From c540659bdb962eb5f470edf8e3f4f83d89ec3d4e Mon Sep 17 00:00:00 2001
From: Matthew Wire <mjw@mjwconsult.co.uk>
Date: Fri, 22 Jul 2022 22:56:09 +0100
Subject: [PATCH] Fix public access to processPublic API

---
 Civi/Api4/StripePaymentintent.php |  5 +----
 stripe.php                        | 15 ---------------
 2 files changed, 1 insertion(+), 19 deletions(-)

diff --git a/Civi/Api4/StripePaymentintent.php b/Civi/Api4/StripePaymentintent.php
index 4b49e834..e98a9ec0 100644
--- a/Civi/Api4/StripePaymentintent.php
+++ b/Civi/Api4/StripePaymentintent.php
@@ -13,10 +13,7 @@ class StripePaymentintent extends Generic\DAOEntity {
   public static function permissions() {
     $permissions = parent::permissions();
     $permissions['processMOTO'] = ['allow stripe moto payments'];
-    // The "minimum" permission for an API4 call is "access CiviCRM"|"access AJAX API".
-    // We can't remove the requirement for one of those permissions here.
-    // So we specify only 'make online contributions' using alterAPIRoutePermissions hook.
-    // $permissions['processPublic'] = ['make online contributions'];
+    $permissions['processPublic'] = ['make online contributions'];
     return $permissions;
   }
 
diff --git a/stripe.php b/stripe.php
index d2f91bbf..2c5ecda0 100644
--- a/stripe.php
+++ b/stripe.php
@@ -255,18 +255,3 @@ function stripe_civicrm_permission(&$permissions) {
     $permissions['allow stripe moto payments'] = E::ts('CiviCRM Stripe: Process MOTO transactions');
   }
 }
-
-/**
- * Implements hook_civicrm_alterApiRoutePermissions().
- *
- * @see CRM_Utils_Hook::alterApiRoutePermissions
- */
-function stripe_civicrm_alterApiRoutePermissions(&$permissions, $entity, $action) {
-  if ($entity == 'StripePaymentintent') {
-    // These actions should be accessible to anonymous users; permissions are checked internally
-    $allowedActions = ['ProcessPublic'];
-    if (in_array($action, $allowedActions, TRUE)) {
-      $permissions = 'make online contributions';
-    }
-  }
-}
-- 
GitLab