Browse files

Fixed permissions in whole plugin.

  • Loading branch information...
1 parent 5e65d18 commit e9fa0ca8facbd2e88c2f102d69b4418520338c56 @sembrestels sembrestels committed Aug 24, 2012
Showing with 67 additions and 13 deletions.
  1. +2 −0 actions/tasks/comments/add.php
  2. +0 −9 lib/tasks.php
  3. +4 −3 pages/tasks/view.php
  4. +60 −0 start.php
  5. +1 −1 views/default/icon/object/task.php
View
2 actions/tasks/comments/add.php
@@ -5,6 +5,8 @@
* @package ElggTasks
*/
+group_gatekeeper();
+
elgg_load_library('elgg:tasks');
$entity_guid = (int) get_input('entity_guid');
View
9 lib/tasks.php
@@ -121,15 +121,6 @@ function tasks_get_entities($options) {
return elgg_get_entities_from_metadata($options);
}
-function tasks_can_edit($task) {
- $container = $task->getContainerEntity();
- if (elgg_instanceof($container, 'group')) {
- return $container->isMember();
- } else {
- return elgg_is_logged_in();
- }
-}
-
function tasks_get_actions_from_state($state){
switch($state) {
View
7 pages/tasks/view.php
@@ -35,7 +35,7 @@
$content = elgg_view_entity($entity, array('full_view' => true));
-if (!$list && $entity->canEdit()) {
+if (!elgg_instanceof($entity, 'object', 'task') && $container->canWriteToContainer(0, 'object', 'task')) {
elgg_load_js('elgg.tasks');
@@ -47,8 +47,9 @@
'link_class' => 'elgg-button elgg-button-action',
));
-} else {
- $content .= elgg_view_comments($entity);
+} elseif (elgg_instanceof($entity, 'object', 'task')) {
+ $can_comment = $entity->canEdit();
+ $content .= elgg_view_comments($entity, $can_comment);
}
$body = elgg_view_layout('content', array(
View
60 start.php
@@ -105,6 +105,10 @@ function tasks_init() {
));
}
+ // write permission plugin hooks
+ elgg_register_plugin_hook_handler('permissions_check', 'object', 'tasks_write_permission_check');
+ elgg_register_plugin_hook_handler('container_permissions_check', 'object', 'tasks_container_permission_check');
+
// icon url override
elgg_register_plugin_hook_handler('entity:icon:url', 'object', 'tasks_icon_url_override');
@@ -196,6 +200,62 @@ function tasks_url($entity) {
}
/**
+ * Extend permissions checking to extend can-edit for write users.
+ *
+ * @param unknown_type $hook
+ * @param unknown_type $entity_type
+ * @param unknown_type $returnvalue
+ * @param unknown_type $params
+ */
+function tasks_write_permission_check($hook, $entity_type, $returnvalue, $params)
+{
+ $entity = $params['entity'];
+ if ($entity->getSubtype() == 'task'
+ || $entity->getSubtype() == 'tasklist'
+ || $entity->getSubtype() == 'tasklist_top') {
+
+ $user = $params['user'];
+ $container = $entity->getContainerEntity();
+ if (elgg_instanceof($container, 'group')) {
+ return $container->canWriteToContainer($user->guid, 'object', $entity->getSubtype());
+ }
+ }
+}
+
+/**
+ * Extend container permissions checking to extend can_write_to_container for write users.
+ *
+ * @param unknown_type $hook
+ * @param unknown_type $entity_type
+ * @param unknown_type $returnvalue
+ * @param unknown_type $params
+ */
+/*
+function tasks_container_permission_check($hook, $entity_type, $returnvalue, $params) {
+
+ if (elgg_get_context() == "tasks") {
+ if (elgg_get_page_owner_guid()) {
+ if (can_write_to_container(elgg_get_logged_in_user_guid(), elgg_get_page_owner_guid())) return true;
+ }
+ if ($page_guid = get_input('task_guid',0)) {
+ $entity = get_entity($task_guid);
+ } else if ($parent_guid = get_input('list_guid',0)) {
+ $entity = get_entity($list_guid);
+ }
+ if ($entity instanceof ElggObject) {
+ if (
+ can_write_to_container(elgg_get_logged_in_user_guid(), $entity->container_guid)
+ || in_array($entity->write_access_id,get_access_list())
+ ) {
+ return true;
+ }
+ }
+ }
+
+}
+*/
+
+/**
* Override the default entity icon for tasks
*
* @return string Relative URL
View
2 views/default/icon/object/task.php
@@ -31,7 +31,7 @@
$img_class = $vars['img_class'];
}
-$use_hover = elgg_extract('use_hover', $vars, tasks_can_edit($task));
+$use_hover = elgg_extract('use_hover', $vars, $task->canEdit());
if (isset($vars['hover']) ) {
$use_hover = $vars['hover'];
}

0 comments on commit e9fa0ca

Please sign in to comment.