Generate button links in PHP instead of smarty for ContributionView form #22588
Conversation
|
(Standard links)
|
6b55d4e to
ec69fff
Compare
|
I agree this is a good idea - ie moving it to the php layer is just better. Regarding how this intersects with the financialacls work - I think it makes sense to consolidate fixing that in this PR - so I have removed from the other. We are removing handling of the smarty variables
UPDATE - my original thoughts about a hook were wrong - we can check if the contact has permission to update (canEdit) or delete (canDelete) using the api. so the core code should check something like this when determining whether to show the update We'd need to check but it looks like the hook code is already in the extension to interact with that |
| @@ -46,6 +46,7 @@ public function preProcess() { | |||
| } | |||
| $this->assign('is_template', $values['is_template']); | |||
|
|
|||
| $noACL = FALSE; | |||
| if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus() && $this->_action & CRM_Core_Action::VIEW) { | |||
There was a problem hiding this comment.
This section should wind up removable with the view bounce being done here and then all the other checks can be done with the checkAccess being used further down
| } | ||
| if (( | ||
| CRM_Core_Permission::check('edit_contributions') | ||
| && CRM_Core_Permission::check('edit contributions of type ' . $financialTypeID) |
There was a problem hiding this comment.
this will simplify down to that api checkAccess
| @@ -10,44 +10,6 @@ | |||
| <div class="crm-block crm-content-block crm-contribution-view-form-block"> | |||
| <div class="action-link"> | |||
| <div class="crm-submit-buttons"> | |||
| {if (call_user_func(array('CRM_Core_Permission','check'), 'edit contributions') && call_user_func(array('CRM_Core_Permission', 'check'), "edit contributions of type $financial_type") && !empty($canEdit)) || | |||
|
@eileenmcnaughton What do you think about merging this first and then making the financialacl changes? In theory this is a "no change" PR that should just map the logic that was in smarty to PHP. I'm getting a bit muddled when looking through the changes needed as you describe above although I can see we'll end up with much cleaner code. |
|
@mattwire as is this actually does break financial acls - see
But I'll put something up to make it clearer to you what I mean - I think it will be fairly clean |
Ah ok! |
|
I think I lost my comment - this is the commit that should fix it - just trying to confirm - f6957ad Still a couple more undefined vars (eg. below) - I'm not looking into those |
|
Just confirming that I did some testing & f6957ad does make the financial acl part work - although if #22684 is not merged first then that commit causes a regression ( unconfirmed but logically I think so) So it's just the undefined variables I think (& stopping the php layer assigns since no longer used) |
|
Closing in favour of #22698 |
Overview
ContributionView form has some impressive and probably insecure code to create the "link" buttons such as edit/delete. Even better the code is duplicated for top and botton!
Before
Fairly complex smarty code to generate button links for Edit/Delete on contributionview form.
After
Smarty logic recreated in PHP form (no attempt to clean up at this stage - it's meant to be a straight refactor). Smarty logic removed from top/bottom buttons and now using standard "linkButtons".
Technical Details
Comments