Attachment API for event custom field gives: Failed to run Permissions checks
Retrieving the attachment with an (rest) API of a custom field connected to an event gives:
Failed to run permission check: Unrecognized target entity table (civicrm_event). Even when I can retrieve the event with the API.
How to reproduce
- Create an custom group for Events.
- Create a custom field of type File in this custom group.
- Create an event and upload a file
- Create an api user, with an api key with permissions to retrieve the attachment
- Call Attachment.get with the id of the attachment uploaded to the event
The casue of the problem
This permission error is caused by
$dispatcher->addSubscriber(new \Civi\API\Subscriber\DynamicFKAuthorization( $kernel, 'Attachment', ['create', 'get', 'delete'], // Given a file ID, determine the entity+table it's attached to. 'SELECT if(cf.id,1,0) as is_valid, cef.entity_table, cef.entity_id FROM civicrm_file cf LEFT JOIN civicrm_entity_file cef ON cf.id = cef.file_id WHERE cf.id = %1', // Get a list of custom fields (field_name,table_name,extends) 'SELECT concat("custom_",fld.id) as field_name, grp.table_name as table_name, grp.extends as extends FROM civicrm_custom_field fld INNER JOIN civicrm_custom_group grp ON fld.custom_group_id = grp.id WHERE fld.data_type = "File" ', ['civicrm_activity', 'civicrm_mailing', 'civicrm_contact', 'civicrm_grant'] ));
The sort solution is to add
'civicrm_event' to this array
['civicrm_activity', 'civicrm_mailing', 'civicrm_contact', 'civicrm_grant']. But then we have to add all entities which potentially could have a file custom field.