From 346d082dae4da3908f7c7a6b8b9946768e19f5d6 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 20 Mar 2011 23:34:10 +0000
Subject: Fixes #2974 using canWriteToContainer() to control access to creating
 group content

git-svn-id: http://code.elgg.org/elgg/trunk@8795 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/groups/start.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'mod/groups/start.php')

diff --git a/mod/groups/start.php b/mod/groups/start.php
index 18fb9abd5..e04485bb2 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -392,13 +392,15 @@ function groups_read_acl_plugin_hook($hook, $entity_type, $returnvalue, $params)
  */
 function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params) {
 	$page_owner = elgg_get_page_owner_entity();
-	if (!$loggedin = elgg_get_logged_in_user_entity()) {
+	$user_guid = $params['user_id'];
+	$user = get_entity($user_guid);
+	if (!$user) {
 		return $returnvalue;
 	}
 
 	// only insert group access for current group
-	if ($page_owner instanceof ElggGroup && $loggedin) {
-		if ($page_owner->isMember($loggedin)) {
+	if ($page_owner instanceof ElggGroup) {
+		if ($page_owner->canWriteToContainer($user_guid)) {
 			$returnvalue[$page_owner->group_acl] = elgg_echo('groups:group') . ': ' . $page_owner->name;
 
 			unset($returnvalue[ACCESS_FRIENDS]);
@@ -408,7 +410,7 @@ function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params
 		// this won't be a problem once the group itself owns the acl.
 		$groups = elgg_get_entities_from_relationship(array(
 					'relationship' => 'member',
-					'relationship_guid' => $loggedin->getGUID(),
+					'relationship_guid' => $user_guid,
 					'inverse_relationship' => FALSE,
 					'limit' => 999
 				));
@@ -707,7 +709,7 @@ function discussion_add_to_river_menu($hook, $type, $return, $params) {
 		if (elgg_instanceof($object, 'object', 'groupforumtopic')) {
 			if ($item->annotation_id == 0) {
 				$group = $object->getContainerEntity();
-				if ($group->isMember() || elgg_is_admin_logged_in()) {
+				if ($group->canWriteToContainer() || elgg_is_admin_logged_in()) {
 					$options = array(
 						'name' => 'reply',
 						'href' => "#groups-reply-$object->guid",
-- 
cgit v1.2.3