Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-11853

Declare additional fields on api contact.get spec for when permissions are used

    Details

    • Type: Bug
    • Status: Done/Fixed
    • Priority: Trivial
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.3.0
    • Fix Version/s: 4.3.0
    • Component/s: None
    • Labels:
      None

      Description

      When 'check_permissions' is flagged in api v3 fields not declared in 'getfields' are filtered out to prevent people exploiting the extensive (undocumented) ability of contact.get to return other objects.

      Need to declare some more - group & tag to allow filtering by them

        Attachments

          Activity

            People

            • Assignee:
              eileen Eileen McNaughton
              Reporter:
              eileen Eileen McNaughton
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: