From 5bcf3e57a7382b0b610a6e99a5087078f93bf721 Mon Sep 17 00:00:00 2001
From: Dave Jenkins <davej+git@circle-interactive.co.uk>
Date: Fri, 26 May 2017 18:15:46 +0100
Subject: [PATCH] Improve user checking for mailing reports

---
 CRM/Mailing/Page/Event.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CRM/Mailing/Page/Event.php b/CRM/Mailing/Page/Event.php
index 100d43c0b1..8b0290a4eb 100644
--- a/CRM/Mailing/Page/Event.php
+++ b/CRM/Mailing/Page/Event.php
@@ -60,6 +60,9 @@ class CRM_Mailing_Page_Event extends CRM_Core_Page {
 
     $mailing_id = CRM_Utils_Request::retrieve('mid', 'Positive', $this);
 
+    // check that the user has permission to access mailing id
+    CRM_Mailing_BAO_Mailing::checkPermission($mailing_id);
+
     $context = CRM_Utils_Request::retrieve('context', 'String', $this);
 
     if ($context == 'activitySelector') {
-- 
2.25.1