SearchKit - Fix running searches for anonymous users #22597
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
(Standard links)
|
This function checks to see if a user has access to "get", but anonymous users might not even have access to check if they have access!
8d337cc to
ca7b044
Compare
checkEntityAccess for anonymous usersThe `checkPermissions` param was previously not getting copied into `$this->savedSearch['api_params']` which caused trouble for less- permissioned users, esp when the Run action is trying to internally load field metadata.
ffd5be6 to
2775280
Compare
|
@colemanw Seems all good to me. I did a bunch of testing. It definitely solves the original problem (i.e. won't display the results when doing a SearchKit+FormBuilder page as anonymous with ByPass permission if any join are defined). The patch was tested on CiviCRM 5.44. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Fixes SearchKit crash when displaying results to anonymous users.
Technical Details
Some internal api calls during the search Run process were incorrectly checking permissions when they shouldn't, causing errors and missing field data.