	if ( is_admin($GLOBALS['current_user']) ) {
	$e_fields = array_merge($e_fields,array('title','department','employee_status'));
	}
	// Also add custom fields
	foreach ($focus->field_defs as $fieldName => $field ) {
	if ( isset($field['source']) && $field['source'] == 'custom_fields' ) {
	$e_fields[] = $fieldName;
	}
	}
	$nullvalue='';
	foreach($e_fields as $field)
	{
	$rfield = $field; // fetch returns it in lowercase only
	if(isset($row[$rfield]))
	{
	$focus->$field = $row[$rfield];
	}
	}
	}
	?>