diff options
author | Steve Clay <steve@mrclay.org> | 2012-06-24 00:09:17 -0400 |
---|---|---|
committer | Steve Clay <steve@mrclay.org> | 2012-06-24 00:09:17 -0400 |
commit | 4a3c49240140449ef4c91c4b999a91b11380db3c (patch) | |
tree | 3d1e92342473e2fd90059d9abcfe88e79def9a25 /mod/notifications/actions/groupsave.php | |
parent | d71309056037adc869319566f9ec53313eb192d8 (diff) | |
download | elgg-4a3c49240140449ef4c91c4b999a91b11380db3c.tar.gz elgg-4a3c49240140449ef4c91c4b999a91b11380db3c.tar.bz2 |
Fixes #4138: Admin can edit any users' notifications
Diffstat (limited to 'mod/notifications/actions/groupsave.php')
-rw-r--r-- | mod/notifications/actions/groupsave.php | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php index c304cb856..7838f7e63 100644 --- a/mod/notifications/actions/groupsave.php +++ b/mod/notifications/actions/groupsave.php @@ -6,27 +6,42 @@ * @package ElggNotifications */ -// Load important global vars -global $NOTIFICATION_HANDLERS; +$current_user = elgg_get_logged_in_user_entity(); + +$guid = (int) get_input('guid', 0); +if (!$guid || !($user = get_entity($guid))) { + forward(); +} +if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) { + forward(); +} // Get group memberships and condense them down to an array of guids $groups = array(); -if ($groupmemberships = elgg_get_entities_from_relationship(array('relationship' => 'member', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'group', 'limit' => 9999))) { +$options = array( + 'relationship' => 'member', + 'relationship_guid' => $user->guid, + 'types' => 'group', + 'limit' => 9999, +); +if ($groupmemberships = elgg_get_entities_from_relationship($options)) { foreach($groupmemberships as $groupmembership) { $groups[] = $groupmembership->guid; } -} +} +// Load important global vars +global $NOTIFICATION_HANDLERS; foreach($NOTIFICATION_HANDLERS as $method => $foo) { $subscriptions[$method] = get_input($method.'subscriptions'); $personal[$method] = get_input($method.'personal'); $collections[$method] = get_input($method.'collections'); if (!empty($groups)) { foreach($groups as $group) { - if (in_array($group,$subscriptions[$method])) { - add_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group); + if (in_array($group, $subscriptions[$method])) { + add_entity_relationship($user->guid, 'notify'.$method, $group); } else { - remove_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group); + remove_entity_relationship($user->guid, 'notify'.$method, $group); } } } |