Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-14880

Access trough REST to API does not use "API key" user permissions

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Fixed/Completed
          • Affects Version/s: 4.4.5
          • Fix Version/s: 4.5
          • Component/s: CiviCRM API
          • Labels:
            None

            Description

            Access to API trough rest in WordPress invoking [siteroot]/wp-content/plugins/civicrm/civicrm/extern/rest.php?... does not correctly check the permissions provided in the API key.
            As an example the command: http:/[siteroot]/wp-content/plugins/civicrm/civicrm/extern/rest.php?entity=contact&action=get&json=1&key=[sitekey]&api_key=[admin user API key] return blank values when executed from a blank browser session. If the user logs in beforehand the command executes correctly.
            Another check: granting anonymous WP user privileges allows the command to execute correctly.

              Attachments

                Activity

                  People

                  • Assignee:
                    atif.shaikh Atif Shaikh
                    Reporter:
                    lucastiv Luca Stivani
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: