Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SearchKit - Fix anonymous access to running search displays #21752

Merged
merged 1 commit into from
Oct 6, 2021

Conversation

colemanw
Copy link
Member

@colemanw colemanw commented Oct 6, 2021

Overview

Recently SearchKit added the ability for anonymous users to access search displays. However, due to an oversight the feature doesn't actually work for anonymous users. This fixes the problem.

Technical Details

This is the same fix as used by afform_civicrm_alterApiRoutePermissions() to remove the barrier to entry for anonymous users.

Comments

It was decided that opening up apis to anonymous access one-at-a-time via this hook "feels safer" than doing it system-wide for all of APIv4. However there's no known reason why that can't be done, as each API action performs its own permission check right after this outer later, so it's pretty much redundant.

But to get this fixed in the RC, this is the lowest-risk solution.

This is the same fix as used by afform_civicrm_alterApiRoutePermissions()
to remove the barrier to entry for anonymous users.
@civibot
Copy link

civibot bot commented Oct 6, 2021

(Standard links)

@civibot civibot bot added the 5.42 label Oct 6, 2021
@rbaugh
Copy link

rbaugh commented Oct 6, 2021

This seems to fix the anonymous form we created as a test.

@seamuslee001 seamuslee001 merged commit aafd51d into civicrm:5.42 Oct 6, 2021
@seamuslee001 seamuslee001 deleted the searchKitPermissionFix branch October 6, 2021 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants