diff options
| -rw-r--r-- | engine/lib/entities.php | 7 | ||||
| -rw-r--r-- | engine/lib/widgets.php | 1 |
2 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index a873fa67a..3597040c9 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1320,7 +1320,7 @@ if (!$container_guid) return true;
$container = get_entity($container_guid);
-
+
if (($container) && ($user))
{
@@ -1368,7 +1368,10 @@ $site_guid = (int) $site_guid;
if ($container_guid == 0) $container_guid = $owner_guid;
- if (!can_write_to_container($owner_guid, $container_guid, $type)) return false;
+ $user = get_loggedin_user();
+ if (!can_write_to_container($user->guid, $owner_guid, $type)) return false;
+ if ($owner_guid != $container_guid)
+ if (!can_write_to_container($user->guid, $container_guid, $type)) return false;
if ($type=="") throw new InvalidParameterException(elgg_echo('InvalidParameterException:EntityTypeNotSet'));
diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php index a455f8068..02ef721e4 100644 --- a/engine/lib/widgets.php +++ b/engine/lib/widgets.php @@ -232,6 +232,7 @@ $widget = new ElggWidget;
$widget->owner_guid = $user_guid;
+ $widget->container_guid = $user_guid;
$widget->access_id = get_default_access();
// private widgets don't makes sense, correct?
if ($widget->access_id == ACCESS_PRIVATE)
|