}
else {
$this->_workflow_id = CRM_Utils_Array::value('workflow_id', $this->_values);
+ $this->checkUserPermission($this->_workflow_id);
$this->assign('workflow_id', $this->_workflow_id);
if ($this->_workflow_id) {
}
}
+ /**
+ * Restrict users access based on permission
+ *
+ * @param int $workflowId
+ */
+ private function checkUserPermission($workflowId) {
+ if (isset($workflowId)) {
+ $canView = CRM_Core_Permission::check('edit system workflow message templates');
+ }
+ else {
+ $canView = CRM_Core_Permission::check('edit user-driven message templates');
+ }
+
+ if (!$canView && !CRM_Core_Permission::check('edit message templates')) {
+ CRM_Core_Session::setStatus(ts('You do not have permission to view requested page.'), ts('Access Denied'));
+ $url = CRM_Utils_System::url('civicrm/admin/messageTemplates', "reset=1");
+ CRM_Utils_System::redirect($url);
+ }
+ }
+
/**
* Global form rule.
*
);
$this->assign('rows', $rows);
+ $this->assign('canEditSystemTemplates', CRM_Core_Permission::check('edit system workflow message templates'));
+ $this->assign('canEditMessageTemplates', CRM_Core_Permission::check('edit message templates'));
+ $this->assign('canEditUserDrivenMessageTemplates', CRM_Core_Permission::check('edit user-driven message templates'));
}
}
'edit message templates' => array(
$prefix . ts('edit message templates'),
),
+ 'edit system workflow message templates' => array(
+ $prefix . ts('edit system workflow message templates'),
+ ),
+ 'edit user-driven message templates' => array(
+ $prefix . ts('edit user-driven message templates'),
+ ),
'view my invoices' => array(
$prefix . ts('view my invoices'),
ts('Allow users to view/ download their own invoices'),
$permissions['message_template'] = array(
'get' => array('access CiviCRM'),
- 'create' => array('edit message templates'),
- 'update' => array('edit message templates'),
+ 'create' => array('edit message templates', 'edit user-driven message templates', 'edit system workflow message templates'),
+ 'update' => array('edit message templates', 'edit user-driven message templates', 'edit system workflow message templates'),
);
return $permissions;
}
<page_callback>CRM_Admin_Page_MessageTemplates</page_callback>
<adminGroup>Communications</adminGroup>
<icon>admin/small/template.png</icon>
- <access_arguments>edit message templates</access_arguments>
+ <access_arguments>edit message templates;edit user-driven message templates;edit system workflow message templates</access_arguments>
<weight>30</weight>
</item>
<item>
<title>Message Templates</title>
<desc>Add/Edit Message Templates</desc>
<page_callback>CRM_Admin_Form_MessageTemplates</page_callback>
- <access_arguments>edit message templates</access_arguments>
+ <access_arguments>edit message templates;edit user-driven message templates;edit system workflow message templates</access_arguments>
<weight>262</weight>
</item>
<item>
* @param null $currentVer
*/
public function setPreUpgradeMessage(&$preUpgradeMessage, $rev, $currentVer = NULL) {
- // Example: Generate a pre-upgrade message.
- // if ($rev == '5.12.34') {
- // $preUpgradeMessage .= '<p>' . ts('A new permission has been added called %1 This Permission is now used to control access to the Manage Tags screen', array(1 => 'manage tags')) . '</p>';
- // }
+ if ($rev == '5.3.0') {
+ $params = array(
+ 1 => 'edit user-driven message templates',
+ 2 => 'edit system workflow message templates',
+ 3 => 'edit message templates',
+ );
+ $preUpgradeMessage .= '<p>' . ts('New granular permissions called %1 and %2 have been added for %3 permission. These permissions help to limit user access per template', $params) . '</p>';
+ }
}
/**
<div class="crm-content-block crm-block">
<div id='mainTabContainer'>
<ul>
- <li id='tab_user'> <a href='#user' title='{ts}User-driven Messages{/ts}'> {ts}User-driven Messages{/ts} </a></li>
- <li id='tab_workflow'><a href='#workflow' title='{ts}System Workflow Messages{/ts}'>{ts}System Workflow Messages{/ts}</a></li>
+ {if $canEditUserDrivenMessageTemplates or $canEditMessageTemplates}
+ <li id='tab_user'><a href='#user' title='{ts}User-driven Messages{/ts}'>{ts}User-driven Messages{/ts}</a></li>
+ {/if}
+ {if $canEditSystemTemplates or $canEditMessageTemplates}
+ <li id='tab_workflow'><a href='#workflow' title='{ts}System Workflow Messages{/ts}'>{ts}System Workflow Messages{/ts}</a></li>
+ {/if}
</ul>
{* create two selector tabs, first being the ‘user’ one, the second being the ‘workflow’ one *}
{include file="CRM/common/enableDisableApi.tpl"}
{include file="CRM/common/jsortable.tpl"}
{foreach from=$rows item=template_row key=type}
+ {if (
+ $type ne 'userTemplates' and ($canEditSystemTemplates or $canEditMessageTemplates)
+ ) or (
+ $type eq 'userTemplates'and ($canEditUserDrivenMessageTemplates or $canEditMessageTemplates)
+ )}
<div id="{if $type eq 'userTemplates'}user{else}workflow{/if}" class='ui-tabs-panel ui-widget-content ui-corner-bottom'>
<div class="help">
{if $type eq 'userTemplates'}
{/if}
</div>
</div>
+ {/if}
{/foreach}
</div>
</div>
projects / civicrm-core.git / commitdiff