From 346d082dae4da3908f7c7a6b8b9946768e19f5d6 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 20 Mar 2011 23:34:10 +0000
Subject: Fixes #2974 using canWriteToContainer() to control access to creating
 group content

git-svn-id: http://code.elgg.org/elgg/trunk@8795 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/classes/ElggObject.php                                |  2 +-
 mod/blog/lib/blog.php                                        |  2 +-
 mod/groups/actions/discussion/reply/save.php                 |  2 +-
 mod/groups/actions/discussion/save.php                       |  2 +-
 mod/groups/languages/en.php                                  |  1 +
 mod/groups/lib/discussion.php                                | 11 ++++++++---
 mod/groups/start.php                                         | 12 +++++++-----
 .../views/default/river/object/groupforumtopic/create.php    |  2 +-
 8 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/engine/classes/ElggObject.php b/engine/classes/ElggObject.php
index f71801144..caccfb038 100644
--- a/engine/classes/ElggObject.php
+++ b/engine/classes/ElggObject.php
@@ -211,7 +211,7 @@ class ElggObject extends ElggEntity {
 
 		// must be member of group
 		if (elgg_instanceof($this->getContainerEntity(), 'group')) {
-			if (!$this->getContainerEntity()->isMember(get_user($user_guid))) {
+			if (!$this->getContainerEntity()->canWriteToContainer(get_user($user_guid))) {
 				return false;
 			}
 		}
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index df307d70e..83e6c84ee 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -87,7 +87,7 @@ function blog_get_page_content_list($container_guid = NULL) {
 
 		if (elgg_instanceof($container, 'group')) {
 			$return['filter'] = '';
-			if ($container->isMember(elgg_get_logged_in_user_entity())) {
+			if ($container->canWriteToContainer()) {
 				$url = "blog/add/$container->guid";
 				$params = array(
 					'href' => $url,
diff --git a/mod/groups/actions/discussion/reply/save.php b/mod/groups/actions/discussion/reply/save.php
index e535856da..109938dbb 100644
--- a/mod/groups/actions/discussion/reply/save.php
+++ b/mod/groups/actions/discussion/reply/save.php
@@ -25,7 +25,7 @@ if (!$topic) {
 $user = get_loggedin_user();
 
 $group = $topic->getContainerEntity();
-if (!$group->isMember($user)) {
+if (!$group->canWriteToContainer($user)) {
 	register_error(elgg_echo('groups:notmember'));
 	forward(REFERER);
 }
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index 0b5d3b51c..a51775cd6 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -21,7 +21,7 @@ if (!$title || !$desc) {
 }
 
 $container = get_entity($container_guid);
-if (!$container || (!$container->isMember() && !$container->canEdit())) {
+if (!$container || !$container->canWriteToContainer()) {
 	register_error(elgg_echo('discussion:error:permissions'));
 	forward(REFERER);
 }
diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php
index dbdc0a128..50baeb8c7 100644
--- a/mod/groups/languages/en.php
+++ b/mod/groups/languages/en.php
@@ -38,6 +38,7 @@ $english = array(
 	'groups:widget:membership' => 'Group membership',
 	'groups:widgets:description' => 'Display the groups you are a member of on your profile',
 	'groups:noaccess' => 'No access to group',
+	'groups:permissions:error' => 'You do not have the permissions for this',
 	'groups:ingroup' => 'in the group',
 	'groups:cantedit' => 'You can not edit this group',
 	'groups:saved' => 'Group saved',
diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php
index fb70d6c00..1813c87aa 100644
--- a/mod/groups/lib/discussion.php
+++ b/mod/groups/lib/discussion.php
@@ -67,7 +67,7 @@ function discussion_handle_list_page($guid) {
 		'filter' => '',
 	);
 
-	if (!$group->isMember() && !$group->canEdit()) {
+	if (!$group->canWriteToContainer()) {
 		$params['buttons'] = '';
 	}
 
@@ -91,7 +91,12 @@ function discussion_handle_edit_page($type, $guid) {
 			register_error(elgg_echo('group:notfound'));
 			forward();
 		}
-		group_gatekeeper();
+
+		// make sure user has permissions to write to container
+		if (!$group->canWriteToContainer()) {
+			register_error(elgg_echo('groups:permissions:error'));
+			forward($group->getURL());
+		}
 
 		$title = elgg_echo('groups:addtopic');
 
@@ -169,7 +174,7 @@ function discussion_handle_view_page($guid) {
 			'show_add_form' => false,
 		));
 		$content .= elgg_view('discussion/closed');
-	} elseif ($group->isMember() || elgg_is_admin_logged_in()) {
+	} elseif ($group->canWriteToContainer() || elgg_is_admin_logged_in()) {
 		$content .= elgg_view('discussion/replies', array(
 			'entity' => $topic,
 			'show_add_form' => true,
diff --git a/mod/groups/start.php b/mod/groups/start.php
index 18fb9abd5..e04485bb2 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -392,13 +392,15 @@ function groups_read_acl_plugin_hook($hook, $entity_type, $returnvalue, $params)
  */
 function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params) {
 	$page_owner = elgg_get_page_owner_entity();
-	if (!$loggedin = elgg_get_logged_in_user_entity()) {
+	$user_guid = $params['user_id'];
+	$user = get_entity($user_guid);
+	if (!$user) {
 		return $returnvalue;
 	}
 
 	// only insert group access for current group
-	if ($page_owner instanceof ElggGroup && $loggedin) {
-		if ($page_owner->isMember($loggedin)) {
+	if ($page_owner instanceof ElggGroup) {
+		if ($page_owner->canWriteToContainer($user_guid)) {
 			$returnvalue[$page_owner->group_acl] = elgg_echo('groups:group') . ': ' . $page_owner->name;
 
 			unset($returnvalue[ACCESS_FRIENDS]);
@@ -408,7 +410,7 @@ function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params
 		// this won't be a problem once the group itself owns the acl.
 		$groups = elgg_get_entities_from_relationship(array(
 					'relationship' => 'member',
-					'relationship_guid' => $loggedin->getGUID(),
+					'relationship_guid' => $user_guid,
 					'inverse_relationship' => FALSE,
 					'limit' => 999
 				));
@@ -707,7 +709,7 @@ function discussion_add_to_river_menu($hook, $type, $return, $params) {
 		if (elgg_instanceof($object, 'object', 'groupforumtopic')) {
 			if ($item->annotation_id == 0) {
 				$group = $object->getContainerEntity();
-				if ($group->isMember() || elgg_is_admin_logged_in()) {
+				if ($group->canWriteToContainer() || elgg_is_admin_logged_in()) {
 					$options = array(
 						'name' => 'reply',
 						'href' => "#groups-reply-$object->guid",
diff --git a/mod/groups/views/default/river/object/groupforumtopic/create.php b/mod/groups/views/default/river/object/groupforumtopic/create.php
index 2c914c3f8..ca4747338 100644
--- a/mod/groups/views/default/river/object/groupforumtopic/create.php
+++ b/mod/groups/views/default/river/object/groupforumtopic/create.php
@@ -34,7 +34,7 @@ if ($excerpt) {
 	echo '</div>';
 }
 
-if (elgg_is_logged_in() && $container->isMember(elgg_get_logged_in_user_entity())) {
+if (elgg_is_logged_in() && $container->canWriteToContainer()) {
 	// inline comment form
 	echo elgg_view_form('discussion/reply/save', array(
 		'id' => "groups-reply-{$object->getGUID()}",
-- 
cgit v1.2.3