Commit 195fe364 authored by Gábor Hojtsy's avatar Gábor Hojtsy
Browse files

#203582 by David_Rothstein: some core hook_access() implementations are not...

#203582 by David_Rothstein: some core hook_access() implementations are not using the passed in account
parent 84c6d225
......@@ -310,10 +310,7 @@ function forum_access($op, $node, $account) {
}
if ($op == 'update' || $op == 'delete') {
if (user_access('edit own forum topics', $account) && ($account->uid == $node->uid)) {
return TRUE;
}
if (user_access('edit any forum topic')) {
if (user_access('edit any forum topic', $account) || (user_access('edit own forum topics', $account) && ($account->uid == $node->uid))) {
return TRUE;
}
}
......
......@@ -2322,7 +2322,6 @@ function _node_access_rebuild_batch_finished($success, $results, $operations) {
* Named so as not to conflict with node_access()
*/
function node_content_access($op, $node, $account) {
global $user;
$type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type);
if ($op == 'create') {
......@@ -2330,13 +2329,13 @@ function node_content_access($op, $node, $account) {
}
if ($op == 'update') {
if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($user->uid == $node->uid))) {
if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($account->uid == $node->uid))) {
return TRUE;
}
}
if ($op == 'delete') {
if (user_access('delete any '. $type .' content') || (user_access('delete own '. $type .' content') && ($user->uid == $node->uid))) {
if (user_access('delete any '. $type .' content', $account) || (user_access('delete own '. $type .' content', $account) && ($account->uid == $node->uid))) {
return TRUE;
}
}
......
......@@ -61,13 +61,11 @@ function poll_perm() {
* Implementation of hook_access().
*/
function poll_access($op, $node, $account) {
global $user;
switch ($op) {
case 'create':
return user_access('create poll content', $account);
case 'update':
return user_access('edit any poll content') || (user_access('edit own poll content') && ($node->uid == $user->uid));
return user_access('edit any poll content', $account) || (user_access('edit own poll content', $account) && ($node->uid == $account->uid));
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment