Commit | Line | Data |
---|---|---|
e7339d59 | 1 | <?php |
2 | ||
3 | require_once 'financialacls.civix.php'; | |
4 | // phpcs:disable | |
87e130bb | 5 | use Civi\Api4\EntityFinancialAccount; |
e7339d59 | 6 | use CRM_Financialacls_ExtensionUtil as E; |
7 | // phpcs:enable | |
8 | ||
9 | /** | |
10 | * Implements hook_civicrm_config(). | |
11 | * | |
12 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config/ | |
13 | */ | |
14 | function financialacls_civicrm_config(&$config) { | |
15 | _financialacls_civix_civicrm_config($config); | |
16 | } | |
17 | ||
af4cccf7 TO |
18 | /** |
19 | * @param \Symfony\Component\DependencyInjection\ContainerBuilder $container | |
20 | */ | |
21 | function financialacls_civicrm_container($container) { | |
22 | $dispatcherDefn = $container->getDefinition('dispatcher'); | |
23 | $container->addResource(new \Symfony\Component\Config\Resource\FileResource(__FILE__)); | |
24 | $dispatcherDefn->addMethodCall('addListener', ['civi.api4.authorizeRecord::Contribution', '_financialacls_civi_api4_authorizeContribution']); | |
25 | } | |
26 | ||
e7339d59 | 27 | /** |
28 | * Implements hook_civicrm_install(). | |
29 | * | |
30 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install | |
31 | */ | |
32 | function financialacls_civicrm_install() { | |
33 | _financialacls_civix_civicrm_install(); | |
34 | } | |
35 | ||
36 | /** | |
37 | * Implements hook_civicrm_postInstall(). | |
38 | * | |
39 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_postInstall | |
40 | */ | |
41 | function financialacls_civicrm_postInstall() { | |
42 | _financialacls_civix_civicrm_postInstall(); | |
43 | } | |
44 | ||
45 | /** | |
46 | * Implements hook_civicrm_uninstall(). | |
47 | * | |
48 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_uninstall | |
49 | */ | |
50 | function financialacls_civicrm_uninstall() { | |
51 | _financialacls_civix_civicrm_uninstall(); | |
52 | } | |
53 | ||
54 | /** | |
55 | * Implements hook_civicrm_enable(). | |
56 | * | |
57 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable | |
58 | */ | |
59 | function financialacls_civicrm_enable() { | |
60 | _financialacls_civix_civicrm_enable(); | |
61 | } | |
62 | ||
63 | /** | |
64 | * Implements hook_civicrm_disable(). | |
65 | * | |
66 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_disable | |
67 | */ | |
68 | function financialacls_civicrm_disable() { | |
69 | _financialacls_civix_civicrm_disable(); | |
70 | } | |
71 | ||
72 | /** | |
73 | * Implements hook_civicrm_upgrade(). | |
74 | * | |
75 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_upgrade | |
76 | */ | |
77 | function financialacls_civicrm_upgrade($op, CRM_Queue_Queue $queue = NULL) { | |
78 | return _financialacls_civix_civicrm_upgrade($op, $queue); | |
79 | } | |
80 | ||
e7339d59 | 81 | /** |
82 | * Implements hook_civicrm_entityTypes(). | |
83 | * | |
84 | * Declare entity types provided by this module. | |
85 | * | |
86 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes | |
87 | */ | |
88 | function financialacls_civicrm_entityTypes(&$entityTypes) { | |
89 | _financialacls_civix_civicrm_entityTypes($entityTypes); | |
90 | } | |
91 | ||
b82fb202 | 92 | /** |
93 | * Intervene to prevent deletion, where permissions block it. | |
94 | * | |
aeee327d | 95 | * @param string $op |
b82fb202 | 96 | * @param string $objectName |
97 | * @param int|null $id | |
98 | * @param array $params | |
99 | * | |
