diff options
author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-03-20 23:34:10 +0000 |
---|---|---|
committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-03-20 23:34:10 +0000 |
commit | 346d082dae4da3908f7c7a6b8b9946768e19f5d6 (patch) | |
tree | 970a50a0b5dc7eeec6d1d616ea788fdf85534697 | |
parent | 8d8c62f3ed7be6691d76824ae82888aba2bb1616 (diff) | |
download | elgg-346d082dae4da3908f7c7a6b8b9946768e19f5d6.tar.gz elgg-346d082dae4da3908f7c7a6b8b9946768e19f5d6.tar.bz2 |
Fixes #2974 using canWriteToContainer() to control access to creating group content
git-svn-id: http://code.elgg.org/elgg/trunk@8795 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | engine/classes/ElggObject.php | 2 | ||||
-rw-r--r-- | mod/blog/lib/blog.php | 2 | ||||
-rw-r--r-- | mod/groups/actions/discussion/reply/save.php | 2 | ||||
-rw-r--r-- | mod/groups/actions/discussion/save.php | 2 | ||||
-rw-r--r-- | mod/groups/languages/en.php | 1 | ||||
-rw-r--r-- | mod/groups/lib/discussion.php | 11 | ||||
-rw-r--r-- | mod/groups/start.php | 12 | ||||
-rw-r--r-- | mod/groups/views/default/river/object/groupforumtopic/create.php | 2 |
8 files changed, 21 insertions, 13 deletions
diff --git a/engine/classes/ElggObject.php b/engine/classes/ElggObject.php index f71801144..caccfb038 100644 --- a/engine/classes/ElggObject.php +++ b/engine/classes/ElggObject.php @@ -211,7 +211,7 @@ class ElggObject extends ElggEntity { // must be member of group if (elgg_instanceof($this->getContainerEntity(), 'group')) { - if (!$this->getContainerEntity()->isMember(get_user($user_guid))) { + if (!$this->getContainerEntity()->canWriteToContainer(get_user($user_guid))) { return false; } } diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php index df307d70e..83e6c84ee 100644 --- a/mod/blog/lib/blog.php +++ b/mod/blog/lib/blog.php @@ -87,7 +87,7 @@ function blog_get_page_content_list($container_guid = NULL) { if (elgg_instanceof($container, 'group')) { $return['filter'] = ''; - if ($container->isMember(elgg_get_logged_in_user_entity())) { + if ($container->canWriteToContainer()) { $url = "blog/add/$container->guid"; $params = array( 'href' => $url, diff --git a/mod/groups/actions/discussion/reply/save.php b/mod/groups/actions/discussion/reply/save.php index e535856da..109938dbb 100644 --- a/mod/groups/actions/discussion/reply/save.php +++ b/mod/groups/actions/discussion/reply/save.php @@ -25,7 +25,7 @@ if (!$topic) { $user = get_loggedin_user(); $group = $topic->getContainerEntity(); -if (!$group->isMember($user)) { +if (!$group->canWriteToContainer($user)) { register_error(elgg_echo('groups:notmember')); forward(REFERER); } diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php index 0b5d3b51c..a51775cd6 100644 --- a/mod/groups/actions/discussion/save.php +++ b/mod/groups/actions/discussion/save.php @@ -21,7 +21,7 @@ if (!$title || !$desc) { } $container = get_entity($container_guid); -if (!$container || (!$container->isMember() && !$container->canEdit())) { +if (!$container || !$container->canWriteToContainer()) { register_error(elgg_echo('discussion:error:permissions')); forward(REFERER); } diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php index dbdc0a128..50baeb8c7 100644 --- a/mod/groups/languages/en.php +++ b/mod/groups/languages/en.php @@ -38,6 +38,7 @@ $english = array( 'groups:widget:membership' => 'Group membership', 'groups:widgets:description' => 'Display the groups you are a member of on your profile', 'groups:noaccess' => 'No access to group', + 'groups:permissions:error' => 'You do not have the permissions for this', 'groups:ingroup' => 'in the group', 'groups:cantedit' => 'You can not edit this group', 'groups:saved' => 'Group saved', diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php index fb70d6c00..1813c87aa 100644 --- a/mod/groups/lib/discussion.php +++ b/mod/groups/lib/discussion.php @@ -67,7 +67,7 @@ function discussion_handle_list_page($guid) { 'filter' => '', ); - if (!