From ca0e2ddac6c8e9a6b2811c33b205b879cc4d3632 Mon Sep 17 00:00:00 2001 From: Pradeep Nayak Date: Mon, 31 Jul 2017 11:11:23 +0530 Subject: [PATCH] CRM-20988, show permissioned links only ---------------------------------------- * CRM-20988: Don't display option of Export, Delete etc to users who lack that permission https://issues.civicrm.org/jira/browse/CRM-20988 --- CRM/Batch/BAO/Batch.php | 38 +++++++++++++++++++++++++ CRM/Financial/Form/BatchTransaction.php | 10 +++++-- CRM/Financial/Form/Search.php | 5 ++++ 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/CRM/Batch/BAO/Batch.php b/CRM/Batch/BAO/Batch.php index 3b5fbd9481..19b02e58ae 100644 --- a/CRM/Batch/BAO/Batch.php +++ b/CRM/Batch/BAO/Batch.php @@ -290,6 +290,7 @@ class CRM_Batch_BAO_Batch extends CRM_Batch_DAO_Batch { switch ($batchStatusByName[$values['status_id']]) { case 'Open': + case 'Reopened': CRM_Utils_Array::remove($newLinks, 'reopen', 'download'); break; @@ -300,6 +301,15 @@ class CRM_Batch_BAO_Batch extends CRM_Batch_DAO_Batch { case 'Exported': CRM_Utils_Array::remove($newLinks, 'close', 'edit', 'reopen', 'export'); } + if (!CRM_Batch_BAO_Batch::checkBatchPermission('edit', $values['created_id'])) { + CRM_Utils_Array::remove($newLinks, 'close', 'edit', 'export'); + } + if (!CRM_Batch_BAO_Batch::checkBatchPermission('export', $values['created_id'])) { + CRM_Utils_Array::remove($newLinks, 'export', 'download'); + } + if (!CRM_Batch_BAO_Batch::checkBatchPermission('delete', $values['created_id'])) { + CRM_Utils_Array::remove($newLinks, 'delete'); + } } if (!empty($values['type_id'])) { $values['batch_type'] = $batchTypes[$values['type_id']]; @@ -775,4 +785,32 @@ WHERE {$where} return $batches; } + /** + * Function to check permission for batch. + * + * @param string $action + * @param int $batchCreatedId + * batch created by contact id + * + * @return bool + */ + public static function checkBatchPermission($action, $batchCreatedId = NULL) { + if (in_array($action, array('reopen', 'close'))) { + $action = 'edit'; + } + if (CRM_Core_Permission::check("{$action} all manual batches")) { + return TRUE; + } + if (CRM_Core_Permission::check("{$action} own manual batches")) { + $loggedInContactId = CRM_Core_Session::singleton()->get('userID'); + if ($batchCreatedId == $loggedInContactId) { + return TRUE; + } + elseif (CRM_Utils_System::isNull($batchCreatedId)) { + return TRUE; + } + } + return FALSE; + } + } diff --git a/CRM/Financial/Form/BatchTransaction.php b/CRM/Financial/Form/BatchTransaction.php index 457a739b52..9fd6de50b6 100644 --- a/CRM/Financial/Form/BatchTransaction.php +++ b/CRM/Financial/Form/BatchTransaction.php @@ -67,7 +67,7 @@ class CRM_Financial_Form_BatchTransaction extends CRM_Contribute_Form { $validStatus = TRUE; } $this->assign('validStatus', $validStatus); - + $this->_values = civicrm_api3('Batch', 'getSingle', array('id' => self::$_entityID)); $batchTitle = CRM_Core_DAO::getFieldValue('CRM_Batch_BAO_Batch', self::$_entityID, 'title'); CRM_Utils_System::setTitle(ts('Accounting Batch - %1', array(1 => $batchTitle))); @@ -100,8 +100,12 @@ class CRM_Financial_Form_BatchTransaction extends CRM_Contribute_Form { } parent::buildQuickForm(); - $this->add('submit', 'close_batch', ts('Close Batch')); - $this->add('submit', 'export_batch', ts('Close & Export Batch')); + if (CRM_Batch_BAO_Batch::checkBatchPermission('edit', $this->_values['created_id'])) { + $this->add('submit', 'close_batch', ts('Close Batch')); + if (CRM_Batch_BAO_Batch::checkBatchPermission('export', $this->_values['created_id'])) { + $this->add('submit', 'export_batch', ts('Close & Export Batch')); + } + } // text for sort_name $this->addElement('text', diff --git a/CRM/Financial/Form/Search.php b/CRM/Financial/Form/Search.php index c7d9a0b720..742c886d3b 100644 --- a/CRM/Financial/Form/Search.php +++ b/CRM/Financial/Form/Search.php @@ -99,6 +99,11 @@ class CRM_Financial_Form_Search extends CRM_Core_Form { 'delete' => ts('Delete'), ); + foreach ($batchAction as $action => $ignore) { + if (!CRM_Batch_BAO_Batch::checkBatchPermission($action)) { + unset($batchAction[$action]); + } + } $this->add('select', 'batch_update', ts('Task'), -- 2.25.1