From f735f556b261b36af46496c6adc8bf1843e077ac Mon Sep 17 00:00:00 2001
From: Dave Jenkins <davej+git@circle-interactive.co.uk>
Date: Fri, 26 May 2017 18:34:51 +0100
Subject: [PATCH] Improve user checking for mailing reports

---
 CRM/Mailing/Page/Event.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CRM/Mailing/Page/Event.php b/CRM/Mailing/Page/Event.php
index e923ea8771..beb7ffb16d 100644
--- a/CRM/Mailing/Page/Event.php
+++ b/CRM/Mailing/Page/Event.php
@@ -63,6 +63,9 @@ class CRM_Mailing_Page_Event extends CRM_Core_Page {
 
     $mailing_id = CRM_Utils_Request::retrieve('mid', 'Positive', $this);
 
+    // check that the user has permission to access mailing id
+    CRM_Mailing_BAO_Mailing::checkPermission($mailing_id);
+
     //assign backurl
     $context = CRM_Utils_Request::retrieve('context', 'String', $this);
 
-- 
2.25.1