Details
-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 4.7
-
Fix Version/s: Unscheduled
-
Component/s: None
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
Description
The new Financial Type ACLs impose checks whether or not the 'check_permissions' flag has been passed into the api call.
The code should be moved from the api to the BAO as we try to avoid adding complexity into the api & put the logic in the BAO where it is used by forms and the api.
The ACLs should ONLY be imposed when check_permissions = 1 (the php layer defaults to 0 whereas the json layer can ONLY pass 1 in).
ALSO note that the code should throw an exception rather than call
return civicrm_api3_create_error('You do not have permission to create this contribution');
Unfortunately that function cannot be marked as private since it's in utils.php & it's not deprecated (just private) so I don't know how to mark it more clearly to prevent new instances of it - but note elsewhere in the function exceptions are thrown correctly. When throwing the exceptions from the BAO use CRM_Core_Exception.