From 15008bcf72b48e55b91d438d65eee8bebf503e48 Mon Sep 17 00:00:00 2001
From: Benn Oshrin <boshrin@users.noreply.github.com>
Date: Sun, 6 Jul 2025 14:23:21 -0400
Subject: [PATCH] Fix REST API bugs introduced in PR 303 and CFM-411

---
 app/src/Controller/ApiV2Controller.php                 | 5 ++++-
 app/src/Controller/Component/RegistryAuthComponent.php | 9 ++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/app/src/Controller/ApiV2Controller.php b/app/src/Controller/ApiV2Controller.php
index a9197be5c..435b156f7 100644
--- a/app/src/Controller/ApiV2Controller.php
+++ b/app/src/Controller/ApiV2Controller.php
@@ -240,9 +240,12 @@ protected function dispatchIndex(string $mode = 'default') {
     // Construct the Query
     $query = $this->getIndexQuery($pickerMode, $reqParameters);
 
-    if(method_exists($table, 'findIndexed')) {
+    // findIndexed breaks the REST API (which doesn't pull related models),
+    // so only use it in Picker Mode
+    if($pickerMode && method_exists($table, 'findIndexed')) {
       $query = $table->findIndexed($query);
     }
+    
     // This magically makes REST calls paginated... can use eg direction=,
     // sort=, limit=, page=
     $this->set($this->tableName, $this->paginate($query));
diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
index 7ae9ac416..6cd37df5c 100644
--- a/app/src/Controller/Component/RegistryAuthComponent.php
+++ b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -956,17 +956,20 @@ public function isPlatformAdmin(): bool {
   /**
    * Determine if the current user is acting as themselves within the specified CO.
    *
-   * @param int|null $coId CO ID
-   * @param int|null $id   ID
-   * @return bool          True if the current user is acting as themselves
    * @since  COmanage Registry v5.1.0
+   * @param  int|null $coId CO ID
+   * @param  int|null $id   ID
+   * @return bool           True if the current user is acting as themselves
    */
+
   public function isSelf(?int $coId, ?int $id): bool {
     // We might get called in some contexts without a coId, in which case there
     // are no members.
 
     if(!$coId
       || empty($this->cache['isCoMember'][$coId])
+      // API Users can't be self and getPersonID() will throw errors if called by one
+      || $this->isApiUser()
     ) {
       return false;
     }