Merge pull request #23210 from eileenmcnaughton/cancel

[civicrm-core.git] / CRM / Contribute / Form / ContributionView.php

diff --git a/CRM/Contribute/Form/ContributionView.php b/CRM/Contribute/Form/ContributionView.php
index 694674525244cdcb2b2bc021529bc50c7a9a81ec..e7a447c1d45a8ef571757bbde91577cc1c1a4c3d 100644 (file)
--- a/CRM/Contribute/Form/ContributionView.php
+++ b/CRM/Contribute/Form/ContributionView.php
@@ -31,6 +31,11 @@ class CRM_Contribute_Form_ContributionView extends CRM_Core_Form {
   public function preProcess() {
     $id = $this->getID();
 
+    // Check permission for action.
+    if (!CRM_Core_Permission::checkActionPermission('CiviContribute', $this->_action)) {
+      CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
+    }
+    $params = ['id' => $id];
     $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
     $this->assign('context', $context);
 
@@ -44,10 +49,8 @@ class CRM_Contribute_Form_ContributionView extends CRM_Core_Form {
     $values = (array) $contribution;
     $contributionStatus = CRM_Core_PseudoConstant::getName('CRM_Contribute_BAO_Contribution', 'contribution_status_id', $values['contribution_status_id']);
 
-    if (!isset($this->get_template_vars()['hookDiscount'])) {
-      $this->assign('hookDiscount', ['message' => '']);
-    }
     $this->addExpectedSmartyVariables([
+      'hookDiscount',
       'pricesetFieldsCount',
       'pcp_id',
       'getTaxDetails',