Add permission for users to view their own invoices

diff --git a/CRM/Contribute/xml/Menu/Contribute.xml b/CRM/Contribute/xml/Menu/Contribute.xml
index 1f5c3a2a09de596494ce5235f99be7735ecd3c59..f366685d8a9c999ff51bf55910f29c9628effa56 100644 (file)
--- a/CRM/Contribute/xml/Menu/Contribute.xml
+++ b/CRM/Contribute/xml/Menu/Contribute.xml
@@ -304,7 +304,7 @@
     <path>civicrm/contribute/invoice</path>
     <title>PDF Invoice</title>
     <page_callback>CRM_Contribute_Form_Task_Invoice::getPrintPDF</page_callback>
-    <access_arguments>access CiviContribute</access_arguments>
+    <access_callback>CRM_Core_Permission::checkDownloadInvoice</access_callback>
     <page_type>1</page_type>
     <weight>620</weight>
     <component>CiviContribute</component>

diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php
index 94409e2627bb1662fffde178356d31f319c25670..d8756cf2ba15b6ca167cff2ee9201868b48391f9 100644 (file)
--- a/CRM/Core/Permission.php
+++ b/CRM/Core/Permission.php
@@ -822,6 +822,10 @@ class CRM_Core_Permission {
       'edit message templates' => array(
         $prefix . ts('edit message templates'),
       ),
+      'view my invoices' => array(
+        $prefix . ts('download my invoices'),
+        ts('Allow users to view/ download their own invoices'),
+      ),
     );
 
     if (!$descriptions) {
@@ -944,4 +948,22 @@ class CRM_Core_Permission {
     ) ? TRUE : FALSE;
   }
 
+  /**
+   * Verify if the user has permission to get the invoice.
+   *
+   * @return bool
+   *   TRUE if the user has download all invoices permission or download my
+   *   invoices permission and the invoice author is the current user.
+   */
+  public static function checkDownloadInvoice() {
+    global $user;
+    $cid = CRM_Core_BAO_UFMatch::getContactId($user->uid);
+    if (CRM_Core_Permission::check('access CiviContribute') ||
+      (CRM_Core_Permission::check('view my invoices') && $_GET['cid'] == $cid)
+    ) {
+      return TRUE;
+    }
+    return FALSE;
+  }
+
 }