From: Dave Jenkins <davej+git@circle-interactive.co.uk>
Date: Fri, 26 May 2017 17:34:51 +0000 (+0100)
Subject: Improve user checking for mailing reports
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=f735f556b261b36af46496c6adc8bf1843e077ac;p=civicrm-core.git

Improve user checking for mailing reports
---

diff --git a/CRM/Mailing/Page/Event.php b/CRM/Mailing/Page/Event.php
index e923ea8771..beb7ffb16d 100644
--- a/CRM/Mailing/Page/Event.php
+++ b/CRM/Mailing/Page/Event.php
@@ -63,6 +63,9 @@ class CRM_Mailing_Page_Event extends CRM_Core_Page {
 
     $mailing_id = CRM_Utils_Request::retrieve('mid', 'Positive', $this);
 
+    // check that the user has permission to access mailing id
+    CRM_Mailing_BAO_Mailing::checkPermission($mailing_id);
+
     //assign backurl
     $context = CRM_Utils_Request::retrieve('context', 'String', $this);