Merge pull request #11679 from jitendrapurohit/CRM-21776

[civicrm-core.git] / CRM / Event / Form / Task.php

diff --git a/CRM/Event/Form/Task.php b/CRM/Event/Form/Task.php
index 1929edd6b8cc2930cd29078a0414d1239c14cbca..263a644cba8cf6e2151b74bda96cc8f5c35a938c 100644 (file)
--- a/CRM/Event/Form/Task.php
+++ b/CRM/Event/Form/Task.php
@@ -1,9 +1,9 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.7                                                |
+ | CiviCRM version 5                                                  |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2017                                |
+ | Copyright CiviCRM LLC (c) 2004-2018                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -28,7 +28,7 @@
 /**
  *
  * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2017
+ * @copyright CiviCRM LLC (c) 2004-2018
  * $Id$
  *
  */
@@ -88,8 +88,11 @@ class CRM_Event_Form_Task extends CRM_Core_Form {
     $values = $form->controller->exportValues($form->get('searchFormName'));
 
     $form->_task = $values['task'];
-    $eventTasks = CRM_Event_Task::tasks();
-    $form->assign('taskName', $eventTasks[$form->_task]);
+    $tasks = CRM_Event_Task::permissionedTaskTitles(CRM_Core_Permission::getPermission());
+    if (!array_key_exists($form->_task, $tasks)) {
+      CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
+    }
+    $form->assign('taskName', $tasks[$form->_task]);
 
     $ids = array();
     if ($values['radio_ts'] == 'ts_sel') {