diff options
author | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-04-21 13:51:49 +0000 |
---|---|---|
committer | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-04-21 13:51:49 +0000 |
commit | 923b8585734658a4eb4af089696b3ae718871c80 (patch) | |
tree | 89a77e7280edca6691ccfc08e75d25a6b9ce7be4 | |
parent | 419643394d641cf4383011c2a3d83987f9b4bf6c (diff) | |
download | elgg-923b8585734658a4eb4af089696b3ae718871c80.tar.gz elgg-923b8585734658a4eb4af089696b3ae718871c80.tar.bz2 |
can_edit_entity now always returns false if the user is logged out
git-svn-id: https://code.elgg.org/elgg/trunk@500 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | engine/lib/entities.php | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index bbb0f36af..febdea6aa 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -903,16 +903,27 @@ function can_edit_entity($entity_guid, $user_guid = 0) {
if ($user_guid == 0) {
- $user = $_SESSION['user'];
+ if (isset($_SESSION['user'])) {
+ $user = $_SESSION['user'];
+ } else {
+ $user = null;
+ }
} else {
$user = get_entity($user_guid);
}
- $entity = get_entity($entity_guid);
+ if ($entity = get_entity($entity_guid) && !is_null($user)) {
- if ($entity->getOwner() == $user->getGUID()) return true;
- if ($entity->type == "user" && $entity->getGUID() == $user->getGUID()) return true;
+ $entity = get_entity($entity_guid);
+ if ($entity->getOwner() == $user->getGUID()) return true;
+ if ($entity->type == "user" && $entity->getGUID() == $user->getGUID()) return true;
+
+ return trigger_plugin_hook('permissions_check',$entity->type,array('entity' => $entity, 'user' => $user),false);
- return trigger_plugin_hook('permissions_check',$entity->type,array('entity' => $entity, 'user' => $user),false);
+ } else {
+
+ return false;
+
+ }
}
|