use default post permissions when coming from api - unless permissions are explicitly set.

2024-11-10 03:02:54 +00:00 · 2011-11-28 20:09:10 -08:00 · 2011-11-28 20:09:10 -08:00 · 3afa248238
commit 3afa248238
parent 034038849c
1 changed files with 11 additions and 0 deletions
--- a/mod/item.php
+++ b/mod/item.php
@ -139,6 +139,17 @@ function item_post(&$a) {
 	if(count($r))
 		$user = $r[0];
 	
+	if(($api_source) 
+		&& (! array_key_exists('allow_cid',$_REQUEST))
+		&& (! array_key_exists('allow_gid',$_REQUEST))
+		&& (! array_key_exists('deny_cid',$_REQUEST))
+		&& (! array_key_exists('deny_gid',$_REQUEST))) {
+		$str_group_allow   = $user['allow_gid'];
+		$str_contact_allow = $user['allow_cid'];
+		$str_group_deny    = $user['deny_gid'];
+		$str_contact_deny  = $user['deny_cid'];
+	}
+
 	if($orig_post) {
 		$str_group_allow   = $orig_post['allow_gid'];
 		$str_contact_allow = $orig_post['allow_cid'];