$group->isMember() && !$group->canEdit()) { + if (!$group->canWriteToContainer()) { $params['buttons'] = ''; } @@ -91,7 +91,12 @@ function discussion_handle_edit_page($type, $guid) { register_error(elgg_echo('group:notfound')); forward(); } - group_gatekeeper(); + + // make sure user has permissions to write to container + if (!$group->canWriteToContainer()) { + register_error(elgg_echo('groups:permissions:error')); + forward($group->getURL()); + } $title = elgg_echo('groups:addtopic'); @@ -169,7 +174,7 @@ function discussion_handle_view_page($guid) { 'show_add_form' => false, )); $content .= elgg_view('discussion/closed'); - } elseif ($group->isMember() || elgg_is_admin_logged_in()) { + } elseif ($group->canWriteToContainer() || elgg_is_admin_logged_in()) { $content .= elgg_view('discussion/replies', array( 'entity' => $topic, 'show_add_form' => true, diff --git a/mod/groups/start.php b/mod/groups/start.php index 18fb9abd5..e04485bb2 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -392,13 +392,15 @@ function groups_read_acl_plugin_hook($hook, $entity_type, $returnvalue, $params) */ function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params) { $page_owner = elgg_get_page_owner_entity(); - if (!$loggedin = elgg_get_logged_in_user_entity()) { + $user_guid = $params['user_id']; + $user = get_entity($user_guid); + if (!$user) { return $returnvalue; } // only insert group access for current group - if ($page_owner instanceof ElggGroup && $loggedin) { - if ($page_owner->isMember($loggedin)) { + if ($page_owner instanceof ElggGroup) { + if ($page_owner->canWriteToContainer($user_guid)) { $returnvalue[$page_owner->group_acl] = elgg_echo('groups:group') . ': ' . $page_owner->name; unset($returnvalue[ACCESS_FRIENDS]); @@ -408,7 +410,7 @@ function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params // this won't be a problem once the group itself owns the acl. $groups = elgg_get_entities_from_relationship(array( 'relationship' => 'member', - 'relationship_guid' => $loggedin->getGUID(), + 'relationship_guid' => $user_guid, 'inverse_relationship' => FALSE, 'limit' => 999 )); @@ -707,7 +709,7 @@ function discussion_add_to_river_menu($hook, $type, $return, $params) { if (elgg_instanceof($object, 'object', 'groupforumtopic')) { if ($item->annotation_id == 0) { $group = $object->getContainerEntity(); - if ($group->isMember() || elgg_is_admin_logged_in()) { + if ($group->canWriteToContainer() || elgg_is_admin_logged_in()) { $options = array( 'name' => 'reply', 'href' => "#groups-reply-$object->guid", diff --git a/mod/groups/views/default/river/object/groupforumtopic/create.php b/mod/groups/views/default/river/object/groupforumtopic/create.php index 2c914c3f8..ca4747338 100644 --- a/mod/groups/views/default/river/object/groupforumtopic/create.php +++ b/mod/groups/views/default/river/object/groupforumtopic/create.php @@ -34,7 +34,7 @@ if ($excerpt) { echo '</div>'; } -if (elgg_is_logged_in() && $container->isMember(elgg_get_logged_in_user_entity())) { +if (elgg_is_logged_in() && $container->canWriteToContainer()) { // inline comment form echo elgg_view_form('discussion/reply/save', array( 'id' => "groups-reply-{$object->getGUID()}", |