From bb08e888b02445969be8b5dea69a7829600f2f60 Mon Sep 17 00:00:00 2001
From: Edsel <edsel.lopez@jmaconsulting.biz>
Date: Tue, 17 Mar 2015 12:06:14 +0530
Subject: [PATCH] CIVI-28 Added permission check for Contrirbution pages

---
 CRM/Contribute/Form/ContributionPage.php          |  8 ++++++++
 CRM/Contribute/Form/ContributionPage/Settings.php |  4 +++-
 CRM/Financial/BAO/FinancialType.php               | 10 ++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/CRM/Contribute/Form/ContributionPage.php b/CRM/Contribute/Form/ContributionPage.php
index 9860752e1d..63c9f224bb 100644
--- a/CRM/Contribute/Form/ContributionPage.php
+++ b/CRM/Contribute/Form/ContributionPage.php
@@ -141,6 +141,14 @@ class CRM_Contribute_Form_ContributionPage extends CRM_Core_Form {
       $this->set('values', $this->_values);
     }
 
+    // Check permission to edit contribution page
+    if ($this->_action & CRM_Core_Action::UPDATE) {
+      $financialTypeID = CRM_Contribute_PseudoConstant::financialType($this->_values['financial_type_id']);
+      if (!CRM_Core_Permission::check('edit contributions of type ' . $financialTypeID)) {
+        CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
+      }
+    }
+
     // Preload libraries required by the "Profiles" tab
     $schemas = array('IndividualModel', 'OrganizationModel', 'ContributionModel');
     if (in_array('CiviMember', CRM_Core_Config::singleton()->enableComponents)) {
diff --git a/CRM/Contribute/Form/ContributionPage/Settings.php b/CRM/Contribute/Form/ContributionPage/Settings.php
index 8566f0979c..0dc2616795 100644
--- a/CRM/Contribute/Form/ContributionPage/Settings.php
+++ b/CRM/Contribute/Form/ContributionPage/Settings.php
@@ -122,9 +122,11 @@ class CRM_Contribute_Form_ContributionPage_Settings extends CRM_Contribute_Form_
       $this->addSelect('financial_type_id', array(), TRUE);
     }
     else {
+      CRM_Financial_BAO_FinancialType::addFinancialTypes($financialTypes);
+
       $financialType = $this->add('select', 'financial_type_id',
         ts('Financial Type'),
-        array('' => ts('- select -')) + CRM_Contribute_PseudoConstant::financialType(),
+        array('' => ts('- select -')) + $financialTypes,
         TRUE
       );
     } 
diff --git a/CRM/Financial/BAO/FinancialType.php b/CRM/Financial/BAO/FinancialType.php
index ad4fea8246..49ac55512a 100644
--- a/CRM/Financial/BAO/FinancialType.php
+++ b/CRM/Financial/BAO/FinancialType.php
@@ -205,4 +205,14 @@ class CRM_Financial_BAO_FinancialType extends CRM_Financial_DAO_FinancialType {
     }
     $permissions['administer CiviCRM Financial Types'] = $prefix . ts('administer CiviCRM Financial Types');
   }
+
+  public static function addFinancialTypes(&$financialTypes) {
+    $financialTypes = CRM_Contribute_PseudoConstant::financialType();
+    
+    foreach ($financialTypes as $finTypeId => $type) {
+      if (!CRM_Core_Permission::check('add new contributions of type ' . $type)) {
+        unset($financialTypes[$finTypeId]);
+      }
+    }
+  }
 }
-- 
2.25.1