From: Coleman Watts <coleman@civicrm.org>
Date: Fri, 29 Jul 2022 01:24:57 +0000 (-0400)
Subject: APIv4 - Fix resolving pseudoconstants for less-permissioned users
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=05d4c0d2855d8eb46c65a61698c699ddda4119b8;p=civicrm-core.git

APIv4 - Fix resolving pseudoconstants for less-permissioned users

Fixes dev/core#3750
---

diff --git a/Civi/Api4/Utils/FormattingUtil.php b/Civi/Api4/Utils/FormattingUtil.php
index da1129ad4f..efacccb3de 100644
--- a/Civi/Api4/Utils/FormattingUtil.php
+++ b/Civi/Api4/Utils/FormattingUtil.php
@@ -265,7 +265,7 @@ class FormattingUtil {
     }
     // Fallback for option lists that exist in the api but not the BAO
     if (!isset($options) || $options === FALSE) {
-      $options = civicrm_api4($field['entity'], 'getFields', ['action' => $action, 'loadOptions' => ['id', $valueType], 'where' => [['name', '=', $field['name']]]])[0]['options'] ?? NULL;
+      $options = civicrm_api4($field['entity'], 'getFields', ['checkPermissions' => FALSE, 'action' => $action, 'loadOptions' => ['id', $valueType], 'where' => [['name', '=', $field['name']]]])[0]['options'] ?? NULL;
       $options = $options ? array_column($options, $valueType, 'id') : $options;
     }
     if (is_array($options)) {
diff --git a/tests/phpunit/api/v4/Entity/TagTest.php b/tests/phpunit/api/v4/Entity/TagTest.php
index 7aed01ce71..60640106d0 100644
--- a/tests/phpunit/api/v4/Entity/TagTest.php
+++ b/tests/phpunit/api/v4/Entity/TagTest.php
@@ -30,6 +30,10 @@ use Civi\Test\TransactionalInterface;
 class TagTest extends Api4TestBase implements TransactionalInterface {
 
   public function testTagFilter() {
+    // Ensure bypassing permissions works correctly by giving none to the logged-in user
+    $this->createLoggedInUser();
+    \CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
+
     $conTag = Tag::create(FALSE)
       ->addValue('name', uniqid('con'))
       ->addValue('used_for', 'civicrm_contact')