API thoughts: Global switch to turn off all permission checking, not just to the "top-level" api call that was made
I've been thinking about #3671 (closed), and my thinking went something like:
- This worked before, so it should go back to the way it was.
- But wait, isn't this really exposing a bug in webform because how did the person update a case if they don't have permissions to cases?
- But wait, what's this? Every api call in webform purposely turns off permissions? https://github.com/colemanw/webform_civicrm/blob/0bedf9411bf3f0a682ce7a1b3fad9a682093b240/src/Utils.php#L654
function wf_civicrm_api($entity, $operation, $params) { ... $params += [ 'check_permissions' => FALSE, ];
- So webform is saying: "Core, I don't want you to check any permissions. Anyone who has (drupal) permission to use this form should have permission to do whatever the form does."
- I don't remember where but I think I saw a similar type of thing come up with afform, or it seems likely to, where "I've only given certain people permission to reach this form, but if they have it, they should be able to do whatever the form does."
So one way to address this use-case, in a way that doesn't require core to lower permission checking for everyone else, is to provide a way for webform and others to set a global kill-switch that turns off all permission checking. That way secondary permission checks that get called from within the api itself like the one in Utils_Recent would still be on for everyone else, but could be turned off for forms that don't want it.
I'm not confident this is the best way, but am just putting it out there.