From 5b5ffb1196ff32f8cf15df277fe44957b0eef60e Mon Sep 17 00:00:00 2001
From: Matthew Wire <devel@mrwire.co.uk>
Date: Fri, 23 Mar 2018 13:26:33 +0000
Subject: [PATCH] CRM-21037 Permission check before anything else

---
 CRM/Activity/BAO/Activity.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/CRM/Activity/BAO/Activity.php b/CRM/Activity/BAO/Activity.php
index ab864e2500..381fb12831 100644
--- a/CRM/Activity/BAO/Activity.php
+++ b/CRM/Activity/BAO/Activity.php
@@ -1656,6 +1656,10 @@ LEFT JOIN civicrm_activity_contact src ON (src.activity_id = ac.activity_id AND
     &$contactIds = NULL,
     $sourceContactId = NULL
   ) {
+    if (!CRM_Core_Permission::check('send SMS')) {
+      throw new CRM_Core_Exception("You do not have the 'send SMS' permission");
+    }
+
     if (!isset($contactDetails) && !isset($contactIds)) {
       Throw new CRM_Core_Exception('You must specify either $contactDetails or $contactIds');
     }
@@ -1676,10 +1680,6 @@ LEFT JOIN civicrm_activity_contact src ON (src.activity_id = ac.activity_id AND
       }
     }
 
-    if (!CRM_Core_Permission::check('send SMS')) {
-      throw new CRM_Core_Exception("You do not have the 'send SMS' permission");
-    }
-
     // Get logged in User Id
     if (empty($sourceContactId)) {
       $sourceContactId = CRM_Core_Session::getLoggedInContactID();
-- 
2.25.1