From 48ee4a97103cb01e359af7e3c51b917db02de777 Mon Sep 17 00:00:00 2001
From: Ere Maijala <ere.maijala@helsinki.fi>
Date: Mon, 30 Nov 2015 14:48:34 -0500
Subject: [PATCH] Fixed the permission check when editing a search and the user
 is not logged in.

---
 module/VuFind/src/VuFind/Controller/AbstractSearch.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/module/VuFind/src/VuFind/Controller/AbstractSearch.php b/module/VuFind/src/VuFind/Controller/AbstractSearch.php
index 85d166f3b7d..2798a688ae7 100644
--- a/module/VuFind/src/VuFind/Controller/AbstractSearch.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractSearch.php
@@ -392,7 +392,9 @@ class AbstractSearch extends AbstractBase
         // Fail if user has no permission to view this search:
         $user = $this->getUser();
         $sessId = $this->getServiceLocator()->get('VuFind\SessionManager')->getId();
-        if ($search->session_id != $sessId && $search->user_id != $user->id) {
+        if ($search->session_id != $sessId
+            && ($user === false || $search->user_id != $user->id)
+        ) {
             $this->flashMessenger()->addMessage('advSearchError_noRights', 'error');
             return false;
         }
-- 
GitLab