From 40a732a9fd31d7d6d1bbaf8cabb0d4d111edda81 Mon Sep 17 00:00:00 2001 From: Samson Alajede Date: Thu, 31 May 2018 12:41:50 +0100 Subject: [PATCH] dev/core#61 Split Edit Message Templates Permission (#11974) * dev/core#61 split edit message templates permission --- CRM/Admin/Form/MessageTemplates.php | 21 +++++++++++++++++++ CRM/Admin/Page/MessageTemplates.php | 3 +++ CRM/Core/Permission.php | 10 +++++++-- CRM/Core/xml/Menu/Admin.xml | 4 ++-- CRM/Upgrade/Incremental/php/FiveTwo.php | 12 +++++++---- templates/CRM/Admin/Page/MessageTemplates.tpl | 14 +++++++++++-- 6 files changed, 54 insertions(+), 10 deletions(-) diff --git a/CRM/Admin/Form/MessageTemplates.php b/CRM/Admin/Form/MessageTemplates.php index b980e17e72..d316d559e2 100644 --- a/CRM/Admin/Form/MessageTemplates.php +++ b/CRM/Admin/Form/MessageTemplates.php @@ -106,6 +106,7 @@ class CRM_Admin_Form_MessageTemplates extends CRM_Admin_Form { } else { $this->_workflow_id = CRM_Utils_Array::value('workflow_id', $this->_values); + $this->checkUserPermission($this->_workflow_id); $this->assign('workflow_id', $this->_workflow_id); if ($this->_workflow_id) { @@ -214,6 +215,26 @@ class CRM_Admin_Form_MessageTemplates extends CRM_Admin_Form { } } + /** + * Restrict users access based on permission + * + * @param int $workflowId + */ + private function checkUserPermission($workflowId) { + if (isset($workflowId)) { + $canView = CRM_Core_Permission::check('edit system workflow message templates'); + } + else { + $canView = CRM_Core_Permission::check('edit user-driven message templates'); + } + + if (!$canView && !CRM_Core_Permission::check('edit message templates')) { + CRM_Core_Session::setStatus(ts('You do not have permission to view requested page.'), ts('Access Denied')); + $url = CRM_Utils_System::url('civicrm/admin/messageTemplates', "reset=1"); + CRM_Utils_System::redirect($url); + } + } + /** * Global form rule. * diff --git a/CRM/Admin/Page/MessageTemplates.php b/CRM/Admin/Page/MessageTemplates.php index 8eefe4846b..1fdc8dc65a 100644 --- a/CRM/Admin/Page/MessageTemplates.php +++ b/CRM/Admin/Page/MessageTemplates.php @@ -289,6 +289,9 @@ class CRM_Admin_Page_MessageTemplates extends CRM_Core_Page_Basic { ); $this->assign('rows', $rows); + $this->assign('canEditSystemTemplates', CRM_Core_Permission::check('edit system workflow message templates')); + $this->assign('canEditMessageTemplates', CRM_Core_Permission::check('edit message templates')); + $this->assign('canEditUserDrivenMessageTemplates', CRM_Core_Permission::check('edit user-driven message templates')); } } diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index ce7d2b2bd6..ee7b49f69d 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -879,6 +879,12 @@ class CRM_Core_Permission { 'edit message templates' => array( $prefix . ts('edit message templates'), ), + 'edit system workflow message templates' => array( + $prefix . ts('edit system workflow message templates'), + ), + 'edit user-driven message templates' => array( + $prefix . ts('edit user-driven message templates'), + ), 'view my invoices' => array( $prefix . ts('view my invoices'), ts('Allow users to view/ download their own invoices'), @@ -1461,8 +1467,8 @@ class CRM_Core_Permission { $permissions['message_template'] = array( 'get' => array('access CiviCRM'), - 'create' => array('edit message templates'), - 'update' => array('edit message templates'), + 'create' => array('edit message templates', 'edit user-driven message templates', 'edit system workflow message templates'), + 'update' => array('edit message templates', 'edit user-driven message templates', 'edit system workflow message templates'), ); return $permissions; } diff --git a/CRM/Core/xml/Menu/Admin.xml b/CRM/Core/xml/Menu/Admin.xml index 23f09219a1..38377d0850 100644 --- a/CRM/Core/xml/Menu/Admin.xml +++ b/CRM/Core/xml/Menu/Admin.xml @@ -262,7 +262,7 @@ CRM_Admin_Page_MessageTemplates Communications admin/small/template.png - edit message templates + edit message templates;edit user-driven message templates;edit system workflow message templates 30 @@ -270,7 +270,7 @@ Message Templates Add/Edit Message Templates CRM_Admin_Form_MessageTemplates - edit message templates + edit message templates;edit user-driven message templates;edit system workflow message templates 262 diff --git a/CRM/Upgrade/Incremental/php/FiveTwo.php b/CRM/Upgrade/Incremental/php/FiveTwo.php index 9d74ea2b2c..f8f2c8bd9a 100644 --- a/CRM/Upgrade/Incremental/php/FiveTwo.php +++ b/CRM/Upgrade/Incremental/php/FiveTwo.php @@ -40,10 +40,14 @@ class CRM_Upgrade_Incremental_php_FiveTwo extends CRM_Upgrade_Incremental_Base { * @param null $currentVer */ public function setPreUpgradeMessage(&$preUpgradeMessage, $rev, $currentVer = NULL) { - // Example: Generate a pre-upgrade message. - // if ($rev == '5.12.34') { - // $preUpgradeMessage .= '

' . ts('A new permission has been added called %1 This Permission is now used to control access to the Manage Tags screen', array(1 => 'manage tags')) . '

'; - // } + if ($rev == '5.3.0') { + $params = array( + 1 => 'edit user-driven message templates', + 2 => 'edit system workflow message templates', + 3 => 'edit message templates', + ); + $preUpgradeMessage .= '

' . ts('New granular permissions called %1 and %2 have been added for %3 permission. These permissions help to limit user access per template', $params) . '

'; + } } /** diff --git a/templates/CRM/Admin/Page/MessageTemplates.tpl b/templates/CRM/Admin/Page/MessageTemplates.tpl index e1b86a7ac5..c8e41a24e4 100644 --- a/templates/CRM/Admin/Page/MessageTemplates.tpl +++ b/templates/CRM/Admin/Page/MessageTemplates.tpl @@ -89,14 +89,23 @@
{* create two selector tabs, first being the ‘user’ one, the second being the ‘workflow’ one *} {include file="CRM/common/enableDisableApi.tpl"} {include file="CRM/common/jsortable.tpl"} {foreach from=$rows item=template_row key=type} + {if ( + $type ne 'userTemplates' and ($canEditSystemTemplates or $canEditMessageTemplates) + ) or ( + $type eq 'userTemplates'and ($canEditUserDrivenMessageTemplates or $canEditMessageTemplates) + )}
{if $type eq 'userTemplates'} @@ -160,6 +169,7 @@ {/if}
+ {/if} {/foreach}
-- 2.25.1