projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 194e85b) | patch
APIv4 - Allow creator to read `UserJob` and `Queue` records
authorTim Otten <totten@civicrm.org>
Sat, 4 Jun 2022 08:02:06 +0000 (01:02 -0700)
committerTim Otten <totten@civicrm.org>
Sat, 4 Jun 2022 08:10:49 +0000 (01:10 -0700)
commit9e10c913757133eb740bd92c18a978c3b9aee7fb
treef42d1db96ecfaede28716d0fd07a222065cb9ff3tree | snapshot (zip tar.gz)
parent194e85bb5e02afe22e481b8f725971525f0ea80fcommit | diff
APIv4 - Allow creator to read `UserJob` and `Queue` records

Before
------

* `Queue.get` requires permission `administer queues`
* `UserJob.*` requires permission `access CiviCRM`, but it only
   returns records if where the `created_id` matches current-user

After
-----

* `Queue.get` and `UserJob.*` follow similar rules
* Users with permission `administer queues` can view all
* Users with permission `access CiviCRM` can view items where `created_id` matches current-user
CRM/Core/BAO/UserJob.php diff | blob | blame | history
CRM/Queue/BAO/Queue.php diff | blob | blame | history
Civi/Api4/Queue.php diff | blob | blame | history