From e3fa3feacc5b830f29aa03e1c3f560948f082735 Mon Sep 17 00:00:00 2001 From: Edsel Date: Mon, 16 Mar 2015 19:41:27 +0530 Subject: [PATCH] CIVI-28 Added permission cehck for offline contribution form --- CRM/Contribute/Form/Contribution.php | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/CRM/Contribute/Form/Contribution.php b/CRM/Contribute/Form/Contribution.php index 4fab02ad79..afcf0b3448 100644 --- a/CRM/Contribute/Form/Contribution.php +++ b/CRM/Contribute/Form/Contribution.php @@ -458,7 +458,13 @@ class CRM_Contribute_Form_Contribution extends CRM_Contribute_Form_AbstractEditP * Build the form object. */ public function buildQuickForm() { - + // FIXME: This probably needs to be done in preprocess + if ($this->_action & CRM_Core_Action::UPDATE) { + $financialTypeID = CRM_Contribute_PseudoConstant::financialType($this->_values['financial_type_id']); + if (!CRM_Core_Permission::check('edit contributions of type ' . $financialTypeID)) { + CRM_Core_Error::fatal(ts('You do not have permission to access this page.')); + } + } $allPanes = array(); $recurJs = NULL; //tax rate from financialType @@ -608,13 +614,23 @@ class CRM_Contribute_Form_Contribution extends CRM_Contribute_Form_AbstractEditP } $attributes = CRM_Core_DAO::getAttribute('CRM_Contribute_DAO_Contribution'); + + // Check permissions for financial type first + $financialTypes = CRM_Contribute_PseudoConstant::financialType(); + + foreach ($financialTypes as $finTypeId => $type) { + if (!CRM_Core_Permission::check('add new contributions of type ' . $type)) { + unset($financialTypes[$finTypeId]); + } + } $financialType = $this->add('select', 'financial_type_id', ts('Financial Type'), - array('' => ts('- select -')) + CRM_Contribute_PseudoConstant::financialType(), + array('' => ts('- select -')) + $financialTypes, TRUE, array('onChange' => "CRM.buildCustomData( 'Contribution', this.value );") ); + $paymentInstrument = FALSE; if (!$this->_mode) { $paymentInstrument = $this->add('select', 'payment_instrument_id', -- 2.25.1