diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2012-05-01 18:24:13 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2012-05-01 18:24:13 -0700 |
commit | 7303e0b19adae0a3fa5db139e3fafb310dd43485 (patch) | |
tree | 8923bfae644c54a5c93a7df8114b27dc035d8e72 /mod/pages | |
parent | c0c5c0f81f40b5d72048e74842a650f974cefcd7 (diff) | |
download | elgg-7303e0b19adae0a3fa5db139e3fafb310dd43485.tar.gz elgg-7303e0b19adae0a3fa5db139e3fafb310dd43485.tar.bz2 |
Fixes #1830. Removed access and write access inputs for non-owners and non-admins.
Diffstat (limited to 'mod/pages')
-rw-r--r-- | mod/pages/actions/pages/edit.php | 14 | ||||
-rw-r--r-- | mod/pages/lib/pages.php | 2 | ||||
-rw-r--r-- | mod/pages/views/default/forms/pages/edit.php | 15 |
3 files changed, 27 insertions, 4 deletions
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index 6950d4b2f..a32e4a4ba 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -47,7 +47,19 @@ if ($page_guid) { } if (sizeof($input) > 0) { + // don't change access if not an owner/admin + $user = elgg_get_logged_in_user_entity(); + $can_change_access = true; + + if ($user && $page) { + $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid; + } + foreach ($input as $name => $value) { + if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) { + continue; + } + $page->$name = $value; } } @@ -74,6 +86,6 @@ if ($page->save()) { forward($page->getURL()); } else { - register_error(elgg_echo('pages:error:no_save')); + register_error(elgg_echo('pages:error:notsaved')); forward(REFERER); } diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php index 5c5323d6f..dbf7b8917 100644 --- a/mod/pages/lib/pages.php +++ b/mod/pages/lib/pages.php @@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) { } } } -} +}
\ No newline at end of file diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php index 20737a121..9469f5eb9 100644 --- a/mod/pages/views/default/forms/pages/edit.php +++ b/mod/pages/views/default/forms/pages/edit.php @@ -6,7 +6,18 @@ */ $variables = elgg_get_config('pages'); +$user = elgg_get_logged_in_user_entity(); +$entity = elgg_extract('entity', $vars); +$can_change_access = true; +if ($user && $entity) { + $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid); +} + foreach ($variables as $name => $type) { + // don't show read / write access inputs for non-owners or admin when editing + if (($type == 'access' || $type == 'write_access') && !$can_change_access) { + continue; + } ?> <div> <label><?php echo elgg_echo("pages:$name") ?></label> @@ -14,8 +25,8 @@ foreach ($variables as $name => $type) { if ($type != 'longtext') { echo '<br />'; } - ?> - <?php echo elgg_view("input/$type", array( + + echo elgg_view("input/$type", array( 'name' => $name, 'value' => $vars[$name], )); |