diff options
Diffstat (limited to 'mod/notifications/actions')
| -rw-r--r-- | mod/notifications/actions/groupsave.php | 38 | ||||
| -rw-r--r-- | mod/notifications/actions/save.php | 11 |
2 files changed, 35 insertions, 14 deletions
diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php index c304cb856..e79dae5cc 100644 --- a/mod/notifications/actions/groupsave.php +++ b/mod/notifications/actions/groupsave.php @@ -6,27 +6,39 @@ * @package ElggNotifications */ -// Load important global vars -global $NOTIFICATION_HANDLERS; +$current_user = elgg_get_logged_in_user_entity(); + +$guid = (int) get_input('guid', 0); +if (!$guid || !($user = get_entity($guid))) { + forward(); +} +if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) { + forward(); +} // Get group memberships and condense them down to an array of guids $groups = array(); -if ($groupmemberships = elgg_get_entities_from_relationship(array('relationship' => 'member', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'group', 'limit' => 9999))) { +$options = array( + 'relationship' => 'member', + 'relationship_guid' => $user->guid, + 'type' => 'group', + 'limit' => false, +); +if ($groupmemberships = elgg_get_entities_from_relationship($options)) { foreach($groupmemberships as $groupmembership) { $groups[] = $groupmembership->guid; } -} +} -foreach($NOTIFICATION_HANDLERS as $method => $foo) { - $subscriptions[$method] = get_input($method.'subscriptions'); - $personal[$method] = get_input($method.'personal'); - $collections[$method] = get_input($method.'collections'); - if (!empty($groups)) { - foreach($groups as $group) { - if (in_array($group,$subscriptions[$method])) { - add_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group); +if (!empty($groups)) { + global $NOTIFICATION_HANDLERS; + foreach ($NOTIFICATION_HANDLERS as $method => $foo) { + $subscriptions[$method] = get_input($method.'subscriptions', array()); + foreach ($groups as $group) { + if (in_array($group, $subscriptions[$method])) { + add_entity_relationship($user->guid, 'notify'.$method, $group); } else { - remove_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group); + remove_entity_relationship($user->guid, 'notify'.$method, $group); } } } diff --git a/mod/notifications/actions/save.php b/mod/notifications/actions/save.php index 163b656aa..3fe0001a3 100644 --- a/mod/notifications/actions/save.php +++ b/mod/notifications/actions/save.php @@ -6,9 +6,18 @@ * @package ElggNotifications */ -$user = elgg_get_logged_in_user_entity(); +$current_user = elgg_get_logged_in_user_entity(); + +$guid = (int) get_input('guid', 0); +if (!$guid || !($user = get_entity($guid))) { + forward(); +} +if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) { + forward(); +} global $NOTIFICATION_HANDLERS; +$subscriptions = array(); foreach($NOTIFICATION_HANDLERS as $method => $foo) { $subscriptions[$method] = get_input($method.'subscriptions'); $personal[$method] = get_input($method.'personal'); |