}
if (sizeof($input) > 0) {
+ // don't change access if not an owner/admin
+ $user = elgg_get_logged_in_user_entity();
+ $can_change_access = true;
+
+ if ($user && $page) {
+ $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+ }
+
foreach ($input as $name => $value) {
+ if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+ continue;
+ }
+
$page->$name = $value;
}
}
forward($page->getURL());
} else {
- register_error(elgg_echo('pages:error:no_save'));
+ register_error(elgg_echo('pages:error:notsaved'));
forward(REFERER);
}
*/
$variables = elgg_get_config('pages');
+$user = elgg_get_logged_in_user_entity();
+$entity = elgg_extract('entity', $vars);
+$can_change_access = true;
+if ($user && $entity) {
+ $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid);
+}
+
foreach ($variables as $name => $type) {
+ // don't show read / write access inputs for non-owners or admin when editing
+ if (($type == 'access' || $type == 'write_access') && !$can_change_access) {
+ continue;
+ }
?>
<div>
<label><?php echo elgg_echo("pages:$name") ?></label>
if ($type != 'longtext') {
echo '<br />';
}
- ?>
- <?php echo elgg_view("input/$type", array(
+
+ echo elgg_view("input/$type", array(
'name' => $name,
'value' => $vars[$name],
));
projects / lorea / elgg.git / commitdiff