From: Edsel <edsel.lopez@jmaconsulting.biz>
Date: Fri, 19 Feb 2016 11:54:46 +0000 (+0530)
Subject: CRM-16526 CIVI-3 Added permission check in Lineitem BAO rather than API for create
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=513e58755423488e5bf598cf59b780d008a34614;p=civicrm-core.git

CRM-16526 CIVI-3 Added permission check in Lineitem BAO rather than API for create

----------------------------------------
* CRM-16526: ACLs for Financial Types
  https://issues.civicrm.org/jira/browse/CRM-16526
---

diff --git a/CRM/Price/BAO/LineItem.php b/CRM/Price/BAO/LineItem.php
index 8ecf74dad3..6b9f599f51 100644
--- a/CRM/Price/BAO/LineItem.php
+++ b/CRM/Price/BAO/LineItem.php
@@ -57,9 +57,11 @@ class CRM_Price_BAO_LineItem extends CRM_Price_DAO_LineItem {
     $id = CRM_Utils_Array::value('id', $params);
     if ($id) {
       CRM_Utils_Hook::pre('edit', 'LineItem', $id, $params);
+      $op = CRM_Core_Action::UPDATE;
     }
     else {
       CRM_Utils_Hook::pre('create', 'LineItem', $params['entity_id'], $params);
+      $op = CRM_Core_Action::ADD;
     }
 
     // unset entity table and entity id in $params
@@ -67,6 +69,12 @@ class CRM_Price_BAO_LineItem extends CRM_Price_DAO_LineItem {
     if ($id) {
       unset($params['entity_id'], $params['entity_table']);
     }
+    if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()) {
+      CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, $op);
+      if (!in_array($params['financial_type_id'], array_keys($types))) {
+        throw new API_Exception('You do not have permission to create this line item');
+      }
+    }
 
     $lineItemBAO = new CRM_Price_BAO_LineItem();
     $lineItemBAO->copyValues($params);
diff --git a/api/v3/LineItem.php b/api/v3/LineItem.php
index fea4763fb4..764e0f93b7 100644
--- a/api/v3/LineItem.php
+++ b/api/v3/LineItem.php
@@ -44,28 +44,6 @@
  *   api result array
  */
 function civicrm_api3_line_item_create($params) {
-  if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()) {
-    if (empty($params['id'])) {
-      $op = CRM_Core_Action::ADD;
-    }
-    else {
-      $op = CRM_Core_Action::UPDATE;
-    }
-    if (empty($params['financial_type_id'])) {
-      $params['financial_type_id'] = civicrm_api3('LineItem', 'getvalue', array(
-        'id' => $params['id'],
-        'return' => 'financial_type_id',
-      ));
-    }
-    CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, $op);
-    if (in_array($params['financial_type_id'], array_keys($types))) {
-      $params = CRM_Contribute_BAO_Contribution::checkTaxAmount($params, TRUE);
-      return _civicrm_api3_basic_create(_civicrm_api3_get_BAO(__FUNCTION__), $params);
-    }
-    else {
-      throw new API_Exception('You do not have permission to create this line item');
-    }
-  }
   $params = CRM_Contribute_BAO_Contribution::checkTaxAmount($params, TRUE);
   return _civicrm_api3_basic_create(_civicrm_api3_get_BAO(__FUNCTION__), $params);
 }
@@ -83,6 +61,7 @@ function _civicrm_api3_line_item_create_spec(&$params) {
   $params['qty']['api.required'] = 1;
   $params['unit_price']['api.required'] = 1;
   $params['line_total']['api.required'] = 1;
+  $params['financial_type_id']['api.required'] = 1;
   $params['label']['api.default'] = 'line item';
 }