Merge Elgg 1.8.3.

4 files changed, 19 insertions, 13 deletions

diff --git a/mod/groups/actions/discussion/reply/save.php b/mod/groups/actions/discussion/reply/save.php
index a1ed036b6..f8be8aa2c 100644
--- a/mod/groups/actions/discussion/reply/save.php
+++ b/mod/groups/actions/discussion/reply/save.php
@@ -4,8 +4,6 @@
  *
  */
 
-gatekeeper();
-
 // Get input
 $entity_guid = (int) get_input('entity_guid');
 $text = get_input('group_topic_post');
@@ -23,10 +21,10 @@ if (!$topic) {
 	forward(REFERER);
 }
 
-$user = get_loggedin_user();
+$user = elgg_get_logged_in_user_entity();
 
 $group = $topic->getContainerEntity();
-if (!$group->canWriteToContainer($user)) {
+if (!$group->canWriteToContainer()) {
 	register_error(elgg_echo('groups:notmember'));
 	forward(REFERER);
 }
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index a51775cd6..de4afadfb 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -21,7 +21,7 @@ if (!$title || !$desc) {
 }
 
 $container = get_entity($container_guid);
-if (!$container || !$container->canWriteToContainer()) {
+if (!$container || !$container->canWriteToContainer(0, 'object', 'groupforumtopic')) {
 	register_error(elgg_echo('discussion:error:permissions'));
 	forward(REFERER);
 }
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index c4cf6667e..b513a6098 100644
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -89,14 +89,10 @@ if ($new_group_flag) {
 
 $group->save();
 
-// group creator needs to be member of new group and river entry created
-if ($new_group_flag) {
-	elgg_set_page_owner_guid($group->guid);
-	$group->join($user);
-	add_to_river('river/group/create', 'create', $user->guid, $group->guid);
-}
-
 // Invisible group support
+// @todo this requires save to be called to create the acl for the group. This
+// is an odd requirement and should be removed. Either the acl creation happens
+// in the action or the visibility moves to a plugin hook
 if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
 	$visibility = (int)get_input('vis', '', false);
 	if ($visibility != ACCESS_PUBLIC && $visibility != ACCESS_LOGGED_IN) {
@@ -105,10 +101,18 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
 
 	if ($group->access_id != $visibility) {
 		$group->access_id = $visibility;
-		$group->save();
 	}
 }
 
+$group->save();
+
+// group creator needs to be member of new group and river entry created
+if ($new_group_flag) {
+	elgg_set_page_owner_guid($group->guid);
+	$group->join($user);
+	add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id);
+}
+
 // Now see if we have a file icon
 if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) {
 
diff --git a/mod/groups/actions/groups/membership/delete_invite.php b/mod/groups/actions/groups/membership/delete_invite.php
index 4b654f0b6..d21aa0309 100644
--- a/mod/groups/actions/groups/membership/delete_invite.php
+++ b/mod/groups/actions/groups/membership/delete_invite.php
@@ -9,7 +9,11 @@ $user_guid = get_input('user_guid', elgg_get_logged_in_user_guid());
 $group_guid = get_input('group_guid');
 
 $user = get_entity($user_guid);
+
+// invisible groups require overriding access to delete invite
+$old_access = elgg_set_ignore_access(true);
 $group = get_entity($group_guid);
+elgg_set_ignore_access($old_access);
 
 // If join request made
 if (check_entity_relationship($group->guid, 'invited', $user->guid)) {