Merge pull request civicrm#21 from Edzelopez/CIVI-28

Edzelopez · Edzelopez · commit 906517772f92 · 2015-03-25T16:02:43.000+05:30
CIVI-28 Handled permission for create contribution API
diff --git a/api/v3/Contribution.php b/api/v3/Contribution.php
@@ -46,6 +46,14 @@ function civicrm_api3_contribution_create(&$params) {
   _civicrm_api3_custom_format_params($params, $values, 'Contribution');
   $params = array_merge($params, $values);
 
+  if (empty($params['id'])) {
+    $op = 'add';
+  }
+  CRM_Financial_BAO_FinancialType::getAvailableFinancialTypes($types, $op);
+  if (!in_array($params['financial_type_id'], array_keys($types))) {
+    return civicrm_api3_create_error('You do not have permission to create this contribution');
+  }
+
   if (!empty($params['id']) && !empty($params['contribution_status_id'])) {
     $error = array();
     //throw error for invalid status change such as setting completed back to pending
