Contributions PDF for all + security; closes #1409

author Nicolas Béhier-Dévigne <nbehierdevigne@gmail.com>

Sun, 8 Mar 2020 08:44:01 +0000 (09:44 +0100)

committer GitHub <noreply@github.com>

Sun, 8 Mar 2020 08:44:01 +0000 (09:44 +0100)
author Nicolas Béhier-Dévigne <nbehierdevigne@gmail.com>
Sun, 8 Mar 2020 08:44:01 +0000 (09:44 +0100)
committer GitHub <noreply@github.com>
Sun, 8 Mar 2020 08:44:01 +0000 (09:44 +0100)
diff --git a/galette/includes/dependencies.php b/galette/includes/dependencies.php

index c466b1e7d5b15722929b2045866cb71da60bd84f..f9acaf2318774dacf3252d5053792a225c9a2d48 100644 (file)
--- a/galette/includes/dependencies.php
+++ b/galette/includes/dependencies.php
@@ -300,7 +300,7 @@ $container['acls'] = function ($c) {
          'doRemoveEntitled'  => 'staff',
          'dynamicTranslations'       => 'staff',
          'editDynamicTranslation'    => 'staff',
-        'printContribution'         => 'staff',
+        'printContribution'         => 'member',
          'attach_contribution'       => 'staff',
          'detach_contribution'       => 'staff',
          'removeContribution'        => 'staff',
diff --git a/galette/includes/routes/contributions.routes.php b/galette/includes/routes/contributions.routes.php

index 19419af196a1668ad6b739066741b168cda584fa..c42899b2b25f5477a5cae72d09b00acf3f2794e4 100644 (file)
--- a/galette/includes/routes/contributions.routes.php
+++ b/galette/includes/routes/contributions.routes.php
@@ -1209,11 +1209,31 @@ $app->get(
      '/contribution/print/{id:\d+}',
      function ($request, $response, $args) {
          $contribution = new Contribution($this->zdb, $this->login, (int)$args['id']);
-        $pdf = new PdfContribution($contribution, $this->zdb, $this->preferences);
-
-        $response = $this->response->withHeader('Content-type', 'application/pdf')
-                ->withHeader('Content-Disposition', 'attachment;filename="' . $pdf->getFileName() . '"');
-        $response->write($pdf->download());
-        return $response;
+        if ($contribution->id == '') {
+            //not possible to load contribution, exit
+            $this->flash->addMessage(
+                'error_detected',
+                str_replace(
+                    '%id',
+                    $args['id'],
+                    _T("Unable to load contribution #%id!")
+                )
+            );
+            return $response
+                ->withStatus(301)
+                ->withHeader('Location', $this->router->pathFor(
+                    'contributions',
+                    ['type' => 'contributions']
+                ));
+        }
+        else {
+            $pdf = new PdfContribution($contribution, $this->zdb, $this->preferences);
+
+            $response = $this->response->withHeader('Content-type', 'application/pdf')
+                    ->withHeader('Content-Disposition', 'attachment;filename="' . $pdf->getFileName() . '"');
+            $response->write($pdf->download());
+        
+            return $response;
+        }
      }
  )->setName('printContribution')->add($authenticate);
diff --git a/galette/templates/default/gestion_contributions.tpl b/galette/templates/default/gestion_contributions.tpl

index d6675fedc91015b40c8ffa0769218ed3c862a774..62681ee3f560d315142638652a3db37b3cfa29c8 100644 (file)
--- a/galette/templates/default/gestion_contributions.tpl
+++ b/galette/templates/default/gestion_contributions.tpl
@@ -150,7 +150,7 @@
                      <th class="left">
                          {_T string="Duration"}
                      </th>
-{if ($login->isAdmin() or $login->isStaff()) and $mode neq 'ajax'}
+{if $mode neq 'ajax'}
                      <th class="nowrap actions_row">{_T string="Actions"}</th>
  {/if}
                  </tr>
@@ -216,7 +216,7 @@
                      <td class="{$cclass} nowrap" data-title="{_T string="Amount"}">{$contribution->amount}</td>
                      <td class="{$cclass} nowrap" data-title="{_T string="Payment type"}">{$contribution->spayment_type}</td>
                      <td class="{$cclass} nowrap" data-title="{_T string="Duration"}">{$contribution->duration}</td>
-    {if ($login->isAdmin() or $login->isStaff()) and $mode neq 'ajax'}
+    {if $mode neq 'ajax'}
                      <td class="{$cclass} center nowrap">
                          <a
                              href="{path_for name="printContribution" data=["id" => $contribution->id]}"
@@ -225,6 +225,7 @@
                              <i class="fas fa-file-pdf"></i>
                              <span class="sr-only">{_T string="Print an invoice or a receipt (depending on contribution type)"}</span>
                          </a>
+        {if ($login->isAdmin() or $login->isStaff()) and $mode neq 'ajax'}
                          {if $contribution->isCotis()}
                              {assign var="ctype" value="fee"}
                          {else}
@@ -244,6 +245,7 @@
                              <i class="fas fa-trash"></i>
                              <span class="sr-only">{_T string="Delete the contribution"}</span>
                          </a>
+        {/if}
                      </td>
      {/if}
                  </tr>
author	Nicolas Béhier-Dévigne <nbehierdevigne@gmail.com>
	Sun, 8 Mar 2020 08:44:01 +0000 (09:44 +0100)
committer	GitHub <noreply@github.com>
	Sun, 8 Mar 2020 08:44:01 +0000 (09:44 +0100)
galette/includes/dependencies.php		patch \| blob \| history
galette/includes/routes/contributions.routes.php		patch \| blob \| history
galette/templates/default/gestion_contributions.tpl		patch \| blob \| history