Skip to content

api4: CaseActivity requires "administer CiviCRM" permission

I think the easiest way to see this is:

  1. Add a user that has view all contacts, edit all contacts, view all activities, "all" the case permissions, add contacts, access CiviCRM, etc just don't give it administer CiviCRM.
  2. Create a case, doesn't matter which user creates it.
  3. Note the activity id of any of the activities on the case.
  4. Replace 1234 in this command with the id:
    • cv ev --user=the_user "$r = \Civi\Api4\Activity::get(TRUE)->addSelect('id', 'case_activity.case_id')->setJoin([['CaseActivity AS case_activity', 'LEFT']])->addWhere('id', '=', 1234)->execute()->first(); var_dump($r);"
  5. Note the case id is not returned.
  6. Now run the same thing but replace with --user=admin, where admin has administer CiviCRM.
  7. The case id is returned.

It was suggested in chat that the class maybe needs a permission override somewhere.

A similar thing happens if I use a chain instead of join.

I don't think this strictly counts as a regression since CaseActivity was just added recently.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information