diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-01 17:46:30 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-01 17:46:30 +0000 |
| commit | 195fe364d26890f98c5a04510cf6906b7d85263d (patch) | |
| tree | fd87d6204d680eed235509ec5bd33874862693ef /modules/node/node.module | |
| parent | 84c6d225e8f3579fe7f9e128cf7a21453dee66c0 (diff) | |
| download | brdo-195fe364d26890f98c5a04510cf6906b7d85263d.tar.gz brdo-195fe364d26890f98c5a04510cf6906b7d85263d.tar.bz2 | |
#203582 by David_Rothstein: some core hook_access() implementations are not using the passed in account
Diffstat (limited to 'modules/node/node.module')
| -rw-r--r-- | modules/node/node.module | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/modules/node/node.module b/modules/node/node.module index 85a49cfed..56d4b75be 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -2322,7 +2322,6 @@ function _node_access_rebuild_batch_finished($success, $results, $operations) { * Named so as not to conflict with node_access() */ function node_content_access($op, $node, $account) { - global $user; $type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type); if ($op == 'create') { @@ -2330,13 +2329,13 @@ function node_content_access($op, $node, $account) { } if ($op == 'update') { - if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($user->uid == $node->uid))) { + if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($account->uid == $node->uid))) { return TRUE; } } if ($op == 'delete') { - if (user_access('delete any '. $type .' content') || (user_access('delete own '. $type .' content') && ($user->uid == $node->uid))) { + if (user_access('delete any '. $type .' content', $account) || (user_access('delete own '. $type .' content', $account) && ($account->uid == $node->uid))) { return TRUE; } } |