Fix permission for SubscriptionHistory

Civi/Api4/SubscriptionHistory.php

@@ -19,4 +19,15 @@
  */
 class SubscriptionHistory extends Generic\DAOEntity {
 
+  /**
+   * @see \Civi\Api4\Generic\AbstractEntity::permissions()
+   * @return array
+   */
+  public static function permissions() {
+    // get permission is managed by ACLs
+    return [
+      'get' => [],
+    ];
+  }
+
 }

tests/phpunit/api/v4/Entity/SubscriptionHistoryTest.php

@@ -62,4 +62,43 @@ public function testGet() {
     $this->assertLessThanOrEqual(time(), strtotime($historyRemoved->single()['date']));
   }
 
+  public function testGetPermissions() {
+    $this->createLoggedInUser();
+
+    $contact = $this->createTestRecord('Contact');
+    $group = $this->createTestRecord('Group');
+    $groupContact = $this->createTestRecord('GroupContact', [
+      'group_id' => $group['id'],
+      'contact_id' => $contact['id'],
+    ]);
+
+    \CRM_Core_Config::singleton()->userPermissionClass->permissions = [
+      'access CiviCRM',
+      'view all contacts',
+    ];
+
+    $historyAdded = SubscriptionHistory::get()
+      ->addSelect('*')
+      ->addWhere('group_id', '=', $group['id'])
+      ->addWhere('status', '=', 'Added')
+      ->addWhere('contact_id', '=', $contact['id'])
+      ->execute();
+    $this->assertCount(1, $historyAdded);
+
+    \CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
+
+    try {
+      $historyAdded = SubscriptionHistory::get()
+        ->addSelect('*')
+        ->addWhere('group_id', '=', $group['id'])
+        ->addWhere('status', '=', 'Added')
+        ->addWhere('contact_id', '=', $contact['id'])
+        ->execute();
+      $this->assertCount(0, $historyAdded);
+    }
+    catch (UnauthorizedException $e) {
+    }
+
+  }
+
 }