From bf9042a88baceb1bc90b266388e2432cbf1769b7 Mon Sep 17 00:00:00 2001
From: Eileen McNaughton <emcnaughton@wikimedia.org>
Date: Sat, 16 Apr 2022 10:54:02 +1200
Subject: [PATCH] Remove redundant financialacl check

---
 CRM/Member/Form/MembershipView.php | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/CRM/Member/Form/MembershipView.php b/CRM/Member/Form/MembershipView.php
index a8af679e49..1396c74727 100644
--- a/CRM/Member/Form/MembershipView.php
+++ b/CRM/Member/Form/MembershipView.php
@@ -15,6 +15,8 @@
  * @copyright CiviCRM LLC https://civicrm.org/licensing
  */
 
+use Civi\Api4\Membership;
+
 /**
  * This class generates form components for Payment-Instrument
  */
@@ -154,11 +156,14 @@ class CRM_Member_Form_MembershipView extends CRM_Core_Form {
     $this->assign('context', $context);
 
     if ($this->membershipID) {
-      $values = \Civi\Api4\Membership::get()
+      $memberships = Membership::get()
         ->addSelect('*', 'status_id:label', 'membership_type_id:label', 'membership_type_id.financial_type_id', 'status_id.is_current_member')
         ->addWhere('id', '=', $this->membershipID)
-        ->execute()
-        ->first();
+        ->execute();
+      if (!count($memberships)) {
+        CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
+      }
+      $values = $memberships->first();
 
       // Ensure keys expected by MembershipView.tpl are set correctly
       // Some of these defaults are overwritten dependant on context below
@@ -170,16 +175,11 @@ class CRM_Member_Form_MembershipView extends CRM_Core_Form {
       $values['owner_display_name'] = FALSE;
       $values['campaign'] = FALSE;
 
-      if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()) {
-        $finTypeId = CRM_Core_DAO::getFieldValue('CRM_Member_DAO_MembershipType', $values['membership_type_id'], 'financial_type_id');
-        $finType = CRM_Contribute_PseudoConstant::financialType($finTypeId);
-        if (!CRM_Core_Permission::check('view contributions of type ' . $finType)) {
-          CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
-        }
-      }
-      else {
-        $this->assign('noACL', TRUE);
-      }
+      // This tells the template not to check financial acls when determining
+      // whether to show edit & delete links. Link decisions
+      // should be moved to the php layer - with financialacls using hooks.
+      $this->assign('noACL', !CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus());
+
       $membershipType = CRM_Member_BAO_MembershipType::getMembershipTypeDetails($values['membership_type_id']);
 
       // Do the action on related Membership if needed
-- 
2.25.1