Skip to content

Add permissions to access transactions and transaction batches #433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
dontub wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add permissions to access transactions and transaction batches #433

dontub wants to merge 1 commit into from
+1,899 −326

Conversation

@dontub
Copy link
Collaborator

@dontub dontub commented Oct 7, 2024

Restrictions are applied by the field domain which is added to BankTransaction and BankTransactionGroups. Possible domains are specified by an option group. For each domain a CiviCRM permission is created which gives access to transactions and transaction groups with that domain. On import the domain can be specified. (Specifying a domain can be enforced optionally.) The previous behavior should not be changed, i.e. users that currently can access all transactions will still have access to all transactions.

  • Permission check is applied on APIv4 calls.
  • APIv3 calls to the two entities are replaced by APIv4 calls.
  • Direct SQL queries are replaced by APIv4 calls where possible. For the remaining queries the WHERE close is adapted.
  • APIv3 actions are mapped to APIv4.

systopia-reference: 25700

@dontub dontub requested review from bjendres and jensschuppe October 7, 2024 15:06
jensschuppe
jensschuppe requested changes Jan 24, 2025
View reviewed changes
CRM/Banking/Page/Dashboard.php
for ($i=$week_count; $i>=0; $i--)
$weeks[] = date('YW', strtotime("now -$i weeks"));

// Migration to APIv4 would require YEARWEEK as \Civi\Api4\Query\SqlFunction.
Copy link
Collaborator

@jensschuppe jensschuppe Jan 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can EXTRACT() be used to replace YEARWEEK()?

Copy link
Collaborator Author

@dontub dontub Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extracting year and week using EXTRACT() doesn't always lead to the same results, e.g.:

SELECT CONCAT(EXTRACT(YEAR FROM '2000-01-01'), EXTRACT(WEEK FROM '2000-01-01'));

results in 20000.

SELECT YEARWEEK('2000-01-01', 3);

resutls in 202001.

The year can differ in some cases, too:

The year in the result may be different from the year in the date argument for the first and the last week of the year.

https://mariadb.com/kb/en/yearweek/

CRM/Banking/Page/Dashboard.php
Comment on lines +120 to +121
['value_date', '>=', date('Y-01-01 00:00:00')],
['value_date', '<', date('Y-01-0100:00:00', strtotime('+1 year'))],
Copy link
Collaborator

@jensschuppe jensschuppe Jan 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is strtotime('+1 year') (or -1 year below) guaranteed to always work correctly regardless of leap years, leap seconds, timezones, DST and date/time of script execution?

Considering the old code did the same, this might be irrelevant here, but got me wondering …

Copy link
Collaborator Author

@dontub dontub Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like PHP doesn't handle leap seconds....

php > echo date('Y-m-d H:i:s', strtotime('2016-12-31 23:59:60'));
2017-01-01 00:00:00
php > echo date('Y-m-d H:i:s', strtotime('2016-12-31 23:59:60 +1 year'));
2018-01-01 00:00:00
php > echo date('Y-m-d H:i:s', strtotime('2016-12-31 23:59:60 -1 year'));
2016-01-01 00:00:00

Otherwise I couldn't imagine any issues here.

Civi/Banking/Api4/Api3To4Util.php
Comment on lines +43 to +45
if (is_array($value)) {
$where[] = [$fieldName, 'IN', $value];
}
Copy link
Collaborator

@jensschuppe jensschuppe Jan 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

APIv3 encodes all other operators as arrays, e.g. 'id' => ['BETWEEN' => [1, 100]] or even 'id' => ['IS NULL' => 1] so this will change operators and values.

Copy link
Collaborator Author

@dontub dontub Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we could make use of hook_civicrm_selectWhereClause and then wouldn't need this code at all.

@bjendres
Copy link
Member

bjendres commented Jan 28, 2025

@dontub Could you resolve the conflicts with the current master?

@bjendres bjendres added this to the CiviBanking 1.3 milestone Jan 28, 2025
@dontub dontub force-pushed the transaction-permissions branch from e92de14 to 02b85ac Compare January 28, 2025 14:18
@dontub dontub marked this pull request as draft November 5, 2025 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jensschuppe jensschuppe jensschuppe requested changes

@bjendres bjendres Awaiting requested review from bjendres

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

CiviBanking 1.5

Development

Successfully merging this pull request may close these issues.

4 participants

@dontub @bjendres @jensschuppe