From 05d4c0d2855d8eb46c65a61698c699ddda4119b8 Mon Sep 17 00:00:00 2001 From: Coleman Watts Date: Thu, 28 Jul 2022 21:24:57 -0400 Subject: [PATCH] APIv4 - Fix resolving pseudoconstants for less-permissioned users Fixes dev/core#3750 --- Civi/Api4/Utils/FormattingUtil.php | 2 +- tests/phpunit/api/v4/Entity/TagTest.php | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Civi/Api4/Utils/FormattingUtil.php b/Civi/Api4/Utils/FormattingUtil.php index da1129ad4f..efacccb3de 100644 --- a/Civi/Api4/Utils/FormattingUtil.php +++ b/Civi/Api4/Utils/FormattingUtil.php @@ -265,7 +265,7 @@ class FormattingUtil { } // Fallback for option lists that exist in the api but not the BAO if (!isset($options) || $options === FALSE) { - $options = civicrm_api4($field['entity'], 'getFields', ['action' => $action, 'loadOptions' => ['id', $valueType], 'where' => [['name', '=', $field['name']]]])[0]['options'] ?? NULL; + $options = civicrm_api4($field['entity'], 'getFields', ['checkPermissions' => FALSE, 'action' => $action, 'loadOptions' => ['id', $valueType], 'where' => [['name', '=', $field['name']]]])[0]['options'] ?? NULL; $options = $options ? array_column($options, $valueType, 'id') : $options; } if (is_array($options)) { diff --git a/tests/phpunit/api/v4/Entity/TagTest.php b/tests/phpunit/api/v4/Entity/TagTest.php index 7aed01ce71..60640106d0 100644 --- a/tests/phpunit/api/v4/Entity/TagTest.php +++ b/tests/phpunit/api/v4/Entity/TagTest.php @@ -30,6 +30,10 @@ use Civi\Test\TransactionalInterface; class TagTest extends Api4TestBase implements TransactionalInterface { public function testTagFilter() { + // Ensure bypassing permissions works correctly by giving none to the logged-in user + $this->createLoggedInUser(); + \CRM_Core_Config::singleton()->userPermissionClass->permissions = []; + $conTag = Tag::create(FALSE) ->addValue('name', uniqid('con')) ->addValue('used_for', 'civicrm_contact') -- 2.25.1