Details
-
Type: Bug
-
Status: Open
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: 4.7.16
-
Fix Version/s: Unscheduled
-
Component/s: CiviContribute
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
-
Verified?:No
Description
Payments are left incomplete if the user doesn't have a view permission for the contribution type
1. Enable Access Control by Financial Type under CiviContribute Component Settings.
2. Set permission so that a particular role has permission to "add contributions of type xxx" in addition to 'make online contributions' permission but NOT view/edit/delete financial type xxx.
3. Create a online contribution page configured with contribution type 'xxx'.
4. Expected behavior: user with the above permission should be able to make a successful payment
Actual behavior: user is able to make payment with status Pending (Incomplete Transaction) reason being that the underlying code for getAvailableFinancialTypes expects to have view permission for contribution type granted to role.