From: Tim Otten <totten@civicrm.org>
Date: Tue, 3 Mar 2015 02:11:58 +0000 (-0800)
Subject: CRM-15854 - CiviMail workflow, new UI - Consistent interpretation of 'access CiviMail'
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=360d60971bcc6d36faa13d11d7a99b0ab1d02486;p=civicrm-core.git

CRM-15854 - CiviMail workflow, new UI - Consistent interpretation of 'access CiviMail'
---

diff --git a/CRM/Core/DAO/permissions.php b/CRM/Core/DAO/permissions.php
index bd31720c82..295c82566e 100644
--- a/CRM/Core/DAO/permissions.php
+++ b/CRM/Core/DAO/permissions.php
@@ -238,19 +238,31 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
   $permissions['group_organization'] = $permissions['group'];
 
   // CiviMail Permissions
+  $civiMailBasePerms = array(
+    // To get/preview/update, one must have least one of these perms:
+    // Mailing API implementations enforce nuances of create/approve/schedule permissions.
+    'access CiviMail',
+    'create mailings',
+    'schedule mailings',
+    'approve mailings',
+  );
   $permissions['mailing'] = array(
     'get' => array(
       'access CiviCRM',
-      'access CiviMail',
+      $civiMailBasePerms,
     ),
     'delete' => array(
       'access CiviCRM',
-      'access CiviMail',
+      $civiMailBasePerms,
       'delete in CiviMail',
     ),
+    'submit' => array(
+      'access CiviCRM',
+      array('access CiviMail', 'schedule mailings'),
+    ),
     'default' => array(
       'access CiviCRM',
-      'access CiviMail',
+      $civiMailBasePerms,
     ),
   );
   $permissions['mailing_a_b'] = $permissions['mailing'];
diff --git a/CRM/Mailing/BAO/Mailing.php b/CRM/Mailing/BAO/Mailing.php
index 998a4d74bb..19e43393c7 100644
--- a/CRM/Mailing/BAO/Mailing.php
+++ b/CRM/Mailing/BAO/Mailing.php
@@ -1610,7 +1610,7 @@ ORDER BY   civicrm_email.is_bulkmail DESC
   public static function create(&$params, $ids = array()) {
     // WTH $ids
     if (empty($ids) && isset($params['id'])) {
-      $ids['id'] = $params['id'];
+      $ids['mailing_id'] = $ids['id'] = $params['id'];
     }
 
     // CRM-12430
@@ -3144,16 +3144,24 @@ AND        m.id = %1
     $fieldPerms = array();
     foreach ($fieldNames as $fieldName) {
       if ($fieldName == 'id') {
-        $fieldPerms[$fieldName] = 'access CiviMail';
+        $fieldPerms[$fieldName] = array(
+          array('access CiviMail', 'schedule mailings', 'approve mailings', 'create mailings'), // OR
+        );
       }
-      if (in_array($fieldName, array('scheduled_date', 'scheduled_id'))) {
-        $fieldPerms[$fieldName] = 'schedule mailings';
+      elseif (in_array($fieldName, array('scheduled_date', 'scheduled_id'))) {
+        $fieldPerms[$fieldName] = array(
+          array('access CiviMail', 'schedule mailings'), // OR
+        );
       }
       elseif (in_array($fieldName, array('approval_date', 'approver_id', 'approval_status_id', 'approval_note'))) {
-        $fieldPerms[$fieldName] = 'approve mailings';
+        $fieldPerms[$fieldName] = array(
+          array('access CiviMail', 'approve mailings'), // OR
+        );
       }
       else {
-        $fieldPerms[$fieldName] = 'create mailings';
+        $fieldPerms[$fieldName] = array(
+          array('access CiviMail', 'create mailings'), // OR
+        );
       }
     }
     return $fieldPerms;
diff --git a/CRM/Mailing/Info.php b/CRM/Mailing/Info.php
index 8e306b9793..aefd0d23a4 100644
--- a/CRM/Mailing/Info.php
+++ b/CRM/Mailing/Info.php
@@ -149,6 +149,7 @@ class CRM_Mailing_Info extends CRM_Core_Component_Info {
     ));
     CRM_Core_Resources::singleton()->addPermissions(array(
       'view all contacts',
+      'access CiviMail',
       'create mailings',
       'schedule mailings',
       'approve mailings',
diff --git a/api/v3/Mailing.php b/api/v3/Mailing.php
index 46a808a98b..5d4e060802 100755
--- a/api/v3/Mailing.php
+++ b/api/v3/Mailing.php
@@ -44,6 +44,14 @@
  */
 function civicrm_api3_mailing_create($params) {
   if (CRM_Mailing_Info::workflowEnabled()) {
+    // Note: 'schedule mailings' and 'approve mailings' can update certain fields, but can't create.
+
+    if (empty($params['id'])) {
+      if (!CRM_Core_Permission::check('access CiviMail') && !CRM_Core_Permission::check('create mailings')) {
+        throw new \Civi\API\Exception\UnauthorizedException("Cannot create new mailing. Required permission: 'access CiviMail' or 'create mailings'");
+      }
+    }
+
     $safeParams = array();
     $fieldPerms = CRM_Mailing_BAO_Mailing::getWorkflowFieldPerms();
     foreach (array_keys($params) as $field) {
diff --git a/js/angular-crmMailing/services.js b/js/angular-crmMailing/services.js
index deafdc5b64..cca3255b7a 100644
--- a/js/angular-crmMailing/services.js
+++ b/js/angular-crmMailing/services.js
@@ -262,7 +262,7 @@
       // @param mailing Object (per APIv3)
       // @return Promise an object with "subject", "body_text", "body_html"
       preview: function preview(mailing) {
-        if (CRM.crmMailing.workflowEnabled && !CRM.checkPerm('create mailings')) {
+        if (CRM.crmMailing.workflowEnabled && !CRM.checkPerm('create mailings') && !CRM.checkPerm('access CiviMail')) {
           return crmApi('Mailing', 'preview', {id: mailing.id}).then(function(result) {
             return result.values;
           });
diff --git a/partials/crmMailing/edit-workflow.html b/partials/crmMailing/edit-workflow.html
index c0f1d6f921..7b00de8fb2 100644
--- a/partials/crmMailing/edit-workflow.html
+++ b/partials/crmMailing/edit-workflow.html
@@ -11,7 +11,7 @@
 
