From 84f5b437767ee21c21cff025660a16839f9ac372 Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Mon, 23 Jan 2012 17:45:29 -0800
Subject: Fixes #1196. Added elgg_set_ignore_access() calls to disable_entity()
 when called with recursive = true.

---
 engine/lib/entities.php          |  6 ++++++
 engine/tests/objects/objects.php | 45 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index f3bf9fb29..67011b802 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -1378,6 +1378,10 @@ function disable_entity($guid, $reason = "", $recursive = true) {
 				}
 
 				if ($recursive) {
+					$hidden = access_get_show_hidden_status();
+					access_show_hidden_entities(true);
+					$ia = elgg_set_ignore_access(true);
+					
 					$sub_entities = get_data("SELECT * FROM {$CONFIG->dbprefix}entities
 						WHERE (
 						container_guid = $guid
@@ -1391,6 +1395,8 @@ function disable_entity($guid, $reason = "", $recursive = true) {
 							$e->disable($reason);
 						}
 					}
+					access_show_hidden_entities($hidden);
+					elgg_set_ignore_access($ia);
 				}
 
 				$entity->disableMetadata();
diff --git a/engine/tests/objects/objects.php b/engine/tests/objects/objects.php
index 0d0df6b75..cd507d5ab 100644
--- a/engine/tests/objects/objects.php
+++ b/engine/tests/objects/objects.php
@@ -194,7 +194,50 @@ class ElggCoreObjectTest extends ElggCoreUnitTest {
 		$old = elgg_set_ignore_access(true);
 	}
 
-
+	// see http://trac.elgg.org/ticket/1196
+	public function testElggEntityRecursiveDisableWhenLoggedOut() {
+		$e1 = new ElggObject();
+		$e1->access_id = ACCESS_PUBLIC;
+		$e1->owner_guid = 0;
+		$e1->container_guid = 0;
+		$e1->save();
+		$guid1 = $e1->getGUID();
+
+		$e2 = new ElggObject();
+		$e2->container_guid = $guid1;
+		$e2->access_id = ACCESS_PUBLIC;
+		$e2->owner_guid = 0;
+		$e2->save();
+		$guid2 = $e2->getGUID();
+
+		// fake being logged out
+		$user = $_SESSION['user'];
+		unset($_SESSION['user']);
+		$ia = elgg_set_ignore_access(true);
+
+		$this->assertTrue(disable_entity($guid1, null, true));
+
+		// "log in" original user
+		$_SESSION['user'] = $user;
+		elgg_set_ignore_access($ia);
+
+		$this->assertFalse(get_entity($guid1));
+		$this->assertFalse(get_entity($guid2));
+
+		$db_prefix = get_config('dbprefix');
+		$q = "SELECT * FROM {$db_prefix}entities WHERE guid = $guid1";
+		$r = get_data_row($q);
+		$this->assertEqual('no', $r->enabled);
+
+		$q = "SELECT * FROM {$db_prefix}entities WHERE guid = $guid2";
+		$r = get_data_row($q);
+		$this->assertEqual('no', $r->enabled);
+
+		access_show_hidden_entities(true);
+		delete_entity($guid1);
+		delete_entity($guid2);
+		access_show_hidden_entities(false);
+	}
 
 	protected function get_object_row($guid) {
 		global $CONFIG;
-- 
cgit v1.2.3