projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d4bda33)
SearchKit - Fix `checkEntityAccess` for anonymous users
authorColeman Watts <coleman@civicrm.org>
Fri, 21 Jan 2022 17:08:28 +0000 (12:08 -0500)
committerColeman Watts <coleman@civicrm.org>
Fri, 21 Jan 2022 17:18:29 +0000 (12:18 -0500)
This function checks to see if a user has access to "get",
but anonymous users might not even have access to check if they have access!

Civi/Api4/Query/Api4SelectQuery.php patch | blob | blame | history

diff --git a/Civi/Api4/Query/Api4SelectQuery.php b/Civi/Api4/Query/Api4SelectQuery.php
index 82b835d5c2eaccdfa13bd4ab03815d0eb22506ee..f08bbbf6be8efe2200dd69cb9f7cfe42ce6ed1b9 100644 (file)
--- a/Civi/Api4/Query/Api4SelectQuery.php
+++ b/Civi/Api4/Query/Api4SelectQuery.php
@@ -680,10 +680,16 @@ class Api4SelectQuery {
       return TRUE;
     }
     if (!isset($this->entityAccess[$entity])) {
-      $this->entityAccess[$entity] = (bool) civicrm_api4($entity, 'getActions', [
-        'where' => [['name', '=', 'get']],
-        'select' => ['name'],
-      ])->first();
+      try {
+        $this->entityAccess[$entity] = (bool) civicrm_api4($entity, 'getActions', [
+          'where' => [['name', '=', 'get']],
+          'select' => ['name'],
+        ])->first();
+      }
+      // Anonymous users might not even be allowed to use 'getActions'
+      catch (UnauthorizedException $e) {
+        $this->entityAccess[$entity] = FALSE;
+      }
     }
     return $this->entityAccess[$entity];
   }