From: Coleman Watts <coleman@civicrm.org>
Date: Thu, 4 Nov 2021 19:42:31 +0000 (-0400)
Subject: SearchKit - Fix permission to access default display and download spreadsheets
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=dbd2175b7c6a86d1985f389b5b4de5a4df9f8dcc;p=civicrm-core.git

SearchKit - Fix permission to access default display and download spreadsheets

Intentionally setting these gatekeeper permissions fairly open as all of these actions
perform stricter permission checks internally.
---

diff --git a/ext/search_kit/Civi/Api4/SearchDisplay.php b/ext/search_kit/Civi/Api4/SearchDisplay.php
index 252786c3f9..8ab71220e8 100644
--- a/ext/search_kit/Civi/Api4/SearchDisplay.php
+++ b/ext/search_kit/Civi/Api4/SearchDisplay.php
@@ -52,10 +52,12 @@ class SearchDisplay extends Generic\DAOEntity {
   public static function permissions() {
     $permissions = parent::permissions();
     $permissions['default'] = ['administer CiviCRM data'];
-    $permissions['get'] = ['access CiviCRM'];
+    // Anyone with access to CiviCRM can view search displays (but not necessarily the results)
+    $permissions['get'] = $permissions['getDefault'] = ['access CiviCRM'];
+    // Anyone with access to CiviCRM can do search tasks (but not necessarily all of them)
     $permissions['getSearchTasks'] = ['access CiviCRM'];
-    // Permission for run action is checked internally
-    $permissions['run'] = [];
+    // Permission to run or download search results is checked internally
+    $permissions['run'] = $permissions['download'] = [];
     return $permissions;
   }