Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Trivial
-
Resolution: Won't Fix
-
Affects Version/s: 3.4.1
-
Fix Version/s: 4.4.0
-
Component/s: CiviCRM API
-
Labels:None
Description
API calls use both check_permission (in contact context to allow performing dedupe checks against the whole contact database, even if the caller is, for example, anonymous) and check_permissions to side-step the API permission checking.
This is most confusing and we need to find a way to clear up the confusion; tentative ideas:
1. Settle on check_permissions and do
if (!empty($params['check_permission'])) $params['check_permissions'] = $params['check_permission'];
in the API wrapper and all other places that end up calling dedupe.
2. Teach dedupe to honour check_permissions instead of check_permission.
3. Deprecate check_permission as of 4.2 at the earliest.