aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-04-21 13:51:49 +0000
committerben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-04-21 13:51:49 +0000
commit923b8585734658a4eb4af089696b3ae718871c80 (patch)
tree89a77e7280edca6691ccfc08e75d25a6b9ce7be4 /engine/lib
parent419643394d641cf4383011c2a3d83987f9b4bf6c (diff)
downloadelgg-923b8585734658a4eb4af089696b3ae718871c80.tar.gz
elgg-923b8585734658a4eb4af089696b3ae718871c80.tar.bz2
can_edit_entity now always returns false if the user is logged out
git-svn-id: https://code.elgg.org/elgg/trunk@500 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/entities.php21
1 files changed, 16 insertions, 5 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index bbb0f36af..febdea6aa 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -903,16 +903,27 @@
function can_edit_entity($entity_guid, $user_guid = 0) {
if ($user_guid == 0) {
- $user = $_SESSION['user'];
+ if (isset($_SESSION['user'])) {
+ $user = $_SESSION['user'];
+ } else {
+ $user = null;
+ }
} else {
$user = get_entity($user_guid);
}
- $entity = get_entity($entity_guid);
+ if ($entity = get_entity($entity_guid) && !is_null($user)) {
- if ($entity->getOwner() == $user->getGUID()) return true;
- if ($entity->type == "user" && $entity->getGUID() == $user->getGUID()) return true;
+ $entity = get_entity($entity_guid);
+ if ($entity->getOwner() == $user->getGUID()) return true;
+ if ($entity->type == "user" && $entity->getGUID() == $user->getGUID()) return true;
+
+ return trigger_plugin_hook('permissions_check',$entity->type,array('entity' => $entity, 'user' => $user),false);
- return trigger_plugin_hook('permissions_check',$entity->type,array('entity' => $entity, 'user' => $user),false);
+ } else {
+
+ return false;
+
+ }
}