Commit b5634e2c authored by mattwire's avatar mattwire
Browse files

Add event template permissions, make sure we always set created_id,created_date

parent 901f98d9
......@@ -9,14 +9,23 @@ use CRM_AdvancedEvents_ExtensionUtil as E;
class CRM_AdvancedEvents_Page_AJAX {
public static function getEventTemplates() {
if (!CRM_Core_Permission::check('view own event templates')
&& !CRM_Core_Permission::check('view all event templates')) {
CRM_Utils_System::civiExit();
}
$params = CRM_Core_Page_AJAX::defaultSortAndPagerParams();
$eventParams = [
'return' => array_keys(CRM_AdvancedEvents_Page_ManageEventTemplate::getColumnHeaders()),
'is_template' => TRUE,
'options' => ['sort' => $params['sortBy'], 'limit' => $params['rp'], 'offset' => $params['offset']],
];
if (CRM_Core_Permission::check('view own event templates')
&& !CRM_Core_Permission::check('view all event templates')) {
$eventParams['created_id'] = CRM_Core_Session::getLoggedInContactID();
}
$eventTemplates = civicrm_api3('Event', 'get', $eventParams);
if (empty($eventTemplates['values'])) {
......@@ -32,7 +41,9 @@ class CRM_AdvancedEvents_Page_AJAX {
foreach ($eventTemplates['values'] as $eventTemplate) {
foreach ($columnHeaders as $headerKey => $headerDetail) {
$dtEventTemplate[$headerKey] = CRM_AdvancedEvents_Page_ManageEventTemplate::renderField($eventTemplate['id'], $headerKey, CRM_Utils_Array::value($headerKey, $eventTemplate));
$dtEventTemplate[$headerKey] = CRM_AdvancedEvents_Page_ManageEventTemplate::renderField(
$eventTemplate['id'], $headerKey, CRM_Utils_Array::value($headerKey, $eventTemplate), CRM_Utils_Array::value('created_id', $eventTemplate)
);
}
$dtEventTemplate['id'] = $eventTemplate['id'];
$eventTemplatesDT['data'][] = $dtEventTemplate;
......
......@@ -13,13 +13,6 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
//use CRM_Core_Page_EntityPageTrait;
use CRM_AdvancedEvents_OldVersionEntityPageTrait;
/**
* The action links that we need to display for the browse screen.
*
* @var array
*/
private static $_actionLinks;
/**
* The list of column headers
* @var array
......@@ -71,6 +64,11 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
* Browse all event templates.
*/
public function browse() {
if (!CRM_Core_Permission::check('view own event templates')
&& !CRM_Core_Permission::check('view all event templates')) {
CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
}
$columnHeaders = self::getColumnHeaders();
$this->assign('columnHeaders', $columnHeaders);
......@@ -119,6 +117,11 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
* @throws \CiviCRM_API3_Exception
*/
public function copy() {
if (!CRM_Core_Permission::check('edit own event templates')
&& !CRM_Core_Permission::check('edit all event templates')) {
CRM_Core_Error::statusBounce(ts('You do not have edit permissions for event templates.'));
}
$id = CRM_Utils_Request::retrieve('id', 'Positive', $this, TRUE, 0, 'GET');
$urlString = 'civicrm/event/manage';
......@@ -139,39 +142,44 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
* @return array
* action links
*/
public static function actionLinks() {
if (!(self::$_actionLinks)) {
// helper variable for nicer formatting
self::$_actionLinks = [
CRM_Core_Action::ADD => [
'name' => E::ts('Create Event'),
'title' => ts('Create a new event using this template'),
'url' => 'civicrm/event/add',
'qs' => 'reset=1&action=add&template_id=%%id%%',
],
CRM_Core_Action::UPDATE => [
'name' => E::ts('Edit'),
'title' => E::ts('Edit Event Template'),
'url' => 'civicrm/event/manage/settings',
'qs' => 'action=update&id=%%id%%&reset=1',
],
CRM_Core_Action::DELETE => [
'name' => E::ts('Delete'),
'title' => E::ts('Delete Event Template'),
'url' => 'civicrm/admin/advancedevents/delete',
'qs' => 'action=delete&istemplate=1&id=%%id%%',
],
CRM_Core_Action::COPY => [
'name' => E::ts('Copy'),
'title' => E::ts('Create Template from existing template'),
'url' => 'civicrm/admin/eventTemplate',
'qs' => 'reset=1&action=copy&id=%%id%%',
'extra' => 'onclick = "return confirm(\'Are you sure you want to copy this template?\');"',
],
public static function actionLinks($createdID) {
if (CRM_Core_Permission::check('create event')) {
$actionLinks[CRM_Core_Action::ADD] = [
'name' => E::ts('Create Event'),
'title' => ts('Create a new event using this template'),
'url' => 'civicrm/event/add',
'qs' => 'reset=1&action=add&template_id=%%id%%',
];
}
return self::$_actionLinks;
// Do we have edit permission?
