Commit | Line | Data |
---|---|---|
e7339d59 | 1 | <?php |
2 | ||
3 | require_once 'financialacls.civix.php'; | |
4 | // phpcs:disable | |
87e130bb | 5 | use Civi\Api4\EntityFinancialAccount; |
56f5e9db | 6 | use Civi\Api4\MembershipType; |
e7339d59 | 7 | use CRM_Financialacls_ExtensionUtil as E; |
8 | // phpcs:enable | |
9 | ||
10 | /** | |
11 | * Implements hook_civicrm_config(). | |
12 | * | |
13 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config/ | |
14 | */ | |
15 | function financialacls_civicrm_config(&$config) { | |
16 | _financialacls_civix_civicrm_config($config); | |
17 | } | |
18 | ||
af4cccf7 TO |
19 | /** |
20 | * @param \Symfony\Component\DependencyInjection\ContainerBuilder $container | |
21 | */ | |
22 | function financialacls_civicrm_container($container) { | |
23 | $dispatcherDefn = $container->getDefinition('dispatcher'); | |
24 | $container->addResource(new \Symfony\Component\Config\Resource\FileResource(__FILE__)); | |
25 | $dispatcherDefn->addMethodCall('addListener', ['civi.api4.authorizeRecord::Contribution', '_financialacls_civi_api4_authorizeContribution']); | |
26 | } | |
27 | ||
e7339d59 | 28 | /** |
29 | * Implements hook_civicrm_install(). | |
30 | * | |
31 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install | |
32 | */ | |
33 | function financialacls_civicrm_install() { | |
34 | _financialacls_civix_civicrm_install(); | |
35 | } | |
36 | ||
37 | /** | |
38 | * Implements hook_civicrm_postInstall(). | |
39 | * | |
40 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_postInstall | |
41 | */ | |
42 | function financialacls_civicrm_postInstall() { | |
43 | _financialacls_civix_civicrm_postInstall(); | |
44 | } | |
45 | ||
46 | /** | |
47 | * Implements hook_civicrm_uninstall(). | |
48 | * | |
49 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_uninstall | |
50 | */ | |
51 | function financialacls_civicrm_uninstall() { | |
52 | _financialacls_civix_civicrm_uninstall(); | |
53 | } | |
54 | ||
55 | /** | |
56 | * Implements hook_civicrm_enable(). | |
57 | * | |
58 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable | |
59 | */ | |
60 | function financialacls_civicrm_enable() { | |
61 | _financialacls_civix_civicrm_enable(); | |
62 | } | |
63 | ||
64 | /** | |
65 | * Implements hook_civicrm_disable(). | |
66 | * | |
67 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_disable | |
68 | */ | |
69 | function financialacls_civicrm_disable() { | |
70 | _financialacls_civix_civicrm_disable(); | |
71 | } | |
72 | ||
73 | /** | |
74 | * Implements hook_civicrm_upgrade(). | |
75 | * | |
76 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_upgrade | |
77 | */ | |
78 | function financialacls_civicrm_upgrade($op, CRM_Queue_Queue $queue = NULL) { | |
79 | return _financialacls_civix_civicrm_upgrade($op, $queue); | |
80 | } | |
81 | ||
e7339d59 | 82 | /** |
83 | * Implements hook_civicrm_entityTypes(). | |
84 | * | |
85 | * Declare entity types provided by this module. | |
86 | * | |
87 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes | |
88 | */ | |
89 | function financialacls_civicrm_entityTypes(&$entityTypes) { | |
90 | _financialacls_civix_civicrm_entityTypes($entityTypes); | |
91 | } | |
92 | ||
b82fb202 | 93 | /** |
94 | * Intervene to prevent deletion, where permissions block it. | |
95 | * | |
aeee327d | 96 | * @param string $op |
b82fb202 | 97 | * @param string $objectName |
98 | * @param int|null $id | |
99 | * @param array $params | |
100 | * | |
101 | * @throws \API_Exception | |
102 | * @throws \CRM_Core_Exception | |
103 | */ | |
104 | function financialacls_civicrm_pre($op, $objectName, $id, &$params) { | |
34509ae3 | 105 | if (!financialacls_is_acl_limiting_enabled()) { |
106 | return; | |
107 | } | |
aeee327d | 108 | if ($objectName === 'LineItem' && !empty($params['check_permissions'])) { |
