From e7d6f8f8e4cf3c6c0ed169e808634b9b3807e2f4 Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Wed, 5 Aug 2015 23:56:20 +0000
Subject: [PATCH] CRM-13644 Apply Permission Check for Group API 4.6

---
 CRM/ACL/API.php      | 3 +++
 CRM/Mailing/Info.php | 1 +
 api/v3/Group.php     | 9 +++++++--
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CRM/ACL/API.php b/CRM/ACL/API.php
index f3681b3fa8..675beb80de 100644
--- a/CRM/ACL/API.php
+++ b/CRM/ACL/API.php
@@ -227,6 +227,9 @@ class CRM_ACL_API {
       $groups = self::group($type, $contactID, $tableName, $allGroups, $includedGroups);
       $cache[$key] = $groups;
     }
+    if (empty($groups)) {
+      return FALSE;
+    }
 
     return in_array($groupID, $groups) ? TRUE : FALSE;
   }
diff --git a/CRM/Mailing/Info.php b/CRM/Mailing/Info.php
index 1905d16ed0..b38946c9df 100644
--- a/CRM/Mailing/Info.php
+++ b/CRM/Mailing/Info.php
@@ -117,6 +117,7 @@ class CRM_Mailing_Info extends CRM_Core_Component_Info {
 
     $groupNames = civicrm_api3('Group', 'get', $params + array(
       'is_active' => 1,
+      'check_permissions' => TRUE,
       'return' => array('title', 'visibility', 'group_type', 'is_hidden'),
     ));
     $headerfooterList = civicrm_api3('MailingComponent', 'get', $params + array(
diff --git a/api/v3/Group.php b/api/v3/Group.php
index a5d7cfeb23..d0fe9e99ad 100644
--- a/api/v3/Group.php
+++ b/api/v3/Group.php
@@ -71,13 +71,18 @@ function _civicrm_api3_group_create_spec(&$params) {
  */
 function civicrm_api3_group_get($params) {
   $options = _civicrm_api3_get_options_from_params($params, TRUE, 'Group', 'get');
-  if (empty($options['return']) || !in_array('member_count', $options['return'])) {
+  if ((empty($options['return']) || !in_array('member_count', $options['return'])) && empty($params['check_permissions'])) {
     return _civicrm_api3_basic_get(_civicrm_api3_get_BAO(__FUNCTION__), $params, TRUE, 'Group');
   }
 
   $groups = _civicrm_api3_basic_get(_civicrm_api3_get_BAO(__FUNCTION__), $params, FALSE, 'Group');
   foreach ($groups as $id => $group) {
-    $groups[$id]['member_count'] = CRM_Contact_BAO_Group::memberCount($id);
+    if(!empty($params['check_permissions']) && !CRM_Contact_BAO_Group::checkPermission($group['id'])) {
+      unset($groups[$id]);
+    }
+    elseif (!empty($options['return']) && in_array('member_count', $options['return'])) {
+      $groups[$id]['member_count'] = CRM_Contact_BAO_Group::memberCount($id);
+    }
   }
   return civicrm_api3_create_success($groups, $params, 'Group', 'get');
 }
-- 
2.25.1