X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FContact%2FForm%2FSearch.php;h=647bf880d34654694f360281cfd13720173ef253;hb=1ba43e8d0d271e4c3b4d84fb7f519c55329981ab;hp=c38a2166a9ad0cd34b8bcf368699009c08332197;hpb=c735fb7e38514eb6d7732ffb11ac21ac33e570b9;p=civicrm-core.git

diff --git a/CRM/Contact/Form/Search.php b/CRM/Contact/Form/Search.php
index c38a2166a9..647bf880d3 100644
--- a/CRM/Contact/Form/Search.php
+++ b/CRM/Contact/Form/Search.php
@@ -890,17 +890,36 @@ class CRM_Contact_Form_Search extends CRM_Core_Form_Search {
     return ts('Search');
   }
 
+  /**
+   * Check Access for a component
+   * @param string $component
+   * @return bool
+   */
+  protected static function checkComponentAccess($component) {
+    $enabledComponents = CRM_Core_Component::getEnabledComponents();
+    if (!array_key_exists($component, $enabledComponents)) {
+      return FALSE;
+    }
+    return CRM_Core_Permission::access($component);
+  }
+
   /**
    * Load metadata for fields on the form.
    *
    * @throws \CiviCRM_API3_Exception
    */
   protected function loadMetadata() {
-    // @todo - check what happens if the person does not have 'access civicontribute' - make sure they
     // can't by pass acls by passing search criteria in the url.
-    $this->addSearchFieldMetadata(['Contribution' => CRM_Contribute_BAO_Query::getSearchFieldMetadata()]);
-    $this->addSearchFieldMetadata(['ContributionRecur' => CRM_Contribute_BAO_ContributionRecur::getContributionRecurSearchFieldMetadata()]);
+    if (self::checkComponentAccess('CiviContribute')) {
+      $this->addSearchFieldMetadata(['Contribution' => CRM_Contribute_BAO_Query::getSearchFieldMetadata()]);
+      $this->addSearchFieldMetadata(['ContributionRecur' => CRM_Contribute_BAO_ContributionRecur::getContributionRecurSearchFieldMetadata()]);
+    }
     $this->addSearchFieldMetadata(['Participant' => CRM_Event_BAO_Query::getSearchFieldMetadata()]);
+    $this->addSearchFieldMetadata(['Membership' => CRM_Member_BAO_Query::getSearchFieldMetadata()]);
+    $this->addSearchFieldMetadata(['Pledge' => CRM_Pledge_BAO_Query::getSearchFieldMetadata()]);
+    $this->addSearchFieldMetadata(['PledgePayment' => CRM_Pledge_BAO_Query::getPledgePaymentSearchFieldMetadata()]);
+    $this->addSearchFieldMetadata(['Grant' => CRM_Grant_BAO_Query::getSearchFieldMetadata()]);
+    $this->addSearchFieldMetadata(['Case' => CRM_Case_BAO_Query::getSearchFieldMetadata()]);
   }
 
 }