From 7e67fdb7ff9daefb0d9e2eb17680b875f8bcb5af Mon Sep 17 00:00:00 2001
From: Coleman Watts <coleman@civicrm.org>
Date: Sun, 7 Jun 2020 19:11:46 -0400
Subject: [PATCH] APIv4 - filter getActions results based on user permissions

---
 Civi/Api4/Action/GetActions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Civi/Api4/Action/GetActions.php b/Civi/Api4/Action/GetActions.php
index 6ef4f3f52287..66b8966ade86 100644
--- a/Civi/Api4/Action/GetActions.php
+++ b/Civi/Api4/Action/GetActions.php
@@ -75,7 +75,7 @@ private function loadAction($actionName, $method = NULL) {
     try {
       if (!isset($this->_actions[$actionName]) && (!$this->_actionsToGet || in_array($actionName, $this->_actionsToGet))) {
         $action = \Civi\API\Request::create($this->getEntityName(), $actionName, ['version' => 4]);
-        if (is_object($action)) {
+        if (is_object($action) && (!$this->checkPermissions || $action->isAuthorized())) {
           $this->_actions[$actionName] = ['name' => $actionName];
           if ($this->_isFieldSelected('description', 'comment', 'see')) {
             $vars = ['entity' => $this->getEntityName(), 'action' => $actionName];