* @return void
*/
public function browse($action = NULL) {
+ //CRM-16777: Do not permit access to user, for page 'Administer->Communication->Schedule Reminder',
+ //when do not have 'administer CiviCRM' permission.
+ if (!CRM_Core_Permission::check('administer CiviCRM')) {
+ CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
+ }
+
// Get list of configured reminders
$reminderList = CRM_Core_BAO_ActionSchedule::getList();
'edit pledges',
),
);
+
+ //CRM-16777: Disable schedule reminder for user that have 'edit all events' and 'administer CiviCRM' permission.
+ $permissions['action_schedule'] = array(
+ 'update' => array(
+ array(
+ 'access CiviCRM',
+ 'edit all events',
+ ),
+ ),
+ );
+
$permissions['pledge_payment'] = array(
'create' => array(
'access CiviCRM',
return TRUE;
}
break;
+
+ //CRM-16777: Disable schedule reminder with ACLs.
+ case 'ActionSchedule':
+ $events = \CRM_Event_BAO_Event::getEvents();
+ $aclEdit = \CRM_ACL_API::group(\CRM_Core_Permission::EDIT, NULL, 'civicrm_event', $events);
+ $param = array('id'=>$apiRequest['params']['id']);
+ $eventId = \CRM_Core_BAO_ActionSchedule::retrieve($param, $value = array());
+ if (in_array($eventId->entity_value, $aclEdit)) {
+ return TRUE;
+ }
+ break;
}
return FALSE;
projects / civicrm-core.git / commitdiff