diff --git a/CRM/Admin/Form/MessageTemplates.php b/CRM/Admin/Form/MessageTemplates.php index 6a0b2c86aa6..ba885e063f7 100644 --- a/CRM/Admin/Form/MessageTemplates.php +++ b/CRM/Admin/Form/MessageTemplates.php @@ -106,6 +106,7 @@ public function buildQuickForm() { } else { $this->_workflow_id = CRM_Utils_Array::value('workflow_id', $this->_values); + $this->checkUserPermission($this->_workflow_id); $this->assign('workflow_id', $this->_workflow_id); if ($this->_workflow_id) { @@ -214,6 +215,26 @@ public function buildQuickForm() { } } + /** + * Restrict users access based on permission + * + * @param int $workflowId + */ + private function checkUserPermission($workflowId) { + if (isset($workflowId)) { + $canView = CRM_Core_Permission::check('edit system workflow message templates'); + } + else { + $canView = CRM_Core_Permission::check('edit user-driven message templates'); + } + + if (!$canView && !CRM_Core_Permission::check('edit message templates')) { + CRM_Core_Session::setStatus(ts('You do not have permission to view requested page.'), ts('Access Denied')); + $url = CRM_Utils_System::url('civicrm/admin/messageTemplates', "reset=1"); + CRM_Utils_System::redirect($url); + } + } + /** * Global form rule. * diff --git a/CRM/Admin/Page/MessageTemplates.php b/CRM/Admin/Page/MessageTemplates.php index f4c1907f6bb..2ee335d19fc 100644 --- a/CRM/Admin/Page/MessageTemplates.php +++ b/CRM/Admin/Page/MessageTemplates.php @@ -289,6 +289,9 @@ public function browse() { ); $this->assign('rows', $rows); + $this->assign('canEditSystemTemplates', CRM_Core_Permission::check('edit system workflow message templates')); + $this->assign('canEditMessageTemplates', CRM_Core_Permission::check('edit message templates')); + $this->assign('canEditUserDrivenMessageTemplates', CRM_Core_Permission::check('edit user-driven message templates')); } } diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index b9f344975fc..6bb96d0301a 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -877,6 +877,12 @@ public static function getCorePermissions() { 'edit message templates' => array( $prefix . ts('edit message templates'), ), + 'edit system workflow message templates' => array( + $prefix . ts('edit system workflow message templates'), + ), + 'edit user-driven message templates' => array( + $prefix . ts('edit user-driven message templates'), + ), 'view my invoices' => array( $prefix . ts('view my invoices'), ts('Allow users to view/ download their own invoices'), @@ -1459,8 +1465,8 @@ public static function getEntityActionPermissions() { $permissions['message_template'] = array( 'get' => array('access CiviCRM'), - 'create' => array('edit message templates'), - 'update' => array('edit message templates'), + 'create' => array('edit message templates', 'edit user-driven message templates', 'edit system workflow message templates'), + 'update' => array('edit message templates', 'edit user-driven message templates', 'edit system workflow message templates'), ); return $permissions; } diff --git a/CRM/Core/xml/Menu/Admin.xml b/CRM/Core/xml/Menu/Admin.xml index 23f09219a19..38377d0850c 100644 --- a/CRM/Core/xml/Menu/Admin.xml +++ b/CRM/Core/xml/Menu/Admin.xml @@ -262,7 +262,7 @@ CRM_Admin_Page_MessageTemplates Communications admin/small/template.png - edit message templates + edit message templates;edit user-driven message templates;edit system workflow message templates 30 @@ -270,7 +270,7 @@ Message Templates Add/Edit Message Templates CRM_Admin_Form_MessageTemplates - edit message templates + edit message templates;edit user-driven message templates;edit system workflow message templates 262 diff --git a/CRM/Upgrade/Incremental/php/FiveTwo.php b/CRM/Upgrade/Incremental/php/FiveTwo.php index b4f14e452f0..c26a6b4b668 100644 --- a/CRM/Upgrade/Incremental/php/FiveTwo.php +++ b/CRM/Upgrade/Incremental/php/FiveTwo.php @@ -40,10 +40,14 @@ class CRM_Upgrade_Incremental_php_FiveTwo extends CRM_Upgrade_Incremental_Base { * @param null $currentVer */ public function setPreUpgradeMessage(&$preUpgradeMessage, $rev, $currentVer = NULL) { - // Example: Generate a pre-upgrade message. - // if ($rev == '5.12.34') { - // $preUpgradeMessage .= '

' . ts('A new permission has been added called %1 This Permission is now used to control access to the Manage Tags screen', array(1 => 'manage tags')) . '

'; - // } + if ($rev == '5.3.0') { + $params = array( + 1 => 'edit user-driven message templates', + 2 => 'edit system workflow message templates', + 3 => 'edit message templates', + ); + $preUpgradeMessage .= '

' . ts('New granular permissions called %1 and %2 have been added for %3 permission. These permissions help to limit user access per template', $params) . '

'; + } } /** diff --git a/templates/CRM/Admin/Page/MessageTemplates.tpl b/templates/CRM/Admin/Page/MessageTemplates.tpl index cabc8ba2a33..f22acea5302 100644 --- a/templates/CRM/Admin/Page/MessageTemplates.tpl +++ b/templates/CRM/Admin/Page/MessageTemplates.tpl @@ -89,14 +89,23 @@
{* create two selector tabs, first being the ‘user’ one, the second being the ‘workflow’ one *} {include file="CRM/common/enableDisableApi.tpl"} {include file="CRM/common/jsortable.tpl"} {foreach from=$rows item=template_row key=type} + {if ( + $type ne 'userTemplates' and ($canEditSystemTemplates or $canEditMessageTemplates) + ) or ( + $type eq 'userTemplates'and ($canEditUserDrivenMessageTemplates or $canEditMessageTemplates) + )}
{if $type eq 'userTemplates'} @@ -160,6 +169,7 @@ {/if}
+ {/if} {/foreach}