From 01373cf4afe48b4e4285175cbc7a58a16f196476 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Thu, 16 Sep 2010 05:22:23 +0000
Subject: [PATCH] BUGFIX Disallow addition of members to groups with
 MemberTableField->addtogroup() when the editing member doesn't have
 permissions on the added member

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@110859 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 code/MemberTableField.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/code/MemberTableField.php b/code/MemberTableField.php
index 5cd78acb..0b515743 100755
--- a/code/MemberTableField.php
+++ b/code/MemberTableField.php
@@ -176,6 +176,8 @@ class MemberTableField extends ComplexTableField {
 				$className, 
 				sprintf('"%s" = \'%s\'', $identifierField, $data[$identifierField])
 			);
+			
+			if($record && !$record->canEdit()) return $this->httpError('401');
 		} 
 			
 		// Fall back to creating a new record