     <div crm-ui-wizard>
 
-      <div crm-ui-wizard-step="10" crm-title="ts('Content')" ng-form="contentForm" ng-if="checkPerm('create mailings')">
+      <div crm-ui-wizard-step="10" crm-title="ts('Content')" ng-form="contentForm" ng-if="checkPerm('create mailings') || checkPerm('access CiviMail')">
         <div crm-mailing-block-summary crm-mailing="mailing"/>
         <div crm-mailing-block-mailing crm-mailing="mailing"/>
         <div crm-ui-accordion crm-title="ts('HTML')">
@@ -32,7 +32,7 @@
         </div>
       </div>
 
-      <div crm-ui-wizard-step="20" crm-title="ts('Options')" ng-form="optionsForm" ng-if="checkPerm('create mailings')">
+      <div crm-ui-wizard-step="20" crm-title="ts('Options')" ng-form="optionsForm" ng-if="checkPerm('create mailings') || checkPerm('access CiviMail')">
         <div crm-ui-accordion crm-title="ts('Responses')" crm-collapsed="true">
           <div crm-mailing-block-responses crm-mailing="mailing"/>
         </div>
@@ -44,22 +44,22 @@
         </div>
       </div>
 
-      <div crm-ui-wizard-step="40" crm-title="ts('Review')" ng-form="schedForm" ng-if="checkPerm('schedule mailings')">
+      <div crm-ui-wizard-step="40" crm-title="ts('Review')" ng-form="schedForm" ng-if="checkPerm('schedule mailings') || checkPerm('access CiviMail')">
         <div crm-ui-accordion crm-title="ts('Review')">
           <div crm-mailing-block-review crm-mailing="mailing"/>
         </div>
         <div crm-ui-accordion crm-title="ts('Schedule')">
           <div crm-mailing-block-schedule crm-mailing="mailing"/>
         </div>
-        <div crm-ui-accordion crm-title="ts('Approval')" ng-if="checkPerm('approve mailings')">
+        <div crm-ui-accordion crm-title="ts('Approval')" ng-if="checkPerm('approve mailings') || checkPerm('access CiviMail')">
           <div crm-mailing-block-approve crm-mailing="mailing"/>
         </div>
-        <center ng-if="!checkPerm('approve mailings')">
+        <center ng-if="!checkPerm('approve mailings') && !checkPerm('access CiviMail')">
           <a class="button crmMailing-submit-button" ng-click="submit()" ng-class="{blocking: block.check(), disabled: crmMailing.$invalid}">
             <div>{{ts('Submit Mailing')}}</div>
           </a>
         </center>
-        <center ng-if="checkPerm('approve mailings')">
+        <center ng-if="checkPerm('approve mailings') || checkPerm('access CiviMail')">
           <a class="button crmMailing-submit-button" ng-click="approve('Approved')" ng-class="{blocking: block.check(), disabled: crmMailing.$invalid}">
             <div>{{ts('Submit and Approve Mailing')}}</div>
           </a>