* @throws \Civi\API\Exception\UnauthorizedException
*/
public function authorizeDelegate($action, $entityTable, $entityId, $apiRequest) {
+ if ($this->isTrusted($apiRequest)) {
+ return;
+ }
+
$entity = $this->getDelegatedEntityName($entityTable);
if (!$entity) {
throw new \API_Exception("Failed to run permission check: Unrecognized target entity table ($entityTable)");
throw new \Civi\API\Exception\UnauthorizedException("Authorization failed on ($entity): Missing entity_id");
}
- if ($this->isTrusted($apiRequest)) {
- return;
- }
-
/**
* @var \Exception $exception
*/
const FILE_FORBIDDEN_ID = 11;
+ const FILE_UNDELEGATED_ENTITY = 12;
+
const WIDGET_ID = 20;
const FORBIDDEN_ID = 30;
$this->assertRegExp($expectedError, $result['error_message']);
}
+ /**
+ * Test whether trusted API calls bypass the permission check
+ *
+ */
+ public function testNotDelegated() {
+ $entity = 'FakeFile';
+ $action = 'create';
+ $params = [
+ 'entity_id' => self::FILE_UNDELEGATED_ENTITY,
+ 'entity_table' => 'civicrm_membership',
+ 'version' => 3,
+ 'debug' => 1,
+ 'check_permissions' => 1,
+ ];
+ // run with permission check
+ $result = $this->kernel->run('FakeFile', 'create', $params);
+ $this->assertTrue((bool) $result['is_error'], 'Undelegated entity with check_permissions = 1 should fail');
+ $this->assertRegExp('/Unrecognized target entity table \(civicrm_membership\)/', $result['error_message']);
+ // repeat without permission check
+ $params['check_permissions'] = 0;
+ $result = $this->kernel->run('FakeFile', 'create', $params);
+ $this->assertFalse((bool) $result['is_error'], 'Undelegated entity with check_permissions = 0 should succeed');
+ }
+
}
projects / civicrm-core.git / commitdiff