Fixed XF\Api\Controller::assertViewableAlert does not respect \XF::isApiCheckingPermissions()

Affected version
2.2.1
T

TickTackk

Well-known member
This:
PHP: 
        if (!$alert->canView())
        {
            throw $this->noPermission();
        }
should be:
PHP: 
        if (\XF::isApiCheckingPermissions() && !$alert->canView())
        {
            throw $this->noPermission();
        }
 
XF Bug Bot

XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.2).

Change log:
Respect API permission bypass when checking alert viewability
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 

Similar threads

DragonByte Tech
Fixed XF\Api\Controller\Alert :: assertViewableAlert has two coding errors
Replies
1
Views
423
XF Bug Bot
XF Bug Bot
PaulB
Fixed Error phrases fail to bubble for profile posts
Replies
1
Views
227
XF Bug Bot
XF Bug Bot
X
Fixed No return type hinting on Controller noPermission/notFound
Replies
1
Views
367
XF Bug Bot
XF Bug Bot
Ozzy47
XF 2.2 getActivityDetails Issue
Replies
2
Views
131
Ozzy47
Ozzy47
T
Fixed Deleting option group does not redirect back to option group list page
Replies
3
Views
966
Chris D
Chris D
Top