From 84e489b7e0ab55c9d5eb72a7540ee3cc10381439 Mon Sep 17 00:00:00 2001
From: Edsel <edsel.lopez@jmaconsulting.biz>
Date: Tue, 7 Apr 2015 13:15:29 +0530
Subject: [PATCH] CIVI-35 Added check for permissions on premiums

---
 CRM/Contribute/Form/ContributionPage/AddProduct.php | 2 ++
 CRM/Financial/BAO/FinancialType.php                 | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CRM/Contribute/Form/ContributionPage/AddProduct.php b/CRM/Contribute/Form/ContributionPage/AddProduct.php
index 5236b04f9b..666e9de070 100644
--- a/CRM/Contribute/Form/ContributionPage/AddProduct.php
+++ b/CRM/Contribute/Form/ContributionPage/AddProduct.php
@@ -186,6 +186,8 @@ class CRM_Contribute_Form_ContributionPage_AddProduct extends CRM_Contribute_For
         unset($financialType[$key]);
       }
     }
+    // Check permissioned financial types
+    CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialType, 'add');
     if (count($financialType)) {
       $this->assign('financialType', $financialType);
     }
diff --git a/CRM/Financial/BAO/FinancialType.php b/CRM/Financial/BAO/FinancialType.php
index 569cdc46d0..008211f65d 100644
--- a/CRM/Financial/BAO/FinancialType.php
+++ b/CRM/Financial/BAO/FinancialType.php
@@ -208,8 +208,9 @@ class CRM_Financial_BAO_FinancialType extends CRM_Financial_DAO_FinancialType {
   }
 
   public static function getAvailableFinancialTypes(&$financialTypes = NULL, $action = 'view') {
-    $financialTypes = CRM_Contribute_PseudoConstant::financialType();
-    
+    if (empty($financialTypes)) {
+      $financialTypes = CRM_Contribute_PseudoConstant::financialType();
+    }
     foreach ($financialTypes as $finTypeId => $type) {
       if (!CRM_Core_Permission::check($action . ' contributions of type ' . $type)) {
         unset($financialTypes[$finTypeId]);
-- 
2.25.1