From 4e0bf3e8c2e665c083918b1c476813346111460b Mon Sep 17 00:00:00 2001 From: eileen Date: Fri, 12 Mar 2021 13:58:57 +1300 Subject: [PATCH 1/2] [REF] Move financial acl permissions declaration to extension Just some minor cleanup to use the hook --- CRM/Core/Permission.php | 1 - CRM/Financial/BAO/FinancialType.php | 1 + ext/financialacls/financialacls.php | 32 +++++++++++++++++++ .../Civi/Financialacls/FinancialTypeTest.php | 30 +++++++++++++++++ .../CRM/Financial/BAO/FinancialTypeTest.php | 30 ----------------- 5 files changed, 63 insertions(+), 31 deletions(-) diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index 1de3147c8ab3..edce29ae2f7e 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -632,7 +632,6 @@ public static function assembleBasicPermissions($all = FALSE, $descriptions = FA // Add any permissions defined in hook_civicrm_permission implementations. $module_permissions = $config->userPermissionClass->getAllModulePermissions($descriptions); $permissions = array_merge($permissions, $module_permissions); - CRM_Financial_BAO_FinancialType::permissionedFinancialTypes($permissions, $descriptions); return $permissions; } diff --git a/CRM/Financial/BAO/FinancialType.php b/CRM/Financial/BAO/FinancialType.php index 7a31cc66c60d..9003eb8d1630 100644 --- a/CRM/Financial/BAO/FinancialType.php +++ b/CRM/Financial/BAO/FinancialType.php @@ -200,6 +200,7 @@ public static function getIncomeFinancialType() { * @return bool */ public static function permissionedFinancialTypes(&$permissions, $descriptions) { + CRM_Core_Error::deprecatedFunctionWarning('not done via hook.'); if (!self::isACLFinancialTypeStatus()) { return FALSE; } diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php index 8fd88f4ba843..eb258732869f 100644 --- a/ext/financialacls/financialacls.php +++ b/ext/financialacls/financialacls.php @@ -253,6 +253,38 @@ function financialacls_civicrm_membershipTypeValues($form, &$membershipTypeValue } } +/** + * Add permissions. + * + * @see https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_permission/ + * + * @param array $permissions + */ +function financialacls_civicrm_permission(&$permissions) { + if (!financialacls_is_acl_limiting_enabled()) { + return; + } + $actions = [ + 'add' => ts('add'), + 'view' => ts('view'), + 'edit' => ts('edit'), + 'delete' => ts('delete'), + ]; + $financialTypes = \CRM_Contribute_BAO_Contribution::buildOptions('financial_type_id', 'validate'); + foreach ($financialTypes as $id => $type) { + foreach ($actions as $action => $action_ts) { + $permissions[$action . ' contributions of type ' . $type] = [ + ts("CiviCRM: %1 contributions of type %2", [1 => $action_ts, 2 => $type]), + ts('%1 contributions of type %2', [1 => $action_ts, 2 => $type]), + ]; + } + } + $permissions['administer CiviCRM Financial Types'] = [ + ts('CiviCRM: administer CiviCRM Financial Types'), + ts('Administer access to Financial Types'), + ]; +} + /** * Remove unpermitted financial types from field Options in search context. * diff --git a/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php b/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php index 08fabb1408da..c43511981fcb 100644 --- a/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php +++ b/ext/financialacls/tests/phpunit/Civi/Financialacls/FinancialTypeTest.php @@ -32,4 +32,34 @@ public function testChangeFinancialTypeName(): void { $this->assertEquals('Changing the name', substr($status[0]['text'], 0, 17)); } + /** + * Check method testPermissionedFinancialTypes() + */ + public function testPermissionedFinancialTypes(): void { + Civi::settings()->set('acl_financial_type', TRUE); + $permissions = \CRM_Core_Permission::basicPermissions(FALSE, TRUE); + $actions = [ + 'add' => ts('add'), + 'view' => ts('view'), + 'edit' => ts('edit'), + 'delete' => ts('delete'), + ]; + $financialTypes = \CRM_Contribute_BAO_Contribution::buildOptions('financial_type_id', 'validate'); + foreach ($financialTypes as $id => $type) { + foreach ($actions as $action => $action_ts) { + $this->assertEquals( + [ + ts("CiviCRM: %1 contributions of type %2", [1 => $action_ts, 2 => $type]), + ts('%1 contributions of type %2', [1 => $action_ts, 2 => $type]), + ], + $permissions[$action . ' contributions of type ' . $type] + ); + } + } + $this->assertEquals([ + ts('CiviCRM: administer CiviCRM Financial Types'), + ts('Administer access to Financial Types'), + ], $permissions['administer CiviCRM Financial Types']); + } + } diff --git a/tests/phpunit/CRM/Financial/BAO/FinancialTypeTest.php b/tests/phpunit/CRM/Financial/BAO/FinancialTypeTest.php index 0709998e7c87..5bb226dff488 100644 --- a/tests/phpunit/CRM/Financial/BAO/FinancialTypeTest.php +++ b/tests/phpunit/CRM/Financial/BAO/FinancialTypeTest.php @@ -216,36 +216,6 @@ public function testgetAvailableMembershipTypes() { $this->assertEquals($expectedResult, $types, 'Verify that removing permission for a financial type restricts the available membership types'); } - /** - * Check method testPermissionedFinancialTypes() - */ - public function testPermissionedFinancialTypes() { - // First get all core permissions - $permissions = $checkPerms = CRM_Core_Permission::getCorePermissions(); - $this->setACL(); - CRM_Financial_BAO_FinancialType::permissionedFinancialTypes($permissions, TRUE); - $financialTypes = CRM_Contribute_PseudoConstant::financialType(); - $actions = [ - 'add' => ts('add'), - 'view' => ts('view'), - 'edit' => ts('edit'), - 'delete' => ts('delete'), - ]; - foreach ($financialTypes as $id => $type) { - foreach ($actions as $action => $action_ts) { - $checkPerms[$action . ' contributions of type ' . $type] = [ - ts("CiviCRM: %1 contributions of type %2", [1 => $action_ts, 2 => $type]), - ts('%1 contributions of type %2', [1 => $action_ts, 2 => $type]), - ]; - } - } - $checkPerms['administer CiviCRM Financial Types'] = [ - ts('CiviCRM: administer CiviCRM Financial Types'), - ts('Administer access to Financial Types'), - ]; - $this->assertEquals($permissions, $checkPerms, 'Verify that permissions for each financial type have been added'); - } - /** * Check method testcheckPermissionedLineItems() * From f4a72e8da90c146109043b27f0ca5f947dfe0519 Mon Sep 17 00:00:00 2001 From: eileen Date: Fri, 12 Mar 2021 14:00:13 +1300 Subject: [PATCH 2/2] dev/core#2454 Extend financial acls view limitations to ContributionRecur --- ext/financialacls/financialacls.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php index eb258732869f..ddd51b22a252 100644 --- a/ext/financialacls/financialacls.php +++ b/ext/financialacls/financialacls.php @@ -192,6 +192,7 @@ function financialacls_civicrm_selectWhereClause($entity, &$clauses) { switch ($entity) { case 'LineItem': case 'MembershipType': + case 'ContributionRecur': $types = []; CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types); if ($types) { @@ -303,7 +304,7 @@ function financialacls_civicrm_fieldOptions($entity, $field, &$options, $params) if (!financialacls_is_acl_limiting_enabled()) { return; } - if ($entity === 'Contribution' && $field === 'financial_type_id' && $params['context'] === 'search') { + if (in_array($entity, ['Contribution', 'ContributionRecur'], TRUE) && $field === 'financial_type_id' && $params['context'] === 'search') { $action = CRM_Core_Action::VIEW; // At this stage we are only considering the view action. Code from // CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes().