From e4ec0953685ae79c7fe9e15b318b369dfb29839b Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sat, 29 May 2010 02:03:52 +0000
Subject: Merging [6091] to trunk.

git-svn-id: http://code.elgg.org/elgg/trunk@6282 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/groups/actions/forums/deletetopic.php | 19 ++++++++-----------
 mod/groups/actions/forums/editpost.php    | 13 ++++---------
 2 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/mod/groups/actions/forums/deletetopic.php b/mod/groups/actions/forums/deletetopic.php
index 1095fc44a..313e87199 100644
--- a/mod/groups/actions/forums/deletetopic.php
+++ b/mod/groups/actions/forums/deletetopic.php
@@ -9,34 +9,31 @@
 	 * @copyright Curverider Ltd 2008-2010
 	 * @link http://elgg.org/
 	 */
-
-	// Make sure we're logged in; forward to the front page if not
-		if (!isloggedin()) forward();
 		
-	// Check the user is a group member
 	    $group_entity =  get_entity(get_input('group'));
-	    if (!$group_entity->isMember($vars['user'])) forward();
 
 	// Get input data
 		$topic_guid = (int) get_input('topic');
 		$group_guid = (int) get_input('group');
 		
-	// Make sure we actually have permission to edit
 		$topic = get_entity($topic_guid);
 		if ($topic->getSubtype() == "groupforumtopic") {
-	
-		// Get owning user
-			//	$owner = get_entity($topic->getOwner());
+
+	// Make sure we actually have permission to edit
+			if (!$topic->canEdit()) {
+				register_error(elgg_echo("groupstopic:notdeleted"));
+				forward(REFERER);
+			}
+
 		// Delete it!
 				$rowsaffected = $topic->delete();
 				if ($rowsaffected > 0) {
 		// Success message
 					system_message(elgg_echo("groupstopic:deleted"));
 				} else {
-					system_message(elgg_echo("groupstopic:notdeleted"));
+					register_error(elgg_echo("groupstopic:notdeleted"));
 				}
 		// Forward to the group forum page
-	        global $CONFIG;
 	        $url = $CONFIG->wwwroot . "pg/groups/forum/{$group_guid}/";
 			forward($url);
 		
diff --git a/mod/groups/actions/forums/editpost.php b/mod/groups/actions/forums/editpost.php
index d30fad31f..5ce1fac13 100644
--- a/mod/groups/actions/forums/editpost.php
+++ b/mod/groups/actions/forums/editpost.php
@@ -10,13 +10,9 @@
 	 * @link http://elgg.com/
 	 */
 
-    // Make sure we're logged in (send us to the front page if not)
-		if (!isloggedin()) forward();
 		
-	// Check the user is a group member
 		$group_guid = get_input('group');
 	    $group_entity =  get_entity($group_guid);
-	    if (!$group_entity->isMember($vars['user'])) forward();
 	    
 	//get the required variables
 		$post = get_input("post");
@@ -27,25 +23,24 @@
 		$access_id = $annotation->access_id;
 		$topic = get_input("topic");
 		
-		if($annotation){
+		if ($annotation) {
 			
 			//can edit? Either the comment owner or admin can
-			if(groups_can_edit_discussion($annotation, page_owner_entity()->owner_guid)){
+			if (groups_can_edit_discussion($annotation, page_owner_entity()->owner_guid)) {
 				
 				update_annotation($post, "group_topic_post", $post_comment, "",$commentOwner, $access_id);
 			    system_message(elgg_echo("groups:forumpost:edited"));
 				   
-			}else{
+			} else {
 				system_message(elgg_echo("groups:forumpost:error"));
 			}
 			
-		}else{
+		} else {
 			
 				system_message(elgg_echo("groups:forumpost:error"));
 		}
 		
 		// Forward to the group forum page
-	    global $CONFIG;
 	    $url = $CONFIG->wwwroot . "mod/groups/topicposts.php?topic={$topic}&group_guid={$group_guid}/";
 		forward($url);
   
-- 
cgit v1.2.3