Fixed XF\Api\Controller::assertViewableAlert does not respect \XF::isApiCheckingPermissions()

TickTackk

TickTackk

Well-known member
Affected version
2.2.1
This:
PHP: 
        if (!$alert->canView())
        {
            throw $this->noPermission();
        }
should be:
PHP: 
        if (\XF::isApiCheckingPermissions() && !$alert->canView())
        {
            throw $this->noPermission();
        }
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.2).

Change log:
Respect API permission bypass when checking alert viewability
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 

Similar threads

CStrategies
XF 2.2 When does the XFRM Category Api Controller get used?
Replies
1
Views
122
Jeremy P
Jeremy P
DragonByte Tech
Fixed XF\Api\Controller\Alert :: assertViewableAlert has two coding errors
Replies
1
Views
1K
XF Bug Bot
XF Bug Bot
Lukas W.
Fixed Call to a member function toApiResult() on null - src/XF/Api/Controller/Thread.php:88
Replies
1
Views
2K
XF Bug Bot
XF Bug Bot
Cylon
XF 2.1 Having an issue extending \XF\Api\Controller\AbstractController through the XFCP_ proxy system
Replies
7
Views
1K
Cylon
Cylon
TickTackk
Fixed Marking alert as read/unread does not respect $redirect
Replies
2
Views
2K
XF Bug Bot
XF Bug Bot
Back
Top Bottom