+--------------------------------------------------------------------+
| CiviCRM version 5 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2018 |
+ | Copyright CiviCRM LLC (c) 2004-2019 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2018
+ * @copyright CiviCRM LLC (c) 2004-2019
*/
/**
}
else {
$this->_workflow_id = CRM_Utils_Array::value('workflow_id', $this->_values);
+ $this->checkUserPermission($this->_workflow_id);
$this->assign('workflow_id', $this->_workflow_id);
if ($this->_workflow_id) {
}
if ($this->_action & CRM_Core_Action::DELETE) {
+ $this->assign('msg_title', $this->_values['msg_title']);
return;
}
}
}
+ /**
+ * Restrict users access based on permission
+ *
+ * @param int $workflowId
+ */
+ private function checkUserPermission($workflowId) {
+ if (isset($workflowId)) {
+ $canView = CRM_Core_Permission::check('edit system workflow message templates');
+ }
+ else {
+ $canView = CRM_Core_Permission::check('edit user-driven message templates');
+ }
+
+ if (!$canView && !CRM_Core_Permission::check('edit message templates')) {
+ CRM_Core_Session::setStatus(ts('You do not have permission to view requested page.'), ts('Access Denied'));
+ $url = CRM_Utils_System::url('civicrm/admin/messageTemplates', "reset=1");
+ CRM_Utils_System::redirect($url);
+ }
+ }
+
/**
* Global form rule.
*
projects / civicrm-core.git / blobdiff