Merge pull request #24186 from colemanw/groupContactPerm

APIv4 - Fix GroupContact permission to use standard ACLs

CRM/Contact/BAO/GroupContact.php

@@ -20,6 +20,7 @@
  * @copyright CiviCRM LLC https://civicrm.org/licensing
  */
 class CRM_Contact_BAO_GroupContact extends CRM_Contact_DAO_GroupContact implements HookInterface {
+  use CRM_Contact_AccessTrait;
 
   /**
    * Deprecated add function

CRM/Core/Permission.php

@@ -1277,7 +1277,9 @@ public static function getEntityActionPermissions() {
     $permissions['group_nesting'] = $permissions['group'];
     $permissions['group_organization'] = $permissions['group'];
 
-    //Group Contact permission
+    // Note: The v3 GroupContact API is nonstandard and not easy to fix, so these permissions
+    // are unnecessarily strict for v3. The v4 API overrides them.
+    // @see Civi\Api4\GroupContact::permissions
     $permissions['group_contact'] = [
       'get' => [
         'access CiviCRM',

Civi/Api4/GroupContact.php

@@ -71,4 +71,16 @@ public static function getInfo() {
     return $info;
   }
 
+  /**
+   * Returns a list of permissions needed to access the various actions in this api.
+   *
+   * @return array
+   */
+  public static function permissions() {
+    // Override CRM_Core_Permission::getEntityActionPermissions() because the v3 API is nonstandard
+    return [
+      'default' => ['access CiviCRM'],
+    ];
+  }
+
 }

tests/phpunit/api/v3/ACLPermissionTest.php

@@ -210,6 +210,10 @@ public function testRelatedEntityPermissions(int $version): void {
         'location_type_id' => 1,
       ],
     ];
+    // v3 GroupContact API is nonstandard
+    if ($version === 4) {
+      $testEntities['GroupContact'] = ['group_id' => $this->groupCreate()];
+    }
     foreach ($testEntities as $entity => $params) {
       $params += [
         'contact_id' => $disallowedContact,