Some improvements on permissions and the API are landing on 3.4.2 and 4.0.2.
On the previous versions, the permissions where not enforced (on php and smarty) and checked on the same permission "access civicrm" for the rest and ajax no matter the operation and entity.
As API v3 is exposing more and more entities, it became necessary to control better what could be accessed. We re-used the permissions has defined on drupal for the menues, but instead of applying them to a path (in order to access civicrm/admin/event the user need the priviledge "access CiviEvent"), we applied them to the entities and action (in order to create an event using the api, the user need the priviledge "access CiviEvent").
We realised there isn't a perfect match between these two logics "protect what pages and form you can access" vs. "protect what type of content and action...Read more
After spending a lot of time, CiviSync CMS Component (for Joomla) and Module (for Drupal) were able to see the sunlight. We have now released the two extensions on our website www.targetintegration.com
CiviSync CMS was primarily created as an additional item to CiviSync Outlook Addon (Still Under Development); to provide an easy to use interface to manage site key of a CiviCRM installation and API Key for the users in the database. Thanks to Xavier who helped me realise the full potential of CiviSync CMS; that not only CiviSync but whereever you want to use API, CiviSync CMS can be a useful tool.
I have taken the following from the wiki and modified for those unaware about Site Keys and API Keys:
What is a Site Key?
You are required to pass authentication information at runtime to prevent any scripts in CiviCRM from being invoked by an unauthorized agent. CiviCRM uses a Site Key in...Read more
Have you ever clicked a few zillion time on the admin interface to create a lot of groups, tags, values for a custom field... ?
Have you ever screamed having to do the same tedious tasks you did on the staging one more time on the production site?
Have you cursed the import wizard after having clicked again and again on the next button ?
Friends of the shell, rejoice, the API is there to the rescue and tech to the people has contributed a few simple tools. As of civicrm 3.4, we have introduced 3 scripts: bin/csv/export.php bin/csv/import.php and bin/csv/delete.php
They allow to import (create or update), export and delete any entity exposed by the API (almost everything).
The syntax is simple: the first line is the name of the fields all the others are entities. you can find the name of these fields using the getfields action on any entity from the...Read more
Many modern web applications have a lot of spam deterrent such as Captcha, Bayesian filters, URL, ip detections etc. One example is trying to do 2 consecutive search on the CiviCRM.org forum and you will get a an error that look like
"Your last search was less than 5 seconds ago. Please try again later."
The concept behind this is flood control is to prevent a webbot (automated script) that is trying to spam and flood the server.
Sometimes this technique is useful in place of something such as a Captcha system because when someone performs a search on the forum, it would be annoying to have to play the "guess game" with a captcha everytime. Therefore discourages the usage of the searching functionality.
We are applying the same concept to CiviContribute contribution page in attempt to stop spammers from using the contribution form as a gateway to test fake or stolen credit cards. See the code in the...Read more
As announced earlier, the Location API has become obsolete in API version 3, which is currently shipped with the 4.0/3.4 alpha versions. It has been replaced by Address, Email, Phone and Website API in v3.
However, in the v2 Location API there was already a param 'version' which was used to determine if the older functionality of the Location API (CiviCRM version 2.2 and older) was used or the newer functionality (CiviCRM 3 and onwards). So the code looked like this:
$params = array('version'=> '3.0', 'location_type_id => 1 etc.);<br />
$result = civicrm_location_add($params);
This version param now conflicts with the version parameter introduced in API v3, were we use the version to determine if API v2 or API v3 will be used. So the call will now be something like:
as announced earlier the Location API is no longer with us in the API v3 version. It was a beast of an API, too smart for its own good and certainly to smart for the API team!
So we created a bunch of new API's instead: Address, Email, Phone and Website. The Contact API will still get you the primary address, email and phone for a contact, and the first website. If you need more (like all the phone numbers for a contact) you can use one of the new API's. Each one has the following functions:
and if you use the new civicrm_api to call them you can also use 'update' as an action, and 'getfields' to get a list of all the fields on the entity.
If you try calling the Location API with version 3, you will get an error message. The existing Location API in v2 is still available.
The way to call the v3 API's is to use the new civicrm_api function with version...Read more
This new API is the recommended method to Create, Get, Delete or Update any CiviCRM data from your code or an external system. It is much more coherent and easier to use than the api v2.
As of the civicrm 3.4/4 and as already available for your viewing pleasure on sandbox.civicrm.org (login/password demo/demo), we have developed an API explorer and code generator that is shipped with civicrm and will let you use interactively the api directly on your own data.