From c0f5a838e9cf2fe48805dc546ca07e538f58e3a8 Mon Sep 17 00:00:00 2001
From: Edsel <edsel.lopez@jmaconsulting.biz>
Date: Mon, 16 Mar 2015 19:44:58 +0530
Subject: [PATCH] CIVI-28 Added permission forr contribution view

---
 CRM/Contribute/Form/ContributionView.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CRM/Contribute/Form/ContributionView.php b/CRM/Contribute/Form/ContributionView.php
index 988a6a423c..784c475f29 100644
--- a/CRM/Contribute/Form/ContributionView.php
+++ b/CRM/Contribute/Form/ContributionView.php
@@ -47,6 +47,12 @@ class CRM_Contribute_Form_ContributionView extends CRM_Core_Form {
     $this->assign('context', $context);
 
     CRM_Contribute_BAO_Contribution::getValues($params, $values, $ids);
+    if ($this->_action & CRM_Core_Action::VIEW) {
+      $financialTypeID = CRM_Contribute_PseudoConstant::financialType($values['financial_type_id']);
+      if (!CRM_Core_Permission::check('view contributions of type ' . $financialTypeID)) {
+        CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
+      }
+    }
     CRM_Contribute_BAO_Contribution::resolveDefaults($values);
     $cancelledStatus = TRUE;
     $status = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name');
-- 
2.25.1