aboutsummaryrefslogtreecommitdiff
path: root/mod/notifications/actions
diff options
context:
space:
mode:
authorSem <sembrestels@riseup.net>2012-07-20 07:09:38 +0200
committerSem <sembrestels@riseup.net>2012-07-20 07:09:38 +0200
commit07b599a683760d2542014bb04a681463420a3565 (patch)
treecfcd06671529eeec7790fb70a8d490094d7942c9 /mod/notifications/actions
parentea0140d87534c3b10e489d13a1449ebb79da832d (diff)
parent174763bcbcd20812dc09f27b64908f9d71b523b9 (diff)
downloadelgg-07b599a683760d2542014bb04a681463420a3565.tar.gz
elgg-07b599a683760d2542014bb04a681463420a3565.tar.bz2
Merge branch 'lorea-preprod'
Conflicts: .gitmodules
Diffstat (limited to 'mod/notifications/actions')
-rw-r--r--mod/notifications/actions/groupsave.php29
-rw-r--r--mod/notifications/actions/save.php11
2 files changed, 32 insertions, 8 deletions
diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php
index c304cb856..7838f7e63 100644
--- a/mod/notifications/actions/groupsave.php
+++ b/mod/notifications/actions/groupsave.php
@@ -6,27 +6,42 @@
* @package ElggNotifications
*/
-// Load important global vars
-global $NOTIFICATION_HANDLERS;
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
// Get group memberships and condense them down to an array of guids
$groups = array();
-if ($groupmemberships = elgg_get_entities_from_relationship(array('relationship' => 'member', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'group', 'limit' => 9999))) {
+$options = array(
+ 'relationship' => 'member',
+ 'relationship_guid' => $user->guid,
+ 'types' => 'group',
+ 'limit' => 9999,
+);
+if ($groupmemberships = elgg_get_entities_from_relationship($options)) {
foreach($groupmemberships as $groupmembership) {
$groups[] = $groupmembership->guid;
}
-}
+}
+// Load important global vars
+global $NOTIFICATION_HANDLERS;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');
$collections[$method] = get_input($method.'collections');
if (!empty($groups)) {
foreach($groups as $group) {
- if (in_array($group,$subscriptions[$method])) {
- add_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group);
+ if (in_array($group, $subscriptions[$method])) {
+ add_entity_relationship($user->guid, 'notify'.$method, $group);
} else {
- remove_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group);
+ remove_entity_relationship($user->guid, 'notify'.$method, $group);
}
}
}
diff --git a/mod/notifications/actions/save.php b/mod/notifications/actions/save.php
index 163b656aa..3fe0001a3 100644
--- a/mod/notifications/actions/save.php
+++ b/mod/notifications/actions/save.php
@@ -6,9 +6,18 @@
* @package ElggNotifications
*/
-$user = elgg_get_logged_in_user_entity();
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
global $NOTIFICATION_HANDLERS;
+$subscriptions = array();
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');