Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[REF] Fixes a bug in Message Template create API where by user permissions checks were being done on system workflow messages #16788

Merged
merged 2 commits into from Mar 16, 2020
Merged

[REF] Fixes a bug in Message Template create API where by user permissions checks were being done on system workflow messages #16788

merged 2 commits into from Mar 16, 2020

Conversation

seamuslee001
Copy link
Contributor

@seamuslee001 seamuslee001 commented Mar 16, 2020
edited

Overview

This fixes a bug when creating a new system workflow message template i.e without an ID and with check_permissions turned on will cause the user message template permission to be checked incorrectly

Before

When user doesn't have edit all message template permission both system workflow and user workflow permissions are checked when adding a new system workflow tempalte

After

Only system workflow template permission is checked

ping @eileenmcnaughton

@civibot
Copy link

civibot bot commented Mar 16, 2020

(Standard links)

@civibot civibot bot added the master label Mar 16, 2020
@eileenmcnaughton
Copy link
Contributor

@seamuslee001 if you want to merge the other & then rebase this over the top of the other I'll approve it. I haven't tested but I think this is trivial enough that I'll just with your judgement on it.

@seamuslee001
[NFC] Add in unit test for creating a new system work flow message te…
98a6b50 
…mplate with only edit system workflow message templates permission
seamuslee001
seamuslee001 commented Mar 16, 2020
View reviewed changes
CRM/Core/BAO/MessageTemplate.php
}
if (!CRM_Core_Permission::check('edit user-driven message templates')) {
elseif (!CRM_Core_Permission::check('edit user-driven message templates')) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this needs to be elseif so that we don't run the check if workflow_id is set

@eileenmcnaughton
Copy link
Contributor

lol- 'wrong' and 'correct' mean?

@eileenmcnaughton
Copy link
Contributor

@seamuslee001 test fail is unrelated so that's all good - but could you flesh out 'wrong' & 'correct' above

@seamuslee001
Copy link
Contributor Author

Done

@eileenmcnaughton eileenmcnaughton merged commit 2ca1098 into master Mar 16, 2020
@eileenmcnaughton eileenmcnaughton deleted the msg_template_no_id branch March 16, 2020 05:12
@eileenmcnaughton
Copy link
Contributor

cool

@seamuslee001 seamuslee001 mentioned this pull request Mar 20, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
master
Projects
None yet
Milestone
No milestone
2 participants
@seamuslee001 @eileenmcnaughton