Move financial acl check on Main contribution page to the extension

Note that after our snaffu with memberships I tested with the setting enabled & disabled
civicrm · Oct 12, 2023 · 07382eb · 07382eb
1 parent 98be66a
commit 07382eb
Show file tree

Hide file tree

Showing 3 changed files with 132 additions and 11 deletions.
diff --git a/CRM/Contribute/Form/ContributeFormTrait.php b/CRM/Contribute/Form/ContributeFormTrait.php
@@ -0,0 +1,91 @@
+<?php
+
+use Civi\API\EntityLookupTrait;
+
+/**
+ * Trait implements functions to retrieve contribution related values.
+ */
+trait CRM_Contribute_Form_ContributeFormTrait {
+
+  use EntityLookupTrait;
+
+  /**
+   * Get the value for a field relating to the event.
+   *
+   * All values returned in apiv4 format. Escaping may be required.
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   * @param string $fieldName
+   *
+   * @return mixed
+   * @throws \CRM_Core_Exception
+   */
+  public function getContributionValue(string $fieldName) {
+    if ($this->isDefined('Contribution')) {
+      return $this->lookup('Contribution', $fieldName);
+    }
+    $id = $this->getContributionID();
+    if ($id) {
+      $this->define('Contribution', 'Contribution', ['id' => $id]);
+      return $this->lookup('Contribution', $fieldName);
+    }
+    return NULL;
+  }
+
+  /**
+   * Get the selected Contribution ID.
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   * @noinspection PhpUnhandledExceptionInspection
+   */
+  public function getContributionID(): ?int {
+    throw new CRM_Core_Exception('`getContributionID` must be implemented');
+  }
+
+  /**
+   * Get id of contribution page being acted on.
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   * @noinspection PhpUnhandledExceptionInspection
+   */
+  public function getContributionPageID(): ?int {
+    throw new CRM_Core_Exception('`ContributionPageID` must be implemented');
+  }
+
+  /**
+   * Get a value from the participant being acted on.
+   *
+   * All values returned in apiv4 format. Escaping may be required.
+   *
+   * @param string $fieldName
+   *
+   * @return mixed
+   * @noinspection PhpUnhandledExceptionInspection
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   */
+  public function getContributionPageValue(string $fieldName) {
+    if ($this->isDefined('ContributionPage')) {
+      return $this->lookup('ContributionPage', $fieldName);
+    }
+    $id = $this->getContributionPageID();
+    if ($id) {
+      $this->define('ContributionPage', 'ContributionPage', ['id' => $id]);
+      return $this->lookup('ContributionPage', $fieldName);
+    }
+    return NULL;
+  }
+
+}
diff --git a/CRM/Contribute/Form/ContributionBase.php b/CRM/Contribute/Form/ContributionBase.php
@@ -20,6 +20,7 @@
  */
 class CRM_Contribute_Form_ContributionBase extends CRM_Core_Form {
   use CRM_Financial_Form_FrontEndPaymentFormTrait;
+  use CRM_Contribute_Form_ContributeFormTrait;
 
   /**
    * The id of the contribution page that we are processing.
@@ -273,6 +274,28 @@ public function getPriceSetID(): ?int {
     return $this->_priceSetId ?: NULL;
   }
 
+  /**
+   * Get id of contribution page being acted on.
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   * @return int
+   */
+  public function getContributionPageID(): int {
+    if (!$this->_id) {
+      /** @noinspection PhpUnhandledExceptionInspection */
+      $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
+      if (!$this->_id) {
+        // seems like the session is corrupted and/or we lost the id trail
+        // lets just bump this to a regular session error and redirect user to main page
+        $this->controller->invalidKeyRedirect();
+      }
+    }
+    return $this->_id;
+  }
+
   /**
    * Set variables up before form is built.
    *
@@ -282,13 +305,8 @@ public function getPriceSetID(): ?int {
   public function preProcess() {
 
     // current contribution page id
-    $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
+    $this->getContributionPageID();
     $this->_ccid = CRM_Utils_Request::retrieve('ccid', 'Positive', $this);
-    if (!$this->_id) {
-      // seems like the session is corrupted and/or we lost the id trail
-      // lets just bump this to a regular session error and redirect user to main page
-      $this->controller->invalidKeyRedirect();
-    }
     $this->_emailExists = $this->get('emailExists');
 
     $this->_contactID = $this->_membershipContactID = $this->getContactID();
@@ -366,11 +384,6 @@ public function preProcess() {
       $this->_fields = [];
 
       CRM_Contribute_BAO_ContributionPage::setValues($this->_id, $this->_values);
-      if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()
-        && !CRM_Core_Permission::check('add contributions of type ' . CRM_Contribute_PseudoConstant::financialType($this->_values['financial_type_id']))
-      ) {
-        CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
-      }
       if (empty($this->_values['is_active'])) {
         throw new CRM_Contribute_Exception_InactiveContributionPageException(ts('The page you requested is currently unavailable.'), $this->_id);
       }

diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php
@@ -384,6 +384,23 @@ function financialacls_civicrm_alterMenu(array &$menu): void {
   $menu['civicrm/admin/financial/financialType']['access_arguments'] = [['administer CiviCRM Financial Types']];
 }
 
+/**
+ * @param string $formName
+ * @param \CRM_Core_Form $form
+ */
+function financialacls_civicrm_preProcess(string $formName, \CRM_Core_Form $form): void {
+  if (!financialacls_is_acl_limiting_enabled()) {
+    return;
+  }
+  if (str_starts_with($formName, 'CRM_Contribute_Form_Contribution')) {
+    /* @var \CRM_Contribute_Form_Contribution_Main $form */
+    if (!CRM_Core_Permission::check('add contributions of type ' . $form->getContributionPageValue('financial_type_id:name'))) {
+      CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
+    }
+  }
+
+}
+
 /**
  * Hide edit/enable/disable links for memberships of a given Financial Type
  * Note: The $objectID param can be an int, string or null, hence not typed