$permissions['group_organization'] = $permissions['group'];
// CiviMail Permissions
+ $civiMailBasePerms = array(
+ // To get/preview/update, one must have least one of these perms:
+ // Mailing API implementations enforce nuances of create/approve/schedule permissions.
+ 'access CiviMail',
+ 'create mailings',
+ 'schedule mailings',
+ 'approve mailings',
+ );
$permissions['mailing'] = array(
'get' => array(
'access CiviCRM',
- 'access CiviMail',
+ $civiMailBasePerms,
),
'delete' => array(
'access CiviCRM',
- 'access CiviMail',
+ $civiMailBasePerms,
'delete in CiviMail',
),
+ 'submit' => array(
+ 'access CiviCRM',
+ array('access CiviMail', 'schedule mailings'),
+ ),
'default' => array(
'access CiviCRM',
- 'access CiviMail',
+ $civiMailBasePerms,
),
);
$permissions['mailing_a_b'] = $permissions['mailing'];
public static function create(&$params, $ids = array()) {
// WTH $ids
if (empty($ids) && isset($params['id'])) {
- $ids['id'] = $params['id'];
+ $ids['mailing_id'] = $ids['id'] = $params['id'];
}
// CRM-12430
$fieldPerms = array();
foreach ($fieldNames as $fieldName) {
if ($fieldName == 'id') {
- $fieldPerms[$fieldName] = 'access CiviMail';
+ $fieldPerms[$fieldName] = array(
+ array('access CiviMail', 'schedule mailings', 'approve mailings', 'create mailings'), // OR
+ );
}
- if (in_array($fieldName, array('scheduled_date', 'scheduled_id'))) {
- $fieldPerms[$fieldName] = 'schedule mailings';
+ elseif (in_array($fieldName, array('scheduled_date', 'scheduled_id'))) {
+ $fieldPerms[$fieldName] = array(
+ array('access CiviMail', 'schedule mailings'), // OR
+ );
}
elseif (in_array($fieldName, array('approval_date', 'approver_id', 'approval_status_id', 'approval_note'))) {
- $fieldPerms[$fieldName] = 'approve mailings';
+ $fieldPerms[$fieldName] = array(
+ array('access CiviMail', 'approve mailings'), // OR
+ );
}
else {
- $fieldPerms[$fieldName] = 'create mailings';
+ $fieldPerms[$fieldName] = array(
+ array('access CiviMail', 'create mailings'), // OR
+ );
}
}
return $fieldPerms;
));
CRM_Core_Resources::singleton()->addPermissions(array(
'view all contacts',
+ 'access CiviMail',
'create mailings',
'schedule mailings',
'approve mailings',
*/
function civicrm_api3_mailing_create($params) {
if (CRM_Mailing_Info::workflowEnabled()) {
+ // Note: 'schedule mailings' and 'approve mailings' can update certain fields, but can't create.
+
+ if (empty($params['id'])) {
+ if (!CRM_Core_Permission::check('access CiviMail') && !CRM_Core_Permission::check('create mailings')) {
+ throw new \Civi\API\Exception\UnauthorizedException("Cannot create new mailing. Required permission: 'access CiviMail' or 'create mailings'");
+ }
+ }
+
$safeParams = array();
$fieldPerms = CRM_Mailing_BAO_Mailing::getWorkflowFieldPerms();
foreach (array_keys($params) as $field) {
// @param mailing Object (per APIv3)
// @return Promise an object with "subject", "body_text", "body_html"
preview: function preview(mailing) {
- if (CRM.crmMailing.workflowEnabled && !CRM.checkPerm('create mailings')) {
+ if (CRM.crmMailing.workflowEnabled && !CRM.checkPerm('create mailings') && !CRM.checkPerm('access CiviMail')) {
return crmApi('Mailing', 'preview', {id: mailing.id}).then(function(result) {
return result.values;
});
<div crm-ui-wizard>
- <div crm-ui-wizard-step="10" crm-title="ts('Content')" ng-form="contentForm" ng-if="checkPerm('create mailings')">
+ <div crm-ui-wizard-step="10" crm-title="ts('Content')" ng-form="contentForm" ng-if="checkPerm('create mailings') || checkPerm('access CiviMail')">
<div crm-mailing-block-summary crm-mailing="mailing"/>
<div crm-mailing-block-mailing crm-mailing="mailing"/>
<div crm-ui-accordion crm-title="ts('HTML')">
</div>
</div>
- <div crm-ui-wizard-step="20" crm-title="ts('Options')" ng-form="optionsForm" ng-if="checkPerm('create mailings')">
+ <div crm-ui-wizard-step="20" crm-title="ts('Options')" ng-form="optionsForm" ng-if="checkPerm('create mailings') || checkPerm('access CiviMail')">
<div crm-ui-accordion crm-title="ts('Responses')" crm-collapsed="true">
<div crm-mailing-block-responses crm-mailing="mailing"/>
</div>
</div>
</div>
- <div crm-ui-wizard-step="40" crm-title="ts('Review')" ng-form="schedForm" ng-if="checkPerm('schedule mailings')">
+ <div crm-ui-wizard-step="40" crm-title="ts('Review')" ng-form="schedForm" ng-if="checkPerm('schedule mailings') || checkPerm('access CiviMail')">
<div crm-ui-accordion crm-title="ts('Review')">
<div crm-mailing-block-review crm-mailing="mailing"/>
</div>
<div crm-ui-accordion crm-title="ts('Schedule')">
<div crm-mailing-block-schedule crm-mailing="mailing"/>
</div>
- <div crm-ui-accordion crm-title="ts('Approval')" ng-if="checkPerm('approve mailings')">
+ <div crm-ui-accordion crm-title="ts('Approval')" ng-if="checkPerm('approve mailings') || checkPerm('access CiviMail')">
<div crm-mailing-block-approve crm-mailing="mailing"/>
</div>
- <center ng-if="!checkPerm('approve mailings')">
+ <center ng-if="!checkPerm('approve mailings') && !checkPerm('access CiviMail')">
<a class="button crmMailing-submit-button" ng-click="submit()" ng-class="{blocking: block.check(), disabled: crmMailing.$invalid}">
<div>{{ts('Submit Mailing')}}</div>
</a>
</center>
- <center ng-if="checkPerm('approve mailings')">
+ <center ng-if="checkPerm('approve mailings') || checkPerm('access CiviMail')">
<a class="button crmMailing-submit-button" ng-click="approve('Approved')" ng-class="{blocking: block.check(), disabled: crmMailing.$invalid}">
<div>{{ts('Submit and Approve Mailing')}}</div>
</a>
projects / civicrm-core.git / commitdiff