34509ae3 | 109 | $operationMap = ['delete' => CRM_Core_Action::DELETE, 'edit' => CRM_Core_Action::UPDATE, 'create' => CRM_Core_Action::ADD]; |
110 | CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, $operationMap[$op]); | |
111 | if (empty($params['financial_type_id'])) { | |
112 | $params['financial_type_id'] = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_LineItem', $params['id'], 'financial_type_id'); | |
113 | } | |
c3f7ab62 | 114 | if (!array_key_exists($params['financial_type_id'], $types)) { |
34509ae3 | 115 | throw new API_Exception('You do not have permission to ' . $op . ' this line item'); |
b82fb202 | 116 | } |
117 | } | |
d646594f | 118 | if ($objectName === 'FinancialType' && !empty($params['id']) && !empty($params['name'])) { |
119 | $prevName = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_FinancialType', $params['id']); | |
120 | if ($prevName !== $params['name']) { | |
121 | CRM_Core_Session::setStatus(ts("Changing the name of a Financial Type will result in losing the current permissions associated with that Financial Type. | |
122 | Before making this change you should likely note the existing permissions at Administer > Users and Permissions > Permissions (Access Control), | |
123 | then clicking the Access Control link for your Content Management System, then noting down the permissions for 'CiviCRM: {financial type name} view', etc. | |
124 | Then after making the change of name, reset the permissions to the way they were."), ts('Warning'), 'warning'); | |
125 | } | |
126 | } | |
b82fb202 | 127 | } |
128 | ||
28188a1e | 129 | /** |
130 | * Implements hook_civicrm_selectWhereClause(). | |
131 | * | |
132 | * @link http://wiki.civicrm.org/confluence/display/CRMDOC/hook_civicrm_selectWhereClause | |
133 | */ | |
134 | function financialacls_civicrm_selectWhereClause($entity, &$clauses) { | |
34509ae3 | 135 | if (!financialacls_is_acl_limiting_enabled()) { |
136 | return; | |
137 | } | |
2dc76e8d MW |
138 | |
139 | switch ($entity) { | |
140 | case 'LineItem': | |
141 | case 'MembershipType': | |
f4a72e8d | 142 | case 'ContributionRecur': |
00d50ac2 | 143 | case 'Contribution': |
87e130bb EM |
144 | $clauses['financial_type_id'] = _financialacls_civicrm_get_type_clause(); |
145 | break; | |
146 | ||
56f5e9db EM |
147 | case 'Membership': |
148 | $clauses['membership_type_id'] = _financialacls_civicrm_get_membership_type_clause(); | |
149 | break; | |
150 | ||
87e130bb EM |
151 | case 'FinancialType': |
152 | $clauses['id'] = _financialacls_civicrm_get_type_clause(); | |
153 | break; | |
154 | ||
155 | case 'FinancialAccount': | |
156 | $clauses['id'] = _financialacls_civicrm_get_accounts_clause(); | |
2dc76e8d MW |
157 | break; |
158 | ||
28188a1e | 159 | } |
160 | ||
161 | } | |
162 | ||
87e130bb EM |
163 | /** |
164 | * Get the clause to limit available types. | |
165 | * | |
166 | * @return string | |
167 | */ | |
168 | function _financialacls_civicrm_get_accounts_clause(): string { | |
169 | if (!isset(Civi::$statics['financial_acls'][__FUNCTION__][CRM_Core_Session::getLoggedInContactID()])) { | |
170 | try { | |
171 | $clause = '= 0'; | |
172 | Civi::$statics['financial_acls'][__FUNCTION__][CRM_Core_Session::getLoggedInContactID()] = &$clause; | |
173 | $accounts = (array) EntityFinancialAccount::get() | |
174 | ->addWhere('account_relationship:name', '=', 'Income Account is') | |
175 | ->addWhere('entity_table', '=', 'civicrm_financial_type') | |
176 | ->addSelect('entity_id', 'financial_account_id') | |
177 | ->addJoin('FinancialType AS financial_type', 'LEFT', [ | |
178 | 'entity_id', | |
179 | '=', | |
180 | 'financial_type.id', | |
181 | ]) | |
182 | ->execute()->indexBy('financial_account_id'); | |
183 | if (!empty($accounts)) { | |
