agh1
commented
9 years ago Looks nice. I think I'll tighten it up just a little to require some things in the API request, and that'll make it not grant all settings, either.
Closed mlutfy closed 9 years ago
agh1
commented
9 years ago Looks nice. I think I'll tighten it up just a little to require some things in the API request, and that'll make it not grant all settings, either.
The 'setting' API currenclty requires 'administer CiviCRM' permissions for the contact. I try to avoid giving that permission to cron jobs. The following PR works around this by creating a new "access CiviMonitor" permission and implements hook_civicrm_alterAPIPermissions() to allow this new permission to do a Setting.get call.
This isn't an ideal solution though, since broader than what the permissions describe (i.e. "access civimonitor" is really: "view all settings"). I just wanted to document my change, and perhaps see how it goes with the possible incoming changes to how core handles alerts? (ex: a new API call for alerts?)