From: Coleman Watts <coleman@civicrm.org>
Date: Tue, 27 Sep 2016 20:35:09 +0000 (-0400)
Subject: CRM-19363 - Add price_set api permission checks
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=4f4052f638e8c05d6b297df4541bfd244dea24d2;p=civicrm-core.git

CRM-19363 - Add price_set api permission checks
---

diff --git a/CRM/Core/DAO/permissions.php b/CRM/Core/DAO/permissions.php
index 04ad1cfbbb..ca0790cbe7 100644
--- a/CRM/Core/DAO/permissions.php
+++ b/CRM/Core/DAO/permissions.php
@@ -305,6 +305,16 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
   // Loc block is only used for events
   $permissions['loc_block'] = $permissions['event'];
 
+  // Price sets are shared by several components, user needs access to at least one of them
+  $permissions['price_set'] = array(
+    'default' => array(
+      array('access CiviEvent', 'access CiviContribute', 'access CiviMember'),
+    ),
+    'get' => array(
+      array('access CiviCRM', 'view event info', 'make online contributions'),
+    ),
+  );
+
   // File permissions
   $permissions['file'] = array(
     'default' => array(