100 | * @throws \API_Exception | |
101 | * @throws \CRM_Core_Exception | |
102 | */ | |
103 | function financialacls_civicrm_pre($op, $objectName, $id, &$params) { | |
34509ae3 | 104 | if (!financialacls_is_acl_limiting_enabled()) { |
105 | return; | |
106 | } | |
aeee327d | 107 | if ($objectName === 'LineItem' && !empty($params['check_permissions'])) { |
34509ae3 | 108 | $operationMap = ['delete' => CRM_Core_Action::DELETE, 'edit' => CRM_Core_Action::UPDATE, 'create' => CRM_Core_Action::ADD]; |
109 | CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, $operationMap[$op]); | |
110 | if (empty($params['financial_type_id'])) { | |
111 | $params['financial_type_id'] = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_LineItem', $params['id'], 'financial_type_id'); | |
112 | } | |
c3f7ab62 | 113 | if (!array_key_exists($params['financial_type_id'], $types)) { |
34509ae3 | 114 | throw new API_Exception('You do not have permission to ' . $op . ' this line item'); |
b82fb202 | 115 | } |
116 | } | |
d646594f | 117 | if ($objectName === 'FinancialType' && !empty($params['id']) && !empty($params['name'])) { |
118 | $prevName = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_FinancialType', $params['id']); | |
119 | if ($prevName !== $params['name']) { | |
120 | CRM_Core_Session::setStatus(ts("Changing the name of a Financial Type will result in losing the current permissions associated with that Financial Type. | |
121 | Before making this change you should likely note the existing permissions at Administer > Users and Permissions > Permissions (Access Control), | |
122 | then clicking the Access Control link for your Content Management System, then noting down the permissions for 'CiviCRM: {financial type name} view', etc. | |
123 | Then after making the change of name, reset the permissions to the way they were."), ts('Warning'), 'warning'); | |
124 | } | |
125 | } | |
b82fb202 | 126 | } |
127 | ||
28188a1e | 128 | /** |
129 | * Implements hook_civicrm_selectWhereClause(). | |
130 | * | |
131 | * @link http://wiki.civicrm.org/confluence/display/CRMDOC/hook_civicrm_selectWhereClause | |
132 | */ | |
133 | function financialacls_civicrm_selectWhereClause($entity, &$clauses) { | |
34509ae3 | 134 | if (!financialacls_is_acl_limiting_enabled()) { |
135 | return; | |
136 | } | |
2dc76e8d MW |
137 | |
138 | switch ($entity) { | |
139 | case 'LineItem': | |
140 | case 'MembershipType': | |
f4a72e8d | 141 | case 'ContributionRecur': |
00d50ac2 | 142 | case 'Contribution': |
87e130bb EM |
143 | $clauses['financial_type_id'] = _financialacls_civicrm_get_type_clause(); |
144 | break; | |
145 | ||
146 | case 'FinancialType': | |
147 | $clauses['id'] = _financialacls_civicrm_get_type_clause(); | |
148 | break; | |
149 | ||
150 | case 'FinancialAccount': | |
151 | $clauses['id'] = _financialacls_civicrm_get_accounts_clause(); | |
2dc76e8d MW |
152 | break; |
153 | ||
28188a1e | 154 | } |
155 | ||
156 | } | |
157 | ||
87e130bb EM |
158 | /** |
159 | * Get the clause to limit available types. | |
160 | * | |
161 | * @return string | |
162 | */ | |
163 | function _financialacls_civicrm_get_accounts_clause(): string { | |
164 | if (!isset(Civi::$statics['financial_acls'][__FUNCTION__][CRM_Core_Session::getLoggedInContactID()])) { | |
165 | try { | |
166 | $clause = '= 0'; | |
167 | Civi::$statics['financial_acls'][__FUNCTION__][CRM_Core_Session::getLoggedInContactID()] = &$clause; | |
