From 923b8585734658a4eb4af089696b3ae718871c80 Mon Sep 17 00:00:00 2001 From: ben Date: Mon, 21 Apr 2008 13:51:49 +0000 Subject: can_edit_entity now always returns false if the user is logged out git-svn-id: https://code.elgg.org/elgg/trunk@500 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/entities.php | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'engine/lib/entities.php') diff --git a/engine/lib/entities.php b/engine/lib/entities.php index bbb0f36af..febdea6aa 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -903,16 +903,27 @@ function can_edit_entity($entity_guid, $user_guid = 0) { if ($user_guid == 0) { - $user = $_SESSION['user']; + if (isset($_SESSION['user'])) { + $user = $_SESSION['user']; + } else { + $user = null; + } } else { $user = get_entity($user_guid); } - $entity = get_entity($entity_guid); + if ($entity = get_entity($entity_guid) && !is_null($user)) { - if ($entity->getOwner() == $user->getGUID()) return true; - if ($entity->type == "user" && $entity->getGUID() == $user->getGUID()) return true; + $entity = get_entity($entity_guid); + if ($entity->getOwner() == $user->getGUID()) return true; + if ($entity->type == "user" && $entity->getGUID() == $user->getGUID()) return true; + + return trigger_plugin_hook('permissions_check',$entity->type,array('entity' => $entity, 'user' => $user),false); - return trigger_plugin_hook('permissions_check',$entity->type,array('entity' => $entity, 'user' => $user),false); + } else { + + return false; + + } } -- cgit v1.2.3