Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-11853

Declare additional fields on api contact.get spec for when permissions are used

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Trivial
          • Resolution: Fixed/Completed
          • Affects Version/s: 4.3.0
          • Fix Version/s: 4.3.0
          • Component/s: None
          • Labels:
            None

            Description

            When 'check_permissions' is flagged in api v3 fields not declared in 'getfields' are filtered out to prevent people exploiting the extensive (undocumented) ability of contact.get to return other objects.

            Need to declare some more - group & tag to allow filtering by them

              Attachments

                Activity

                  People

                  • Assignee:
                    eileen Eileen McNaughton
                    Reporter:
                    eileen Eileen McNaughton
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: