diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-03-10 20:34:32 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-03-10 20:34:32 +0000 |
| commit | 068c44e2011aee23ad6f43c0e238c2dba65da8e3 (patch) | |
| tree | fc055ba29ceb97997853e78520049f9b1d31874d /core/helpers | |
| parent | 5342578e6d24c59db74747024e1bdc5bcf41ae2d (diff) | |
access::allow/deny/reset functions will now throw an exception if you
don't pass in a Group_Model as the argument. This prevents us from
setting permissions on the wrong group by accidentally passing in a
User_Model.
Diffstat (limited to 'core/helpers')
| -rw-r--r-- | core/helpers/access.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index a2b3a761..00c88f12 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -184,7 +184,10 @@ class access_Core { * @param Item_Model $item * @param boolean $value */ - private static function _set($group, $perm_name, $album, $value) { + private static function _set(Controller $group, $perm_name, $album, $value) { + if (get_class($group) != "Group_Model") { + throw new Exception("@todo PERMISSIONS_ONLY_WORK_ON_GROUPS"); + } if (!$album->loaded) { throw new Exception("@todo INVALID_ALBUM $album->id"); } |