SearchKit - Fix viewing search display for anonymous user

author Coleman Watts <coleman@civicrm.org>

Fri, 5 Aug 2022 13:55:03 +0000 (09:55 -0400)

committer Tim Otten <totten@civicrm.org>

Mon, 8 Aug 2022 21:21:19 +0000 (14:21 -0700)
author Coleman Watts <coleman@civicrm.org>
Fri, 5 Aug 2022 13:55:03 +0000 (09:55 -0400)
committer Tim Otten <totten@civicrm.org>
Mon, 8 Aug 2022 21:21:19 +0000 (14:21 -0700)
diff --git a/CRM/Api4/Permission.php b/CRM/Api4/Permission.php

index c179ad57c023ce094545c3806935ba0f93b5df2e..fa8d0ecca05d467204edc1df2459a8aecbe47404 100644 (file)
--- a/CRM/Api4/Permission.php
+++ b/CRM/Api4/Permission.php
@@ -22,17 +22,29 @@
  class CRM_Api4_Permission {
  
    public static function check() {
-    $config = CRM_Core_Config::singleton();
-    $urlPath = explode('/', $_GET[$config->userFrameworkURLVar]);
-    $permissions = [
+    $urlPath = explode('/', CRM_Utils_System::currentPath());
+    $defaultPermissions = [
        ['access CiviCRM', 'access AJAX API'],
      ];
      if (!empty($urlPath[3])) {
        $entity = $urlPath[3];
        $action = $urlPath[4];
+      $permissions = $defaultPermissions;
        CRM_Utils_Hook::alterApiRoutePermissions($permissions, $entity, $action);
+      return CRM_Core_Permission::check($permissions);
+    }
+    else {
+      $calls = CRM_Utils_Request::retrieve('calls', 'String', CRM_Core_DAO::$_nullObject, TRUE, NULL, 'POST');
+      $calls = json_decode($calls, TRUE);
+      foreach ($calls as $call) {
+        $permissions = $defaultPermissions;
+        CRM_Utils_Hook::alterApiRoutePermissions($permissions, $call[0], $call[1]);
+        if (!CRM_Core_Permission::check($permissions)) {
+          return FALSE;
+        }
+      }
+      return TRUE;
      }
-    return CRM_Core_Permission::check($permissions);
    }
  
  }
author	Coleman Watts <coleman@civicrm.org>
	Fri, 5 Aug 2022 13:55:03 +0000 (09:55 -0400)
committer	Tim Otten <totten@civicrm.org>
	Mon, 8 Aug 2022 21:21:19 +0000 (14:21 -0700)