From: Coleman Watts <coleman@civicrm.org>
Date: Tue, 10 Aug 2021 20:53:48 +0000 (-0400)
Subject: Fix search display access for non-admin users
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=144025ae90306d7ca403fd2bb8269d474aadbb2e;p=civicrm-core.git

Fix search display access for non-admin users

Non-admin users should be allowed to view any search display that doesn't have permission checks disabled;
for those displays that disable permission checks, non-admins will only be able to view it if embedded in an afform.

Fixes dev/core#2737
---

diff --git a/Civi/Api4/SavedSearch.php b/Civi/Api4/SavedSearch.php
index 281de18020..ddf6704add 100644
--- a/Civi/Api4/SavedSearch.php
+++ b/Civi/Api4/SavedSearch.php
@@ -22,4 +22,10 @@ namespace Civi\Api4;
  */
 class SavedSearch extends Generic\DAOEntity {
 
+  public static function permissions() {
+    $permissions = parent::permissions();
+    $permissions['get'] = ['access CiviCRM'];
+    return $permissions;
+  }
+
 }
diff --git a/ext/search_kit/Civi/Api4/SearchDisplay.php b/ext/search_kit/Civi/Api4/SearchDisplay.php
index 3327eaa361..d07d52d6ea 100644
--- a/ext/search_kit/Civi/Api4/SearchDisplay.php
+++ b/ext/search_kit/Civi/Api4/SearchDisplay.php
@@ -32,6 +32,7 @@ class SearchDisplay extends Generic\DAOEntity {
   public static function permissions() {
     $permissions = parent::permissions();
     $permissions['default'] = ['administer CiviCRM data'];
+    $permissions['get'] = ['access CiviCRM'];
     $permissions['getSearchTasks'] = ['access CiviCRM'];
     // Permission for run action is checked internally
     $permissions['run'] = [];
diff --git a/ext/search_kit/tests/phpunit/api/v4/SearchDisplay/SearchRunTest.php b/ext/search_kit/tests/phpunit/api/v4/SearchDisplay/SearchRunTest.php
index bf0364a3cc..d833c17ff3 100644
--- a/ext/search_kit/tests/phpunit/api/v4/SearchDisplay/SearchRunTest.php
+++ b/ext/search_kit/tests/phpunit/api/v4/SearchDisplay/SearchRunTest.php
@@ -464,7 +464,7 @@ class SearchRunTest extends \PHPUnit\Framework\TestCase implements HeadlessInter
     }
     $this->assertStringContainsString('failed', $error);
 
-    $config->userPermissionClass->permissions = ['administer CiviCRM data'];
+    $config->userPermissionClass->permissions = ['access CiviCRM', 'administer CiviCRM data'];
 
     // Admins can edit the search and the display
     SavedSearch::update()->addWhere('name', '=', $searchName)