168 | $accounts = (array) EntityFinancialAccount::get() | |
169 | ->addWhere('account_relationship:name', '=', 'Income Account is') | |
170 | ->addWhere('entity_table', '=', 'civicrm_financial_type') | |
171 | ->addSelect('entity_id', 'financial_account_id') | |
172 | ->addJoin('FinancialType AS financial_type', 'LEFT', [ | |
173 | 'entity_id', | |
174 | '=', | |
175 | 'financial_type.id', | |
176 | ]) | |
177 | ->execute()->indexBy('financial_account_id'); | |
178 | if (!empty($accounts)) { | |
179 | $clause = 'IN (' . implode(',', array_keys($accounts)) . ')'; | |
180 | } | |
181 | } | |
182 | catch (\API_Exception $e) { | |
183 | // We've already set it to 0 so we can quietly handle this. | |
184 | } | |
185 | } | |
186 | return Civi::$statics['financial_acls'][__FUNCTION__][CRM_Core_Session::getLoggedInContactID()]; | |
187 | } | |
188 | ||
189 | /** | |
190 | * Get the clause to limit available types. | |
191 | * | |
192 | * @return string | |
193 | */ | |
194 | function _financialacls_civicrm_get_type_clause(): string { | |
195 | $types = []; | |
196 | CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types); | |
197 | if ($types) { | |
198 | return 'IN (' . implode(',', array_keys($types)) . ')'; | |
199 | } | |
200 | return '= 0'; | |
201 | } | |
202 | ||
07d89c14 | 203 | /** |
34509ae3 | 204 | * Remove unpermitted options. |
07d89c14 | 205 | * |
206 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_buildAmount | |
207 | * | |
208 | * @param string $component | |
209 | * @param \CRM_Core_Form $form | |
210 | * @param array $feeBlock | |
211 | */ | |
212 | function financialacls_civicrm_buildAmount($component, $form, &$feeBlock) { | |
34509ae3 | 213 | if (!financialacls_is_acl_limiting_enabled()) { |
214 | return; | |
215 | } | |
216 | ||
217 | foreach ($feeBlock as $key => $value) { | |
218 | foreach ($value['options'] as $k => $options) { | |
219 | if (!CRM_Core_Permission::check('add contributions of type ' . CRM_Contribute_PseudoConstant::financialType($options['financial_type_id']))) { | |
220 | unset($feeBlock[$key]['options'][$k]); | |
07d89c14 | 221 | } |
222 | } | |
34509ae3 | 223 | if (empty($feeBlock[$key]['options'])) { |
224 | unset($feeBlock[$key]); | |
225 | } | |
07d89c14 | 226 | } |
227 | } | |
228 | ||
e9eed3db | 229 | /** |
230 | * Remove unpermitted membership types from selection availability.. | |
231 | * | |
232 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_membershipTypeValues | |
233 | * | |
234 | * @param \CRM_Core_Form $form | |
235 | * @param array $membershipTypeValues | |
236 | */ | |
237 | function financialacls_civicrm_membershipTypeValues($form, &$membershipTypeValues) { | |
34509ae3 | 238 | if (!financialacls_is_acl_limiting_enabled()) { |
239 | return; | |
240 | } | |
e9eed3db | 241 | $financialTypes = NULL; |
242 | $financialTypes = CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::ADD); | |
243 | foreach ($membershipTypeValues as $id => $type) { | |
244 | if (!isset($financialTypes[$type['financial_type_id']])) { | |
245 | unset($membershipTypeValues[$id]); | |
246 | } | |
247 | } | |
248 | } | |
249 | ||
4e0bf3e8 | 250 | /** |
251 | * Add permissions. | |
252 | * | |
253 | * @see https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_permission/ | |
254 | * | |
255 | * @param array $permissions | |
256 | */ | |
257 | function financialacls_civicrm_permission(&$permissions) { | |
258 | if (!financialacls_is_acl_limiting_enabled()) { | |
