Fixed the permission check when editing a search and the user is not logged in.

48ee4a97 · Ere Maijala · Demian Katz · 716d3174 · 48ee4a97
Commit 48ee4a97 authored 9 years ago by Ere Maijala Committed by Demian Katz 9 years ago
--- a/module/VuFind/src/VuFind/Controller/AbstractSearch.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractSearch.php
@@ -392,7 +392,9 @@ class AbstractSearch extends AbstractBase
        // Fail if user has no permission to view this search:
        $user = $this->getUser();
        $sessId = $this->getServiceLocator()->get('VuFind\SessionManager')->getId();
-        if ($search->session_id != $sessId && $search->user_id != $user->id) {
+        if ($search->session_id != $sessId
+            && ($user === false || $search->user_id != $user->id)
+        ) {
            $this->flashMessenger()->addMessage('advSearchError_noRights', 'error');
            return false;
        }