X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FAdmin%2FForm%2FMessageTemplates.php;h=d316d559e26873e28c897d02afb3655863b759ca;hb=80c2f8d77bcc103cdb9f8a6fb589fd154d6e8dc3;hp=b980e17e721bc8a364d0eee7a8c0644f01be0e9b;hpb=e98d91afdb1458e2de5f6c37310788f4820bb288;p=civicrm-core.git

diff --git a/CRM/Admin/Form/MessageTemplates.php b/CRM/Admin/Form/MessageTemplates.php
index b980e17e72..d316d559e2 100644
--- a/CRM/Admin/Form/MessageTemplates.php
+++ b/CRM/Admin/Form/MessageTemplates.php
@@ -106,6 +106,7 @@ class CRM_Admin_Form_MessageTemplates extends CRM_Admin_Form {
     }
     else {
       $this->_workflow_id = CRM_Utils_Array::value('workflow_id', $this->_values);
+      $this->checkUserPermission($this->_workflow_id);
       $this->assign('workflow_id', $this->_workflow_id);
 
       if ($this->_workflow_id) {
@@ -214,6 +215,26 @@ class CRM_Admin_Form_MessageTemplates extends CRM_Admin_Form {
     }
   }
 
+  /**
+   * Restrict users access based on permission
+   *
+   * @param int $workflowId
+   */
+  private function checkUserPermission($workflowId) {
+    if (isset($workflowId)) {
+      $canView = CRM_Core_Permission::check('edit system workflow message templates');
+    }
+    else {
+      $canView = CRM_Core_Permission::check('edit user-driven message templates');
+    }
+
+    if (!$canView && !CRM_Core_Permission::check('edit message templates')) {
+      CRM_Core_Session::setStatus(ts('You do not have permission to view requested page.'), ts('Access Denied'));
+      $url = CRM_Utils_System::url('civicrm/admin/messageTemplates', "reset=1");
+      CRM_Utils_System::redirect($url);
+    }
+  }
+
   /**
    * Global form rule.
    *