Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
can_write_to_container() with a group ignores owner_guid (Trac #3722) #3722
cash wrote on 41760490-01-20
can_write_to_container() is called from
For the plugin usage, a user may or may not be logged in, but in the cases of a logged out user, it is expected that false is returned.
For create_entity(), we allow logged out users to create entities so that they can register. Further, there may be additional cases for this from 3rd party plugins.
In addition to fixing the bug described in this ticket, the commit also fixed a bug where the user object passed to the plugin hook was ignored by elgg_override_permissions_hook(). This probably should have been its own ticket. This secondary fix introduced the bug that was fixed in [72a8ae0]. The primary fix introduced a bug of the same variety as that one into can_write_to_container().
The fix looks simple - just add a check that the $user variable is non-null in the check for the $container variable being non-null.
I recommend that we add something into our best practices about checking object variables before calling a method on the object.