Permalink
Browse files

fix(pages): Prevent public "Missing access level" in write access field

This was previously being populated by default access on a non-edit form

Fixes #8905
  • Loading branch information...
beck24 committed Sep 16, 2015
1 parent 6ba6fa2 commit 4174b77438068ff583c0c9fb8866f00fd26d9421
Showing with 39 additions and 0 deletions.
  1. +39 −0 mod/pages/start.php
View
@@ -90,6 +90,9 @@ function pages_init() {
// register ecml views to parse
elgg_register_plugin_hook_handler('get_views', 'ecml', 'pages_ecml_views_hook');
// prevent public write access
elgg_register_plugin_hook_handler('view_vars', 'input/access', 'pages_write_access_vars');
}
/**
@@ -427,3 +430,39 @@ function pages_write_access_options_hook($hook, $type, $return_value, $params) {
return $return_value;
}
}
/**
* Called on view_vars, input/access hook
* Prevent ACCESS_PUBLIC from ending up as a write access option
*
* @param string $hook
* @param string $type
* @param array $return
* @param array $params
* @return array
*/
function pages_write_access_vars($hook, $type, $return, $params) {
if ($return['name'] != 'write_access_id') {
return $return;
}
if ($return['purpose'] != 'write') {
return $return;
}
if ($return['value'] != ACCESS_PUBLIC && $return['value'] != ACCESS_DEFAULT) {
return $return;
}
$default_access = get_default_access();
if ($return['value'] == ACCESS_PUBLIC || $default_access == ACCESS_PUBLIC) {
// is the value public, or default which resolves to public?
// if so we'll set it to logged in, the next most permissible write access level
$return['value'] = ACCESS_LOGGED_IN;
}
return $return;
}

0 comments on commit 4174b77

Please sign in to comment.