aboutsummaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2011-07-03 17:41:20 -0400
committerBrett Profitt <brett.profitt@gmail.com>2011-07-03 17:41:20 -0400
commitde111da23258cd2b513c8f4ab84712ee50272b23 (patch)
treea431dfa846987f48fb480e95bc5c5a1653c8c87c /actions
parentb3bad6fc928cae56bdc3a97fe8089b27f6f79f0b (diff)
downloadelgg-de111da23258cd2b513c8f4ab84712ee50272b23.tar.gz
elgg-de111da23258cd2b513c8f4ab84712ee50272b23.tar.bz2
Merged ACL fixes from 1.7 branch.
Diffstat (limited to 'actions')
-rw-r--r--actions/friends/collections/add.php38
-rw-r--r--actions/friends/collections/delete.php34
-rw-r--r--actions/friends/collections/edit.php20
3 files changed, 42 insertions, 50 deletions
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
index 8ec6a085f..8383e4db2 100644
--- a/actions/friends/collections/add.php
+++ b/actions/friends/collections/add.php
@@ -2,35 +2,31 @@
/**
* Elgg collection add page
*
- * @package Elgg.Core
- * @subpackage Friends.Collections
+ * @package Elgg
+ * @subpackage Core
*/
$collection_name = get_input('collection_name');
$friends = get_input('friends_collection');
-//first check to make sure that a collection name has been set and create the new colection
-if ($collection_name) {
+if (!$collection_name) {
+ register_error(elgg_echo("friends:nocollectionname"));
+ forward(REFERER);
+}
- //create the collection
- $create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid());
+$id = create_access_collection($collection_name);
- //if the collection was created and the user passed some friends from the form, add them
- if ($create_collection && (!empty($friends))) {
- //add friends to the collection
- foreach ($friends as $friend) {
- add_user_to_access_collection($friend, $create_collection);
- }
+if ($id) {
+ $result = update_access_collection($id, $friends);
+ if ($result) {
+ system_message(elgg_echo("friends:collectionadded"));
+ // go to the collections page
+ forward("pg/collections/" . get_loggedin_user()->username);
+ } else {
+ register_error(elgg_echo("friends:nocollectionname"));
+ forward(REFERER);
}
-
- // Success message
- system_message(elgg_echo("friends:collectionadded"));
- // Forward to the collections page
- forward("collections/" . elgg_get_logged_in_user_entity()->username);
-
} else {
register_error(elgg_echo("friends:nocollectionname"));
-
- // Forward to the add collection page
- forward("collections/add");
+ forward(REFERER);
}
diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
index fe719d74b..5b0aa8e10 100644
--- a/actions/friends/collections/delete.php
+++ b/actions/friends/collections/delete.php
@@ -1,36 +1,24 @@
<?php
+
/**
* Elgg friends: delete collection action
*
- * @package Elgg.Core
- * @subpackage Friends.Collections
+ * @package Elgg
+ * @subpackage Core
*/
$collection_id = (int) get_input('collection');
-// Check to see that the access collection exist and grab its owner
-$get_collection = get_access_collection($collection_id);
-
-if ($get_collection) {
-
- if ($get_collection->owner_guid == elgg_get_logged_in_user_guid()) {
-
- $delete_collection = delete_access_collection($collection_id);
+// check the ACL exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+ register_error(elgg_echo("friends:collectiondeletefailed"));
+ forward(REFERER);
+}
- // Success message
- if ($delete_collection) {
- system_message(elgg_echo("friends:collectiondeleted"));
- } else {
- register_error(elgg_echo("friends:collectiondeletefailed"));
- }
- } else {
- // Failure message
- register_error(elgg_echo("friends:collectiondeletefailed"));
- }
+if (delete_access_collection($collection_id)) {
+ system_message(elgg_echo("friends:collectiondeleted"));
} else {
- // Failure message
register_error(elgg_echo("friends:collectiondeletefailed"));
}
-// Forward to the collections page
-forward("collections/" . elgg_get_logged_in_user_entity()->username);
+forward(REFERER);
diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php
index b7fb716f2..581b21353 100644
--- a/actions/friends/collections/edit.php
+++ b/actions/friends/collections/edit.php
@@ -1,15 +1,23 @@
<?php
/**
- * Friends collection edit action
+ * Elgg collection add page
*
- * @package Elgg.Core
- * @subpackage Friends.Collections
+ * @package Elgg
+ * @subpackage Core
*/
$collection_id = get_input('collection_id');
$friends = get_input('friend');
-//chech the collection exists and the current user owners it
-update_access_collection($collection_id, $friends);
+// check it exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+ system_message(elgg_echo('friends:collection:edit_failed'));
+}
-exit;
+if (update_access_collection($collection_id, $friends)) {
+ system_message(elgg_echo('friends:collections:edited'));
+} else {
+ system_message(elgg_echo('friends:collection:edit_failed'));
+}
+
+forward(REFERER); \ No newline at end of file