From: Seamus Lee Date: Wed, 1 Feb 2017 20:13:28 +0000 (+1300) Subject: CRM-19517 add price field value check and ability to edit them X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=23dba589385f81f7a1cadd986e5d2107e298dcfc;p=civicrm-core.git CRM-19517 add price field value check and ability to edit them --- diff --git a/CRM/Financial/BAO/FinancialType.php b/CRM/Financial/BAO/FinancialType.php index 538b01ccd0..919b221707 100644 --- a/CRM/Financial/BAO/FinancialType.php +++ b/CRM/Financial/BAO/FinancialType.php @@ -395,7 +395,33 @@ class CRM_Financial_BAO_FinancialType extends CRM_Financial_DAO_FinancialType { } /** - * Check if FT-ACL is turned on or off + * Check if the logged in user has permission to edit the given financial type. + * + * This is called when determining if they can edit things like option values + * in price sets. At the moment it is not possible to change an option value from + * a type you do not have permission to to a type that you do. + * + * @todo it is currently not possible to edit disabled types if you have ACLs on. + * Do ACLs still apply once disabled? That question should be resolved if tackling + * that gap. + * + * @param int $financialTypeID + * + * @return bool + */ + public static function checkPermissionToEditFinancialType($financialTypeID) { + if (!self::isACLFinancialTypeStatus()) { + return TRUE; + } + // @todo consider adding back in disabled types here. + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::UPDATE); + return isset($financialTypes[$financialTypeID]); + } + + /** + * Check if FT-ACL is turned on or off. + * + * @todo rename this function e.g isFinancialTypeACLsEnabled. * * @return bool */ diff --git a/CRM/Price/BAO/PriceFieldValue.php b/CRM/Price/BAO/PriceFieldValue.php index b02b7cb4ce..2f337386d5 100644 --- a/CRM/Price/BAO/PriceFieldValue.php +++ b/CRM/Price/BAO/PriceFieldValue.php @@ -29,8 +29,6 @@ * * @package CRM * @copyright CiviCRM LLC (c) 2004-2017 - * $Id$ - * */ /** @@ -43,9 +41,9 @@ class CRM_Price_BAO_PriceFieldValue extends CRM_Price_DAO_PriceFieldValue { * Insert/update a new entry in the database. * * @param array $params - * (reference), array $ids. * - * @param $ids + * @param array $ids + * Deprecated variable. * * @return CRM_Price_DAO_PriceFieldValue */ @@ -157,7 +155,7 @@ class CRM_Price_BAO_PriceFieldValue extends CRM_Price_DAO_PriceFieldValue { } /** - * Retrive the all values for given field id. + * Retrieve all values for given field id. * * @param int $fieldId * Price_field_id. diff --git a/CRM/Price/Form/Option.php b/CRM/Price/Form/Option.php index 477ec36c9b..99126381c8 100644 --- a/CRM/Price/Form/Option.php +++ b/CRM/Price/Form/Option.php @@ -115,8 +115,7 @@ class CRM_Price_Form_Option extends CRM_Core_Form { public function buildQuickForm() { if ($this->_action == CRM_Core_Action::UPDATE) { $finTypeId = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_PriceFieldValue', $this->_oid, 'financial_type_id'); - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::UPDATE); - if (!array_key_exists($finTypeId, $financialTypes)) { + if (!CRM_Financial_BAO_FinancialType::checkPermissionToEditFinancialType($finTypeId)) { CRM_Core_Error::fatal(ts("You do not have permission to access this page")); } } diff --git a/CRM/Price/Page/Option.php b/CRM/Price/Page/Option.php index 2a7f82f351..5e3daafb18 100644 --- a/CRM/Price/Page/Option.php +++ b/CRM/Price/Page/Option.php @@ -121,8 +121,13 @@ class CRM_Price_Page_Option extends CRM_Core_Page { * @return void */ public function browse() { - $customOption = array(); - CRM_Price_BAO_PriceFieldValue::getValues($this->_fid, $customOption); + $priceOptions = civicrm_api3('PriceFieldValue', 'get', array( + 'price_field_id' => $this->_fid, + // Explicitly do not check permissions so we are not + // restricted by financial type, so we can change them. + 'check_permissions' => FALSE, + )); + $customOption = $priceOptions['values']; // CRM-15378 - check if these price options are in an Event price set $isEvent = FALSE; @@ -134,7 +139,6 @@ class CRM_Price_Page_Option extends CRM_Core_Page { } $config = CRM_Core_Config::singleton(); - $financialType = CRM_Contribute_PseudoConstant::financialType(); $taxRate = CRM_Core_PseudoConstant::getTaxRates(); // display taxTerm for priceFields $invoiceSettings = Civi::settings()->get('contribution_invoice_settings'); @@ -153,7 +157,7 @@ class CRM_Price_Page_Option extends CRM_Core_Page { $customOption[$id]['tax_amount'] = $taxAmount['tax_amount']; } if (!empty($values['financial_type_id'])) { - $customOption[$id]['financial_type_id'] = $financialType[$values['financial_type_id']]; + $customOption[$id]['financial_type_id'] = CRM_Contribute_PseudoConstant::financialType($values['financial_type_id']); } // update enable/disable links depending on price_field properties. if ($this->_isSetReserved) { diff --git a/CRM/Utils/Check/Component/PriceFields.php b/CRM/Utils/Check/Component/PriceFields.php new file mode 100644 index 0000000000..a36d9a5584 --- /dev/null +++ b/CRM/Utils/Check/Component/PriceFields.php @@ -0,0 +1,76 @@ +fetch()) { + $count++; + $url = CRM_Utils_System::url('civicrm/admin/price/field', array( + 'reset' => 1, + 'action' => 'browse', + 'sid' => $dao->ps_id)); + $html .= "$dao->ps_title$dao->psf_labelView Price Set Fields"; + } + if ($count > 0) { + $msg = "

the following Price Set Fields use disabled or invalid financial types and need to be fixed if they are to still be used.

+

+ + $html +
Price SetPrice Set FieldAction Link

"; + $messages[] = new CRM_Utils_Check_Message( + __FUNCTION__, + ts($msg), + ts('Invalid Price Fields'), + \Psr\Log\LogLevel::WARNING, + 'fa-lock' + ); + } + return $messages; + } + +}