Merge pull request #24203 from colemanw/fixTagFilter553

APIv4 - Fix resolving pseudoconstants for less-permissioned users
civicrm · Aug 10, 2022 · 7bdbd08 · 7bdbd08
2 parents fbe1bd6 + 05d4c0d
commit 7bdbd08
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/Civi/Api4/Utils/FormattingUtil.php b/Civi/Api4/Utils/FormattingUtil.php
@@ -265,7 +265,7 @@ public static function getPseudoconstantList(array $field, string $fieldAlias, $
     }
     // Fallback for option lists that exist in the api but not the BAO
     if (!isset($options) || $options === FALSE) {
-      $options = civicrm_api4($field['entity'], 'getFields', ['action' => $action, 'loadOptions' => ['id', $valueType], 'where' => [['name', '=', $field['name']]]])[0]['options'] ?? NULL;
+      $options = civicrm_api4($field['entity'], 'getFields', ['checkPermissions' => FALSE, 'action' => $action, 'loadOptions' => ['id', $valueType], 'where' => [['name', '=', $field['name']]]])[0]['options'] ?? NULL;
       $options = $options ? array_column($options, $valueType, 'id') : $options;
     }
     if (is_array($options)) {

diff --git a/tests/phpunit/api/v4/Entity/TagTest.php b/tests/phpunit/api/v4/Entity/TagTest.php
@@ -30,6 +30,10 @@
 class TagTest extends Api4TestBase implements TransactionalInterface {
 
   public function testTagFilter() {
+    // Ensure bypassing permissions works correctly by giving none to the logged-in user
+    $this->createLoggedInUser();
+    \CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
+
     $conTag = Tag::create(FALSE)
       ->addValue('name', uniqid('con'))
       ->addValue('used_for', 'civicrm_contact')