Check for api_key to make sure it is a REST request and not a guest.

author Elin Waring <elin.waring@gmail.com>

Sat, 25 Apr 2015 20:47:04 +0000 (16:47 -0400)

committer Elin Waring <elin.waring@gmail.com>

Sat, 25 Apr 2015 20:47:04 +0000 (16:47 -0400)
author Elin Waring <elin.waring@gmail.com>
Sat, 25 Apr 2015 20:47:04 +0000 (16:47 -0400)
committer Elin Waring <elin.waring@gmail.com>
Sat, 25 Apr 2015 20:47:04 +0000 (16:47 -0400)
diff --git a/CRM/Core/Permission/Joomla.php b/CRM/Core/Permission/Joomla.php

index 925e397f540e568cfc8850e624737eee0c95d76a..0a4f7e0a0657aa8ec5e0a58e94dc2b08a0ca24db 100644 (file)
--- a/CRM/Core/Permission/Joomla.php
+++ b/CRM/Core/Permission/Joomla.php
@@ -62,18 +62,14 @@ class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base {
      // not execute hooks if joomla is not loaded
      if (defined('_JEXEC')) {
        $user = JFactory::getUser();
+      $api_key    = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
  
        // If we are coming from REST we don't have a user but we do have the api_key for a user.
-      if ($user->id === 0) {
+      if ($user->id === 0 && !is_null($api_key)) {
          // This is a codeblock copied from /Civicrm/Utils/REST
          $uid = NULL;
          if (!$uid) {
            $store      = NULL;
-          $api_key    = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
-
-          if (empty($api_key)) {
-            return CRM_Utils_Rest::error("FATAL: mandatory param 'api_key' (user key) missing");
-          }
  
            $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');
author	Elin Waring <elin.waring@gmail.com>
	Sat, 25 Apr 2015 20:47:04 +0000 (16:47 -0400)
committer	Elin Waring <elin.waring@gmail.com>
	Sat, 25 Apr 2015 20:47:04 +0000 (16:47 -0400)