if (CRM_Core_Permission::check('edit all event templates')
|| (CRM_Core_Permission::check('edit own event templates') && ($createdID === CRM_Core_Session::getLoggedInContactID()))) {
$actionLinks[CRM_Core_Action::UPDATE] = [
'name' => E::ts('Edit'),
'title' => E::ts('Edit Event Template'),
'url' => 'civicrm/event/manage/settings',
'qs' => 'action=update&id=%%id%%&reset=1',
];
$actionLinks[CRM_Core_Action::COPY] = [
'name' => E::ts('Copy'),
'title' => E::ts('Create Template from existing template'),
'url' => 'civicrm/admin/eventTemplate',
'qs' => 'reset=1&action=copy&id=%%id%%',
'extra' => 'onclick = "return confirm(\'Are you sure you want to copy this template?\');"',
];
}
if (CRM_Core_Permission::check('delete all event templates')
|| (CRM_Core_Permission::check('delete own event templates') && ($createdID === CRM_Core_Session::getLoggedInContactID()))) {
$actionLinks[CRM_Core_Action::DELETE] = [
'name' => E::ts('Delete'),
'title' => E::ts('Delete Event Template'),
'url' => 'civicrm/admin/advancedevents/delete',
'qs' => 'action=delete&istemplate=1&id=%%id%%',
];
}
return $actionLinks;
}
public static function getColumnHeaders() {
......@@ -183,7 +191,10 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
'direction' => CRM_Utils_Sort::DONTCARE,
],
'event_type_id' => [
'name' => E::ts('Event Type'),
'name' => E::ts('Type'),
],
'created_id' => [
'name' => E::ts('Created By'),
],
'default_role_id' => [
'name' => E::ts('Participant Role'),
......@@ -192,17 +203,17 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
'name' => E::ts('Participant Listing'),
],
'is_public' => [
'name' => E::ts('Public Event'),
'name' => E::ts('Public'),
'sort' => 'is_public',
'direction' => CRM_Utils_Sort::DONTCARE,
],
'is_monetary' => [
'name' => E::ts('Paid Event'),
'name' => E::ts('Paid'),
'sort' => 'is_monetary',
'direction' => CRM_Utils_Sort::DONTCARE,
],
'is_online_registration' => [
'name' => E::ts('Allow Online Registration'),
'name' => E::ts('Online Registration'),
'sort' => 'is_online_registration',
'direction' => CRM_Utils_Sort::DONTCARE,
],
......@@ -232,11 +243,12 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
* @param int $entityID
* @param string $fieldName
* @param mixed $fieldValue
* @param int $createdID
*
* @return string
* @throws \CiviCRM_API3_Exception
*/
public static function renderField($entityID, $fieldName, $fieldValue) {
public static function renderField($entityID, $fieldName, $fieldValue, $createdID = NULL) {
switch ($fieldName) {
case 'template_title':
$url = CRM_Utils_System::url('civicrm/event/manage/settings', "action=update&id={$entityID}&reset=1");
......@@ -262,10 +274,21 @@ class CRM_AdvancedEvents_Page_ManageEventTemplate extends CRM_Core_Page {
$url = CRM_Utils_System::url("civicrm/event/manage/settings", "action=update&id={$entityID}&reset=1&selectedChild=linkedevents");
return "<a class='action-item crm-hover-button' href='{$url}'>{$count}</a>";
case 'action':
$action = array_sum(array_keys(CRM_AdvancedEvents_Page_ManageEventTemplate::actionLinks()));
case 'created_id':
if (!empty($fieldValue)) {
$contactName = (string) civicrm_api3('Contact', 'getvalue', ['id' => $createdID, 'return' => 'display_name']);
if (CRM_Contact_BAO_Contact_Permission::allow($createdID, CRM_Core_Permission::VIEW)) {
$url = CRM_Utils_System::url("civicrm/contact/view", "reset=1&cid={$createdID}");
return "<a class='action-item crm-hover-button' href='{$url}'>{$contactName}</a>";
}
else {
return $contactName;
}
}
return '';
return CRM_Core_Action::formLink(CRM_AdvancedEvents_Page_ManageEventTemplate::actionLinks(), $action,
case 'action':
return CRM_Core_Action::formLink(CRM_AdvancedEvents_Page_ManageEventTemplate::actionLinks($createdID), NULL,
['id' => $entityID],
E::ts('more'),
FALSE,
......
