Merge pull request #27797 from eileenmcnaughton/acl

Move financial acl check on Main contribution page to the financial acl extension
civicrm · Oct 13, 2023 · 7eed280 · 7eed280
2 parents a3f75f0 + 7360980
commit 7eed280
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/CRM/Contribute/Form/ContributionBase.php b/CRM/Contribute/Form/ContributionBase.php
@@ -384,11 +384,6 @@ public function preProcess() {
       $this->_fields = [];
 
       CRM_Contribute_BAO_ContributionPage::setValues($this->_id, $this->_values);
-      if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()
-        && !CRM_Core_Permission::check('add contributions of type ' . CRM_Contribute_PseudoConstant::financialType($this->_values['financial_type_id']))
-      ) {
-        CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
-      }
       if (empty($this->_values['is_active'])) {
         throw new CRM_Contribute_Exception_InactiveContributionPageException(ts('The page you requested is currently unavailable.'), $this->_id);
       }

diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php
@@ -201,7 +201,7 @@ function financialacls_civicrm_buildAmount($component, $form, &$feeBlock) {
 
   foreach ($feeBlock as $key => $value) {
     foreach ($value['options'] as $k => $options) {
-      if (!CRM_Core_Permission::check('add contributions of type ' . CRM_Contribute_PseudoConstant::financialType($options['financial_type_id']))) {
+      if (!CRM_Core_Permission::check('add contributions of type ' . CRM_Core_PseudoConstant::getName('CRM_Contribute_DAO_Contribution', 'financial_type_id', $options['financial_type_id']))) {
         unset($feeBlock[$key]['options'][$k]);
       }
     }
@@ -384,6 +384,23 @@ function financialacls_civicrm_alterMenu(array &$menu): void {
   $menu['civicrm/admin/financial/financialType']['access_arguments'] = [['administer CiviCRM Financial Types']];
 }
 
+/**
+ * @param string $formName
+ * @param \CRM_Core_Form $form
+ */
+function financialacls_civicrm_preProcess(string $formName, \CRM_Core_Form $form): void {
+  if (!financialacls_is_acl_limiting_enabled()) {
+    return;
+  }
+  if (str_starts_with($formName, 'CRM_Contribute_Form_Contribution_')) {
+    /* @var \CRM_Contribute_Form_Contribution_Main $form */
+    if (!CRM_Core_Permission::check('add contributions of type ' . $form->getContributionPageValue('financial_type_id:name'))) {
+      CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
+    }
+  }
+
+}
+
 /**
  * Hide edit/enable/disable links for memberships of a given Financial Type
  * Note: The $objectID param can be an int, string or null, hence not typed