Add ACL call to financial ACLs

civicrm · Dec 19, 2018 · 1786ef5 · 1786ef5
1 parent 2460971
commit 1786ef5
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 9 deletions.
diff --git a/CRM/Contribute/BAO/Contribution.php b/CRM/Contribute/BAO/Contribution.php
@@ -5599,21 +5599,27 @@ public static function getAnnualQuery($contactIDs) {
       $liWhere = " AND i.financial_type_id NOT IN (" . implode(',', array_keys($financialTypes)) . ")";
     }
     $whereClauses = [
-      'b.contact_id IN (' . $contactIDs . ')',
-      'b.contribution_status_id = ' . (int) CRM_Core_PseudoConstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed'),
-      'b.is_test = 0',
-      'b.receive_date >= ' . $startDate,
-      'b.receive_date <  ' . $endDate,
+      'contact_id' => 'IN (' . $contactIDs . ')',
+      'contribution_status_id' => '=' . (int) CRM_Core_PseudoConstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed'),
+      'is_test' => ' = 0',
+      'receive_date' => ['>=' . $startDate, '<  ' . $endDate],
     ];
-    CRM_Financial_BAO_FinancialType::buildPermissionedClause($whereClauses, NULL, 'b');
+    CRM_Financial_BAO_FinancialType::addACLClausesToWhereClauses($whereClauses);
+
+    $clauses = [];
+    foreach ($whereClauses as $key => $clause) {
+      $clauses[] = 'b.' . $key . " "  . implode(' AND b.' . $key, (array) $clause);
+    }
+    $whereClauseString = implode(' AND ', $clauses);
+
     $query = "
       SELECT COUNT(*) as count,
              SUM(total_amount) as amount,
              AVG(total_amount) as average,
              currency
       FROM civicrm_contribution b
       LEFT JOIN civicrm_line_item i ON i.contribution_id = b.id AND i.entity_table = 'civicrm_contribution' $liWhere
-      WHERE " . implode(' AND ', $whereClauses) . "
+      WHERE " . $whereClauseString . "
       GROUP BY currency
       ";
     return $query;

diff --git a/CRM/Financial/BAO/FinancialType.php b/CRM/Financial/BAO/FinancialType.php
@@ -345,6 +345,34 @@ public static function getAvailableMembershipTypes(&$membershipTypes = NULL, $ac
     return $membershipTypes;
   }
 
+  /**
+   * This function adds the Financial ACL clauses to the where clause.
+   *
+   * This is currently somewhat mocking the native hook implementation
+   * combined with applying the acls in core. This is seen as a transitional step
+   * as it would not need to call the hook if the financialreportsacl
+   * extension is installed. And we probably need to check if it IS
+   * installed before adding ACLs as part of the transition.
+   *
+   * @param array $whereClauses
+   */
+  public static function addACLClausesToWhereClauses(&$whereClauses) {
+    CRM_Utils_Hook::selectWhereClause('Contribution', $whereClauses);
+
+    if (!self::isACLFinancialTypeStatus()) {
+      return;
+    }
+    $types = self::getAllEnabledAvailableFinancialTypes();
+    if (empty($types)) {
+      $whereClauses['financial_type_id'] = 'IN (0)';
+    }
+    else {
+      $whereClauses['financial_type_id'] = [
+        'IN (' . implode(',', array_keys($types)) . ')'
+      ];
+    }
+  }
+
   /**
    * Function to build a permissioned sql where clause based on available financial types.
    *

diff --git a/tests/phpunit/CRMTraits/Financial/PriceSetTrait.php b/tests/phpunit/CRMTraits/Financial/PriceSetTrait.php
@@ -55,8 +55,7 @@ protected function createContributionWithTwoLineItemsAgainstPriceSet($params) {
         'entity_table' => 'civicrm_contribution',
       ];
     }
-    $order = $this->callAPISuccess('order', 'create', $params);
+    $this->callAPISuccess('order', 'create', $params);
   }
 
-
 }