diff options
| author | Brett Profitt <brett.profitt@gmail.com> | 2012-01-23 17:45:29 -0800 |
|---|---|---|
| committer | Brett Profitt <brett.profitt@gmail.com> | 2012-01-23 17:45:29 -0800 |
| commit | 84f5b437767ee21c21cff025660a16839f9ac372 (patch) | |
| tree | 3eea1be37c14e23373aa35ded77c455abcd1a42d | |
| parent | 2e499d0f1e62267105dbe1ff2457cd6098765983 (diff) | |
| download | elgg-84f5b437767ee21c21cff025660a16839f9ac372.tar.gz elgg-84f5b437767ee21c21cff025660a16839f9ac372.tar.bz2 | |
Fixes #1196. Added elgg_set_ignore_access() calls to disable_entity() when called with recursive = true.
| -rw-r--r-- | engine/lib/entities.php | 6 | ||||
| -rw-r--r-- | engine/tests/objects/objects.php | 45 |
2 files changed, 50 insertions, 1 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index f3bf9fb29..67011b802 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1378,6 +1378,10 @@ function disable_entity($guid, $reason = "", $recursive = true) { } if ($recursive) { + $hidden = access_get_show_hidden_status(); + access_show_hidden_entities(true); + $ia = elgg_set_ignore_access(true); + $sub_entities = get_data("SELECT * FROM {$CONFIG->dbprefix}entities WHERE ( container_guid = $guid @@ -1391,6 +1395,8 @@ function disable_entity($guid, $reason = "", $recursive = true) { $e->disable($reason); } } + access_show_hidden_entities($hidden); + elgg_set_ignore_access($ia); } $entity->disableMetadata(); diff --git a/engine/tests/objects/objects.php b/engine/tests/objects/objects.php index 0d0df6b75..cd507d5ab 100644 --- a/engine/tests/objects/objects.php +++ b/engine/tests/objects/objects.php @@ -194,7 +194,50 @@ class ElggCoreObjectTest extends ElggCoreUnitTest { $old = elgg_set_ignore_access(true); } - + // see http://trac.elgg.org/ticket/1196 + public function testElggEntityRecursiveDisableWhenLoggedOut() { + $e1 = new ElggObject(); + $e1->access_id = ACCESS_PUBLIC; + $e1->owner_guid = 0; + $e1->container_guid = 0; + $e1->save(); + $guid1 = $e1->getGUID(); + + $e2 = new ElggObject(); + $e2->container_guid = $guid1; + $e2->access_id = ACCESS_PUBLIC; + $e2->owner_guid = 0; + $e2->save(); + $guid2 = $e2->getGUID(); + + // fake being logged out + $user = $_SESSION['user']; + unset($_SESSION['user']); + $ia = elgg_set_ignore_access(true); + + $this->assertTrue(disable_entity($guid1, null, true)); + + // "log in" original user + $_SESSION['user'] = $user; + elgg_set_ignore_access($ia); + + $this->assertFalse(get_entity($guid1)); + $this->assertFalse(get_entity($guid2)); + + $db_prefix = get_config('dbprefix'); + $q = "SELECT * FROM {$db_prefix}entities WHERE guid = $guid1"; + $r = get_data_row($q); + $this->assertEqual('no', $r->enabled); + + $q = "SELECT * FROM {$db_prefix}entities WHERE guid = $guid2"; + $r = get_data_row($q); + $this->assertEqual('no', $r->enabled); + + access_show_hidden_entities(true); + delete_entity($guid1); + delete_entity($guid2); + access_show_hidden_entities(false); + } protected function get_object_row($guid) { global $CONFIG; |