From 573fd30583113111bf35848286ebe51d6d643660 Mon Sep 17 00:00:00 2001 From: Pradeep Nayak Date: Mon, 21 Sep 2015 16:59:37 +0530 Subject: [PATCH] --CRM-16526, fixed permission by using form action --- CRM/Contribute/BAO/Premium.php | 2 +- CRM/Contribute/BAO/Query.php | 2 +- CRM/Contribute/Form/Contribution.php | 2 +- .../Form/ContributionPage/AddProduct.php | 2 +- .../Form/ContributionPage/Settings.php | 2 +- CRM/Event/Form/EventFees.php | 2 +- CRM/Event/Form/ManageEvent/Fee.php | 2 +- CRM/Financial/BAO/FinancialType.php | 20 +++++++++++++++---- CRM/Member/BAO/Membership.php | 2 +- CRM/Member/Form/Membership.php | 8 +------- CRM/Member/Form/MembershipType.php | 8 +------- CRM/Price/BAO/PriceSet.php | 2 +- CRM/Price/Form/Option.php | 2 +- 13 files changed, 28 insertions(+), 28 deletions(-) diff --git a/CRM/Contribute/BAO/Premium.php b/CRM/Contribute/BAO/Premium.php index bff02f22d9..1d7449b4ca 100644 --- a/CRM/Contribute/BAO/Premium.php +++ b/CRM/Contribute/BAO/Premium.php @@ -112,7 +112,7 @@ class CRM_Contribute_BAO_Premium extends CRM_Contribute_DAO_Premium { $dao->entity_table = 'civicrm_contribution_page'; $dao->entity_id = $pageID; $dao->premiums_active = 1; - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::ADD); $addWhere = "financial_type_id IN (0)"; if (!empty($financialTypes)) { $addWhere = "financial_type_id IN (" . implode(',', array_keys($financialTypes)) . ")"; diff --git a/CRM/Contribute/BAO/Query.php b/CRM/Contribute/BAO/Query.php index 45e59f4150..0393f10f2b 100644 --- a/CRM/Contribute/BAO/Query.php +++ b/CRM/Contribute/BAO/Query.php @@ -891,7 +891,7 @@ class CRM_Contribute_BAO_Query { ); // CRM-13848 - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'view'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::VIEW); $form->addSelect('financial_type_id', array('entity' => 'contribution', 'multiple' => 'multiple', 'context' => 'search', 'options' => $financialTypes) ); diff --git a/CRM/Contribute/Form/Contribution.php b/CRM/Contribute/Form/Contribution.php index c00476e403..5cf676b959 100644 --- a/CRM/Contribute/Form/Contribution.php +++ b/CRM/Contribute/Form/Contribution.php @@ -620,7 +620,7 @@ class CRM_Contribute_Form_Contribution extends CRM_Contribute_Form_AbstractEditP $attributes = CRM_Core_DAO::getAttribute('CRM_Contribute_DAO_Contribution'); // Check permissions for financial type first - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, $this->_action); if (empty($financialTypes)) { CRM_Core_Error::statusBounce(ts('You do not have all the permissions needed for this page.')); } diff --git a/CRM/Contribute/Form/ContributionPage/AddProduct.php b/CRM/Contribute/Form/ContributionPage/AddProduct.php index 666e9de070..35a730063e 100644 --- a/CRM/Contribute/Form/ContributionPage/AddProduct.php +++ b/CRM/Contribute/Form/ContributionPage/AddProduct.php @@ -187,7 +187,7 @@ class CRM_Contribute_Form_ContributionPage_AddProduct extends CRM_Contribute_For } } // Check permissioned financial types - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialType, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialType, CRM_Core_Action::ADD); if (count($financialType)) { $this->assign('financialType', $financialType); } diff --git a/CRM/Contribute/Form/ContributionPage/Settings.php b/CRM/Contribute/Form/ContributionPage/Settings.php index c70cc3c53a..4e7e883cc3 100644 --- a/CRM/Contribute/Form/ContributionPage/Settings.php +++ b/CRM/Contribute/Form/ContributionPage/Settings.php @@ -118,7 +118,7 @@ class CRM_Contribute_Form_ContributionPage_Settings extends CRM_Contribute_Form_ $attributes = CRM_Core_DAO::getAttribute('CRM_Contribute_DAO_ContributionPage'); // financial Type - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::ADD); $financialOptions = array( 'options' => $financialTypes, ); diff --git a/CRM/Event/Form/EventFees.php b/CRM/Event/Form/EventFees.php index c43e2446f8..7c9ed4aa1b 100644 --- a/CRM/Event/Form/EventFees.php +++ b/CRM/Event/Form/EventFees.php @@ -426,7 +426,7 @@ SELECT id, html_type ); // Check permissions for financial type first if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()) { - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, $form->_action); } else { $financialTypes = CRM_Contribute_PseudoConstant::financialType(); diff --git a/CRM/Event/Form/ManageEvent/Fee.php b/CRM/Event/Form/ManageEvent/Fee.php index b3689498d7..f0c53a30c4 100644 --- a/CRM/Event/Form/ManageEvent/Fee.php +++ b/CRM/Event/Form/ManageEvent/Fee.php @@ -278,7 +278,7 @@ class CRM_Event_Form_ManageEvent_Fee extends CRM_Event_Form_ManageEvent { $this->addSelect('financial_type_id'); } else { - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::ADD); $this->addSelect('financial_type_id', array('context' => 'search', 'options' => $financialTypes)); } // add pay later options diff --git a/CRM/Financial/BAO/FinancialType.php b/CRM/Financial/BAO/FinancialType.php index fbed515e72..8b48baf6a3 100644 --- a/CRM/Financial/BAO/FinancialType.php +++ b/CRM/Financial/BAO/FinancialType.php @@ -258,20 +258,26 @@ class CRM_Financial_BAO_FinancialType extends CRM_Financial_DAO_FinancialType { * * @return array */ - public static function getAvailableFinancialTypes(&$financialTypes = NULL, $action = 'view', $resetCache = FALSE) { + public static function getAvailableFinancialTypes(&$financialTypes = NULL, $action = CRM_Core_Action::VIEW, $resetCache = FALSE) { if (empty($financialTypes)) { $financialTypes = CRM_Contribute_PseudoConstant::financialType(); } if (!self::isACLFinancialTypeStatus()) { return $financialTypes; } + $actions = array( + CRM_Core_Action::VIEW => 'view', + CRM_Core_Action::UPDATE => 'edit', + CRM_Core_Action::ADD => 'add', + CRM_Core_Action::DELETE => 'delete', + ); // check cached value if (CRM_Utils_Array::value($action, self::$_availableFinancialTypes) && !$resetCache) { $financialTypes = self::$_availableFinancialTypes[$action]; return self::$_availableFinancialTypes[$action]; } foreach ($financialTypes as $finTypeId => $type) { - if (!CRM_Core_Permission::check($action . ' contributions of type ' . $type)) { + if (!CRM_Core_Permission::check($actions[$action] . ' contributions of type ' . $type)) { unset($financialTypes[$finTypeId]); } } @@ -289,17 +295,23 @@ class CRM_Financial_BAO_FinancialType extends CRM_Financial_DAO_FinancialType { * * @return array */ - public static function getAvailableMembershipTypes(&$membershipTypes = NULL, $action = 'view') { + public static function getAvailableMembershipTypes(&$membershipTypes = NULL, $action = CRM_Core_Action::VIEW) { if (empty($membershipTypes)) { $membershipTypes = CRM_Member_PseudoConstant::membershipType(); } if (!self::isACLFinancialTypeStatus()) { return $membershipTypes; } + $actions = array( + CRM_Core_Action::VIEW => 'view', + CRM_Core_Action::UPDATE => 'edit', + CRM_Core_Action::ADD => 'add', + CRM_Core_Action::DELETE => 'delete', + ); foreach ($membershipTypes as $memTypeId => $type) { $finTypeId = CRM_Core_DAO::getFieldValue('CRM_Member_DAO_MembershipType', $memTypeId, 'financial_type_id'); $finType = CRM_Contribute_PseudoConstant::financialType($finTypeId); - if (!CRM_Core_Permission::check($action . ' contributions of type ' . $finType)) { + if (!CRM_Core_Permission::check($actions[$action] . ' contributions of type ' . $finType)) { unset($membershipTypes[$memTypeId]); } } diff --git a/CRM/Member/BAO/Membership.php b/CRM/Member/BAO/Membership.php index bb56bc4107..65bda4dde2 100644 --- a/CRM/Member/BAO/Membership.php +++ b/CRM/Member/BAO/Membership.php @@ -1533,7 +1533,7 @@ WHERE civicrm_membership.contact_id = civicrm_contact.id $allIDs = implode(',', $membershipTypeIDS); $whereClause .