From: Tim Otten <totten@civicrm.org>
Date: Wed, 4 Mar 2015 00:10:41 +0000 (-0800)
Subject: CRM-15854 - MailingAB API - Restrict to 'access CiviMail'
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=19837ef28167508e904e5aa379f0e97af4acdb28;p=civicrm-core.git

CRM-15854 - MailingAB API - Restrict to 'access CiviMail'

We haven't thought through how it would work with workflow-based
permissions.
---

diff --git a/CRM/Core/DAO/permissions.php b/CRM/Core/DAO/permissions.php
index 295c82566e..dcc5f18d51 100644
--- a/CRM/Core/DAO/permissions.php
+++ b/CRM/Core/DAO/permissions.php
@@ -265,11 +265,30 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
       $civiMailBasePerms,
     ),
   );
-  $permissions['mailing_a_b'] = $permissions['mailing'];
   $permissions['mailing_group'] = $permissions['mailing'];
   $permissions['mailing_job'] = $permissions['mailing'];
   $permissions['mailing_recipients'] = $permissions['mailing'];
 
+  $permissions['mailing_a_b'] = array(
+    'get' => array(
+      'access CiviCRM',
+      'access CiviMail',
+    ),
+    'delete' => array(
+      'access CiviCRM',
+      'access CiviMail',
+      'delete in CiviMail',
+    ),
+    'submit' => array(
+      'access CiviCRM',
+      array('access CiviMail', 'schedule mailings'),
+    ),
+    'default' => array(
+      'access CiviCRM',
+      'access CiviMail',
+    ),
+  );
+
   // Membership permissions
   $permissions['membership'] = array(
     'get' => array(