From e36f7ee104aaf480812bcd905deaebfd05766aa7 Mon Sep 17 00:00:00 2001
From: Eileen McNaughton <emcnaughton@wikimedia.org>
Date: Mon, 18 Apr 2022 16:49:20 +1200
Subject: [PATCH] Initial  permission on UserJob

This adds
1) an acl so only the creator can access and
2) permits anyone with access CiviCRM to GET their
own jobs
3) permission on CREATE is set to administer civicrm

I am thinking that create might be too strict but
it might be better to start this way. Likewise we
probably want sysadmins to be able to access other
people's jobs but unless we have a plan now for
what permissions we want we can punt the question
by keeping these strict for now
---
 CRM/Core/BAO/UserJob.php | 16 ++++++++++++++++
 CRM/Core/Permission.php  | 12 ++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/CRM/Core/BAO/UserJob.php b/CRM/Core/BAO/UserJob.php
index 29e7a69897..5eaf41979e 100644
--- a/CRM/Core/BAO/UserJob.php
+++ b/CRM/Core/BAO/UserJob.php
@@ -20,6 +20,22 @@
  */
 class CRM_Core_BAO_UserJob extends CRM_Core_DAO_UserJob {
 
+  /**
+   * Restrict access to the relevant user.
+   *
+   * Note that it is likely we might want to permit other users such as
+   * sysadmins to access other people's user_jobs in future but it has been
+   * kept tightly restricted for initial simplicity (ie do we want to
+   * use an existing permission? a new permission ? do they require
+   * 'view all contacts' etc.
+   *
+   * @inheritDoc
+   */
+  public function addSelectWhereClause(): array {
+    $clauses['created_id'] = '= ' . (int) CRM_Core_Session::getLoggedInContactID();
+    return $clauses;
+  }
+
   /**
    * Get the statuses for Import Jobs.
    *
diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php
index 8645a83684..921e59549f 100644
--- a/CRM/Core/Permission.php
+++ b/CRM/Core/Permission.php
@@ -1543,6 +1543,18 @@ class CRM_Core_Permission {
     $permissions['option_value'] = $permissions['uf_group'];
     $permissions['option_group'] = $permissions['option_value'];
 
+    // User Job permissions - we access these using acls on the get action.
+    // For create it probably makes sense (at least initially) to be stricter
+    // as the forms doing the work can set the permission check to FALSE.
+    $permissions['user_job'] = [
+      'get' => [
+        'access CiviCRM',
+      ],
+      'default' => [
+        'administer CiviCRM',
+      ],
+    ];
+
     $permissions['custom_value'] = [
       'gettree' => ['access CiviCRM'],
     ];
-- 
2.25.1