benefits: Don't allow non-members to access benefits page.

[org.fsf.memberdashboard.git] / CRM / Memberdashboard / Page / Benefits.php

diff --git a/CRM/Memberdashboard/Page/Benefits.php b/CRM/Memberdashboard/Page/Benefits.php
index fc84c96e7566fae472d713c05e49621820788f4b..7d968f8fffb56ea6121b26389e6d24aa0754e459 100644 (file)
--- a/CRM/Memberdashboard/Page/Benefits.php
+++ b/CRM/Memberdashboard/Page/Benefits.php
@@ -27,17 +27,38 @@ class CRM_Memberdashboard_Page_Benefits extends CRM_Memberdashboard_Page {
     return CRM_Memberdashboard_BAO_EmailAlias::allForContact($this->contact['id']);
   }
 
+  function hasValidMembership() {
+    // Since we don't currently shut off an expired member's benefits,
+    // we only test that they have a membership, not that it is current.
+    $params = array(
+      'contact_id' => $this->contact['id']
+    );
+
+    try {
+      $result = civicrm_api3('membership', 'get', $params);
+      return $result['count'] > 0;
+    } catch (CiviCRM_API3_Exception $e) {
+      return false;
+    }
+  }
+
   function postProcess() {
     $action = $_REQUEST['action'];
 
-    switch($action) {
-      case 'add':
-        $this->add();
-        break;
+    // Short-circuit if user doesn't have a membership.
+    if($this->hasValidMembership()) {
+      switch($action) {
+        case 'add':
+          $this->add();
+          break;
 
-      case 'edit':
-        $this->edit();
-        break;
+        case 'edit':
+          $this->edit();
+          break;
+      }
+    } else {
+      CRM_Core_Session::setStatus('Only members can have email aliases',
+                                  'Error', 'error');
     }
   }
 
@@ -135,6 +156,7 @@ class CRM_Memberdashboard_Page_Benefits extends CRM_Memberdashboard_Page {
 
     $this->assign('user', $user);
     $this->assign('emailAliases', $emailAliases);
+    $this->assign('hasValidMembership', $this->hasValidMembership());
 
     parent::run();
   }