Skip to content

Commit

Permalink
Merge pull request #13776 from jeabakker/group-join
Browse files Browse the repository at this point in the history 
Group join
  • Loading branch information
@jeabakker
jeabakker committed Nov 16, 2021
2 parents c6b1c5b + d9fcad7 commit 048caee
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 6 deletions.
10 changes: 10 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Security policy

- Please report any security issue to **security @ elgg . org**
- Please do not post any security issues on GitHub
- Read [Reporting issues][1] on how to correctly report an issue

To see which versions of Elgg are currently supported, please check the [Support policy][2]

[1]: http://learn.elgg.org/en/stable/contribute/issues.html
[2]: http://learn.elgg.org/en/stable/appendix/support.html
8 changes: 6 additions & 2 deletions mod/groups/actions/groups/membership/delete_invite.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,12 @@
return get_entity($group_guid);
});

if (!$user && !($group instanceof \ElggGroup)) {
return elgg_error_response();
if (!$user && !$group instanceof \ElggGroup) {
return elgg_error_response(elgg_echo('error:missing_data'));
}

if (!$user->canEdit() && !$group->canEdit()) {
return elgg_error_response(elgg_echo('actionunauthorized'));
}

// If join request made
Expand Down
8 changes: 6 additions & 2 deletions mod/groups/actions/groups/membership/delete_request.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,12 @@
$user = get_user($user_guid);
$group = get_entity($group_guid);

if (!$user && !($group instanceof \ElggGroup)) {
return elgg_error_response();
if (!$user && !$group instanceof \ElggGroup) {
return elgg_error_response(elgg_echo('error:missing_data'));
}

if (!$user->canEdit() && !$group->canEdit()) {
return elgg_error_response(elgg_echo('actionunauthorized'));
}

// If join request made
Expand Down
6 changes: 5 additions & 1 deletion mod/groups/actions/groups/membership/join.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,14 @@
return get_entity($group_guid);
});

if (!$user || !($group instanceof \ElggGroup)) {
if (!$user || !$group instanceof \ElggGroup) {
return elgg_error_response(elgg_echo('groups:cantjoin'));
}

if (!$user->canEdit() && !$group->canEdit()) {
return elgg_error_response(elgg_echo('actionunauthorized'));
}

// join or request
$join = false;
if ($group->isPublicMembership() || $group->canEdit($user->guid)) {
Expand Down
6 changes: 5 additions & 1 deletion mod/groups/actions/groups/membership/leave.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,14 @@
$user = get_user($user_guid);
$group = get_entity($group_guid);

if (!$user || !($group instanceof \ElggGroup)) {
if (!$user || !$group instanceof \ElggGroup) {
return elgg_error_response(elgg_echo('groups:cantleave'));
}

if (!$user->canEdit() && !$group->canEdit()) {
return elgg_error_response(elgg_echo('actionunauthorized'));
}

if ($group->getOwnerGUID() === $user->guid) {
// owner can't be removed
return elgg_error_response(elgg_echo('groups:cantleave'));
Expand Down

0 comments on commit 048caee

Please sign in to comment.