projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9d6dcd4)
CRM-12675: generalize for all components
authoryashodha <yashodha.chaku@webaccessglobal.com>
Tue, 16 Jun 2015 04:33:16 +0000 (10:03 +0530)
committeryashodha <yashodha.chaku@webaccessglobal.com>
Tue, 16 Jun 2015 04:33:16 +0000 (10:03 +0530)
----------------------------------------
* CRM-12675: Contribution activities shown to users without permission
  https://issues.civicrm.org/jira/browse/CRM-12675

CRM/Activity/Form/Task.php patch | blob | blame | history
CRM/Activity/Selector/Search.php patch | blob | blame | history
CRM/Report/Form/Activity.php patch | blob | blame | history

diff --git a/CRM/Activity/Form/Task.php b/CRM/Activity/Form/Task.php
index 1ccc41e36bedc78c39532d1eb9f47dd4edd5d370..4ed8c5839f718ba62ac9e247471eb68e6953e76b 100644 (file)
--- a/CRM/Activity/Form/Task.php
+++ b/CRM/Activity/Form/Task.php
@@ -117,12 +117,15 @@ class CRM_Activity_Form_Task extends CRM_Core_Form {
       // CRM-12675
       $activityClause = NULL;
 
-      if (! CRM_Core_Permission::check('access CiviContribute')) {
-        $components = CRM_Core_Component::getNames();
-        $contribute = CRM_Utils_Array::key('CiviContribute', $components);
-        $activityClause = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$contribute}) ";
+      $components = CRM_Core_Component::getNames();
+      foreach($components as $componentID => $componentName) {
+        if (! CRM_Core_Permission::check("access $componentName")) {
+          $componentClause = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$componentID}) ";
+        }
+      }
+      if (!empty($componentClause)) {
+        $activityClause = implode(' AND ', $componentClause);
       }
-
       $result = $query->searchQuery(0, 0, NULL, FALSE, FALSE, FALSE, FALSE, FALSE, $activityClause);
 
       while ($result->fetch()) {
diff --git a/CRM/Activity/Selector/Search.php b/CRM/Activity/Selector/Search.php
index cb8a342963f782ea7f8c464ed2b4c1df6474a03d..ade5b26779211a9a7112b57f3b17d1afa1d4d915 100644 (file)
--- a/CRM/Activity/Selector/Search.php
+++ b/CRM/Activity/Selector/Search.php
@@ -174,18 +174,24 @@ class CRM_Activity_Selector_Search extends CRM_Core_Selector_Base implements CRM
     $this->_activityClause = $activityClause;
 
     // CRM-12675
-    if (! CRM_Core_Permission::check('access CiviContribute')) {
-      $components = CRM_Core_Component::getNames();
-      $contribute = CRM_Utils_Array::key('CiviContribute', $components);
-      $componentRestriction = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$contribute}) ";
-      if (empty($this->_activityClause)) {
-        $this->_activityClause = $componentRestriction;
-      }
-      else {
-        $this->_activityClause .= ' AND ' . $componentRestriction;
+    $components = CRM_Core_Component::getNames();
+    foreach ($components as $componentID => $componentName) {
+      if (! CRM_Core_Permission::check("access $componentName")) {
+        $componentClause[] = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$componentID}) ";
       }
     }
 
+    if (!empty($componentClause)) {
+      $componentRestriction = implode(' AND ', $componentClause);
+    }
+
+    if (empty($this->_activityClause)) {
+      $this->_activityClause = $componentRestriction;
+    }
+    else {
+      $this->_activityClause .= ' AND ' . $componentRestriction;
+    }
+
     // type of selector
     $this->_action = $action;
     $this->_query = new CRM_Contact_BAO_Query($this->_queryParams,
diff --git a/CRM/Report/Form/Activity.php b/CRM/Report/Form/Activity.php
index 832b492482f09d7a0f4c690174ed11c6cad6c43b..2c101a2e9d60b57a2dc9791db8232ba0442b4449 100644 (file)
--- a/CRM/Report/Form/Activity.php
+++ b/CRM/Report/Form/Activity.php
@@ -598,10 +598,11 @@ class CRM_Report_Form_Activity extends CRM_Report_Form {
     }
 
     // CRM-12675
-    if (! CRM_Core_Permission::check('access CiviContribute')) {
-      $components = CRM_Core_Component::getNames();
-      $contribute = CRM_Utils_Array::key('CiviContribute', $components);
-      $clauses[] = " ({$this->_aliases['civicrm_option_value']}.component_id IS NULL OR {$this->_aliases['civicrm_option_value']}.component_id <> {$contribute}) ";
+    $components = CRM_Core_Component::getNames();
+    foreach ($components as $componentID => $componentName) {
+      if (! CRM_Core_Permission::check("access $componentName")) {
+        $clauses[] = " ({$this->_aliases['civicrm_option_value']}.component_id IS NULL OR {$this->_aliases['civicrm_option_value']}.component_id <> {$componentID}) ";
+      }
     }
 
     if (empty($clauses)) {