aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-03-20 23:34:10 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-03-20 23:34:10 +0000
commit346d082dae4da3908f7c7a6b8b9946768e19f5d6 (patch)
tree970a50a0b5dc7eeec6d1d616ea788fdf85534697
parent8d8c62f3ed7be6691d76824ae82888aba2bb1616 (diff)
downloadelgg-346d082dae4da3908f7c7a6b8b9946768e19f5d6.tar.gz
elgg-346d082dae4da3908f7c7a6b8b9946768e19f5d6.tar.bz2
Fixes #2974 using canWriteToContainer() to control access to creating group content
git-svn-id: http://code.elgg.org/elgg/trunk@8795 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/classes/ElggObject.php2
-rw-r--r--mod/blog/lib/blog.php2
-rw-r--r--mod/groups/actions/discussion/reply/save.php2
-rw-r--r--mod/groups/actions/discussion/save.php2
-rw-r--r--mod/groups/languages/en.php1
-rw-r--r--mod/groups/lib/discussion.php11
-rw-r--r--mod/groups/start.php12
-rw-r--r--mod/groups/views/default/river/object/groupforumtopic/create.php2
8 files changed, 21 insertions, 13 deletions
diff --git a/engine/classes/ElggObject.php b/engine/classes/ElggObject.php
index f71801144..caccfb038 100644
--- a/engine/classes/ElggObject.php
+++ b/engine/classes/ElggObject.php
@@ -211,7 +211,7 @@ class ElggObject extends ElggEntity {
// must be member of group
if (elgg_instanceof($this->getContainerEntity(), 'group')) {
- if (!$this->getContainerEntity()->isMember(get_user($user_guid))) {
+ if (!$this->getContainerEntity()->canWriteToContainer(get_user($user_guid))) {
return false;
}
}
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index df307d70e..83e6c84ee 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -87,7 +87,7 @@ function blog_get_page_content_list($container_guid = NULL) {
if (elgg_instanceof($container, 'group')) {
$return['filter'] = '';
- if ($container->isMember(elgg_get_logged_in_user_entity())) {
+ if ($container->canWriteToContainer()) {
$url = "blog/add/$container->guid";
$params = array(
'href' => $url,
diff --git a/mod/groups/actions/discussion/reply/save.php b/mod/groups/actions/discussion/reply/save.php
index e535856da..109938dbb 100644
--- a/mod/groups/actions/discussion/reply/save.php
+++ b/mod/groups/actions/discussion/reply/save.php
@@ -25,7 +25,7 @@ if (!$topic) {
$user = get_loggedin_user();
$group = $topic->getContainerEntity();
-if (!$group->isMember($user)) {
+if (!$group->canWriteToContainer($user)) {
register_error(elgg_echo('groups:notmember'));
forward(REFERER);
}
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index 0b5d3b51c..a51775cd6 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -21,7 +21,7 @@ if (!$title || !$desc) {
}
$container = get_entity($container_guid);
-if (!$container || (!$container->isMember() && !$container->canEdit())) {
+if (!$container || !$container->canWriteToContainer()) {
register_error(elgg_echo('discussion:error:permissions'));
forward(REFERER);
}
diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php
index dbdc0a128..50baeb8c7 100644
--- a/mod/groups/languages/en.php
+++ b/mod/groups/languages/en.php
@@ -38,6 +38,7 @@ $english = array(
'groups:widget:membership' => 'Group membership',
'groups:widgets:description' => 'Display the groups you are a member of on your profile',
'groups:noaccess' => 'No access to group',
+ 'groups:permissions:error' => 'You do not have the permissions for this',
'groups:ingroup' => 'in the group',
'groups:cantedit' => 'You can not edit this group',
'groups:saved' => 'Group saved',
diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php
index fb70d6c00..1813c87aa 100644
--- a/mod/groups/lib/discussion.php
+++ b/mod/groups/lib/discussion.php
@@ -67,7 +67,7 @@ function discussion_handle_list_page($guid) {
'filter' => '',
);
- if (!$group->isMember() && !$group->canEdit()) {
+ if (!$group->canWriteToContainer()) {
$params['buttons'] = '';
}
@@ -91,7 +91,12 @@ function discussion_handle_edit_page($type, $guid) {
register_error(elgg_echo('group:notfound'));
forward();
}
- group_gatekeeper();
+
+ // make sure user has permissions to write to container
+ if (!$group->canWriteToContainer()) {
+ register_error(elgg_echo('groups:permissions:error'));
+ forward($group->getURL());
+ }
$title = elgg_echo('groups:addtopic');
@@ -169,7 +174,7 @@ function discussion_handle_view_page($guid) {
'show_add_form' => false,
));
$content .= elgg_view('discussion/closed');
- } elseif ($group->isMember() || elgg_is_admin_logged_in()) {
+ } elseif ($group->canWriteToContainer() || elgg_is_admin_logged_in()) {
$content .= elgg_view('discussion/replies', array(
'entity' => $topic,
'show_add_form' => true,
diff --git a/mod/groups/start.php b/mod/groups/start.php
index 18fb9abd5..e04485bb2 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -392,13 +392,15 @@ function groups_read_acl_plugin_hook($hook, $entity_type, $returnvalue, $params)
*/
function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params) {
$page_owner = elgg_get_page_owner_entity();
- if (!$loggedin = elgg_get_logged_in_user_entity()) {
+ $user_guid = $params['user_id'];
+ $user = get_entity($user_guid);
+ if (!$user) {
return $returnvalue;
}
// only insert group access for current group
- if ($page_owner instanceof ElggGroup && $loggedin) {
- if ($page_owner->isMember($loggedin)) {
+ if ($page_owner instanceof ElggGroup) {
+ if ($page_owner->canWriteToContainer($user_guid)) {
$returnvalue[$page_owner->group_acl] = elgg_echo('groups:group') . ': ' . $page_owner->name;
unset($returnvalue[ACCESS_FRIENDS]);
@@ -408,7 +410,7 @@ function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params
// this won't be a problem once the group itself owns the acl.
$groups = elgg_get_entities_from_relationship(array(
'relationship' => 'member',
- 'relationship_guid' => $loggedin->getGUID(),
+ 'relationship_guid' => $user_guid,
'inverse_relationship' => FALSE,
'limit' => 999
));
@@ -707,7 +709,7 @@ function discussion_add_to_river_menu($hook, $type, $return, $params) {
if (elgg_instanceof($object, 'object', 'groupforumtopic')) {
if ($item->annotation_id == 0) {
$group = $object->getContainerEntity();
- if ($group->isMember() || elgg_is_admin_logged_in()) {
+ if ($group->canWriteToContainer() || elgg_is_admin_logged_in()) {
$options = array(
'name' => 'reply',
'href' => "#groups-reply-$object->guid",
diff --git a/mod/groups/views/default/river/object/groupforumtopic/create.php b/mod/groups/views/default/river/object/groupforumtopic/create.php
index 2c914c3f8..ca4747338 100644
--- a/mod/groups/views/default/river/object/groupforumtopic/create.php
+++ b/mod/groups/views/default/river/object/groupforumtopic/create.php
@@ -34,7 +34,7 @@ if ($excerpt) {
echo '</div>';
}
-if (elgg_is_logged_in() && $container->isMember(elgg_get_logged_in_user_entity())) {
+if (elgg_is_logged_in() && $container->canWriteToContainer()) {
// inline comment form
echo elgg_view_form('discussion/reply/save', array(
'id' => "groups-reply-{$object->getGUID()}",