From 5db44b98b35b176cae0f43641441d4d294a35507 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 20 Feb 2009 14:39:13 +0000
Subject: Closes #784: Action now checks that the user is the logged in user's
 friend before invite.

git-svn-id: https://code.elgg.org/elgg/trunk@2860 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/groups/actions/addtogroup.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'mod/groups')

diff --git a/mod/groups/actions/addtogroup.php b/mod/groups/actions/addtogroup.php
index 14017cc7d..0928c80c9 100644
--- a/mod/groups/actions/addtogroup.php
+++ b/mod/groups/actions/addtogroup.php
@@ -28,8 +28,9 @@
 		
 		$user = get_entity($u_id);
 		$group = get_entity($group_guid);
-		if ( $user && $group) {
 		
+		if ( $user && $group) {
+			
 			if ($_SESSION['user']->getGUID() == $group->owner_guid)
 			{
 				$requests = $user->group_join_request;
@@ -74,9 +75,15 @@
 					$methods[] = $group->getGUID();
 					$methods = array_unique($methods);
 					
+					$logged_in_user = get_loggedin_user();
+					
 					// Set invite flag
 					//if (!$user->setMetaData('group_invite', $group->getGUID(), "", true))
-					if (!$user->setMetaData('group_invite', $methods)) {
+					if (
+						(!$user->setMetaData('group_invite', $methods)) ||
+						(!$user->isFriend())
+					) 
+					{
 					//if (!$user->group_invite = $methods) { 
 						register_error(elgg_echo("groups:usernotinvited"));
 					}
-- 
cgit v1.2.3