Move financial acl check on Main contribution page to the extension

Note that after our snaffu with memberships I tested with the setting enabled & disabled
civicrm · Oct 13, 2023 · 27ec40c · 27ec40c
1 parent 2db15d2
commit 27ec40c
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 5 deletions.
diff --git a/CRM/Contribute/Form/ContributeFormTrait.php b/CRM/Contribute/Form/ContributeFormTrait.php
@@ -0,0 +1,91 @@
+<?php
+
+use Civi\API\EntityLookupTrait;
+
+/**
+ * Trait implements functions to retrieve contribution related values.
+ */
+trait CRM_Contribute_Form_ContributeFormTrait {
+
+  use EntityLookupTrait;
+
+  /**
+   * Get the value for a field relating to the contribution.
+   *
+   * All values returned in apiv4 format. Escaping may be required.
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   * @param string $fieldName
+   *
+   * @return mixed
+   * @throws \CRM_Core_Exception
+   */
+  public function getContributionValue(string $fieldName) {
+    if ($this->isDefined('Contribution')) {
+      return $this->lookup('Contribution', $fieldName);
+    }
+    $id = $this->getContributionID();
+    if ($id) {
+      $this->define('Contribution', 'Contribution', ['id' => $id]);
+      return $this->lookup('Contribution', $fieldName);
+    }
+    return NULL;
+  }
+
+  /**
+   * Get the selected Contribution ID.
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   * @noinspection PhpUnhandledExceptionInspection
+   */
+  public function getContributionID(): ?int {
+    throw new CRM_Core_Exception('`getContributionID` must be implemented');
+  }
+
+  /**
+   * Get id of contribution page being acted on.
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   * @noinspection PhpUnhandledExceptionInspection
+   */
+  public function getContributionPageID(): ?int {
+    throw new CRM_Core_Exception('`ContributionPageID` must be implemented');
+  }
+
+  /**
+   * Get a value from the contribution being acted on.
+   *
+   * All values returned in apiv4 format. Escaping may be required.
+   *
+   * @param string $fieldName
+   *
+   * @return mixed
+   * @noinspection PhpUnhandledExceptionInspection
+   *
+   * @api This function will not change in a minor release and is supported for
+   * use outside of core. This annotation / external support for properties
+   * is only given where there is specific test cover.
+   *
+   */
+  public function getContributionPageValue(string $fieldName) {
+    if ($this->isDefined('ContributionPage')) {
+      return $this->lookup('ContributionPage', $fieldName);
+    }
+    $id = $this->getContributionPageID();
+    if ($id) {
+      $this->define('ContributionPage', 'ContributionPage', ['id' => $id]);
+      return $this->lookup('ContributionPage', $fieldName);
+    }
+    return NULL;
+  }
+
+}
diff --git a/CRM/Contribute/Form/ContributionBase.php b/CRM/Contribute/Form/ContributionBase.php
@@ -384,11 +384,6 @@ public function preProcess() {
       $this->_fields = [];
 
       CRM_Contribute_BAO_ContributionPage::setValues($this->_id, $this->_values);
-      if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()
-        && !CRM_Core_Permission::check('add contributions of type ' . CRM_Contribute_PseudoConstant::financialType($this->_values['financial_type_id']))
-      ) {
-        CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
-      }
       if (empty($this->_values['is_active'])) {
         throw new CRM_Contribute_Exception_InactiveContributionPageException(ts('The page you requested is currently unavailable.'), $this->_id);
       }

diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php
@@ -384,6 +384,23 @@ function financialacls_civicrm_alterMenu(array &$menu): void {
   $menu['civicrm/admin/financial/financialType']['access_arguments'] = [['administer CiviCRM Financial Types']];
 }
 
+/**
+ * @param string $formName
+ * @param \CRM_Core_Form $form
+ */
+function financialacls_civicrm_preProcess(string $formName, \CRM_Core_Form $form): void {
+  if (!financialacls_is_acl_limiting_enabled()) {
+    return;
+  }
+  if (str_starts_with($formName, 'CRM_Contribute_Form_Contribution')) {
+    /* @var \CRM_Contribute_Form_Contribution_Main $form */
+    if (!CRM_Core_Permission::check('add contributions of type ' . $form->getContributionPageValue('financial_type_id:name'))) {
+      CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
+    }
+  }
+
+}
+
 /**
  * Hide edit/enable/disable links for memberships of a given Financial Type
  * Note: The $objectID param can be an int, string or null, hence not typed