From 5db44b98b35b176cae0f43641441d4d294a35507 Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 20 Feb 2009 14:39:13 +0000 Subject: Closes #784: Action now checks that the user is the logged in user's friend before invite. git-svn-id: https://code.elgg.org/elgg/trunk@2860 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/groups/actions/addtogroup.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/groups/actions/addtogroup.php b/mod/groups/actions/addtogroup.php index 14017cc7d..0928c80c9 100644 --- a/mod/groups/actions/addtogroup.php +++ b/mod/groups/actions/addtogroup.php @@ -28,8 +28,9 @@ $user = get_entity($u_id); $group = get_entity($group_guid); - if ( $user && $group) { + if ( $user && $group) { + if ($_SESSION['user']->getGUID() == $group->owner_guid) { $requests = $user->group_join_request; @@ -74,9 +75,15 @@ $methods[] = $group->getGUID(); $methods = array_unique($methods); + $logged_in_user = get_loggedin_user(); + // Set invite flag //if (!$user->setMetaData('group_invite', $group->getGUID(), "", true)) - if (!$user->setMetaData('group_invite', $methods)) { + if ( + (!$user->setMetaData('group_invite', $methods)) || + (!$user->isFriend()) + ) + { //if (!$user->group_invite = $methods) { register_error(elgg_echo("groups:usernotinvited")); } -- cgit v1.2.3