From 2f2c710cb6027557f5394d34e99b42b4289b5c71 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Fri, 21 Oct 2011 07:24:57 -0400 Subject: Fixes #3989 fixed access of non-object property in access lib --- engine/lib/access.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'engine') diff --git a/engine/lib/access.php b/engine/lib/access.php index ae64f832a..002413baa 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -981,17 +981,17 @@ function access_init() { */ function elgg_override_permissions($hook, $type, $value, $params) { $user = elgg_extract('user', $params); - if (!$user) { - $user = elgg_get_logged_in_user_entity(); + if ($user) { + $user_guid = $user->getGUID(); + } else { + $user_guid = elgg_get_logged_in_user_guid(); } - // don't do this so ignore access still works. + // don't do this so ignore access still works with no one logged in // if (!$user instanceof ElggUser) { // return false; // } - $user_guid = $user->guid; - // check for admin if ($user_guid && elgg_is_admin_user($user_guid)) { return true; -- cgit v1.2.3 From 8133f364fc689e5068b1c4ca70e7cf4057a5694c Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Fri, 21 Oct 2011 07:29:46 -0400 Subject: fixed access of non-object property in entities lib --- engine/lib/entities.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'engine') diff --git a/engine/lib/entities.php b/engine/lib/entities.php index f1352ba8d..1f6434533 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -530,12 +530,12 @@ $container_guid = 0) { $container_guid = $owner_guid; } - $user = elgg_get_logged_in_user_entity(); - if (!can_write_to_container($user->guid, $owner_guid, $type, $subtype)) { + $user_guid = elgg_get_logged_in_user_guid(); + if (!can_write_to_container($user_guid, $owner_guid, $type, $subtype)) { return false; } if ($owner_guid != $container_guid) { - if (!can_write_to_container($user->guid, $container_guid, $type, $subtype)) { + if (!can_write_to_container($user_guid, $container_guid, $type, $subtype)) { return false; } } -- cgit v1.2.3 From 343b52d48e7ca7b2381387198c47d3bb1a2ed6e1 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Fri, 21 Oct 2011 07:34:21 -0400 Subject: Fixes #3988 correctly passing user_guid through canEdit for metadata --- engine/classes/ElggMetadata.php | 6 ++++-- engine/lib/entities.php | 7 ++++++- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'engine') diff --git a/engine/classes/ElggMetadata.php b/engine/classes/ElggMetadata.php index ed3f8614f..32e7b32f1 100644 --- a/engine/classes/ElggMetadata.php +++ b/engine/classes/ElggMetadata.php @@ -45,11 +45,13 @@ class ElggMetadata extends ElggExtender { /** * Determines whether or not the user can edit this piece of metadata * + * @param int $user_guid The GUID of the user (defaults to currently logged in user) + * * @return true|false Depending on permissions */ - function canEdit() { + function canEdit($user_guid = 0) { if ($entity = get_entity($this->get('entity_guid'))) { - return $entity->canEditMetadata($this); + return $entity->canEditMetadata($this, $user_guid); } return false; } diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 1f6434533..fcd4544bf 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1837,7 +1837,12 @@ function can_edit_entity_metadata($entity_guid, $user_guid = 0, $metadata = null $return = can_edit_entity($entity_guid, $user_guid); } - $user = get_entity($user_guid); + if ($user_guid) { + $user = get_entity($user_guid); + } else { + $user = elgg_get_logged_in_user_entity(); + } + $params = array('entity' => $entity, 'user' => $user, 'metadata' => $metadata); $return = elgg_trigger_plugin_hook('permissions_check:metadata', $entity->type, $params, $return); return $return; -- cgit v1.2.3 From 6628e7db7895855784e43fce74c7dec41f01c2dc Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Fri, 21 Oct 2011 07:37:10 -0400 Subject: updated ElggSite::disable() to conform to ElggEntity::disable() --- engine/classes/ElggSite.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'engine') diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php index 8708800cf..16b80b9d3 100644 --- a/engine/classes/ElggSite.php +++ b/engine/classes/ElggSite.php @@ -190,18 +190,19 @@ class ElggSite extends ElggEntity { * @note You cannot disable the current site. * * @param string $reason Optional reason for disabling + * @param bool $recursive Recursively disable all contained entities? * * @return bool * @throws SecurityException */ - public function disable($reason = "") { + public function disable($reason = "", $recursive = true) { global $CONFIG; if ($CONFIG->site->getGUID() == $this->guid) { throw new SecurityException('SecurityException:deletedisablecurrentsite'); } - return parent::disable($reason); + return parent::disable($reason, $recursive); } /** @@ -225,7 +226,7 @@ class ElggSite extends ElggEntity { 'offset' => $offset, ); } - + $defaults = array( 'relationship' => 'member_of_site', 'relationship_guid' => $this->getGUID(), -- cgit v1.2.3 From 7ef727bfa242015d3ca7ab22671ec020006f0b4e Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Fri, 21 Oct 2011 21:03:37 -0400 Subject: don't set default filestore if we don't have a dataroot --- engine/lib/filestore.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'engine') diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php index a7aa1ff8c..a13d8aa27 100644 --- a/engine/lib/filestore.php +++ b/engine/lib/filestore.php @@ -483,8 +483,10 @@ function filestore_init() { global $CONFIG; // Now register a default filestore - set_default_filestore(new ElggDiskFilestore($CONFIG->dataroot)); - + if (isset($CONFIG->dataroot)) { + set_default_filestore(new ElggDiskFilestore($CONFIG->dataroot)); + } + // Now run this stuff, but only once run_function_once("filestore_run_once"); } -- cgit v1.2.3