Fixed XF\Api\Controller::assertViewableAlert does not respect \XF::isApiCheckingPermissions()

TickTackk

TickTackk

Well-known member
Affected version
2.2.1
This:
PHP: 
        if (!$alert->canView())
        {
            throw $this->noPermission();
        }
should be:
PHP: 
        if (\XF::isApiCheckingPermissions() && !$alert->canView())
        {
            throw $this->noPermission();
        }
 
XF Bug Bot

XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.2).

Change log:
Respect API permission bypass when checking alert viewability
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 

Similar threads

X
Fixed Post::getTypePermissionConstraints does not cull all nodes a user can't view threads in
Replies
1
Views
237
XF Bug Bot
XF Bug Bot
mattrogowski
Moving an album out of a category makes it inaccessible
Replies
0
Views
146
mattrogowski
mattrogowski
DragonByte Tech
Fixed XF\Api\Controller\Alert :: assertViewableAlert has two coding errors
Replies
1
Views
870
XF Bug Bot
XF Bug Bot
Externalizable
Fixed Deleted users will have their threads revealed to the public
Replies
12
Views
822
XF Bug Bot
XF Bug Bot
Nulumia
XF 2.2 Equivalent to canViewAsGuest?
Replies
2
Views
293
Nulumia
Nulumia
Top