From f9825065b00c7eeccd1de32c74dba2a63d00c1f7 Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Wed, 23 Oct 2019 13:11:41 +1100
Subject: [PATCH] Mention the change in behaviour around check permissions in
 APiv4 in Permissions chapter

---
 docs/security/permissions.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/security/permissions.md b/docs/security/permissions.md
index 884eecef..3e0698a2 100644
--- a/docs/security/permissions.md
+++ b/docs/security/permissions.md
@@ -25,7 +25,7 @@ When you write code, you can look at `CRM_Core_Permission::check` to see if the
 
 ## API Permissions
 
-Depending on how the API is called, it is either called with a `check_permissions` flag turned off or turned on. When it is turned off, it will run the API without checking if the user has the necessary permissions to perform the action needed. If you turn `check_permissions` on then there will be tests done. By default code in CLI tools e.g. drush or WP-cli or within core code or extension code that is done at run time, the default in CiviCRM APIv3 is that the `check_permissions` flag is turned off. If you call the CiviCRM API through the rest interface then by default the `check_permissions` flag will be turned on. The permissions needed to make various API calls are defined in `CRM_Core_Permission::getEntityActionPermissions()`
+Depending on how the API is called, it is either called with a `check_permissions` flag turned off or turned on. When it is turned off, it will run the API without checking if the user has the necessary permissions to perform the action needed. If you turn `check_permissions` on then there will be tests done. By default code in CLI tools e.g. drush or WP-cli or within core code or extension code that is done at run time, the default in CiviCRM APIv3 is that the `check_permissions` flag is turned off. If you call the CiviCRM APIv3 through the rest interface then by default the `check_permissions` flag will be turned on. The permissions needed to make various API calls are defined in `CRM_Core_Permission::getEntityActionPermissions()`. By default in APIv4 `check_permissions` flag is turned on no matter the environment see also [API Wrapper in APIv4 chapter](/api/v4/differences-with-v3.md#api-wrapper).
 
 ## Extending and Implementing Permission Structure {:#extensions}
 
-- 
GitLab