Merge pull request civicrm#9 from Edzelopez/CIVI-28

CIVI-28 Added check for permissions while search results are being displayed on contribution search, advanced search and contact summary page (Contributions tab)

CRM/Contribute/Form/ContributionPage/Settings.php

@@ -121,14 +121,14 @@ public function buildQuickForm() {
     $attributes = CRM_Core_DAO::getAttribute('CRM_Contribute_DAO_ContributionPage');
 
     // financial Type
-    if (CRM_Core_Permission::check('administer CiviCRM Financial Types')) {
-      $this->addSelect('financial_type_id', array('context' => 'search'), TRUE);
+    CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add');
+    $financialOptions = array(
+      'options' => $financialTypes,
+    );
+    if (!CRM_Core_Permission::check('administer CiviCRM Financial Types')) {
+      $financialOptions['context'] = 'search';
     }
-    else {
-      CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($financialTypes, 'add');
-
-      $this->addSelect('financial_type_id', array('context' => 'search', 'options' => $financialTypes), TRUE);
-    } 
+    $this->addSelect('financial_type_id', $financialOptions, TRUE);
 
     // name
     $this->add('text', 'title', ts('Title'), $attributes['title'], TRUE);

CRM/Contribute/Selector/Search.php

@@ -361,6 +361,18 @@ public function &getRows($action, $offset, $rowCount, $sort, $output = NULL) {
 
     while ($result->fetch()) {
       $row = array();
+      $permissions[] = CRM_Core_Permission::VIEW;
+      if (!CRM_Core_Permission::check('view contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) {
+        continue;
+      }
+      if (!CRM_Core_Permission::check('edit contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) {
+        unset($permissions[array_search(CRM_Core_Permission::EDIT, $permissions)]);
+        $mask = CRM_Core_Action::mask($permissions);
+      }
+      if (!CRM_Core_Permission::check('delete contributions of type ' . CRM_Contribute_PseudoConstant::financialType($result->financial_type_id))) {
+        unset($permissions[array_search(CRM_Core_Permission::DELETE, $permissions)]);
+        $mask = CRM_Core_Action::mask($permissions);
+      }
       // the columns we are interested in
       foreach (self::$_properties as $property) {
         if (property_exists($result, $property)) {

CRM/Financial/BAO/FinancialType.php

@@ -192,7 +192,8 @@ public static function getIncomeFinancialType() {
    * adding permissions for financial types
    *
    *
-   * @param array $permissions an array of permissions
+   * @param array $permissions        
+   *   an array of permissions
    */
   public static function permissionedFinancialTypes(&$permissions) {
     $financialTypes = CRM_Contribute_PseudoConstant::financialType();