From 816cac04ea398ad81637209f70e76e2c761f0f85 Mon Sep 17 00:00:00 2001
From: Edsel <edsel.lopez@jmaconsulting.biz>
Date: Wed, 25 Mar 2015 15:59:17 +0530
Subject: [PATCH] CIVI-28 Handled permission for create contribution API

---
 api/v3/Contribution.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/api/v3/Contribution.php b/api/v3/Contribution.php
index ab7abb5558..4420a22802 100644
--- a/api/v3/Contribution.php
+++ b/api/v3/Contribution.php
@@ -46,6 +46,14 @@ function civicrm_api3_contribution_create(&$params) {
   _civicrm_api3_custom_format_params($params, $values, 'Contribution');
   $params = array_merge($params, $values);
 
+  if (empty($params['id'])) {
+    $op = 'add';
+  }
+  CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, $op);
+  if (!in_array($params['financial_type_id'], array_keys($types))) {
+    return civicrm_api3_create_error('You do not have permission to create this contribution');
+  }
+
   if (!empty($params['id']) && !empty($params['contribution_status_id'])) {
     $error = array();
     //throw error for invalid status change such as setting completed back to pending
-- 
2.25.1