From: eileen <emcnaughton@wikimedia.org>
Date: Fri, 28 Aug 2020 04:08:56 +0000 (+1200)
Subject: Move (now tested) delete acl check from v3 api to pre delete hook
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=b82fb202e3d9e75563e45e22df7429fbf6793eae;p=civicrm-core.git

Move (now tested) delete acl check from v3 api to pre delete hook
---

diff --git a/api/v3/LineItem.php b/api/v3/LineItem.php
index a5e5f34ff3..f5b47a5e86 100644
--- a/api/v3/LineItem.php
+++ b/api/v3/LineItem.php
@@ -75,18 +75,11 @@ function civicrm_api3_line_item_get($params) {
  *
  * @param array $params
  *   Array containing id of the group to be deleted.
+ *
  * @return array API result array
  * @throws API_Exception
+ * @throws \CiviCRM_API3_Exception
  */
 function civicrm_api3_line_item_delete($params) {
-  if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus() && !empty($params['check_permissions'])) {
-    CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, CRM_Core_Action::DELETE);
-    if (empty($params['financial_type_id'])) {
-      $params['financial_type_id'] = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_LineItem', $params['id'], 'financial_type_id');
-    }
-    if (!in_array($params['financial_type_id'], array_keys($types))) {
-      throw new API_Exception('You do not have permission to delete this line item');
-    }
-  }
   return _civicrm_api3_basic_delete(_civicrm_api3_get_BAO(__FUNCTION__), $params);
 }
diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php
index e6c39a0ab0..dda05b28f6 100644
--- a/ext/financialacls/financialacls.php
+++ b/ext/financialacls/financialacls.php
@@ -143,6 +143,31 @@ function financialacls_civicrm_themes(&$themes) {
   _financialacls_civix_civicrm_themes($themes);
 }
 
+/**
+ * Intervene to prevent deletion, where permissions block it.
+ *
+ * @param \CRM_Core_DAO $op
+ * @param string $objectName
+ * @param int|null $id
+ * @param array $params
+ *
+ * @throws \API_Exception
+ * @throws \CRM_Core_Exception
+ */
+function financialacls_civicrm_pre($op, $objectName, $id, &$params) {
+  if ($objectName === 'LineItem' && $op === 'delete' && !empty($params['check_permissions'])) {
+    if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()) {
+      CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, CRM_Core_Action::DELETE);
+      if (empty($params['financial_type_id'])) {
+        $params['financial_type_id'] = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_LineItem', $params['id'], 'financial_type_id');
+      }
+      if (!in_array($params['financial_type_id'], array_keys($types))) {
+        throw new API_Exception('You do not have permission to delete this line item');
+      }
+    }
+  }
+}
+
 // --- Functions below this ship commented out. Uncomment as required. ---
 
 /**