projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 29cf997)
SearchKit - Pass entire record into `checkAccess`
authorColeman Watts <coleman@civicrm.org>
Sat, 1 Apr 2023 15:15:22 +0000 (11:15 -0400)
committerColeman Watts <coleman@civicrm.org>
Sat, 1 Apr 2023 15:15:56 +0000 (11:15 -0400)
For efficiency it's best to pass all available data into the `checkAccess` action to avoid unnecessary
db lookups. This ensures the full record is passed in when checking access before enabling in-place edit.

ext/search_kit/Civi/Api4/Action/SearchDisplay/AbstractRunAction.php patch | blob | blame | history

diff --git a/ext/search_kit/Civi/Api4/Action/SearchDisplay/AbstractRunAction.php b/ext/search_kit/Civi/Api4/Action/SearchDisplay/AbstractRunAction.php
index 8017b91b07f47cbf8c8110e18c2c0883bcfd6585..476b116109ca09e6cbf523f5c8efc074b6f9f220 100644 (file)
--- a/ext/search_kit/Civi/Api4/Action/SearchDisplay/AbstractRunAction.php
+++ b/ext/search_kit/Civi/Api4/Action/SearchDisplay/AbstractRunAction.php
@@ -612,12 +612,13 @@ abstract class AbstractRunAction extends \Civi\Api4\Generic\AbstractAction {
       if ($missingRequiredFields->count() || count($vals) === 1) {
         return NULL;
       }
+      $entityValues = $editable['record'];
     }
     // Ensure current user has access
     if ($editable['record']) {
       $access = civicrm_api4($editable['entity'], 'checkAccess', [
         'action' => $editable['action'],
-        'values' => $editable['record'],
+        'values' => $entityValues,
       ], 0)['access'];
       if ($access) {
         // Remove info that's for internal use only