return civicrm_api('MailingContact', 'getcount', $params);
}
+ /**
+ * Get a list of permissions required for CRUD'ing each field
+ * (when workflow is enabled).
+ *
+ * @return array
+ * Array (string $fieldName => string $permName)
+ */
+ public static function getWorkflowFieldPerms() {
+ $fieldNames = array_keys(CRM_Mailing_DAO_Mailing::fields());
+ $fieldPerms = array();
+ foreach ($fieldNames as $fieldName) {
+ if ($fieldName == 'id') {
+ $fieldPerms[$fieldName] = 'access CiviMail';
+ }
+ if (in_array($fieldName, array('scheduled_date', 'scheduled_id'))) {
+ $fieldPerms[$fieldName] = 'schedule mailings';
+ }
+ elseif (in_array($fieldName, array('approval_date', 'approver_id', 'approval_status_id', 'approval_note'))) {
+ $fieldPerms[$fieldName] = 'approve mailings';
+ }
+ else {
+ $fieldPerms[$fieldName] = 'create mailings';
+ }
+ }
+ return $fieldPerms;
+ }
+
}
*/
function civicrm_api3_mailing_create($params) {
if (CRM_Mailing_Info::workflowEnabled()) {
- if (!CRM_Core_Permission::check('create mailings')) {
- throw new \Civi\API\Exception\UnauthorizedException("This system uses advanced CiviMail workflows which require additional permissions");
- }
- if (!CRM_Core_Permission::check('schedule mailings')) {
- unset($params['scheduled_date']);
- unset($params['scheduled_id']);
- }
- if (!CRM_Core_Permission::check('approve mailings')) {
- unset($params['approval_date']);
- unset($params['approver_id']);
- unset($params['approval_status_id']);
- unset($params['approval_note']);
+ $safeParams = array();
+ $fieldPerms = CRM_Mailing_BAO_Mailing::getWorkflowFieldPerms();
+ foreach (array_keys($params) as $field) {
+ if (CRM_Core_Permission::check($fieldPerms[$field])) {
+ $safeParams[$field] = $params[$field];
+ }
}
}
- $params['_evil_bao_validator_'] = 'CRM_Mailing_BAO_Mailing::checkSendable';
- return _civicrm_api3_basic_create(_civicrm_api3_get_BAO(__FUNCTION__), $params);
+ else {
+ $safeParams = $params;
+ }
+ $safeParams['_evil_bao_validator_'] = 'CRM_Mailing_BAO_Mailing::checkSendable';
+ return _civicrm_api3_basic_create(_civicrm_api3_get_BAO(__FUNCTION__), $safeParams);
}
/**
// @param mailing Object (per APIv3)
// @return Promise an object with "subject", "body_text", "body_html"
preview: function preview(mailing) {
- var params = angular.extend({}, mailing, mailing.recipients, {
- options: {force_rollback: 1},
- 'api.Mailing.preview': {
- id: '$value.id'
- }
- });
- delete params.recipients; // the content was merged in
- return crmApi('Mailing', 'create', params).then(function (result) {
- // changes rolled back, so we don't care about updating mailing
- return result.values[result.id]['api.Mailing.preview'].values;
- });
+ if (CRM.crmMailing.workflowEnabled && !CRM.checkPerm('create mailings')) {
+ return crmApi('Mailing', 'preview', {id: mailing.id}).then(function(result) {
+ return result.values;
+ });
+ }
+ else {
+ // Protect against races in saving and previewing by chaining create+preview.
+ var params = angular.extend({}, mailing, mailing.recipients, {
+ options: {force_rollback: 1},
+ 'api.Mailing.preview': {
+ id: '$value.id'
+ }
+ });
+ delete params.recipients; // the content was merged in
+ return crmApi('Mailing', 'create', params).then(function(result) {
+ // changes rolled back, so we don't care about updating mailing
+ return result.values[result.id]['api.Mailing.preview'].values;
+ });
+ }
},
// @param mailing Object (per APIv3)
projects / civicrm-core.git / commitdiff