From 195fe364d26890f98c5a04510cf6906b7d85263d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Tue, 1 Jan 2008 17:46:30 +0000
Subject: #203582 by David_Rothstein: some core hook_access() implementations
 are not using the passed in account

---
 modules/node/node.module | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'modules/node')

diff --git a/modules/node/node.module b/modules/node/node.module
index 85a49cfed..56d4b75be 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -2322,7 +2322,6 @@ function _node_access_rebuild_batch_finished($success, $results, $operations) {
  * Named so as not to conflict with node_access()
  */
 function node_content_access($op, $node, $account) {
-  global $user;
   $type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type);
 
   if ($op == 'create') {
@@ -2330,13 +2329,13 @@ function node_content_access($op, $node, $account) {
   }
 
   if ($op == 'update') {
-    if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($user->uid == $node->uid))) {
+    if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($account->uid == $node->uid))) {
       return TRUE;
     }
   }
 
   if ($op == 'delete') {
-    if (user_access('delete any '. $type .' content') || (user_access('delete own '. $type .' content') && ($user->uid == $node->uid))) {
+    if (user_access('delete any '. $type .' content', $account) || (user_access('delete own '. $type .' content', $account) && ($account->uid == $node->uid))) {
       return TRUE;
     }
   }
-- 
cgit v1.2.3