259 | return; | |
260 | } | |
261 | $actions = [ | |
262 | 'add' => ts('add'), | |
263 | 'view' => ts('view'), | |
264 | 'edit' => ts('edit'), | |
265 | 'delete' => ts('delete'), | |
266 | ]; | |
267 | $financialTypes = \CRM_Contribute_BAO_Contribution::buildOptions('financial_type_id', 'validate'); | |
268 | foreach ($financialTypes as $id => $type) { | |
269 | foreach ($actions as $action => $action_ts) { | |
270 | $permissions[$action . ' contributions of type ' . $type] = [ | |
271 | ts("CiviCRM: %1 contributions of type %2", [1 => $action_ts, 2 => $type]), | |
272 | ts('%1 contributions of type %2', [1 => $action_ts, 2 => $type]), | |
273 | ]; | |
274 | } | |
275 | } | |
276 | $permissions['administer CiviCRM Financial Types'] = [ | |
277 | ts('CiviCRM: administer CiviCRM Financial Types'), | |
278 | ts('Administer access to Financial Types'), | |
279 | ]; | |
280 | } | |
281 | ||
9cef6066 | 282 | /** |
af4cccf7 | 283 | * Listener for 'civi.api4.authorizeRecord::Contribution' |
9cef6066 | 284 | * |
af4cccf7 | 285 | * @param \Civi\Api4\Event\AuthorizeRecordEvent $e |
9cef6066 | 286 | * @throws \CRM_Core_Exception |
287 | */ | |
af4cccf7 | 288 | function _financialacls_civi_api4_authorizeContribution(\Civi\Api4\Event\AuthorizeRecordEvent $e) { |
9cef6066 | 289 | if (!financialacls_is_acl_limiting_enabled()) { |
290 | return; | |
291 | } | |
0552d667 EM |
292 | if ($e->getEntityName() === 'Contribution') { |
293 | $contributionID = $e->getRecord()['id'] ?? NULL; | |
294 | $financialTypeID = $e->getRecord()['financial_type_id'] ?? CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Contribution', $contributionID, 'financial_type_id'); | |
295 | if (!CRM_Core_Permission::check(_financialacls_getRequiredPermission($financialTypeID, $e->getActionName()), $e->getUserID())) { | |
af4cccf7 | 296 | $e->setAuthorized(FALSE); |
9cef6066 | 297 | } |
0552d667 EM |
298 | if ($e->getActionName() === 'delete') { |
299 | // First check contribution financial type | |
300 | // Now check permissioned line items & permissioned contribution | |
301 | if (!CRM_Financial_BAO_FinancialType::checkPermissionedLineItems($contributionID, 'delete', FALSE, $e->getUserID()) | |
302 | ) { | |
303 | $e->setAuthorized(FALSE); | |
304 | } | |
305 | } | |
9cef6066 | 306 | } |
307 | } | |
308 | ||
0552d667 EM |
309 | /** |
310 | * Get the permission required to perform this action on this financial type. | |
311 | * | |
312 | * @param int $financialTypeID | |
313 | * @param string $action | |
314 | * | |
315 | * @return string | |
316 | */ | |
317 | function _financialacls_getRequiredPermission(int $financialTypeID, string $action): string { | |
318 | $financialType = CRM_Core_PseudoConstant::getName('CRM_Contribute_DAO_Contribution', 'financial_type_id', $financialTypeID); | |
319 | $actionMap = [ | |
320 | 'create' => 'add', | |
321 | 'update' => 'edit', | |
322 | 'delete' => 'delete', | |
323 | ]; | |
324 | return $actionMap[$action] . ' contributions of type ' . $financialType; | |
325 | } | |
326 | ||
51d1f926 | 327 | /** |
328 | * Remove unpermitted financial types from field Options in search context. | |
329 | * | |
330 | * Search context is described as | |
331 | * 'search' => "search: searchable options are returned; labels are translated.", | |
332 | * So this is appropriate to removing the options from search screens. | |
333 | * | |
334 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_fieldOptions | |
