From f8bd213fc11e78473a49480bada5ef801d94666d Mon Sep 17 00:00:00 2001 From: Edsel Date: Mon, 6 Apr 2015 17:30:16 +0530 Subject: [PATCH] CIVI-33 Added permissions for price sets and price fields --- CRM/Price/BAO/PriceSet.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CRM/Price/BAO/PriceSet.php b/CRM/Price/BAO/PriceSet.php index 9a1241bcb2..616090ad31 100644 --- a/CRM/Price/BAO/PriceSet.php +++ b/CRM/Price/BAO/PriceSet.php @@ -937,6 +937,13 @@ WHERE id = %1"; $priceSet = self::getSetDetail($priceSetId, TRUE, $validFieldsOnly); $form->_priceSet = CRM_Utils_Array::value($priceSetId, $priceSet); + foreach ($form->_priceSet['fields'] as $key => $value) { + foreach ($value['options'] as $options) { + if (!CRM_Core_Permission::check('add contributions of type ' . CRM_Contribute_PseudoConstant::financialType($options['financial_type_id']))) { + unset($form->_priceSet['fields'][$key]); + } + } + } $validPriceFieldIds = array_keys($form->_priceSet['fields']); $form->_quickConfig = $quickConfig = 0; if (CRM_Core_DAO::getFieldValue('CRM_Price_DAO_PriceSet', $priceSetId, 'is_quick_config')) { -- 2.25.1