184 | $clause = 'IN (' . implode(',', array_keys($accounts)) . ')'; | |
185 | } | |
186 | } | |
187 | catch (\API_Exception $e) { | |
188 | // We've already set it to 0 so we can quietly handle this. | |
189 | } | |
190 | } | |
191 | return Civi::$statics['financial_acls'][__FUNCTION__][CRM_Core_Session::getLoggedInContactID()]; | |
192 | } | |
193 | ||
194 | /** | |
195 | * Get the clause to limit available types. | |
196 | * | |
197 | * @return string | |
198 | */ | |
199 | function _financialacls_civicrm_get_type_clause(): string { | |
56f5e9db EM |
200 | return 'IN (' . implode(',', _financialacls_civicrm_get_accessible_financial_types()) . ')'; |
201 | } | |
202 | ||
203 | /** | |
204 | * Get an array of the ids of accessible financial types. | |
205 | * | |
206 | * If none then it will be [0] | |
207 | * | |
208 | * @return int[] | |
209 | */ | |
210 | function _financialacls_civicrm_get_accessible_financial_types(): array { | |
87e130bb EM |
211 | $types = []; |
212 | CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types); | |
56f5e9db EM |
213 | if (empty($types)) { |
214 | $types = [0]; | |
215 | } | |
216 | return array_keys($types); | |
217 | } | |
218 | ||
219 | /** | |
220 | * Get the clause to limit available membership types. | |
221 | * | |
222 | * @return string | |
223 | * | |
224 | * @throws \API_Exception | |
225 | */ | |
226 | function _financialacls_civicrm_get_membership_type_clause(): string { | |
227 | $financialTypes = _financialacls_civicrm_get_accessible_financial_types(); | |
228 | if ($financialTypes === [0]) { | |
229 | return 0; | |
87e130bb | 230 | } |
56f5e9db EM |
231 | $membershipTypes = (array) MembershipType::get(FALSE) |
232 | ->addWhere('financial_type_id', 'IN', $financialTypes)->execute()->indexBy('id'); | |
233 | return empty($membershipTypes) ? '= 0' : ('IN (' . implode(',', array_keys($membershipTypes)) . ')'); | |
87e130bb EM |
234 | } |
235 | ||
07d89c14 | 236 | /** |
34509ae3 | 237 | * Remove unpermitted options. |
07d89c14 | 238 | * |
239 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_buildAmount | |
240 | * | |
241 | * @param string $component | |
242 | * @param \CRM_Core_Form $form | |
243 | * @param array $feeBlock | |
244 | */ | |
245 | function financialacls_civicrm_buildAmount($component, $form, &$feeBlock) { | |
34509ae3 | 246 | if (!financialacls_is_acl_limiting_enabled()) { |
247 | return; | |
248 | } | |
249 | ||
250 | foreach ($feeBlock as $key => $value) { | |
251 | foreach ($value['options'] as $k => $options) { | |
252 | if (!CRM_Core_Permission::check('add contributions of type ' . CRM_Contribute_PseudoConstant::financialType($options['financial_type_id']))) { | |
253 | unset($feeBlock[$key]['options'][$k]); | |
07d89c14 | 254 | } |
255 | } | |
34509ae3 | 256 | if (empty($feeBlock[$key]['options'])) { |
257 | unset($feeBlock[$key]); | |
258 | } | |
07d89c14 | 259 | } |
260 | } | |
261 | ||
e9eed3db | 262 | /** |
263 | * Remove unpermitted membership types from selection availability.. | |
264 | * | |
265 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_membershipTypeValues | |
266 | * | |
267 | * @param \CRM_Core_Form $form | |
268 | * @param array $membershipTypeValues | |
269 | */ | |
270 | function financialacls_civicrm_membershipTypeValues($form, &$membershipTypeValues) { | |
34509ae3 | 271 | if (!financialacls_is_acl_limiting_enabled()) { |
272 | return; | |
273 | } | |
e9eed3db | 274 | $financialTypes = NULL; |
275 | $financialTypes = CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::ADD); | |
276 | foreach ($membershipTypeValues as $id => $type) { | |
277 | if (!isset($financialTypes[$type['financial_type_id']])) { | |
278 | unset($membershipTypeValues[$id]); | |
279 | } | |
280 | } | |
281 | } | |
282 | ||
4e0bf3e8 | 283 | /** |
284 | * Add permissions. | |
285 | * | |
