Merge pull request #10791 from JMAConsulting/CRM-20988

CRM-20988,Don't display option of Export, Delete etc to users who lack that permission

CRM/Batch/BAO/Batch.php

@@ -290,6 +290,7 @@ public static function getBatchList(&$params) {
 
         switch ($batchStatusByName[$values['status_id']]) {
           case 'Open':
+          case 'Reopened':
             CRM_Utils_Array::remove($newLinks, 'reopen', 'download');
             break;
 
@@ -300,6 +301,15 @@ public static function getBatchList(&$params) {
           case 'Exported':
             CRM_Utils_Array::remove($newLinks, 'close', 'edit', 'reopen', 'export');
         }
+        if (!CRM_Batch_BAO_Batch::checkBatchPermission('edit', $values['created_id'])) {
+          CRM_Utils_Array::remove($newLinks, 'close', 'edit', 'export');
+        }
+        if (!CRM_Batch_BAO_Batch::checkBatchPermission('export', $values['created_id'])) {
+          CRM_Utils_Array::remove($newLinks, 'export', 'download');
+        }
+        if (!CRM_Batch_BAO_Batch::checkBatchPermission('delete', $values['created_id'])) {
+          CRM_Utils_Array::remove($newLinks, 'delete');
+        }
       }
       if (!empty($values['type_id'])) {
         $values['batch_type'] = $batchTypes[$values['type_id']];
@@ -381,6 +391,15 @@ public static function whereClause($params) {
       "created_id.sort_name",
       "created_id",
     );
+    if (!CRM_Core_Permission::check("view all manual batches")) {
+      if (CRM_Core_Permission::check("view own manual batches")) {
+        $loggedInContactId = CRM_Core_Session::singleton()->get('userID');
+        $params['created_id'] = $loggedInContactId;
+      }
+      else {
+        $params['created_id'] = 0;
+      }
+    }
     foreach ($return as $field) {
       if (!isset($params[$field])) {
         continue;
@@ -786,4 +805,32 @@ public static function getBatchStatuses($batchIds) {
     return $batches;
   }
 
+  /**
+   * Function to check permission for batch.
+   *
+   * @param string $action
+   * @param int $batchCreatedId
+   *   batch created by contact id
+   *
+   * @return bool
+   */
+  public static function checkBatchPermission($action, $batchCreatedId = NULL) {
+    if (in_array($action, array('reopen', 'close'))) {
+      $action = 'edit';
+    }
+    if (CRM_Core_Permission::check("{$action} all manual batches")) {
+      return TRUE;
+    }
+    if (CRM_Core_Permission::check("{$action} own manual batches")) {
+      $loggedInContactId = CRM_Core_Session::singleton()->get('userID');
+      if ($batchCreatedId == $loggedInContactId) {
+        return TRUE;
+      }
+      elseif (CRM_Utils_System::isNull($batchCreatedId)) {
+        return TRUE;
+      }
+    }
+    return FALSE;
+  }
+
 }

CRM/Financial/Form/BatchTransaction.php

@@ -67,7 +67,7 @@ public function preProcess() {
         $validStatus = TRUE;
       }
       $this->assign('validStatus', $validStatus);
-
+      $this->_values = civicrm_api3('Batch', 'getSingle', array('id' => self::$_entityID));
       $batchTitle = CRM_Core_DAO::getFieldValue('CRM_Batch_BAO_Batch', self::$_entityID, 'title');
       CRM_Utils_System::setTitle(ts('Accounting Batch - %1', array(1 => $batchTitle)));
 
@@ -100,8 +100,12 @@ public function buildQuickForm() {
     }
 
     parent::buildQuickForm();
-    $this->add('submit', 'close_batch', ts('Close Batch'));
-    $this->add('submit', 'export_batch', ts('Close & Export Batch'));
+    if (CRM_Batch_BAO_Batch::checkBatchPermission('edit', $this->_values['created_id'])) {
+      $this->add('submit', 'close_batch', ts('Close Batch'));
+      if (CRM_Batch_BAO_Batch::checkBatchPermission('export', $this->_values['created_id'])) {
+        $this->add('submit', 'export_batch', ts('Close & Export Batch'));
+      }
+    }
 
     // text for sort_name
     $this->addElement('text',

CRM/Financial/Form/Search.php

@@ -99,6 +99,11 @@ public function buildQuickForm() {
       'delete' => ts('Delete'),
     );
 
+    foreach ($batchAction as $action => $ignore) {
+      if (!CRM_Batch_BAO_Batch::checkBatchPermission($action)) {
+        unset($batchAction[$action]);
+      }
+    }
     $this->add('select',
       'batch_update',
       ts('Task'),