= " AND id IN ( $allIDs )"; } - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::ADD); if ($financialTypes) { $whereClause .= " AND financial_type_id IN (" . implode(',', array_keys($financialTypes)) . ")"; diff --git a/CRM/Member/Form/Membership.php b/CRM/Member/Form/Membership.php index 9d9c8b2e91..fa394ac5c5 100644 --- a/CRM/Member/Form/Membership.php +++ b/CRM/Member/Form/Membership.php @@ -662,15 +662,9 @@ class CRM_Member_Form_Membership extends CRM_Member_Form { //add field for amount to allow an amount to be entered that differs from minimum $this->add('text', 'total_amount', ts('Amount')); } - if (CRM_Core_Action::ADD & $this->_action) { - $op = 'add'; - } - elseif (CRM_Core_Action::UPDATE & $this->_action) { - $op = 'edit'; - } $this->add('select', 'financial_type_id', ts('Financial Type'), - array('' => ts('- select -')) + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, $op) + array('' => ts('- select -')) + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, $this->_action) ); $this->addElement('checkbox', 'is_different_contribution_contact', ts('Record Payment from a Different Contact?')); diff --git a/CRM/Member/Form/MembershipType.php b/CRM/Member/Form/MembershipType.php index 324334bbb2..e326ff813f 100644 --- a/CRM/Member/Form/MembershipType.php +++ b/CRM/Member/Form/MembershipType.php @@ -167,14 +167,8 @@ class CRM_Member_Form_MembershipType extends CRM_Member_Form_MembershipConfig { $this->add('date', 'month_fixed_period_rollover_day', ts('Fixed Period Rollover Day'), CRM_Core_SelectValues::date(NULL, 'd'), FALSE ); - if (CRM_Core_Action::ADD & $this->_action) { - $op = 'add'; - } - elseif (CRM_Core_Action::UPDATE & $this->_action) { - $op = 'edit'; - } $this->add('select', 'financial_type_id', ts('Financial Type'), - array('' => ts('- select -')) + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, $op), TRUE, array('class' => 'crm-select2') + array('' => ts('- select -')) + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, $this->_action), TRUE, array('class' => 'crm-select2') ); $relTypeInd = CRM_Contact_BAO_Relationship::getContactRelationshipType(NULL, NULL, NULL, NULL, TRUE); diff --git a/CRM/Price/BAO/PriceSet.php b/CRM/Price/BAO/PriceSet.php index 607489c5d6..a8e3edfb4e 100644 --- a/CRM/Price/BAO/PriceSet.php +++ b/CRM/Price/BAO/PriceSet.php @@ -470,7 +470,7 @@ WHERE ct.id = cp.financial_type_id AND $query .= " AND s.extends LIKE '%$componentId%' "; } // Check permissioned financial types - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialType, 'add'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialType, CRM_Core_Action::ADD); if ($financialType) { $types = implode(',', array_keys($financialType)); $query .= ' AND s.financial_type_id IN (' . $types . ') AND v.financial_type_id IN (' . $types . ') '; diff --git a/CRM/Price/Form/Option.php b/CRM/Price/Form/Option.php index 8ed59062b2..545a85ddb3 100644 --- a/CRM/Price/Form/Option.php +++ b/CRM/Price/Form/Option.php @@ -115,7 +115,7 @@ class CRM_Price_Form_Option extends CRM_Core_Form { public function buildQuickForm() { if ($this->_action == CRM_Core_Action::UPDATE) { $finTypeId = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_PriceFieldValue', $this->_oid, 'financial_type_id'); - CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'edit'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, CRM_Core_Action::UPDATE); if (!array_key_exists($finTypeId, $financialTypes)) { CRM_Core_Error::fatal(ts("You do not have permission to access this page")); } -- 2.25.1