checkAccess() or the Contact get api does not return contacts allowed by relationship.
Usecase: Contact loaded via checksum on a webform does not load the permitted related contact.
Checksum in the URL adds the contact id in the session. Contact get api with checkPermission = true
should allow the access for contacts which has permission enabled in the relationship table.
Current code only checks for the contacts allowed via ACL https://github.com/civicrm/civicrm-core/blob/master/CRM/Contact/BAO/Contact/Permission.php#L361
Possible fixes:
- Add related contacts ids in the ACL cache table OR.
- Add another code to
cacheSubQuery
for the relationship_cache table.