From 00cadd8372ecda2a45bcecd23274014e6a3139d4 Mon Sep 17 00:00:00 2001
From: William Mortada <williammortada@thirdsectordesign.org>
Date: Wed, 12 Oct 2022 11:06:15 +0100
Subject: [PATCH] Fix permission for SubscriptionHistory

---
 Civi/Api4/SubscriptionHistory.php             | 11 ++++++
 .../api/v4/Entity/SubscriptionHistoryTest.php | 35 +++++++++++++++++++
 2 files changed, 46 insertions(+)

diff --git a/Civi/Api4/SubscriptionHistory.php b/Civi/Api4/SubscriptionHistory.php
index fd75e83ef5..364fc44c3a 100644
--- a/Civi/Api4/SubscriptionHistory.php
+++ b/Civi/Api4/SubscriptionHistory.php
@@ -19,4 +19,15 @@ namespace Civi\Api4;
  */
 class SubscriptionHistory extends Generic\DAOEntity {
 
+  /**
+   * @see \Civi\Api4\Generic\AbstractEntity::permissions()
+   * @return array
+   */
+  public static function permissions() {
+    // get permission is managed by ACLs
+    return [
+      'get' => [],
+    ];
+  }
+
 }
diff --git a/tests/phpunit/api/v4/Entity/SubscriptionHistoryTest.php b/tests/phpunit/api/v4/Entity/SubscriptionHistoryTest.php
index 94cb3aeb5f..1c7ae40609 100644
--- a/tests/phpunit/api/v4/Entity/SubscriptionHistoryTest.php
+++ b/tests/phpunit/api/v4/Entity/SubscriptionHistoryTest.php
@@ -62,4 +62,39 @@ class SubscriptionHistoryTest extends Api4TestBase {
     $this->assertLessThanOrEqual(time(), strtotime($historyRemoved->single()['date']));
   }
 
+  public function testGetPermissions() {
+    $this->createLoggedInUser();
+
+    $contact = $this->createTestRecord('Contact');
+    $group = $this->createTestRecord('Group');
+    $groupContact = $this->createTestRecord('GroupContact', [
+      'group_id' => $group['id'],
+      'contact_id' => $contact['id'],
+    ]);
+
+    \CRM_Core_Config::singleton()->userPermissionClass->permissions = [
+      'access CiviCRM',
+      'view all contacts',
+    ];
+
+    $historyAdded = SubscriptionHistory::get()
+      ->addSelect('*')
+      ->addWhere('group_id', '=', $group['id'])
+      ->addWhere('status', '=', 'Added')
+      ->addWhere('contact_id', '=', $contact['id'])
+      ->execute();
+    $this->assertCount(1, $historyAdded);
+
+    \CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
+
+    $historyAdded = SubscriptionHistory::get()
+      ->addSelect('*')
+      ->addWhere('group_id', '=', $group['id'])
+      ->addWhere('status', '=', 'Added')
+      ->addWhere('contact_id', '=', $contact['id'])
+      ->execute();
+    $this->assertCount(0, $historyAdded);
+
+  }
+
 }
-- 
2.25.1