[CRM-8061] Don't check API 3 permissions by default (except for REST calls) - CiviCRM Issue Tracker

Details

Type: Sub-task
Status: Done/Fixed
Priority: Trivial
Resolution: Fixed/Completed
Affects Version/s: 3.4.1, 4.0.1
Fix Version/s: 3.4.2, 4.0.2
Component/s: CiviCRM API
Labels:
None

Description

API 3 permissions, as implemented in CiviCRM 3.4.1/4.0.1, kick in unless $params['check_permissions'] is explicitly set to false for all API calls. This means that API calls made in anonymous context will fail the permission check (unless anonymous users have all the relevant permissions OR the API calls set check_permissions to false).

1. Revert this decision and check permissions only if check_permissions = true.
2. Enforce check_permissions = true for REST calls.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

CRM-8061.diff
2011-05-09 11:30
0.7 kB
Piotr Szotkowski

Activity

People

Assignee:

Piotr Szotkowski

Reporter:

Piotr Szotkowski

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2011-05-09 10:29

Updated:

2011-05-13 11:31

Resolved:

2011-05-13 11:31