Contribution Pages - Improve related employer autofill

author Coleman Watts <coleman@civicrm.org>

Thu, 1 May 2014 19:39:28 +0000 (12:39 -0700)

committer Coleman Watts <coleman@civicrm.org>

Thu, 1 May 2014 19:39:28 +0000 (12:39 -0700)
author Coleman Watts <coleman@civicrm.org>
Thu, 1 May 2014 19:39:28 +0000 (12:39 -0700)
committer Coleman Watts <coleman@civicrm.org>
Thu, 1 May 2014 19:39:28 +0000 (12:39 -0700)
diff --git a/CRM/Contribute/Form/Contribution/OnBehalfOf.php b/CRM/Contribute/Form/Contribution/OnBehalfOf.php

index 7da9e8cae43ff268379e83480831a58ba844cd35..7140aada4b9b39ea430ea6d9c098957f1f5497e1 100644 (file)
--- a/CRM/Contribute/Form/Contribution/OnBehalfOf.php
+++ b/CRM/Contribute/Form/Contribution/OnBehalfOf.php
@@ -82,7 +82,16 @@ class CRM_Contribute_Form_Contribution_OnBehalfOf {
        }
  
        if ($form->_relatedOrganizationFound) {
-        $locDataURL = CRM_Utils_System::url('civicrm/ajax/permlocation', 'cid=', FALSE, NULL, FALSE);
+        // Related org url - pass checksum if needed
+        $args = array('cid' => '');
+        if (!empty($_GET['cs'])) {
+          $args = array(
+            'uid' => $form->_contactID,
+            'cs' => $_GET['cs'],
+            'cid' => '',
+          );
+        }
+        $locDataURL = CRM_Utils_System::url('civicrm/ajax/permlocation', $args, FALSE, NULL, FALSE);
          $form->assign('locDataURL', $locDataURL);
        }
  
diff --git a/CRM/Core/Page/AJAX/Location.php b/CRM/Core/Page/AJAX/Location.php

index 0d21c1b778bdea838df3596a7ddb4723a2e05a7e..0d0f944712950e73b1bd44c852effa7286664033 100644 (file)
--- a/CRM/Core/Page/AJAX/Location.php
+++ b/CRM/Core/Page/AJAX/Location.php
@@ -46,12 +46,22 @@ class CRM_Core_Page_AJAX_Location {
     * location field values for selected permissioned contact.
     */
    static function getPermissionedLocation() {
-    $cid = CRM_Utils_Type::escape($_GET['cid'], 'Integer');
-    if ($_GET['ufId']) {
-      $ufId = CRM_Utils_Type::escape($_GET['ufId'], 'Integer');
+    $cid = CRM_Utils_Request::retrieve('cid', 'Integer', CRM_Core_DAO::$_nullObject, TRUE);
+    $ufId = CRM_Utils_Request::retrieve('ufId', 'Integer', CRM_Core_DAO::$_nullObject, TRUE);
+
+    // Verify user id
+    $user = CRM_Core_Session::singleton()->get('userID');
+    if (!$user) {
+      $user = CRM_Utils_Request::retrieve('uid', 'Integer', CRM_Core_DAO::$_nullObject, TRUE);
+      if (!CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($user, CRM_Core_DAO::$_nullObject)) {
+        CRM_Utils_System::civiExit();
+      }
      }
-    elseif ($_GET['relContact']) {
-      $relContact = CRM_Utils_Type::escape($_GET['relContact'], 'Integer');
+
+    // Verify user permission on related contact
+    $employers = CRM_Contact_BAO_Relationship::getPermissionedEmployer($user);
+    if (!isset($employers[$cid])) {
+      CRM_Utils_System::civiExit();
      }
  
      $values      = array();
@@ -62,38 +72,6 @@ class CRM_Core_Page_AJAX_Location {
      $addressSequence = array_flip($config->addressSequence());
  
  
-    if (!empty($relContact)) {
-      $elements = array(
-        "phone_1_phone" =>
-        $location['phone'][1]['phone'],
-        "email_1_email" =>
-        $location['email'][1]['email'],
-      );
-
-      if (array_key_exists('street_address', $addressSequence)) {
-        $elements["address_1_street_address"] = $location['address'][1]['street_address'];
-      }
-      if (array_key_exists('supplemental_address_1', $addressSequence)) {
-        $elements['address_1_supplemental_address_1'] = $location['address'][1]['supplemental_address_1'];
-      }
-      if (array_key_exists('supplemental_address_2', $addressSequence)) {
-        $elements['address_1_supplemental_address_2'] = $location['address'][1]['supplemental_address_2'];
-      }
-      if (array_key_exists('city', $addressSequence)) {
-        $elements['address_1_city'] = $location['address'][1]['city'];
-      }
-      if (array_key_exists('postal_code', $addressSequence)) {
-        $elements['address_1_postal_code'] = $location['address'][1]['postal_code'];
-        $elements['address_1_postal_code_suffix'] = $location['address'][1]['postal_code_suffix'];
-      }
-      if (array_key_exists('country', $addressSequence)) {
-        $elements['address_1_country_id'] = $location['address'][1]['country_id'];
-      }
-      if (array_key_exists('state_province', $addressSequence)) {
-        $elements['address_1_state_province_id'] = $location['address'][1]['state_province_id'];
-      }
-    }
-    else {
        $profileFields = CRM_Core_BAO_UFGroup::getFields($ufId, FALSE, CRM_Core_Action::VIEW, NULL, NULL, FALSE,
          NULL, FALSE, NULL, CRM_Core_Permission::CREATE, NULL
        );
@@ -213,7 +191,6 @@ class CRM_Core_Page_AJAX_Location {
            }
          }
        }
-    }
  
      echo json_encode($elements);
      CRM_Utils_System::civiExit();
author	Coleman Watts <coleman@civicrm.org>
	Thu, 1 May 2014 19:39:28 +0000 (12:39 -0700)
committer	Coleman Watts <coleman@civicrm.org>
	Thu, 1 May 2014 19:39:28 +0000 (12:39 -0700)
CRM/Contribute/Form/Contribution/OnBehalfOf.php		patch \| blob \| blame \| history
CRM/Core/Page/AJAX/Location.php		patch \| blob \| blame \| history