[CRM-20910] API call to Participant.get ignores check_permissons - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Major
Resolution: Fixed/Completed
Affects Version/s: 4.7.21
Fix Version/s: 4.7.24
Component/s: None
Labels:
- PatchSubmitted

Versioning Impact:
Patch (backwards-compatible bug fixes)
Documentation Required?:
None
Funding Source:
Needs Funding
Verified?:
No

Description

For an anonymous user, a call to the api (using PHP) for participants, e.g.:

eg. civicrm_api('Participant', 'get', array('version' => 3, event_id => ##)

will fail with a permission error. The default should be to set check_permissions to FALSE, but even with this set this call will ignore the flag and still fail.

Following the convoluted call stack, the request eventually ends up at https://github.com/civicrm/civicrm-core/blob/master/CRM/Contact/BAO/Query.php#L6123 where you can see the check_permissions flag is hardcoded to 1. This needs to take into account the params passed to the API call.

Attachments

Issue Links

links to

PR: civicrm-core#10698: CRM-20910: Check permission param while retrieving participants from api

Activity

People

Assignee:

Jitendra Purohit

Reporter:

Torrance

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2017-07-18 21:38

Updated:

2017-09-06 3:50

Resolved:

2017-09-06 3:49