From 69b159c8657fd31b1bae5cedaeb18be0ae6f6a47 Mon Sep 17 00:00:00 2001 From: Michael McAndrew Date: Mon, 12 Mar 2018 21:04:05 +0000 Subject: [PATCH] Adding Send SMS permission + test + upgrade message --- CRM/Activity/BAO/Activity.php | 4 +++- CRM/Activity/Form/ActivityLinks.php | 2 +- CRM/Contact/Task.php | 3 ++- CRM/Core/Permission.php | 4 ++++ CRM/Core/xml/Menu/Admin.xml | 2 +- CRM/Core/xml/Menu/Contact.xml | 1 + CRM/Mailing/Page/Browse.php | 16 ++++++++++++++++ CRM/Mailing/xml/Menu/Mailing.xml | 4 ++-- CRM/Upgrade/Incremental/php/FourSeven.php | 3 +++ .../phpunit/CRM/Activity/BAO/ActivityTest.php | 19 +++++++++++++++++++ xml/templates/civicrm_navigation.tpl | 6 +++--- 11 files changed, 55 insertions(+), 9 deletions(-) diff --git a/CRM/Activity/BAO/Activity.php b/CRM/Activity/BAO/Activity.php index ee2c1a02cb41..ae034dd090f3 100644 --- a/CRM/Activity/BAO/Activity.php +++ b/CRM/Activity/BAO/Activity.php @@ -1659,7 +1659,9 @@ public static function sendSMS( if ($userID == NULL) { $userID = CRM_Core_Session::getLoggedInContactID(); } - + if(!CRM_Core_Permission::check('send SMS')){ + throw new CRM_Core_Exception("You do not have the 'send SMS' permission"); + } $text = &$activityParams['sms_text_message']; // CRM-4575 diff --git a/CRM/Activity/Form/ActivityLinks.php b/CRM/Activity/Form/ActivityLinks.php index ee26e848c513..6f3a9a818e86 100644 --- a/CRM/Activity/Form/ActivityLinks.php +++ b/CRM/Activity/Form/ActivityLinks.php @@ -73,7 +73,7 @@ public static function commonBuildQuickForm($self) { } } elseif ($act['name'] == 'SMS') { - if (!$contactId || !CRM_SMS_BAO_Provider::activeProviderCount()) { + if (!$contactId || !CRM_SMS_BAO_Provider::activeProviderCount() || !CRM_Core_Permission::check('send SMS')) { continue; } // Check for existence of a mobile phone and ! do not SMS privacy setting diff --git a/CRM/Contact/Task.php b/CRM/Contact/Task.php index ffd09533fe16..d7b32b78a6ae 100644 --- a/CRM/Contact/Task.php +++ b/CRM/Contact/Task.php @@ -162,7 +162,7 @@ public static function tasks() { //CRM-16329, if SMS provider is configured show sms action. $providersCount = CRM_SMS_BAO_Provider::activeProviderCount(); - if ($providersCount) { + if ($providersCount && CRM_Core_Permission::check('send SMS')) { self::$_tasks[self::TASK_SMS] = array( 'title' => ts('SMS - schedule/send'), 'class' => 'CRM_Contact_Form_Task_SMS', @@ -308,6 +308,7 @@ public static function permissionedTaskTitles($permission, $params = array()) { ) { $tasks[self::CREATE_MAILING] = self::$_tasks[self::CREATE_MAILING]['title']; } + } $tasks = parent::corePermissionedTaskTitles($tasks, $permission, $params); diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index 36165e1da43a..b9f344975fc4 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -889,6 +889,10 @@ public static function getCorePermissions() { $prefix . ts('edit own api keys'), ts('Edit user\'s own API keys'), ), + 'send SMS' => array( + $prefix . ts('send SMS'), + ts('Send an SMS'), + ), ); return $permissions; diff --git a/CRM/Core/xml/Menu/Admin.xml b/CRM/Core/xml/Menu/Admin.xml index f6dcf0c614c2..23f09219a196 100644 --- a/CRM/Core/xml/Menu/Admin.xml +++ b/CRM/Core/xml/Menu/Admin.xml @@ -711,7 +711,7 @@ civicrm/sms/send New Mass SMS CRM_SMS_Controller_Send - administer CiviCRM + send SMS 1 610 diff --git a/CRM/Core/xml/Menu/Contact.xml b/CRM/Core/xml/Menu/Contact.xml index 092a67924b44..26bf51d30c0f 100644 --- a/CRM/Core/xml/Menu/Contact.xml +++ b/CRM/Core/xml/Menu/Contact.xml @@ -401,6 +401,7 @@ action=add Activities CRM_Contact_Form_Task_SMS + send SMS civicrm/ajax/contactrelationships diff --git a/CRM/Mailing/Page/Browse.php b/CRM/Mailing/Page/Browse.php index d5376a200fa2..f2afb009d5e3 100644 --- a/CRM/Mailing/Page/Browse.php +++ b/CRM/Mailing/Page/Browse.php @@ -83,6 +83,22 @@ public function preProcess() { $this->_unscheduled = $this->_archived = $archiveLinks = FALSE; $this->_mailingId = CRM_Utils_Request::retrieve('mid', 'Positive', $this); $this->_sms = CRM_Utils_Request::retrieve('sms', 'Positive', $this); + + if ($this->_sms) { + // if this is an SMS page, check that the user has permission to browse SMS + if (!CRM_Core_Permission::check('send SMS')) { + CRM_Core_Error::fatal(ts('You do not have permission to send SMS')); + } + } + else { + // If this is not an SMS page, check that the user has an appropriate + // permission (specific permissions have been copied from + // CRM/Mailing/xml/Menu/Mailing.xml) + if (!CRM_Core_Permission::check(array(array('access CiviMail', 'approve mailings', 'create mailings', 'schedule mailings')))) { + CRM_Core_Error::fatal(ts('You do not have permission to view this page.')); + } + } + $this->assign('sms', $this->_sms); // check that the user has permission to access mailing id CRM_Mailing_BAO_Mailing::checkPermission($this->_mailingId); diff --git a/CRM/Mailing/xml/Menu/Mailing.xml b/CRM/Mailing/xml/Menu/Mailing.xml index 33b9e501ea8c..639406b8af87 100644 --- a/CRM/Mailing/xml/Menu/Mailing.xml +++ b/CRM/Mailing/xml/Menu/Mailing.xml @@ -5,7 +5,7 @@ civicrm/mailing CiviMail CRM_Mailing_Page_Browse - access CiviMail;create mailings + access CiviMail;create mailings;send SMS 1 600 CiviMail @@ -71,7 +71,7 @@ Find Mailings scheduled=true CRM_Mailing_Page_Browse - access CiviMail;approve mailings;create mailings;schedule mailings + access CiviMail;approve mailings;create mailings;schedule mailings;send SMS 1 620 diff --git a/CRM/Upgrade/Incremental/php/FourSeven.php b/CRM/Upgrade/Incremental/php/FourSeven.php index b0eefdd4cb33..609a2e4465dc 100644 --- a/CRM/Upgrade/Incremental/php/FourSeven.php +++ b/CRM/Upgrade/Incremental/php/FourSeven.php @@ -82,6 +82,9 @@ public function setPreUpgradeMessage(&$preUpgradeMessage, $rev, $currentVer = NU ); $preUpgradeMessage .= '

' . ts('A new set of batch permissions has been added called "%1", "%2", "%3" and "%4". These permissions are now used to control access to the Accounting Batches tasks. If your users need to be able to Reopen or Close batches you may need to give them additional permissions. Read more', $params) . '

'; } + if ($rev == '4.7.32') { + $preUpgradeMessage .= '

' . ts('A new %1 permission has been added. It is not granted by default. If you use SMS, you may wish to review your permissions.', array(1 => 'send SMS')) . '

'; + } } /** diff --git a/tests/phpunit/CRM/Activity/BAO/ActivityTest.php b/tests/phpunit/CRM/Activity/BAO/ActivityTest.php index 7379e9dc1d3b..98a5433bec06 100644 --- a/tests/phpunit/CRM/Activity/BAO/ActivityTest.php +++ b/tests/phpunit/CRM/Activity/BAO/ActivityTest.php @@ -1135,4 +1135,23 @@ public function testSendEmailWithCampaign() { $this->assertEquals($activity['campaign_id'], $campaign_id, 'Activity campaign_id does not match.'); } + /** + * @expectedException CRM_Core_Exception + * @expectedExceptionMessage You do not have the 'send SMS' permission + */ + public function testSendSMSWithoutPermission() { + $dummy = NULL; + $session = CRM_Core_Session::singleton(); + $config = &CRM_Core_Config::singleton(); + $config->userPermissionClass->permissions = array('access CiviCRM'); + + CRM_Activity_BAO_Activity::sendSMS( + $dummy, + $dummy, + $dummy, + $dummy, + $session->get('userID') + ); + } + } diff --git a/xml/templates/civicrm_navigation.tpl b/xml/templates/civicrm_navigation.tpl index 3d41ee51fc4a..d8992089116f 100644 --- a/xml/templates/civicrm_navigation.tpl +++ b/xml/templates/civicrm_navigation.tpl @@ -187,7 +187,7 @@ VALUES INSERT INTO civicrm_navigation ( domain_id, url, label, name, permission, permission_operator, parent_id, is_active, has_separator, weight ) VALUES - ( @domainID, NULL, '{ts escape="sql" skip="true"}Mailings{/ts}', 'Mailings', 'access CiviMail,create mailings,approve mailings,schedule mailings', 'OR', NULL, '1', NULL, 50 ); + ( @domainID, NULL, '{ts escape="sql" skip="true"}Mailings{/ts}', 'Mailings', 'access CiviMail,create mailings,approve mailings,schedule mailings,send SMS', 'OR', NULL, '1', NULL, 50 ); SET @mailinglastID:=LAST_INSERT_ID(); INSERT INTO civicrm_navigation @@ -201,8 +201,8 @@ VALUES ( @domainID, 'civicrm/admin/component?reset=1', '{ts escape="sql" skip="true"}Headers, Footers, and Automated Messages{/ts}', 'Headers, Footers, and Automated Messages', 'access CiviMail,administer CiviCRM', 'AND', @mailinglastID, '1', NULL, 6 ), ( @domainID, 'civicrm/admin/messageTemplates?reset=1', '{ts escape="sql" skip="true"}Message Templates{/ts}', 'Message Templates', 'edit message templates', '', @mailinglastID, '1', NULL, 7 ), ( @domainID, 'civicrm/admin/options/from_email_address?reset=1', '{ts escape="sql" skip="true"}From Email Addresses{/ts}', 'From Email Addresses', 'administer CiviCRM', '', @mailinglastID, '1', 1, 8 ), - ( @domainID, 'civicrm/sms/send?reset=1', '{ts escape="sql" skip="true"}New SMS{/ts}', 'New SMS', 'administer CiviCRM', NULL, @mailinglastID, '1', NULL, 9 ), - ( @domainID, 'civicrm/mailing/browse?reset=1&sms=1', '{ts escape="sql" skip="true"}Find Mass SMS{/ts}', 'Find Mass SMS', 'administer CiviCRM', NULL, @mailinglastID, '1', 1, 10 ), + ( @domainID, 'civicrm/sms/send?reset=1', '{ts escape="sql" skip="true"}New SMS{/ts}', 'New SMS', 'send SMS', NULL, @mailinglastID, '1', NULL, 9 ), + ( @domainID, 'civicrm/mailing/browse?reset=1&sms=1', '{ts escape="sql" skip="true"}Find Mass SMS{/ts}', 'Find Mass SMS', 'send SMS', NULL, @mailinglastID, '1', 1, 10 ), ( @domainID, 'civicrm/a/#/abtest/new', '{ts escape="sql" skip="true"}New A/B Test{/ts}', 'New A/B Test', 'access CiviMail', '', @mailinglastID, '1', NULL, 15 ), ( @domainID, 'civicrm/a/#/abtest', '{ts escape="sql" skip="true"}Manage A/B Tests{/ts}', 'Manage A/B Tests', 'access CiviMail', '', @mailinglastID, '1', 1, 16 );