From: Eileen McNaughton Date: Sun, 26 Nov 2023 03:18:08 +0000 (+1300) Subject: Check financial acls for product in extension X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=08334c59b8d4528782ebff39cc06c6ab10ecbce5;p=civicrm-core.git Check financial acls for product in extension --- diff --git a/Civi/Test/ContributionPageTestTrait.php b/Civi/Test/ContributionPageTestTrait.php index 7d6a0d1cf6..f0ed59006e 100644 --- a/Civi/Test/ContributionPageTestTrait.php +++ b/Civi/Test/ContributionPageTestTrait.php @@ -117,6 +117,37 @@ trait ContributionPageTestTrait { 'entity_id' => $contributionPageResult['id'], 'price_set_id' => $this->ids['PriceSet'][$identifier], ]); + $this->createTestEntity('Product', [ + 'name' => '5_dollars', + 'description' => '5 dollars worth of monopoly money', + 'options' => 'White, Black, Green', + 'price' => 1, + 'min_contribution' => 5, + 'cost' => .05, + ], '5_dollars'); + $this->createTestEntity('Product', [ + 'name' => '10_dollars', + 'description' => '10 dollars worth of monopoly money', + 'options' => 'White, Black, Green', + 'price' => 2, + 'min_contribution' => 10, + 'cost' => .05, + ], '10_dollars'); + $this->createTestEntity('Premium', [ + 'entity_id' => $this->getContributionPageID($identifier), + 'entity_table' => 'civicrm_contribution_page', + 'premiums_intro_title' => 'Get free monopoly money with your donation', + ], $identifier); + $this->createTestEntity('PremiumsProduct', [ + 'premiums_id' => $this->ids['Premium'][$identifier], + 'product_id' => $this->ids['Product']['5_dollars'], + 'weight' => 1, + ]); + $this->createTestEntity('PremiumsProduct', [ + 'premiums_id' => $this->ids['Premium'][$identifier], + 'product_id' => $this->ids['Product']['10_dollars'], + 'weight' => 2, + ]); return $contributionPageResult; } diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php index 334105d92e..da20a0922f 100644 --- a/ext/financialacls/financialacls.php +++ b/ext/financialacls/financialacls.php @@ -57,12 +57,13 @@ function financialacls_civicrm_pre($op, $objectName, $id, &$params) { if (!financialacls_is_acl_limiting_enabled()) { return; } - if ($objectName === 'LineItem' && !empty($params['check_permissions'])) { + if (in_array($objectName, ['LineItem', 'Product'], TRUE) && !empty($params['check_permissions'])) { + if (empty($params['financial_type_id']) && !empty($params['id'])) { + $dao = CRM_Core_DAO_AllCoreTables::getFullName($objectName); + $params['financial_type_id'] = CRM_Core_DAO::getFieldValue($dao, $params['id'], 'financial_type_id'); + } $operationMap = ['delete' => CRM_Core_Action::DELETE, 'edit' => CRM_Core_Action::UPDATE, 'create' => CRM_Core_Action::ADD]; CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, $operationMap[$op]); - if (empty($params['financial_type_id'])) { - $params['financial_type_id'] = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_LineItem', $params['id'], 'financial_type_id'); - } if (!array_key_exists($params['financial_type_id'], $types)) { throw new CRM_Core_Exception('You do not have permission to ' . $op . ' this line item'); } @@ -93,6 +94,7 @@ function financialacls_civicrm_selectWhereClause($entity, &$clauses) { case 'MembershipType': case 'ContributionRecur': case 'Contribution': + case 'Product': $clauses['financial_type_id'][] = _financialacls_civicrm_get_type_clause(); break; @@ -173,7 +175,7 @@ function _financialacls_civicrm_get_accessible_financial_types(): array { * * @return string * - * @throws \CRM_Core_Exception + * @noinspection PhpUnhandledExceptionInspection */ function _financialacls_civicrm_get_membership_type_clause(): string { $financialTypes = _financialacls_civicrm_get_accessible_financial_types(); diff --git a/ext/financialacls/tests/phpunit/Civi/Financialacls/BaseTestClass.php b/ext/financialacls/tests/phpunit/Civi/Financialacls/BaseTestClass.php index 8aea397324..894db1f311 100644 --- a/ext/financialacls/tests/phpunit/Civi/Financialacls/BaseTestClass.php +++ b/ext/financialacls/tests/phpunit/Civi/Financialacls/BaseTestClass.php @@ -7,6 +7,7 @@ use Civi\Api4\FinancialType; use Civi\Api4\PriceField; use Civi\Api4\PriceFieldValue; use Civi\Api4\PriceSet; +use Civi\Api4\Product; use Civi\Test; use Civi\Test\CiviEnvBuilder; use Civi\Test\HeadlessInterface; @@ -49,6 +50,7 @@ class BaseTestClass extends TestCase implements HeadlessInterface, HookInterface public function tearDown(): void { Contribution::delete(FALSE)->addWhere('id', '>', 0)->execute(); FinancialType::delete(FALSE)->addWhere('name', 'LIKE', '%test%')->execute(); + Product::delete(FALSE)->addWhere('name', '=', '10_dollars')->execute(); $this->cleanupPriceSets(); } diff --git a/ext/financialacls/tests/phpunit/Civi/Financialacls/ProductTest.php b/ext/financialacls/tests/phpunit/Civi/Financialacls/ProductTest.php new file mode 100644 index 0000000000..07c28362b7 --- /dev/null +++ b/ext/financialacls/tests/phpunit/Civi/Financialacls/ProductTest.php @@ -0,0 +1,36 @@ +createTestEntity('Product', [ + 'name' => '10_dollars', + 'description' => '10 dollars worth of monopoly money', + 'options' => 'White, Black, Green', + 'price' => 2, + 'min_contribution' => 10, + 'cost' => .05, + 'financial_type_id:name' => 'Member Dues', + ], '10_dollars'); + $this->_apiversion = $version; + $this->setupLoggedInUserWithLimitedFinancialTypeAccess(); + $products = $this->callAPISuccess('Product', 'get', ['sequential' => TRUE])['values']; + $this->assertCount(1, $products); + $this->callAPISuccessGetCount('Product', ['check_permissions' => TRUE], 0); + $this->callAPIFailure('Product', 'Delete', ['check_permissions' => TRUE, 'id' => $products[0]['id']]); + $this->callAPISuccess('Product', 'Delete', ['check_permissions' => FALSE, 'id' => $products[0]['id']]); + } + +}