removed unreachable code in OgBehaviorHandler.class.php . If the $user has...

removed unreachable code in OgBehaviorHandler.class.php . If the $user has group admin permission, we should not set new membership to pending. But if he is not an admin, we exit early from the membership Crud. Adapted the test to test admin permission check of the Crud itself

og_access/og_access.test

@@ -409,13 +409,13 @@ class OgAccessUseGroupDefaultsTestCase extends DrupalWebTestCase {
 }
 
 /**
- * Tests group memberships that require approval.
+ * Tests moderated group memberships.
  */
-class OgAccessModeratedGroupApproval extends DrupalWebTestCase {
+class OgAccessModeratedGroup extends DrupalWebTestCase {
 
   public static function getInfo() {
     return array(
-      'name' => 'OG group membership approval',
+      'name' => 'OG moderated group membership',
       'description' => 'Test groups that require membership approval.',
       'group' => 'Organic groups access',
     );
@@ -448,17 +448,22 @@ class OgAccessModeratedGroupApproval extends DrupalWebTestCase {
   }
 
   /**
-   * Test that membership requests made via direct API calls result in proper
-   * pending status for private groups that require approval.
+   * Test membership creation attempt made via direct API calls, by non-admins.
    */
-  public function testMemberShipRequestStatus() {
+  public function testMembershipRequest() {
+    // The call of drupalLogin() in setUp() is not effective for API calls,
+    // switching users here to test the permission check.
+    global $user;
+    $current_user = $user;
+    $user = $this->user;
     // Save user as a member of the group, without passing state.
     $this->user->og_user_node[LANGUAGE_NONE][0]['target_id'] = $this->group->nid;
     user_save($this->user);
+    $user = $current_user;
 
-    // User's membership should be pending.
+    // User's membership should not exist.
     $membership = og_get_membership('node', $this->group->nid, 'user', $this->user->uid);
-    $this->assertEqual($membership->state, OG_STATE_PENDING, t('User membership is pending.'));
+    $this->assertFalse(is_object($membership), t('Non-admins cannot add members to private groups.'));
   }
 
   /**

plugins/entityreference/behavior/OgBehaviorHandler.class.php

@@ -122,11 +122,7 @@ class OgBehaviorHandler extends EntityReference_BehaviorHandler_Abstract {
     foreach ($items as $item) {
       $gid = $item['target_id'];
 
-      // Must provide correct state in the event that approval is required.
-      if (empty($item['state']) && $entity_type == 'user' && !og_user_access($group_type, $gid, 'subscribe without approval', $entity) && !og_user_access($group_type, $gid, 'administer group')) {
-        $item['state'] = OG_STATE_PENDING;
-      }
-      elseif (empty($item['state']) || !in_array($gid, $diff['insert'])) {
+      if (empty($item['state']) || !in_array($gid, $diff['insert'])) {
         // State isn't provided, or not an "insert" operation.
         continue;
       }