Commit b146af16 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Don't let users give view access to roles that don't exist in the group

parent fa49acdb
......@@ -589,6 +589,11 @@ class View {
case 'group':
$accessrecord->group = $item['id'];
if ($item['role']) {
// Don't insert a record for a role the group doesn't have
$roleinfo = group_get_role_info($item['id']);
if (!isset($roleinfo[$item['role']])) {
break;
}
$accessrecord->role = $item['role'];
}
insert_record('view_access_group', $accessrecord);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment