From e3ca0d2112fcf6cc9be35f10c86b7c34dca61188 Mon Sep 17 00:00:00 2001 From: Edsel Date: Thu, 23 Apr 2015 16:58:59 +0530 Subject: [PATCH] CIVI-28 Added perms for price field option display --- CRM/Contribute/BAO/Premium.php | 2 +- CRM/Price/BAO/PriceFieldValue.php | 4 +--- CRM/Price/Form/Option.php | 7 +++++++ CRM/Price/Page/Field.php | 4 ++-- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/CRM/Contribute/BAO/Premium.php b/CRM/Contribute/BAO/Premium.php index 89e3bcfb31..061619db31 100644 --- a/CRM/Contribute/BAO/Premium.php +++ b/CRM/Contribute/BAO/Premium.php @@ -121,7 +121,7 @@ class CRM_Contribute_BAO_Premium extends CRM_Contribute_DAO_Premium { $dao = new CRM_Contribute_DAO_PremiumsProduct(); $dao->premiums_id = $premiumID; - $dao->financial_type_id = array_keys($financialTypes); + $dao->whereAdd('financial_type_id IN (' . implode(',' , array_keys($financialTypes)) . ')'); $dao->orderBy('weight'); $dao->find(); diff --git a/CRM/Price/BAO/PriceFieldValue.php b/CRM/Price/BAO/PriceFieldValue.php index 67387a40ad..c24d033d2a 100644 --- a/CRM/Price/BAO/PriceFieldValue.php +++ b/CRM/Price/BAO/PriceFieldValue.php @@ -158,6 +158,7 @@ class CRM_Price_BAO_PriceFieldValue extends CRM_Price_DAO_PriceFieldValue { CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes); $fieldValueDAO = new CRM_Price_DAO_PriceFieldValue(); $fieldValueDAO->price_field_id = $fieldId; + $fieldValueDAO->whereAdd('financial_type_id IN (' . implode(',' , array_keys($financialTypes)) . ')'); $fieldValueDAO->orderBy($orderBy, 'label'); if ($isActive) { $fieldValueDAO->is_active = 1; @@ -165,9 +166,6 @@ class CRM_Price_BAO_PriceFieldValue extends CRM_Price_DAO_PriceFieldValue { $fieldValueDAO->find(); while ($fieldValueDAO->fetch()) { - if (!in_array($fieldValueDAO->financial_type_id, array_keys($financialTypes))) { - continue; - } CRM_Core_DAO::storeValues($fieldValueDAO, $values[$fieldValueDAO->id]); } diff --git a/CRM/Price/Form/Option.php b/CRM/Price/Form/Option.php index 2fa6696eb5..8ed59062b2 100644 --- a/CRM/Price/Form/Option.php +++ b/CRM/Price/Form/Option.php @@ -113,6 +113,13 @@ class CRM_Price_Form_Option extends CRM_Core_Form { * @return void */ public function buildQuickForm() { + if ($this->_action == CRM_Core_Action::UPDATE) { + $finTypeId = CRM_Core_DAO::getFieldValue('CRM_Price_DAO_PriceFieldValue', $this->_oid, 'financial_type_id'); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'edit'); + if (!array_key_exists($finTypeId, $financialTypes)) { + CRM_Core_Error::fatal(ts("You do not have permission to access this page")); + } + } if ($this->_action == CRM_Core_Action::DELETE) { $this->addButtons(array( array( diff --git a/CRM/Price/Page/Field.php b/CRM/Price/Page/Field.php index aff145194f..a1bdab423f 100644 --- a/CRM/Price/Page/Field.php +++ b/CRM/Price/Page/Field.php @@ -133,6 +133,7 @@ class CRM_Price_Page_Field extends CRM_Core_Page { $invoicing = CRM_Utils_Array::value('invoicing', $invoiceSettings); $getTaxDetails = FALSE; $taxRate = CRM_Core_PseudoConstant::getTaxRates(); + CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes); while ($priceFieldBAO->fetch()) { $priceField[$priceFieldBAO->id] = array(); CRM_Core_DAO::storeValues($priceFieldBAO, $priceField[$priceFieldBAO->id]); @@ -143,8 +144,7 @@ class CRM_Price_Page_Field extends CRM_Core_Page { $params = array('price_field_id' => $priceFieldBAO->id); CRM_Price_BAO_PriceFieldValue::retrieve($params, $optionValues); - - $financialTypeId = $optionValues['financial_type_id']; + $financialTypeId = $optionValues['financial_type_id']; $priceField[$priceFieldBAO->id]['price'] = CRM_Utils_Array::value('amount', $optionValues); if ($invoicing && isset($taxRate[$financialTypeId])) { $priceField[$priceFieldBAO->id]['tax_rate'] = $taxRate[$financialTypeId]; -- 2.25.1