From 53e0b84ef76910dc48129b112423344d4430235e Mon Sep 17 00:00:00 2001 From: Edsel Date: Tue, 14 Apr 2015 17:42:13 +0530 Subject: [PATCH] CIVI-28 Added permissions for links on membership search results --- CRM/Member/Selector/Search.php | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/CRM/Member/Selector/Search.php b/CRM/Member/Selector/Search.php index 1038927d9d..8af8cb4890 100644 --- a/CRM/Member/Selector/Search.php +++ b/CRM/Member/Selector/Search.php @@ -392,13 +392,28 @@ class CRM_Member_Selector_Search extends CRM_Core_Selector_Base implements CRM_C } $isCancelSupported = CRM_Member_BAO_Membership::isCancelSubscriptionSupported($row['membership_id']); - $row['action'] = CRM_Core_Action::formLink(self::links('all', + if (!isset($result->owner_membership_id)) { + $links = self::links('all', $this->_isPaymentProcessor, $this->_accessContribution, $this->_key, $this->_context, $isCancelSupported - ), + ); + } + else { + $links = self::links('view'); + } + // check permissions + $finTypeId = CRM_Core_DAO::getFieldValue('CRM_Member_DAO_MembershipType', $result->membership_type_id, 'financial_type_id'); + $finType = CRM_Contribute_PseudoConstant::financialType($finTypeId); + if (!CRM_Core_Permission::check('edit contributions of type ' . $finType)) { + unset($links[CRM_Core_Action::UPDATE]); + } + if (!CRM_Core_Permission::check('delete contributions of type ' . $finType)) { + unset($links[CRM_Core_Action::DELETE]); + } + $row['action'] = CRM_Core_Action::formLink($links, $currentMask, array( 'id' => $result->membership_id, @@ -413,7 +428,7 @@ class CRM_Member_Selector_Search extends CRM_Core_Selector_Base implements CRM_C ); } else { - $row['action'] = CRM_Core_Action::formLink(self::links('view'), $mask, + $row['action'] = CRM_Core_Action::formLink($links, $mask, array( 'id' => $result->membership_id, 'cid' => $result->contact_id, -- 2.25.1