From 87767abb7edbfd154e17846dffdb1c2d4a132d57 Mon Sep 17 00:00:00 2001
From: jake-mw <jake@peaceworks.ca>
Date: Sun, 14 Jun 2015 21:04:33 -0400
Subject: [PATCH] CRM-12675 - Hide Contribution activities from users without
 Access CiviContribute permission, in order to preserve confidentiality of
 donor information

----------------------------------------
* CRM-12675: Contribution activities shown to users without permission
  https://issues.civicrm.org/jira/browse/CRM-12675
---
 CRM/Activity/Form/Task.php       |  9 ++++++++-
 CRM/Activity/Selector/Search.php | 11 +++++++++++
 CRM/Report/Form/Activity.php     |  5 +++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/CRM/Activity/Form/Task.php b/CRM/Activity/Form/Task.php
index e1c8ec08d2..13819f6212 100644
--- a/CRM/Activity/Form/Task.php
+++ b/CRM/Activity/Form/Task.php
@@ -113,7 +113,14 @@ class CRM_Activity_Form_Task extends CRM_Core_Form {
       );
       $query->_distinctComponentClause = '( civicrm_activity.id )';
       $query->_groupByComponentClause = " GROUP BY civicrm_activity.id ";
-      $result = $query->searchQuery(0, 0, NULL);
+
+      // CRM-12675
+      $activityClause = NULL;
+      if (! CRM_Core_Permission::check('access CiviContribute')) {
+        $activityClause = ' (activity_type.component_id IS NULL OR activity_type.component_id <> 2) ';
+      }
+
+      $result = $query->searchQuery(0, 0, NULL, FALSE, FALSE, FALSE, FALSE, FALSE, $activityClause);
 
       while ($result->fetch()) {
         if (!empty($result->activity_id)) {
diff --git a/CRM/Activity/Selector/Search.php b/CRM/Activity/Selector/Search.php
index 2609ea2b58..34318a2068 100644
--- a/CRM/Activity/Selector/Search.php
+++ b/CRM/Activity/Selector/Search.php
@@ -173,6 +173,17 @@ class CRM_Activity_Selector_Search extends CRM_Core_Selector_Base implements CRM
 
     $this->_activityClause = $activityClause;
 
+    // CRM-12675
+    if (! CRM_Core_Permission::check('access CiviContribute')) {
+      $componentRestriction = ' (activity_type.component_id IS NULL OR activity_type.component_id <> 2) ';
+      if (empty($this->_activityClause)) {
+        $this->_activityClause = $componentRestriction;
+      }
+      else {
+        $this->_activityClause .= ' AND ' . $componentRestriction;
+      }
+    }
+
     // type of selector
     $this->_action = $action;
     $this->_query = new CRM_Contact_BAO_Query($this->_queryParams,
diff --git a/CRM/Report/Form/Activity.php b/CRM/Report/Form/Activity.php
index d3bbdfb13f..49f33103b8 100644
--- a/CRM/Report/Form/Activity.php
+++ b/CRM/Report/Form/Activity.php
@@ -597,6 +597,11 @@ class CRM_Report_Form_Activity extends CRM_Report_Form {
       }
     }
 
+    // CRM-12675
+    if (! CRM_Core_Permission::check('access CiviContribute')) {
+      $clauses[] = " ({$this->_aliases['civicrm_option_value']}.component_id IS NULL OR {$this->_aliases['civicrm_option_value']}.component_id <> 2) ";
+    }
+
     if (empty($clauses)) {
       $this->_where .= " ";
     }
-- 
2.25.1