Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APIv4 - Proper ACLs for relationship entity #27183

Merged
merged 1 commit into from
Aug 29, 2023
Merged

APIv4 - Proper ACLs for relationship entity #27183

merged 1 commit into from
Aug 29, 2023

Conversation

colemanw
Copy link
Member

@colemanw colemanw commented Aug 28, 2023
edited
Loading

Overview

Improves v4 Relationship api to use fine-grained ACLs instead of coarse-grained permission check which was too restrictive.

Before

APIv3 and v4 require 'edit all contacts' to create/update/delete relationships. Users without that permission cannot save or delete any relationship even if they have ACL permission for the related contacts.

After

APIv3 unchanged, but v4 uses ACLs instead and eliminates the overly-restrictive permission check.

@colemanw
APIv4 - Proper ACLs for relationship entity
06124e3 
Before: APIv3 and v4 require 'edit all contacts' to create/update/delete relationships
After: APIv3 unchanged, but v4 uses ACLs instead so the permission is no longer needed.
@civibot
Copy link

civibot bot commented Aug 28, 2023

Thank you for contributing to CiviCRM! ❤️ We will need to test and review the PR. 👷

Introduction for new contributors
  • If this is your first PR, an admin will greenlight automated testing with the command ok to test or add to whitelist.
  • A series of tests will automatically run. You can see the results at the bottom of this page (if there are any problems, it will include a link to see what went wrong).
  • A demo site will be built where anyone can try out a version of CiviCRM that includes your changes.
  • If this process needs to be repeated, an admin will issue the command test this please to rerun tests and build a new demo site.
  • Before this PR can be merged, it needs to be reviewed. Please keep in mind that reviewers are volunteers, and their response time can vary from a few hours to a few weeks depending on their availability and their knowledge of this particular part of CiviCRM.
  • A great way to speed up this process is to "trade reviews" with someone - find an open PR that you feel able to review, and leave a comment like "I'm reviewing this now, could you please review mine?" (include a link to yours). You don't have to wait for a response to get started (and you don't have to stop at one!) the more you review, the faster this process goes for everyone 😄
  • To ensure that you are credited properly in the final release notes, please add yourself to contributor-key.yml
  • For more information about contributing, see CONTRIBUTING.md.
Quick links for reviewers

@civibot civibot bot added the master label Aug 28, 2023
@colemanw colemanw mentioned this pull request Aug 28, 2023
Merged
@eileenmcnaughton eileenmcnaughton merged commit 4e80cd2 into civicrm:master Aug 29, 2023
@eileenmcnaughton eileenmcnaughton deleted the relationshipAcls branch August 29, 2023 01:04
@clarkac1
Copy link

Thanks for this, how can I test it? I tried the link 'Demo site for this PR' but that wasn't helpful

@colemanw
Copy link
Member Author

@clarkac1 now that the PR is merged a PR-specific demo site is no longer needed. Once merged it's part of the nightly alphas which you can download and it's also live on the main demo sites.

@clarkac1
Copy link

Thanks, that was quite. I'll check on the main demo site.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
has-test master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@colemanw @clarkac1 @eileenmcnaughton