I know the check user has view access calls are not needed since they are checked in the archive classes that we call and it is safe. I got confused there though for a second and I think it is better to have them there in case things get refactored at some point and forgets to add such calls etc. Can remove them again if wanted.
Should we add the check view access function to all reporting API methods? Otherwise seems inconsistent, no?
Could do... didn't check if it is missing in other APIs. I thought we always added it to all methods and was first time I see them not there.
I think most don't have them. Might be some work to add them to all methods.
I'll go over some APIs now