From 1ac87087908e37ee32075f16e78e654c24b67d8b Mon Sep 17 00:00:00 2001
From: Pradeep Nayak <pradpnayak@gmail.com>
Date: Fri, 13 Nov 2015 06:20:25 +0530
Subject: [PATCH] --CRM-17569, changed code to check permission in preprocess
 when ACL-FT is enabled rather permission to menu

---
 CRM/Contribute/xml/Menu/Contribute.xml |  1 -
 CRM/Financial/Form/FinancialType.php   | 13 +++++++++++++
 CRM/Financial/Page/FinancialType.php   |  6 ++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/CRM/Contribute/xml/Menu/Contribute.xml b/CRM/Contribute/xml/Menu/Contribute.xml
index ddbc7ec6f9..ef8694e9d3 100644
--- a/CRM/Contribute/xml/Menu/Contribute.xml
+++ b/CRM/Contribute/xml/Menu/Contribute.xml
@@ -119,7 +119,6 @@
     <page_callback>CRM_Financial_Page_FinancialType</page_callback>
     <desc>Formerly civicrm_contribution_type merged into this table in 4.1</desc>
     <adminGroup>CiviContribute</adminGroup>
-    <access_arguments>administer CiviCRM Financial Types</access_arguments>
     <weight>580</weight>
   </item>
   <item>
diff --git a/CRM/Financial/Form/FinancialType.php b/CRM/Financial/Form/FinancialType.php
index 424e7ff19a..c8069885ad 100644
--- a/CRM/Financial/Form/FinancialType.php
+++ b/CRM/Financial/Form/FinancialType.php
@@ -36,6 +36,19 @@
  */
 class CRM_Financial_Form_FinancialType extends CRM_Contribute_Form {
 
+  /**
+   * Set variables up before form is built.
+   */
+  public function preProcess() {
+    // Check permission for Financial Type when ACL-FT is enabled
+    if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()
+      && !CRM_Core_Permission::check('administer CiviCRM Financial Types')
+    ) {
+      CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
+    }
+    parent::preProcess();
+  }
+
   /**
    * Build the form object.
    */
diff --git a/CRM/Financial/Page/FinancialType.php b/CRM/Financial/Page/FinancialType.php
index de0804506b..8dfb71aa8d 100644
--- a/CRM/Financial/Page/FinancialType.php
+++ b/CRM/Financial/Page/FinancialType.php
@@ -124,6 +124,12 @@ class CRM_Financial_Page_FinancialType extends CRM_Core_Page_Basic {
    * Browse all financial types.
    */
   public function browse() {
+    // Check permission for Financial Type when ACL-FT is enabled
+    if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()
+      && !CRM_Core_Permission::check('administer CiviCRM Financial Types')
+    ) {
+      CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
+    }
     // get all financial types sorted by weight
     $financialType = array();
     $dao = new CRM_Financial_DAO_FinancialType();
-- 
2.25.1