ChemiKyle
commented
4 years ago I've updated the patch file to allow the typical DataEntry/record_home search to function as expected
--- DataEntry/search.php 2020-10-28 09:53:08.000000000 -0400
+++ DataEntry/search.php 2020-10-28 10:37:35.000000000 -0400
@@ -10,11 +10,16 @@
if ($isAjax && isset($_GET['term']))
{
// If field is passed, make sure it's valid for this project
- if (isset($_GET['field']) && $_GET['field'] != '' && (!isset($Proj->metadata[$_GET['field']])
- || ($user_rights['forms'][$Proj->metadata[$_GET['field']]['form_name']] == '0' && $_GET['field'] != $Proj->table_pk)))
- {
- exit('[]');
- }
+ if (isset($_GET['field'])) {
+ $GET_field_array = (array) $_GET['field'];
+ foreach ($GET_field_array as $field) {
+ if ($field != '' && (!isset($Proj->metadata[$field])
+ || ($user_rights['forms'][$Proj->metadata[$field]['form_name']] == '0' && $field != $Proj->table_pk)))
+ {
+ exit('[]');
+ }
+ }
+ }
## PERFORMANCE: Kill any currently running processes by the current user/session on THIS page
System::killConcurrentRequests(5);
@@ -54,7 +59,7 @@
// If query field is the table_pk and project is longitudinal, then only return a single entry for first event on each arm
$sql_table_pk = "";
- if ($longitudinal && isset($_GET['field']) && $_GET['field'] == $table_pk) {
+ if ($longitudinal && isset($GET_field_array) && in_array($table_pk, $GET_field_array) ) {
// Get first event of each arm
$firstEventInArms = array();
foreach ($Proj->events as $this_arm=>$attr) {
@@ -68,8 +73,9 @@
}
// Search on specific field
- if (isset($_GET['field']) && $_GET['field'] != '') {
- $sql_field = "and field_name = '".db_escape($_GET['field'])."'";
+ if (isset($GET_field_array) && !empty($GET_field_array)) {
+ //$sql_field = "and field_name = '".db_escape($GET_field_array)."'";
+ $sql_field = "and field_name in (" . prep_implode($GET_field_array) . ")";
} else {
// Build array of fields that user has read-only or edit access to
$fields = array();
@@ -193,13 +199,13 @@
$label = """ . $prefix . $label . $suffix . "" " . $lang['global_107'].' ' . $record_display;
// Instance: Set as 1 for record ID field so as not to return multiple instances of record ID
- $isRecordIdField = ($result['field_name'] == $table_pk || (isset($_GET['field']) && $_GET['field'] == $table_pk));
+ $isRecordIdField = ($result['field_name'] == $table_pk || (isset($GET_field_array) && $GET_field_array == $table_pk));
if ($result['instance'] == '' || $isRecordIdField) {
$result['instance'] = '1';
}
// If user is searching on the record ID field, but they don't have access to the first form, then send them to
- if ($_GET['field'] == $Proj->table_pk && $user_rights['forms'][$Proj->metadata[$_GET['field']]['form_name']] == '0') {
+ if (in_array($Proj->table_pk, $GET_field_array) && $user_rights['forms'][$Proj->metadata[$Proj->table_pk]['form_name']] == '0') {
foreach ($user_rights['forms'] as $this_form=>$this_level) {
if ($this_level == '0') continue;
$form = $this_form;
Also requires a small patch to
redcap_vx.y.z/DataEntry/search.phpto respect an array of fields. I can't attach the patch file so I'm putting it inline, it's mean to be run in theredcap_v10.0.1directory withpatch -p0 < $filename.