Skip to content

Commit

Permalink
Move acl check for contributionView to the extension
Browse files Browse the repository at this point in the history
  • Loading branch information
@eileenmcnaughton
eileenmcnaughton committed Feb 3, 2022
1 parent aa9d3ae commit fddd81e
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 4 deletions.
4 changes: 3 additions & 1 deletion CRM/Contribute/BAO/Contribution.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,7 @@ public static function getValues($params, &$values = [], &$ids = []) {
}

/**
* Get the values and resolve the most common mappings.
* Deprecated contact.get call.
*
* Since contribution status is resolved in almost every function that calls getValues it makes
* sense to have an extra function to resolve it rather than repeat the code.
Expand All @@ -330,6 +330,8 @@ public static function getValues($params, &$values = [], &$ids = []) {
* @return array
* Array of the found contribution.
* @throws CRM_Core_Exception
*
* @deprecated
*/
public static function getValuesWithMappings($params) {
$values = $ids = [];
Expand Down
18 changes: 15 additions & 3 deletions CRM/Contribute/Form/ContributionView.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
+--------------------------------------------------------------------+
*/

use Civi\Api4\Contribution;

/**
*
* @package CRM
Expand All @@ -28,12 +30,22 @@ public function preProcess() {
if (empty($id)) {
throw new CRM_Core_Exception('Contribution ID is required');
}
$params = ['id' => $id];

$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $context);

$values = CRM_Contribute_BAO_Contribution::getValuesWithMappings($params);
// Note than this get could be restricted by ACLs in an extension
$contribution = Contribution::get(TRUE)->addWhere('id', '=', $id)->addSelect('financial_type_id')->execute()->first();
if (empty($contribution)) {
CRM_Core_Error::statusBounce(ts('Access to contribution not permitted'));
}
// We just cast here because it was traditionally an array called values - would be better
// just to use 'contribution'.
$values = (array) $contribution;
$contributionStatus = CRM_Core_PseudoConstant::getName('CRM_Contribute_BAO_Contribution', 'contribution_status_id', $values['contribution_status_id']);

// @todo - it might have been better to create a new form that extends this
// for template contributions rather than overloading this form.
$force_create_template = CRM_Utils_Request::retrieve('force_create_template', 'Boolean', $this, FALSE, FALSE);
if ($force_create_template && !empty($values['contribution_recur_id']) && empty($values['is_template'])) {
// Create a template contribution.
Expand Down Expand Up @@ -150,7 +162,7 @@ public function preProcess() {
$campaigns = CRM_Campaign_BAO_Campaign::getCampaigns($campaignId);
$values['campaign'] = $campaigns[$campaignId];
}
if ($values['contribution_status'] == 'Refunded') {
if ($contributionStatus === 'Refunded') {
$this->assign('refund_trxn_id', CRM_Core_BAO_FinancialTrxn::getRefundTransactionTrxnID($id));
}

Expand Down

0 comments on commit fddd81e

Please sign in to comment.