286 | * @see https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_permission/ | |
287 | * | |
288 | * @param array $permissions | |
289 | */ | |
290 | function financialacls_civicrm_permission(&$permissions) { | |
291 | if (!financialacls_is_acl_limiting_enabled()) { | |
292 | return; | |
293 | } | |
294 | $actions = [ | |
295 | 'add' => ts('add'), | |
296 | 'view' => ts('view'), | |
297 | 'edit' => ts('edit'), | |
298 | 'delete' => ts('delete'), | |
299 | ]; | |
300 | $financialTypes = \CRM_Contribute_BAO_Contribution::buildOptions('financial_type_id', 'validate'); | |
301 | foreach ($financialTypes as $id => $type) { | |
302 | foreach ($actions as $action => $action_ts) { | |
303 | $permissions[$action . ' contributions of type ' . $type] = [ | |
304 | ts("CiviCRM: %1 contributions of type %2", [1 => $action_ts, 2 => $type]), | |
305 | ts('%1 contributions of type %2', [1 => $action_ts, 2 => $type]), | |
306 | ]; | |
307 | } | |
308 | } | |
309 | $permissions['administer CiviCRM Financial Types'] = [ | |
310 | ts('CiviCRM: administer CiviCRM Financial Types'), | |
311 | ts('Administer access to Financial Types'), | |
312 | ]; | |
313 | } | |
314 | ||
9cef6066 | 315 | /** |
af4cccf7 | 316 | * Listener for 'civi.api4.authorizeRecord::Contribution' |
9cef6066 | 317 | * |
af4cccf7 | 318 | * @param \Civi\Api4\Event\AuthorizeRecordEvent $e |
9cef6066 | 319 | * @throws \CRM_Core_Exception |
320 | */ | |
af4cccf7 | 321 | function _financialacls_civi_api4_authorizeContribution(\Civi\Api4\Event\AuthorizeRecordEvent $e) { |
9cef6066 | 322 | if (!financialacls_is_acl_limiting_enabled()) { |
323 | return; | |
324 | } | |
0552d667 EM |
325 | if ($e->getEntityName() === 'Contribution') { |
326 | $contributionID = $e->getRecord()['id'] ?? NULL; | |
327 | $financialTypeID = $e->getRecord()['financial_type_id'] ?? CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Contribution', $contributionID, 'financial_type_id'); | |
328 | if (!CRM_Core_Permission::check(_financialacls_getRequiredPermission($financialTypeID, $e->getActionName()), $e->getUserID())) { | |
af4cccf7 | 329 | $e->setAuthorized(FALSE); |
9cef6066 | 330 | } |
0552d667 EM |
331 | if ($e->getActionName() === 'delete') { |
332 | // First check contribution financial type | |
333 | // Now check permissioned line items & permissioned contribution | |
334 | if (!CRM_Financial_BAO_FinancialType::checkPermissionedLineItems($contributionID, 'delete', FALSE, $e->getUserID()) | |
335 | ) { | |
336 | $e->setAuthorized(FALSE); | |
337 | } | |
338 | } | |
9cef6066 | 339 | } |
340 | } | |
341 | ||
0552d667 EM |
342 | /** |
343 | * Get the permission required to perform this action on this financial type. | |
344 | * | |
345 | * @param int $financialTypeID | |
346 | * @param string $action | |
347 | * | |
348 | * @return string | |
349 | */ | |
350 | function _financialacls_getRequiredPermission(int $financialTypeID, string $action): string { | |
351 | $financialType = CRM_Core_PseudoConstant::getName('CRM_Contribute_DAO_Contribution', 'financial_type_id', $financialTypeID); | |
352 | $actionMap = [ | |
353 | 'create' => 'add', | |
354 | 'update' => 'edit', | |
355 | 'delete' => 'delete', | |
356 | ]; | |
357 | return $actionMap[$action] . ' contributions of type ' . $financialType; | |
358 | } | |
359 | ||
51d1f926 | 360 | /** |
361 | * Remove unpermitted financial types from field Options in search context. | |
362 | * | |
363 | * Search context is described as | |
364 | * 'search' => "search: searchable options are returned; labels are translated.", | |
365 | * So this is appropriate to removing the options from search screens. | |
366 | * | |
367 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_fieldOptions | |
368 | * | |
369 | * @param string $entity | |
370 | * @param string $field | |
