From e16ce4cd1995dca6e92f75b5c8bb91b08f21d156 Mon Sep 17 00:00:00 2001 From: "Donald A. Lobo" Date: Thu, 16 Jan 2014 13:41:38 -0800 Subject: [PATCH] CRM-12882 - Payment Processor passwords should be better hidden http://issues.civicrm.org/jira/browse/CRM-12882 --- CRM/Admin/Form/PaymentProcessor.php | 3 +++ CRM/Core/Permission.php | 1 + CRM/Core/xml/Menu/Admin.xml | 1 + 3 files changed, 5 insertions(+) diff --git a/CRM/Admin/Form/PaymentProcessor.php b/CRM/Admin/Form/PaymentProcessor.php index d9c8f4d11a..39832402c9 100644 --- a/CRM/Admin/Form/PaymentProcessor.php +++ b/CRM/Admin/Form/PaymentProcessor.php @@ -47,6 +47,9 @@ class CRM_Admin_Form_PaymentProcessor extends CRM_Admin_Form { protected $_ppDAO; function preProcess() { + if(!CRM_Core_Permission::check('administer payment processors')) { + CRM_Core_Error::fatal('You do not have permission to administer payment processors'); + } parent::preProcess(); CRM_Utils_System::setTitle(ts('Settings - Payment Processor')); diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index 4f75345e49..7d9cebd1d2 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -552,6 +552,7 @@ class CRM_Core_Permission { 'delete all manual batches' => $prefix . ts('delete all manual batches'), 'export own manual batches' => $prefix . ts('export own manual batches'), 'export all manual batches' => $prefix . ts('export all manual batches'), + 'administer payment processors' => $prefix . ts('administer payment processors'), ); return $permissions; diff --git a/CRM/Core/xml/Menu/Admin.xml b/CRM/Core/xml/Menu/Admin.xml index c24d3ded1c..9d6d9a2ea1 100644 --- a/CRM/Core/xml/Menu/Admin.xml +++ b/CRM/Core/xml/Menu/Admin.xml @@ -477,6 +477,7 @@ Payment Processor setup for CiviCRM transactions CRM_Admin_Page_PaymentProcessor System Settings + administer payment processors admin/small/online_contribution_pages.png 30 -- 2.25.1