X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FAdmin%2FForm%2FMessageTemplates.php;h=d316d559e26873e28c897d02afb3655863b759ca;hb=6a8366ea7767bc0bb2009e6113f7125167d0fc6f;hp=7e2330dc513710aa063d23037db8e1a37ad3984f;hpb=b71494d1e871ce2cca6db4902cb7e72daeb09ddc;p=civicrm-core.git

diff --git a/CRM/Admin/Form/MessageTemplates.php b/CRM/Admin/Form/MessageTemplates.php
index 7e2330dc51..d316d559e2 100644
--- a/CRM/Admin/Form/MessageTemplates.php
+++ b/CRM/Admin/Form/MessageTemplates.php
@@ -1,9 +1,9 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.7                                                |
+ | CiviCRM version 5                                                  |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2017                                |
+ | Copyright CiviCRM LLC (c) 2004-2018                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -28,7 +28,7 @@
 /**
  *
  * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2017
+ * @copyright CiviCRM LLC (c) 2004-2018
  */
 
 /**
@@ -106,6 +106,7 @@ class CRM_Admin_Form_MessageTemplates extends CRM_Admin_Form {
     }
     else {
       $this->_workflow_id = CRM_Utils_Array::value('workflow_id', $this->_values);
+      $this->checkUserPermission($this->_workflow_id);
       $this->assign('workflow_id', $this->_workflow_id);
 
       if ($this->_workflow_id) {
@@ -214,6 +215,26 @@ class CRM_Admin_Form_MessageTemplates extends CRM_Admin_Form {
     }
   }
 
+  /**
+   * Restrict users access based on permission
+   *
+   * @param int $workflowId
+   */
+  private function checkUserPermission($workflowId) {
+    if (isset($workflowId)) {
+      $canView = CRM_Core_Permission::check('edit system workflow message templates');
+    }
+    else {
+      $canView = CRM_Core_Permission::check('edit user-driven message templates');
+    }
+
+    if (!$canView && !CRM_Core_Permission::check('edit message templates')) {
+      CRM_Core_Session::setStatus(ts('You do not have permission to view requested page.'), ts('Access Denied'));
+      $url = CRM_Utils_System::url('civicrm/admin/messageTemplates', "reset=1");
+      CRM_Utils_System::redirect($url);
+    }
+  }
+
   /**
    * Global form rule.
    *