projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c1bd92) | patch
dev/core#690 - Civi\API - Add a check on entity_table existing
authorPatrick Figel <pfigel@greenpeace.org>
Tue, 5 Feb 2019 17:04:07 +0000 (18:04 +0100)
committerPatrick Figel <pfigel@greenpeace.org>
Tue, 5 Feb 2019 17:04:07 +0000 (18:04 +0100)
commit2ffa31a8952701e8f7d701d8efed86d663665702
tree3d21172e9c6f1eae02e2a761167eb6e98c12b1adtree | snapshot (zip tar.gz)
parent4c1bd923529d3e8fdf31c079c9e39edea08c6625commit | diff
dev/core#690 - Civi\API - Add a check on entity_table existing

This adds a check in DynamicFKAuthorization to verify that the
entity_table in the API request actually exists as a table.

Additionally, this changes a test case in api_v3_AttachmentTest to
enable permission checking. This is necessary because the change to
DynamicFKAuthorization means trusted API calls can now attach files
to *any* entity unless check_permissions is set, in which case it's
only possible for allowed delegates.
Civi/API/Subscriber/DynamicFKAuthorization.php diff | blob | blame | history
tests/phpunit/api/v3/AttachmentTest.php diff | blob | blame | history