Merge pull request civicrm#17 from Edzelopez/CIVI-28

CIVI-28 Reverted changes made to edit for selector (still working), Adde...
Edzelopez · Mar 20, 2015 · 4027a75 · 4027a75
2 parents da1e605 + c60a0ad
commit 4027a75
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 4 deletions.
diff --git a/CRM/Contribute/Form/Contribution.php b/CRM/Contribute/Form/Contribution.php
@@ -493,6 +493,13 @@ public function buildQuickForm() {
     // FIXME: This probably needs to be done in preprocess
     if ($this->_action & CRM_Core_Action::UPDATE && CRM_Utils_Array::value('financial_type_id', $this->_values)) {
       $financialTypeID = CRM_Contribute_PseudoConstant::financialType($this->_values['financial_type_id']);
+      $lineItems = CRM_Price_BAO_LineItem::getLineItemsByContributionID($this->_id);
+      foreach ($lineItems as $items) { 
+        if (!CRM_Core_Permission::check('edit contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) {
+          CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
+          break;
+        }
+      }
       if (!CRM_Core_Permission::check('edit contributions of type ' . $financialTypeID)) {
         CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
       }

diff --git a/CRM/Contribute/Selector/Search.php b/CRM/Contribute/Selector/Search.php
@@ -362,29 +362,33 @@ public function &getRows($action, $offset, $rowCount, $sort, $output = NULL) {
     while ($result->fetch()) {
       $checkLineItem = FALSE;
       $row = array();
-      $permissions[] = CRM_Core_Permission::VIEW;
+      $permissions[] = CRM_Core_Permission::VIEW; 
+      $permissions[] = CRM_Core_Permission::EDIT; 
       if (!CRM_Core_Permission::check('view contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) {
         continue;
       }
       // Now check for lineItems
       $lineItems = CRM_Price_BAO_LineItem::getLineItemsByContributionID($result->id);
-      foreach ($lineItems as $items) {
+      foreach ($lineItems as $items) { 
         if (!CRM_Core_Permission::check('view contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) {
           $checkLineItem = TRUE;
           break;
         }
+        if (!CRM_Core_Permission::check('edit contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) {
+        }
+        if (!CRM_Core_Permission::check('view contributions of type ' . CRM_Contribute_PseudoConstant::financialType($items['financial_type_id']))) {
+        }
       }
       if ($checkLineItem) {
         continue;
       }
       if (!CRM_Core_Permission::check('edit contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) {
         unset($permissions[array_search(CRM_Core_Permission::EDIT, $permissions)]);
-        $mask = CRM_Core_Action::mask($permissions);
       }
       if (!CRM_Core_Permission::check('delete contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) {
         unset($permissions[array_search(CRM_Core_Permission::DELETE, $permissions)]);
-        $mask = CRM_Core_Action::mask($permissions);
       }
+      $mask = CRM_Core_Action::mask($permissions);
       // the columns we are interested in
       foreach (self::$_properties as $property) {
         if (property_exists($result, $property)) {