From 48da67004ec57c12b26b8011cc53df54ab3ee5d3 Mon Sep 17 00:00:00 2001 From: Edsel Date: Fri, 20 Mar 2015 15:54:41 +0530 Subject: [PATCH] CIVI-28 Reverted changes made to edit for selector (still working), Added check for lineitem for contribution edit --- CRM/Contribute/Form/Contribution.php | 7 +++++++ CRM/Contribute/Selector/Search.php | 12 ++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/CRM/Contribute/Form/Contribution.php b/CRM/Contribute/Form/Contribution.php index e6eb2a11c4..1c8c13c2e4 100644 --- a/CRM/Contribute/Form/Contribution.php +++ b/CRM/Contribute/Form/Contribution.php @@ -461,6 +461,13 @@ class CRM_Contribute_Form_Contribution extends CRM_Contribute_Form_AbstractEditP // FIXME: This probably needs to be done in preprocess if ($this->_action & CRM_Core_Action::UPDATE && CRM_Utils_Array::value('financial_type_id', $this->_values)) { $financialTypeID = CRM_Contribute_PseudoConstant::financialType($this->_values['financial_type_id']); + $lineItems = CRM_Price_BAO_LineItem::getLineItemsByContributionID($this->_id); + foreach ($lineItems as $items) { + if (!CRM_Core_Permission::check('edit contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) { + CRM_Core_Error::fatal(ts('You do not have permission to access this page.')); + break; + } + } if (!CRM_Core_Permission::check('edit contributions of type ' . $financialTypeID)) { CRM_Core_Error::fatal(ts('You do not have permission to access this page.')); } diff --git a/CRM/Contribute/Selector/Search.php b/CRM/Contribute/Selector/Search.php index 1655f0b426..8162533533 100644 --- a/CRM/Contribute/Selector/Search.php +++ b/CRM/Contribute/Selector/Search.php @@ -360,29 +360,33 @@ class CRM_Contribute_Selector_Search extends CRM_Core_Selector_Base implements C while ($result->fetch()) { $checkLineItem = FALSE; $row = array(); - $permissions[] = CRM_Core_Permission::VIEW; + $permissions[] = CRM_Core_Permission::VIEW; + $permissions[] = CRM_Core_Permission::EDIT; if (!CRM_Core_Permission::check('view contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) { continue; } // Now check for lineItems $lineItems = CRM_Price_BAO_LineItem::getLineItemsByContributionID($result->id); - foreach ($lineItems as $items) { + foreach ($lineItems as $items) { if (!CRM_Core_Permission::check('view contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) { $checkLineItem = TRUE; break; } + if (!CRM_Core_Permission::check('edit contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) { + } + if (!CRM_Core_Permission::check('view contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) { + } } if ($checkLineItem) { continue; } if (!CRM_Core_Permission::check('edit contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) { unset($permissions[array_search(CRM_Core_Permission::EDIT, $permissions)]); - $mask = CRM_Core_Action::mask($permissions); } if (!CRM_Core_Permission::check('delete contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) { unset($permissions[array_search(CRM_Core_Permission::DELETE, $permissions)]); - $mask = CRM_Core_Action::mask($permissions); } + $mask = CRM_Core_Action::mask($permissions); // the columns we are interested in foreach (self::$_properties as $property) { if (property_exists($result, $property)) { -- 2.25.1