From: Edsel Date: Wed, 27 Jan 2016 12:42:15 +0000 (+0530) Subject: CRM-16259 CIVI-3 Added permissions for payment api X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=a036f52ca7b4e18d84ed4c499c4de4b2c99ce176;p=civicrm-core.git CRM-16259 CIVI-3 Added permissions for payment api ---------------------------------------- * CRM-16259: Create Payment API https://issues.civicrm.org/jira/browse/CRM-16259 --- diff --git a/api/v3/Payment.php b/api/v3/Payment.php index 4de7545221..aec343105d 100644 --- a/api/v3/Payment.php +++ b/api/v3/Payment.php @@ -41,6 +41,9 @@ * Array of financial transactions which are payments, if error an array with an error id and error message */ function civicrm_api3_payment_get($params) { + if (!CRM_Core_Permission::check('access CiviContribute')) { + return civicrm_api3_create_error('You do not have permission to access this api'); + } $financialTrxn = array(); $limit = ''; if (isset($params['options']) && CRM_Utils_Array::value('limit', $params['options'])) { @@ -85,6 +88,9 @@ function civicrm_api3_payment_get($params) { * Api result array */ function civicrm_api3_payment_delete(&$params) { + if (!CRM_Core_Permission::check('access CiviContribute') && !CRM_Core_Permission::check('delete in CiviContribute')) { + return civicrm_api3_create_error('You do not have permission to access this api'); + } return civicrm_api3('FinancialTrxn', 'delete', $params); } @@ -99,6 +105,9 @@ function civicrm_api3_payment_delete(&$params) { * Api result array */ function civicrm_api3_payment_cancel(&$params) { + if (!CRM_Core_Permission::check('access CiviContribute') && !CRM_Core_Permission::check('edit contributions')) { + return civicrm_api3_create_error('You do not have permission to access this api'); + } $eftParams = array( 'entity_table' => 'civicrm_contribution', 'financial_trxn_id' => $params['id'], @@ -126,6 +135,9 @@ function civicrm_api3_payment_cancel(&$params) { * Api result array */ function civicrm_api3_payment_create(&$params) { + if (!CRM_Core_Permission::check('access CiviContribute') && !CRM_Core_Permission::check('edit contributions')) { + return civicrm_api3_create_error('You do not have permission to access this api'); + } // Check if it is an update if (CRM_Utils_Array::value('id', $params)) { $amount = $params['total_amount'];