335 | * | |
336 | * @param string $entity | |
337 | * @param string $field | |
338 | * @param array $options | |
339 | * @param array $params | |
340 | */ | |
341 | function financialacls_civicrm_fieldOptions($entity, $field, &$options, $params) { | |
34509ae3 | 342 | if (!financialacls_is_acl_limiting_enabled()) { |
343 | return; | |
344 | } | |
f4a72e8d | 345 | if (in_array($entity, ['Contribution', 'ContributionRecur'], TRUE) && $field === 'financial_type_id' && $params['context'] === 'search') { |
51d1f926 | 346 | $action = CRM_Core_Action::VIEW; |
347 | // At this stage we are only considering the view action. Code from | |
348 | // CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes(). | |
349 | $actions = [ | |
350 | CRM_Core_Action::VIEW => 'view', | |
351 | CRM_Core_Action::UPDATE => 'edit', | |
352 | CRM_Core_Action::ADD => 'add', | |
353 | CRM_Core_Action::DELETE => 'delete', | |
354 | ]; | |
355 | $cacheKey = 'available_types_' . $action; | |
356 | if (!isset(\Civi::$statics['CRM_Financial_BAO_FinancialType'][$cacheKey])) { | |
357 | foreach ($options as $finTypeId => $type) { | |
358 | if (!CRM_Core_Permission::check($actions[$action] . ' contributions of type ' . $type)) { | |
359 | unset($options[$finTypeId]); | |
360 | } | |
361 | } | |
362 | \Civi::$statics['CRM_Financial_BAO_FinancialType'][$cacheKey] = $options; | |
363 | } | |
364 | $options = \Civi::$statics['CRM_Financial_BAO_FinancialType'][$cacheKey]; | |
365 | } | |
366 | } | |
367 | ||
34509ae3 | 368 | /** |
369 | * Is financial acl limiting enabled. | |
370 | * | |
371 | * Once this extension is detangled enough to be optional this will go | |
372 | * and the status of the extension rather than the setting will dictate. | |
373 | * | |
374 | * @return bool | |
375 | */ | |
d646594f | 376 | function financialacls_is_acl_limiting_enabled(): bool { |
34509ae3 | 377 | return (bool) Civi::settings()->get('acl_financial_type'); |
378 | } | |
379 | ||
a572646e EM |
380 | /** |
381 | * Clear the statics cache when the setting is enabled or disabled. | |
382 | * | |
383 | * Note the setting will eventually disappear in favour of whether | |
384 | * the extension is enabled or disabled. | |
385 | */ | |
386 | function financialacls_toggle() { | |
387 | unset(\Civi::$statics['CRM_Financial_BAO_FinancialType']); | |
388 | } | |
389 | ||
e7339d59 | 390 | // --- Functions below this ship commented out. Uncomment as required. --- |
391 | ||
392 | /** | |
393 | * Implements hook_civicrm_preProcess(). | |
394 | * | |
395 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_preProcess | |
396 | */ | |
397 | //function financialacls_civicrm_preProcess($formName, &$form) { | |
398 | // | |
399 | //} | |
400 | ||
401 | /** | |
402 | * Implements hook_civicrm_navigationMenu(). | |
403 | * | |
404 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_navigationMenu | |
405 | */ | |
406 | //function financialacls_civicrm_navigationMenu(&$menu) { | |
407 | // _financialacls_civix_insert_navigation_menu($menu, 'Mailings', array( | |
408 | // 'label' => E::ts('New subliminal message'), | |
409 | // 'name' => 'mailing_subliminal_message', | |
410 | // 'url' => 'civicrm/mailing/subliminal', | |
411 | // 'permission' => 'access CiviMail', | |
412 | // 'operator' => 'OR', | |
413 | // 'separator' => 0, | |
414 | // )); | |
415 | // _financialacls_civix_navigationMenu($menu); | |
416 | //} |