371 | * @param array $options | |
372 | * @param array $params | |
373 | */ | |
374 | function financialacls_civicrm_fieldOptions($entity, $field, &$options, $params) { | |
34509ae3 | 375 | if (!financialacls_is_acl_limiting_enabled()) { |
376 | return; | |
377 | } | |
f4a72e8d | 378 | if (in_array($entity, ['Contribution', 'ContributionRecur'], TRUE) && $field === 'financial_type_id' && $params['context'] === 'search') { |
51d1f926 | 379 | $action = CRM_Core_Action::VIEW; |
380 | // At this stage we are only considering the view action. Code from | |
381 | // CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes(). | |
382 | $actions = [ | |
383 | CRM_Core_Action::VIEW => 'view', | |
384 | CRM_Core_Action::UPDATE => 'edit', | |
385 | CRM_Core_Action::ADD => 'add', | |
386 | CRM_Core_Action::DELETE => 'delete', | |
387 | ]; | |
388 | $cacheKey = 'available_types_' . $action; | |
389 | if (!isset(\Civi::$statics['CRM_Financial_BAO_FinancialType'][$cacheKey])) { | |
390 | foreach ($options as $finTypeId => $type) { | |
391 | if (!CRM_Core_Permission::check($actions[$action] . ' contributions of type ' . $type)) { | |
392 | unset($options[$finTypeId]); | |
393 | } | |
394 | } | |
395 | \Civi::$statics['CRM_Financial_BAO_FinancialType'][$cacheKey] = $options; | |
396 | } | |
397 | $options = \Civi::$statics['CRM_Financial_BAO_FinancialType'][$cacheKey]; | |
398 | } | |
399 | } | |
400 | ||
34509ae3 | 401 | /** |
402 | * Is financial acl limiting enabled. | |
403 | * | |
404 | * Once this extension is detangled enough to be optional this will go | |
405 | * and the status of the extension rather than the setting will dictate. | |
406 | * | |
407 | * @return bool | |
408 | */ | |
d646594f | 409 | function financialacls_is_acl_limiting_enabled(): bool { |
34509ae3 | 410 | return (bool) Civi::settings()->get('acl_financial_type'); |
411 | } | |
412 | ||
a572646e EM |
413 | /** |
414 | * Clear the statics cache when the setting is enabled or disabled. | |
415 | * | |
416 | * Note the setting will eventually disappear in favour of whether | |
417 | * the extension is enabled or disabled. | |
418 | */ | |
419 | function financialacls_toggle() { | |
420 | unset(\Civi::$statics['CRM_Financial_BAO_FinancialType']); | |
421 | } | |
422 | ||
e7339d59 | 423 | // --- Functions below this ship commented out. Uncomment as required. --- |
424 | ||
425 | /** | |
426 | * Implements hook_civicrm_preProcess(). | |
427 | * | |
428 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_preProcess | |
429 | */ | |
430 | //function financialacls_civicrm_preProcess($formName, &$form) { | |
431 | // | |
432 | //} | |
433 | ||
d017acf3 EM |
434 | /** |
435 | * Require financial acl permissions for financial screens. | |
436 | * | |
437 | * @param array $menu | |
438 | */ | |
439 | function financialacls_civicrm_alterMenu(array &$menu): void { | |
e58bbf77 EM |
440 | if (!financialacls_is_acl_limiting_enabled()) { |
441 | return; | |
442 | } | |
d017acf3 EM |
443 | $menu['civicrm/admin/financial/financialType']['access_arguments'] = [['administer CiviCRM Financial Types']]; |
444 | } | |
445 | ||
e7339d59 | 446 | /** |
447 | * Implements hook_civicrm_navigationMenu(). | |
448 | * | |
449 | * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_navigationMenu | |
450 | */ | |
451 | //function financialacls_civicrm_navigationMenu(&$menu) { | |
452 | // _financialacls_civix_insert_navigation_menu($menu, 'Mailings', array( | |
453 | // 'label' => E::ts('New subliminal message'), | |
454 | // 'name' => 'mailing_subliminal_message', | |
455 | // 'url' => 'civicrm/mailing/subliminal', | |
456 | // 'permission' => 'access CiviMail', | |
457 | // 'operator' => 'OR', | |
458 | // 'separator' => 0, | |
459 | // )); | |
460 | // _financialacls_civix_navigationMenu($menu); | |
461 | //} |