......@@ -279,6 +279,31 @@ function advanced_events_civicrm_post($op, $objectName, $objectId, &$objectRef)
}
}
function advanced_events_civicrm_copy($objectName, $objectRef) {
if ($objectName !== 'Event') {
return;
}
if (empty($objectRef->created_id) || empty($objectRef->created_date)) {
if (CRM_Core_Transaction::isActive()) {
CRM_Core_Transaction::addCallback(CRM_Core_Transaction::PHASE_POST_COMMIT, 'advanced_events_civicrm_copy_callback', [$objectRef]);
}
else {
advanced_events_civicrm_copy_callback($objectRef);
}
}
}
function advanced_events_civicrm_copy_callback($objectRef) {
// Core does not fill in the created_id, created_date fields - maybe it should
$eventParams = [
'id' => $objectRef->id,
'created_id' => CRM_Core_Session::getLoggedInContactID(),
'created_date' => date('YmdHis'),
'is_template' => $objectRef->is_template,
];
civicrm_api3('Event', 'create', $eventParams);
}
function advanced_events_civicrm_pageRun(&$page) {
if ($page instanceof CRM_Event_Page_ManageEvent) {
// Insert a link to the event template
......@@ -307,10 +332,17 @@ function advanced_events_civicrm_pageRun(&$page) {
* @param $form
*/
function advanced_events_civicrm_buildForm($formName, &$form) {
if ($formName == 'CRM_Event_Form_ManageEvent_EventInfo') {
CRM_Core_Resources::singleton()
->addScriptFile('civicrm', 'js/crm.searchForm.js', 1, 'html-header')
->addStyleFile('civicrm', 'css/searchForm.css', 1, 'html-header');
switch ($formName) {
case 'CRM_Event_Form_ManageEvent_EventInfo':
if (CRM_Utils_Request::retrieve('action', 'String', $form) == CRM_Core_Action::ADD) {
if (!CRM_Core_Permission::check('create event')) {
CRM_Core_Error::statusBounce(ts('You do not have permission to create events.'));
}
}
CRM_Core_Resources::singleton()
->addScriptFile('civicrm', 'js/crm.searchForm.js', 1, 'html-header')
->addStyleFile('civicrm', 'css/searchForm.css', 1, 'html-header');
break;
}
}
......@@ -339,3 +371,20 @@ function advanced_events_civicrm_entity_supported_info(&$civicrm_entity_info) {
];
}
/**
* Implementation of hook_civicrm_permission
*
* @param array $permissions
* @return void
*/
function advanced_events_civicrm_permission(&$permissions) {
$permissions += [
'create event' => E::ts('CiviEvent: Create Event'),
'view own event templates' => E::ts('CiviEvent: View own event templates'),
'view all event templates' => E::ts('CiviEvent: View all event templates'),
'edit own event templates' => E::ts('CiviEvent: Edit own event templates'),
'edit all event templates' => E::ts('CiviEvent: Edit all event templates'),
'delete own event templates' => E::ts('CiviEvent: Delete own event templates'),
'delete all event templates' => E::ts('CiviEvent: Delete all event templates'),
];
}
......@@ -8,10 +8,12 @@
<div class="help">{ts}Event Templates can be used to create single or multiple "repeat" events.
You can see how many events are linked to the template in the "Events" column of the table below.{/ts}</div>
{if $action ne 1 and $action ne 2}
<div class="action-link">
{crmButton p="civicrm/event/add" q="action=add&is_template=1&reset=1" id="newEventTemplate" icon="calendar-plus-o"}{ts}Add New Template{/ts}{/crmButton}
<div class="clear"></div>
</div>
{if call_user_func(array('CRM_Core_Permission','check'), 'create event')}
<div class="action-link">
{crmButton p="civicrm/event/add" q="action=add&is_template=1&reset=1" id="newEventTemplate" icon="calendar-plus-o"}{ts}Add New Template{/ts}{/crmButton}
<div class="clear"></div>
</div>
{/if}
{/if}
<div class="crm-content-block">
{include file="CRM/common/pager.tpl" location="top"}
......
......@@ -6,7 +6,6 @@
<path_arguments>reset=1</path_arguments>
<page_callback>CRM_AdvancedEvents_Form_Settings</page_callback>
<access_arguments>administer CiviCRM</access_arguments>
<page_type>0</page_type>
<component>Contact</component>
</item>
<item>
......@@ -18,7 +17,7 @@
<item>
<path>civicrm/admin/advancedevents/delete</path>
<page_callback>CRM_AdvancedEvents_Form_ManageEvent_Delete</page_callback>
<access_arguments>access CiviCRM,delete in CiviEvent</access_arguments>
<access_arguments>delete event templates</access_arguments>
<title>Delete Event</title>
</item>
<item>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment