From d508025123c373d9ec767df29fa10b25842fb13c Mon Sep 17 00:00:00 2001
From: Jon Goldberg <jon@megaphonetech.com>
Date: Thu, 16 Jun 2022 13:13:38 -0400
Subject: [PATCH] fixes core#3661: Don't check API permissions in
 CRM_Mailing_BAO_Mailing::getGroupNames()

---
 CRM/Mailing/BAO/Mailing.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/CRM/Mailing/BAO/Mailing.php b/CRM/Mailing/BAO/Mailing.php
index dbf54faa7b..d8fe328a9d 100644
--- a/CRM/Mailing/BAO/Mailing.php
+++ b/CRM/Mailing/BAO/Mailing.php
@@ -1413,7 +1413,12 @@ ORDER BY   civicrm_email.is_bulkmail DESC
       return [];
     }
 
-    $mailingGroups = \Civi\Api4\MailingGroup::get()
+    /*
+    This bypasses permissions to maintain compatibility with the SQL it replaced.  This should ideally not bypass
+    permissions in the future, but it's called by some extensions during mail processing, when cron isn't necessarily
+    called with a logged-in user.
+     */
+    $mailingGroups = \Civi\Api4\MailingGroup::get(FALSE)
       ->addSelect('group.title', 'group.frontend_title')
       ->addJoin('Group AS group', 'LEFT', ['entity_id', '=', 'group.id'])
       ->addWhere('mailing_id', '=', $this->id)
-- 
2.25.1