Closes #784: Action now checks that the user is the logged in user's friend before invite.

git-svn-id: https://code.elgg.org/elgg/trunk@2860 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 9 insertions, 2 deletions

diff --git a/mod/groups/actions/addtogroup.php b/mod/groups/actions/addtogroup.php
index 14017cc7d..0928c80c9 100644
--- a/mod/groups/actions/addtogroup.php
+++ b/mod/groups/actions/addtogroup.php
@@ -28,8 +28,9 @@
 		
 		$user = get_entity($u_id);
 		$group = get_entity($group_guid);
-		if ( $user && $group) {
 		
+		if ( $user && $group) {
+			
 			if ($_SESSION['user']->getGUID() == $group->owner_guid)
 			{
 				$requests = $user->group_join_request;
@@ -74,9 +75,15 @@
 					$methods[] = $group->getGUID();
 					$methods = array_unique($methods);
 					
+					$logged_in_user = get_loggedin_user();
+					
 					// Set invite flag
 					//if (!$user->setMetaData('group_invite', $group->getGUID(), "", true))
-					if (!$user->setMetaData('group_invite', $methods)) {
+					if (
+						(!$user->setMetaData('group_invite', $methods)) ||
+						(!$user->isFriend())
+					) 
+					{
 					//if (!$user->group_invite = $methods) { 
 						register_error(elgg_echo("groups:usernotinvited"));
 					}