Non-admin users should be allowed to view any search display that doesn't have permission checks disabled;
for those displays that disable permission checks, non-admins will only be able to view it if embedded in an afform.
Fixes dev/core#2737
*/
class SavedSearch extends Generic\DAOEntity {
+ public static function permissions() {
+ $permissions = parent::permissions();
+ $permissions['get'] = ['access CiviCRM'];
+ return $permissions;
+ }
+
}
public static function permissions() {
$permissions = parent::permissions();
$permissions['default'] = ['administer CiviCRM data'];
+ $permissions['get'] = ['access CiviCRM'];
$permissions['getSearchTasks'] = ['access CiviCRM'];
// Permission for run action is checked internally
$permissions['run'] = [];
}
$this->assertStringContainsString('failed', $error);
- $config->userPermissionClass->permissions = ['administer CiviCRM data'];
+ $config->userPermissionClass->permissions = ['access CiviCRM', 'administer CiviCRM data'];
// Admins can edit the search and the display
SavedSearch::update()->addWhere('name', '=', $searchName)
projects / civicrm-core.git / commitdiff