From: Dave Greenberg <dave@civicrm.org>
Date: Sat, 3 Aug 2013 18:28:01 +0000 (-0700)
Subject: CRM-13148 Support use of cid=0 and cid=NNN for online contribution pages.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=da8d9879ec2714d80a7a9cb23e98b748f51b4bc5;p=civicrm-core.git

CRM-13148 Support use of cid=0 and cid=NNN for online contribution pages.

----------------------------------------
* CRM-13148:
  http://issues.civicrm.org/jira/browse/CRM-13148
---

diff --git a/CRM/Contribute/Form/Contribution/Confirm.php b/CRM/Contribute/Form/Contribution/Confirm.php
index a7a20bbbd3..1c8d3a901c 100644
--- a/CRM/Contribute/Form/Contribution/Confirm.php
+++ b/CRM/Contribute/Form/Contribution/Confirm.php
@@ -596,7 +596,7 @@ class CRM_Contribute_Form_Contribution_Confirm extends CRM_Contribute_Form_Contr
    */
   public function postProcess() {
     $config = CRM_Core_Config::singleton();
-    $contactID = $this->_userID;
+    $contactID = $this->getContactID();
 
     // add a description field at the very beginning
     $this->_params['description'] = ts('Online Contribution') . ': ' . (($this->_pcpInfo['title']) ? $this->_pcpInfo['title'] : $this->_values['title']);
@@ -751,7 +751,7 @@ class CRM_Contribute_Form_Contribution_Confirm extends CRM_Contribute_Form_Contr
       }
     }
 
-    if (!isset($contactID)) {
+    if (empty($contactID)) {
       $dupeParams = $params;
       if (CRM_Utils_Array::value('onbehalf', $dupeParams)) {
         unset($dupeParams['onbehalf']);
diff --git a/CRM/Contribute/Form/Contribution/Main.php b/CRM/Contribute/Form/Contribution/Main.php
index 50d0875aae..cb0ded878a 100644
--- a/CRM/Contribute/Form/Contribution/Main.php
+++ b/CRM/Contribute/Form/Contribution/Main.php
@@ -79,18 +79,10 @@ class CRM_Contribute_Form_Contribution_Main extends CRM_Contribute_Form_Contribu
     $this->assign('isConfirmEnabled', CRM_Utils_Array::value('is_confirm_enabled', $this->_values));
 
     // make sure we have right permission to edit this user
-    $csContactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE, $this->_userID);
+    $csContactID = $this->getContactID();
     $reset       = CRM_Utils_Request::retrieve('reset', 'Boolean', CRM_Core_DAO::$_nullObject);
     $mainDisplay = CRM_Utils_Request::retrieve('_qf_Main_display', 'Boolean', CRM_Core_DAO::$_nullObject);
 
-    if ($csContactID != $this->_userID) {
-      if (CRM_Contact_BAO_Contact_Permission::validateChecksumContact($csContactID, $this)) {
-        $session = CRM_Core_Session::singleton();
-        $session->set('userID', $csContactID);
-        $this->_userID = $csContactID;
-      }
-    }
-
     if ($reset) {
       $this->assign('reset', $reset);
     }
@@ -174,9 +166,9 @@ class CRM_Contribute_Form_Contribution_Main extends CRM_Contribute_Form_Contribu
 
   function setDefaultValues() {
     // check if the user is registered and we have a contact ID
-    $contactID = $this->_userID;
+    $contactID = $this->getContactID();
 
-    if ($contactID) {
+    if (!empty($contactID)) {
       $fields = array();
       $removeCustomFieldTypes = array('Contribution', 'Membership');
       $contribFields = CRM_Contribute_BAO_Contribution::getContributionFields();
@@ -1095,6 +1087,7 @@ class CRM_Contribute_Form_Contribution_Main extends CRM_Contribute_Form_Contribu
 
     // get the submitted form values.
     $params = $this->controller->exportValues($this->_name);
+
     if (CRM_Utils_Array::value('priceSetId', $params)) {
       $is_quick_config = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_PriceSet', $this->_priceSetId, 'is_quick_config');
       $formValue = array();
diff --git a/CRM/Contribute/Form/ContributionBase.php b/CRM/Contribute/Form/ContributionBase.php
index df47a2b74b..c45e1d5a98 100644
--- a/CRM/Contribute/Form/ContributionBase.php
+++ b/CRM/Contribute/Form/ContributionBase.php
@@ -626,7 +626,7 @@ class CRM_Contribute_Form_ContributionBase extends CRM_Core_Form {
     $stateCountryMap = array();
 
     if ($id) {
-      $contactID = $this->_userID;
+      $contactID = $this->getContactID();
 
       // we don't allow conflicting fields to be
       // configured via profile - CRM 2100
diff --git a/CRM/Core/Form.php b/CRM/Core/Form.php
index d2ec736e67..f0d60b7c76 100644
--- a/CRM/Core/Form.php
+++ b/CRM/Core/Form.php
@@ -1294,5 +1294,49 @@ class CRM_Core_Form extends HTML_QuickForm_Page {
       }
     }
   }
+
+/**
+ * Get contact if for a form object. Prioritise
+ *  - cid in URL if 0 (on behalf on someoneelse)
+ *      (@todo consider setting a variable if onbehalf for clarity of downstream 'if's
+ *  - logged in user id if it matches the one in the cid in the URL
+ *  - contact id validated from a checksum from a checksum
+ *  - cid from the url if the caller has ACL permission to view
+ *  - fallback is logged in user (or ? NULL if no logged in user) (@todo wouldn't 0 be more intuitive?)
+ *
+ * @return Ambigous <mixed, NULL, value, unknown, array, number>|unknown
+ */
+  function getContactID() {
+    $tempID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
+
+    // force to ignore the authenticated user
+    if ($tempID === '0') {
+      return $tempID;
+    }
+
+    // check if the user is logged in and has a contact ID
+    $session = CRM_Core_Session::singleton();
+    $userID = $session->get('userID');
+
+    if ($tempID == $userID) {
+      return $userID;
+    }
+
+    //check if this is a checksum authentication
+    $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this);
+    if ($userChecksum) {
+      //check for anonymous user.
+      $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($tempID, $userChecksum);
+      if ($validUser) {
+        return $tempID;
+      }
+    }
+    // check if user has permission, CRM-12062
+    else if ($tempID && CRM_Contact_BAO_Contact_Permission::allow($tempID)) {
+      return $tempID;
+    }
+
+    return $userID;
+  }
 }
 
diff --git a/CRM/Event/Form/Registration.php b/CRM/Event/Form/Registration.php
index a6f08e5d72..12a1337976 100644
--- a/CRM/Event/Form/Registration.php
+++ b/CRM/Event/Form/Registration.php
@@ -646,7 +646,7 @@ class CRM_Event_Form_Registration extends CRM_Core_Form {
           //have been skip the additional participant.
           if ($button == 'skip') {
             $field['is_required'] = FALSE;
-          }          
+          }
           // CRM-11316 Is ReCAPTCHA enabled for this profile AND is this an anonymous visitor
           elseif ($field['add_captcha']  && !$contactID) {
             // only add captcha for first page
@@ -1165,42 +1165,12 @@ WHERE  v.option_group_id = g.id
     return $fileName ? $fileName : parent::overrideExtraTemplateFileName();
   }
 
-  function getContactID() {
-    $tempID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
-
-    // force to ignore the authenticated user
-    if ($tempID === '0') {
-      return $tempID;
-    }
-
-    // check if the user is logged in and has a contact ID
-    $session = CRM_Core_Session::singleton();
-    $userID = $session->get('userID');
-
-    if ($tempID == $userID) {
-      return $userID;
-    }
-
-    //check if this is a checksum authentication
-    $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this);
-    if ($userChecksum) {
-      //check for anonymous user.
-      $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($tempID, $userChecksum);
-      if ($validUser) {
-        return $tempID;
-      }
-    }
-    // check if user has permission, CRM-12062
-    else if ($tempID && CRM_Contact_BAO_Contact_Permission::allow($tempID)) {
-      return $tempID;
-    }
-
-    return $userID;
-  }
-
-  /* Validate price set submitted params for price option limit,
+  /**
+   * Validate price set submitted params for price option limit,
    * as well as user should select at least one price field option.
-   *
+   * @param unknown_type $form
+   * @param unknown_type $params
+   * @return multitype:|Ambigous <multitype:, string, string>
    */
   static function validatePriceSet(&$form, $params) {
     $errors = array();