From 874024618f4603f04741f3c126fc2fefd44584ce Mon Sep 17 00:00:00 2001
From: Eileen McNaughton <emcnaughton@wikimedia.org>
Date: Thu, 14 Dec 2023 19:34:15 +1300
Subject: [PATCH] Move check permissioned line items to acl now it is not used
 in core

---
 CRM/Financial/BAO/FinancialType.php           |  3 +-
 ext/financialacls/financialacls.php           | 36 +++++++++++++++++--
 .../Civi/Financialacls/FinancialTypeTest.php  |  6 ++--
 3 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/CRM/Financial/BAO/FinancialType.php b/CRM/Financial/BAO/FinancialType.php
index 4581140150..1e1f35cf40 100644
--- a/CRM/Financial/BAO/FinancialType.php
+++ b/CRM/Financial/BAO/FinancialType.php
@@ -347,7 +347,7 @@ class CRM_Financial_BAO_FinancialType extends CRM_Financial_DAO_FinancialType im
   /**
    * Function to check if lineitems present in a contribution have permissioned FTs.
    *
-   * @deprecated since 5.68 not part of core - to be handled within financialacls extension
+   * @deprecated since 5.68 not part of core - to be removed 5.74
    *
    * @param int $id
    *   contribution id
@@ -359,6 +359,7 @@ class CRM_Financial_BAO_FinancialType extends CRM_Financial_DAO_FinancialType im
    * @return bool
    */
   public static function checkPermissionedLineItems($id, $op, $force = TRUE, $contactID = NULL) {
+    CRM_Core_Error::deprecatedFunctionWarning('use financial acls extension');
     if (!self::isACLFinancialTypeStatus()) {
       return TRUE;
     }
diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php
index da20a0922f..e638def589 100644
--- a/ext/financialacls/financialacls.php
+++ b/ext/financialacls/financialacls.php
@@ -285,14 +285,46 @@ function _financialacls_civi_api4_authorizeContribution(\Civi\Api4\Event\Authori
     if ($e->getActionName() === 'delete') {
       // First check contribution financial type
       // Now check permissioned line items & permissioned contribution
-      if (!CRM_Financial_BAO_FinancialType::checkPermissionedLineItems($contributionID, 'delete', FALSE, $e->getUserID())
-      ) {
+      if (!_civicrm_financial_acls_check_permissioned_line_items($contributionID, 'delete', FALSE, $e->getUserID())) {
         $e->setAuthorized(FALSE);
       }
     }
   }
 }
 
+/**
+ * Function to check if lineitems present in a contribution have permissioned FTs.
+ *
+ * @param int $id
+ *   contribution id
+ * @param string $op
+ *   the mode of operation, can be add, view, edit, delete
+ * @param bool $force
+ * @param int $contactID
+ *
+ * @return bool
+ */
+function _civicrm_financial_acls_check_permissioned_line_items($id, $op, $force = TRUE, $contactID = NULL) {
+  if (!financialacls_is_acl_limiting_enabled()) {
+    return TRUE;
+  }
+  $lineItems = CRM_Price_BAO_LineItem::getLineItemsByContributionID($id);
+  $flag = FALSE;
+  foreach ($lineItems as $items) {
+    if (!CRM_Core_Permission::check($op . ' contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']), $contactID)) {
+      if ($force) {
+        throw new CRM_Core_Exception(ts('You do not have permission to access this page.'));
+      }
+      $flag = FALSE;
+      break;
+    }
+    else {
+      $flag = TRUE;
+    }
+  }
+  return $flag;
+}
+
 /**
  * Get the permission required to perform this action on this financial type.
  *
diff --git a/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php b/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php
index ef9f5f58cc..b7f79b09b9 100644
--- a/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php
+++ b/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php
@@ -78,7 +78,7 @@ class FinancialTypeTest extends BaseTestClass {
   }
 
   /**
-   * Check method testCheckPermissionedLineItems()
+   * Check method test_civicrm_financial_acls_check_permissioned_line_items()
    *
    * @throws \CRM_Core_Exception
    */
@@ -139,7 +139,7 @@ class FinancialTypeTest extends BaseTestClass {
     ]);
 
     try {
-      \CRM_Financial_BAO_FinancialType::checkPermissionedLineItems($contribution['id'], 'view');
+      _civicrm_financial_acls_check_permissioned_line_items($contribution['id'], 'view');
       $this->fail('Missed expected exception');
     }
     catch (\CRM_Core_Exception $e) {
@@ -150,7 +150,7 @@ class FinancialTypeTest extends BaseTestClass {
       'view contributions of type Donation',
     ]);
     try {
-      \CRM_Financial_BAO_FinancialType::checkPermissionedLineItems($contribution['id'], 'view');
+      _civicrm_financial_acls_check_permissioned_line_items($contribution['id'], 'view');
     }
     catch (\CRM_Core_Exception $e) {
       $this->fail('permissions should be established');
-- 
2.25.1