Merge pull request civicrm#10 from Edzelopez/CIVI-28

Edzelopez · Edzelopez · commit b37ba408ba7b · 2015-03-17T16:53:06.000+05:30
CIVI-28 Added check for permissions while search results are being displayed on contribution search, advanced search and contact summary page (Contributions tab)
diff --git a/templates/CRM/Contribute/Form/ContributionView.tpl b/templates/CRM/Contribute/Form/ContributionView.tpl
@@ -26,7 +26,7 @@
 <div class="crm-block crm-content-block crm-contribution-view-form-block">
 <div class="action-link">
   <div class="crm-submit-buttons">
-    {if call_user_func(array('CRM_Core_Permission','check'), 'edit contributions')}
+    {if call_user_func(array('CRM_Core_Permission','check'), 'edit contributions') && call_user_func(array('CRM_Core_Permission', 'check'), "edit contributions of type $financial_type")}
       {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=update&context=$context"}
       {if ( $context eq 'fulltext' || $context eq 'search' ) && $searchKey}
         {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=update&context=$context&key=$searchKey"}
@@ -35,7 +35,7 @@
           <div class="icon ui-icon-pencil"></div>{ts}Edit{/ts}</span>
       </a>
     {/if}
-    {if call_user_func(array('CRM_Core_Permission','check'), 'delete in CiviContribute')}
+    {if call_user_func(array('CRM_Core_Permission','check'), 'delete in CiviContribute') && call_user_func(array('CRM_Core_Permission', 'check'), "delete contributions of type $financial_type")}
       {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=delete&context=$context"}
       {if ( $context eq 'fulltext' || $context eq 'search' ) && $searchKey}
         {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=delete&context=$context&key=$searchKey"}
@@ -309,15 +309,15 @@
 {/if}
 
 <div class="crm-submit-buttons">
-  {if call_user_func(array('CRM_Core_Permission','check'), 'edit contributions')}
+  {if call_user_func(array('CRM_Core_Permission','check'), 'edit contributions') && call_user_func(array('CRM_Core_Permission', 'check'), "edit contributions of type $financial_type")}
     {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=update&context=$context"}
     {if ( $context eq 'fulltext' || $context eq 'search' ) && $searchKey}
       {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=update&context=$context&key=$searchKey"}
     {/if}
     <a class="button" href="{crmURL p='civicrm/contact/view/contribution' q=$urlParams}" accesskey="e"><span><div
           class="icon ui-icon-pencil"></div>{ts}Edit{/ts}</span></a>
   {/if}
-  {if call_user_func(array('CRM_Core_Permission','check'), 'delete in CiviContribute')}
+  {if call_user_func(array('CRM_Core_Permission','check'), 'delete in CiviContribute') && call_user_func(array('CRM_Core_Permission', 'check'), "delete contributions of type $financial_type")}
     {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=delete&context=$context"}
     {if ( $context eq 'fulltext' || $context eq 'search' ) && $searchKey}
       {assign var='urlParams' value="reset=1&id=$id&cid=$contact_id&action=delete&context=$context&key=$searchKey"}
