Merge pull request #23230 from eileenmcnaughton/mem

[Ref] MembershipView page - Remove redundant financialacl check
civicrm · Jan 11, 2023 · e7fe693 · e7fe693
2 parents e3d025f + bf9042a
commit e7fe693
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/CRM/Member/Form/MembershipView.php b/CRM/Member/Form/MembershipView.php
@@ -15,6 +15,8 @@
  * @copyright CiviCRM LLC https://civicrm.org/licensing
  */
 
+use Civi\Api4\Membership;
+
 /**
  * This class generates form components for Payment-Instrument
  */
@@ -153,11 +155,14 @@ public function preProcess() {
     $this->assign('context', $context);
 
     if ($this->membershipID) {
-      $values = \Civi\Api4\Membership::get()
+      $memberships = Membership::get()
         ->addSelect('*', 'status_id:label', 'membership_type_id:label', 'membership_type_id.financial_type_id', 'status_id.is_current_member')
         ->addWhere('id', '=', $this->membershipID)
-        ->execute()
-        ->first();
+        ->execute();
+      if (!count($memberships)) {
+        CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
+      }
+      $values = $memberships->first();
 
       // Ensure keys expected by MembershipView.tpl are set correctly
       // Some of these defaults are overwritten dependant on context below
@@ -169,16 +174,11 @@ public function preProcess() {
       $values['owner_display_name'] = FALSE;
       $values['campaign'] = FALSE;
 
-      if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()) {
-        $finTypeId = CRM_Core_DAO::getFieldValue('CRM_Member_DAO_MembershipType', $values['membership_type_id'], 'financial_type_id');
-        $finType = CRM_Contribute_PseudoConstant::financialType($finTypeId);
-        if (!CRM_Core_Permission::check('view contributions of type ' . $finType)) {
-          CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
-        }
-      }
-      else {
-        $this->assign('noACL', TRUE);
-      }
+      // This tells the template not to check financial acls when determining
+      // whether to show edit & delete links. Link decisions
+      // should be moved to the php layer - with financialacls using hooks.
+      $this->assign('noACL', !CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus());
+
       $membershipType = CRM_Member_BAO_MembershipType::getMembershipTypeDetails($values['membership_type_id']);
 
       // Do the action on related Membership if needed