[myexperiment-hackers] [2308] trunk/lib/authorization.rb: added a couple of extra checks against non logged in users

[noreply]

Revision

2308

Author

dgc

Date

2009-11-27 18:55:22 -0500 (Fri, 27 Nov 2009)

Log Message

added a couple of extra checks against non logged in users

Modified Paths

• trunk/lib/authorization.rb

Diff

Modified: trunk/lib/authorization.rb (2307 => 2308)

--- trunk/lib/authorization.rb	2009-11-27 13:31:27 UTC (rev 2307)
+++ trunk/lib/authorization.rb	2009-11-27 23:55:22 UTC (rev 2308)
@@ -552,6 +552,9 @@
   
   
   def Authorization.is_network_admin?(user_id, network_id)
+
+    return false unless user_id
+
     # checks if there is a network with ID(network_id) which has admin with ID(user_id) -
     # if found, user with ID(user_id) is an admin of that network 
     network = Network.find_by_sql "SELECT user_id FROM networks WHERE id=#{network_id} AND user_id=#{user_id}"
@@ -560,6 +563,9 @@
   
   
   def Authorization.is_network_member?(user_id, network_id)
+
+    return false unless user_id
+
     # checks if user with ID(user_id) is a member of the group ID(network_id)
     membership = Membership.find_by_sql "SELECT id FROM memberships WHERE user_id=#{user_id} AND network_id=#{network_id} AND user_established_at IS NOT NULL AND network_established_at IS NOT NULL"
     return(!membership.blank?)