Merge pull request #21082 from colemanw/fixSearchKitPermissions

Fix search display access for non-admin users

Civi/Api4/SavedSearch.php

@@ -22,4 +22,10 @@
  */
 class SavedSearch extends Generic\DAOEntity {
 
+  public static function permissions() {
+    $permissions = parent::permissions();
+    $permissions['get'] = ['access CiviCRM'];
+    return $permissions;
+  }
+
 }

ext/search_kit/Civi/Api4/SearchDisplay.php

@@ -32,6 +32,7 @@ public static function getSearchTasks($checkPermissions = TRUE) {
   public static function permissions() {
     $permissions = parent::permissions();
     $permissions['default'] = ['administer CiviCRM data'];
+    $permissions['get'] = ['access CiviCRM'];
     $permissions['getSearchTasks'] = ['access CiviCRM'];
     // Permission for run action is checked internally
     $permissions['run'] = [];

ext/search_kit/tests/phpunit/api/v4/SearchDisplay/SearchRunTest.php

@@ -464,7 +464,7 @@ public function testWithACLBypass() {
     }
     $this->assertStringContainsString('failed', $error);
 
-    $config->userPermissionClass->permissions = ['administer CiviCRM data'];
+    $config->userPermissionClass->permissions = ['access CiviCRM', 'administer CiviCRM data'];
 
     // Admins can edit the search and the display
     SavedSearch::update()->addWhere('name', '=', $searchName)