aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2013-05-19 08:33:21 -0700
committerCash Costello <cash.costello@gmail.com>2013-05-19 08:33:21 -0700
commitd86e7c479f30b958fed4e746536b8e402d91f0d6 (patch)
tree23550e399414bb80ade5b73fbb74f8d1860809e4 /engine
parent83444eaaa606dbb89e8d8e6aa014490e9963f9d7 (diff)
parent2980014665c708d15c377b616d9fc3ca97386950 (diff)
downloadelgg-d86e7c479f30b958fed4e746536b8e402d91f0d6.tar.gz
elgg-d86e7c479f30b958fed4e746536b8e402d91f0d6.tar.bz2
Merge pull request #5500 from cash/fix_infinite_loop
Refs #5491 temporary fix for bad can_edit_extender() logic
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/extender.php18
1 files changed, 12 insertions, 6 deletions
diff --git a/engine/lib/extender.php b/engine/lib/extender.php
index 8756e051b..8323bd3ce 100644
--- a/engine/lib/extender.php
+++ b/engine/lib/extender.php
@@ -126,14 +126,20 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params)
* @return bool
*/
function can_edit_extender($extender_id, $type, $user_guid = 0) {
- if (!elgg_is_logged_in()) {
- return false;
+ // @todo Since Elgg 1.0, Elgg has returned false from can_edit_extender()
+ // if no user was logged in. This breaks the access override. This is a
+ // temporary work around. This function needs to be rewritten in Elgg 1.9
+ if (!elgg_check_access_overrides($user_guid)) {
+ if (!elgg_is_logged_in()) {
+ return false;
+ }
}
$user_guid = (int)$user_guid;
- $user = get_entity($user_guid);
+ $user = get_user($user_guid);
if (!$user) {
$user = elgg_get_logged_in_user_entity();
+ $user_guid = elgg_get_logged_in_user_guid();
}
$functionname = "elgg_get_{$type}_from_id";
@@ -149,16 +155,16 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) {
/* @var ElggExtender $extender */
// If the owner is the specified user, great! They can edit.
- if ($extender->getOwnerGUID() == $user->getGUID()) {
+ if ($extender->getOwnerGUID() == $user_guid) {
return true;
}
// If the user can edit the entity this is attached to, great! They can edit.
- if (can_edit_entity($extender->entity_guid, $user->getGUID())) {
+ if (can_edit_entity($extender->entity_guid, $user_guid)) {
return true;
}
- // Trigger plugin hooks
+ // Trigger plugin hook - note that $user may be null
$params = array('entity' => $extender->getEntity(), 'user' => $user);
return elgg_trigger_plugin_hook('permissions_check', $type, $params, false);
}