Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-8011 API 3 permissions
  3. CRM-8104

Honour check_permissions at BAO level

          Details

          • Type: Sub-task
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Won't Fix
          • Affects Version/s: 3.4.1
          • Fix Version/s: Unscheduled
          • Component/s: CiviCRM API
          • Labels:
            None

            Description

            API permission check can be skipped by setting $params['check_permissions'] to false. However, this only skips the check done by civicrm_api3_check_contact_dedupe() - checks done by BAO methods that happen to be called by the API will still enforce the permissions.

            There isn't a simple way to fix this, as the permission skipping should probably be done at the CRM_Core_Permission_*::check() level; however, I can't think of a simple way to pass the $parms['check_permissions'] value there without heavy hacking of the codebase.

              Attachments

                Activity

                  People

                  • Assignee:
                    lobo Donald A. Lobo
                    Reporter:
                    shot Piotr Szotkowski
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: