From 185e30a7507029c78b11f1b014e9f2ff3104198a Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Tue, 19 Oct 2010 01:02:47 +0000
Subject: [PATCH] BUGFIX Disallow addition of members to groups with
 MemberTableField->addtogroup() when the editing member doesn't have
 permissions on the added member (from r110859)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@112797 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 code/MemberTableField.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/code/MemberTableField.php b/code/MemberTableField.php
index b6109568..aea7b801 100755
--- a/code/MemberTableField.php
+++ b/code/MemberTableField.php
@@ -177,6 +177,8 @@ class MemberTableField extends ComplexTableField {
 				$className, 
 				sprintf('"%s" = \'%s\'', $identifierField, $data[$identifierField])
 			);
+			
+			if($record && !$record->canEdit()) return $this->httpError('401');
 		} 
 			
 		// Fall back to creating a new record