Support more entities in Attachment API by short-circuiting permission check
We recently tried to use the Attachment
API to upload files to a custom file field attached to memberships. This works for a number of entities, but for Membership
and a couple of others, Civi\API\Subscriber\DynamicFKAuthorization::authorizeDelegate
fails with Failed to run permission check: Unrecognized target entity table ($entityTable)
.
This makes sense for API requests with check_permissions
enabled, where you need an entity that supports permission checks, but for trusted API calls, I don't think we need to check whether the entity is an allowed delegate first. The actual permission check is not performed on trusted API calls, so it's just the check against DynamicFKAuthorization::$allowedDelegates
that's causing this behaviour.
I have a preliminary patch for this here (haven't checked whether we need any additional tests, DynamicFKAuthorizationTest
passes). Wanted to check if my understanding of this is correct and whether there's interest in picking up a change like this.
Related discussion on chat: https://chat.civicrm.org/civicrm/pl/m8exdax5oi899gqtehtygt4aah