Open up permissions on Dedupe.getduplicates
Currently the action Dedupe.getduplicates is defaulting to 'administer CiviCRM'.
The function manages permissions internally (ie. you can't retrieve contacts you don't have permission to see)
so the function itself can have fairly open permissions - hence I went for 'access CiviCRM' rather than
'merge duplicate contacts' - it might even be argued this should be open & rely solely on contact ACLs but
I have not gone that far
This function is part of moving towards api based rather than form based logic. It is not in use in core yet
outside tests.
projects / civicrm-core.git / commit