From 5ca5347e6cc1d2a71412495b2bc2898fd12292e7 Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Thu, 7 Aug 2008 16:16:46 +0000
Subject: Fixed access permissions wrt groups

git-svn-id: https://code.elgg.org/elgg/trunk@1765 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/access.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'engine/lib/access.php')

diff --git a/engine/lib/access.php b/engine/lib/access.php
index d9f48e6e2..b290700eb 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -278,7 +278,11 @@
 			$user_guid = (int) $user_guid;
 			$collections = get_write_access_array();
 			
-			if (array_key_exists($collection_id, $collections) && $user = get_user($user_guid)) {
+			if (!($collection = get_access_collection($collection_id)))
+				return false;
+			
+			if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)
+					&& $user = get_user($user_guid)) {
 
 				global $CONFIG;
 				insert_data("insert into {$CONFIG->dbprefix}access_collection_membership set access_collection_id = {$collection_id}, user_guid = {$user_guid}");
@@ -303,7 +307,10 @@
 			$user_guid = (int) $user_guid;
 			$collections = get_write_access_array();
 			
-			if (array_key_exists($collection_id, $collections) && $user = get_user($user_guid)) {
+			if (!($collection = get_access_collection($collection_id)))
+				return false;
+			
+			if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user = get_user($user_guid)) {
 				
 				global $CONFIG;
 				delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id} and user_guid = {$user_guid}");
-- 
cgit v1.2.3