From a13d5f5407736e0f9811a541a20bbfe08747970d Mon Sep 17 00:00:00 2001 From: kevinjardine Date: Thu, 26 Feb 2009 17:56:05 +0000 Subject: Fixes to container permissions and widgets to allow default widgets to work with the Elgg permissions system. git-svn-id: https://code.elgg.org/elgg/trunk@2968 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/entities.php | 4 ++-- engine/lib/widgets.php | 14 ++++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 3597040c9..e9747d15c 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1321,14 +1321,14 @@ $container = get_entity($container_guid); - if (($container) && ($user)) + if ($container) { // If the user can edit the container, they can also write to it if ($container->canEdit($user_guid)) return true; // Basics, see if the user is a member of the group. - if ($container instanceof ElggGroup) { + if ($user && $container instanceof ElggGroup) { if (!$container->isMember($user)) { return false; } else { diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php index 02ef721e4..d363f0c78 100644 --- a/engine/lib/widgets.php +++ b/engine/lib/widgets.php @@ -221,9 +221,10 @@ * @param string $context The page context for this widget * @param int $order The order to display this widget in * @param int $column The column to display this widget in (1, 2 or 3) + * @param int $access_id If not specified, it is set to the default access level * @return true|false Depending on success */ - function add_widget($user_guid, $handler, $context, $order = 0, $column = 1) { + function add_widget($user_guid, $handler, $context, $order = 0, $column = 1, $access_id = null) { if (empty($user_guid) || empty($context) || empty($handler) || !widget_type_exists($handler)) return false; @@ -233,12 +234,13 @@ $widget = new ElggWidget; $widget->owner_guid = $user_guid; $widget->container_guid = $user_guid; - $widget->access_id = get_default_access(); - // private widgets don't makes sense, correct? - if ($widget->access_id == ACCESS_PRIVATE) - $widget->access_id = ACCESS_LOGGED_IN; // change to ACCESS_FRIENDS when implemented + if (isset($access_id)) { + $widget->access_id = $access_id; + } else { + $widget->access_id = get_default_access(); + } - if (!$widget->save()) + if (!$widget->save()) return false; $widget->handler = $handler; -- cgit v1.2.3