From f54822a1dff6dadb100dc49a526ffe7b6243d3a6 Mon Sep 17 00:00:00 2001
From: Trevor Simonton <trevor@westernascent.com>
Date: Thu, 24 Jan 2013 16:47:08 -0700
Subject: [PATCH 1/2] Issue #1328170 by tmsimont: Fix permissions problems related to accepting and declining relationships between 2 user roles

---
 user_relationships_ui/user_relationships_ui.module |    3 ++-
 .../user_relationships_ui.pages.inc                |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/user_relationships_ui/user_relationships_ui.module b/user_relationships_ui/user_relationships_ui.module
index 11dac85..89af157 100644
--- a/user_relationships_ui/user_relationships_ui.module
+++ b/user_relationships_ui/user_relationships_ui.module
@@ -156,6 +156,7 @@ function user_relationships_ui_check_access($type, $account = NULL, $relationshi
       }
       break;
     case 'approve':
+    case 'disapprove':
       // Only the administer permission allows to approve, request, delete
       // relationships for other users, which was already checked.
       if ($account->uid == $user->uid && user_relationships_user_access('maintain @relationship relationships', $relationship_type)) {
@@ -393,7 +394,7 @@ function user_relationships_ui_menu() {
     'title' => 'Approve Relationship',
     'type' => MENU_CALLBACK,
     'access callback' => 'user_relationships_ui_check_access',
-    'access arguments' => array('request', 1),
+    'access arguments' => array(5, 1),
     'page callback' => 'user_relationships_ui_pending_requested_ajax',
     'page arguments' => array(5, 1, 4),
     'file' => 'user_relationships_ui.forms.inc',
diff --git a/user_relationships_ui/user_relationships_ui.pages.inc b/user_relationships_ui/user_relationships_ui.pages.inc
index 8a0514e..710ac34 100644
--- a/user_relationships_ui/user_relationships_ui.pages.inc
+++ b/user_relationships_ui/user_relationships_ui.pages.inc
@@ -177,7 +177,7 @@ function user_relationships_ui_get_table_row($relationship, $account) {
     check_plain(user_relationships_type_get_name($relationship, FALSE, $relationship->is_oneway && $this_user_str == 'requester')),
   );
 
-  $permission = $account->uid == $relationship->requestee_id ? 'request' : 'approve';
+  $permission = $account->uid == $relationship->requester_id ? 'request' : 'approve';
   $links = array();
   if ($relationship->approved) {
     if (user_relationships_ui_check_access('delete', $account, $relationship)) {
-- 
1.7.4.msysgit.0


From 26fc6a2f8224fce469bd5113cc18407517035da0 Mon Sep 17 00:00:00 2001
From: Trevor Simonton <trevor@westernascent.com>
Date: Thu, 24 Jan 2013 16:47:20 -0700
Subject: [PATCH 2/2] Issue #1328170 by tmsimont: Removed 'Do not allow access if this is a oneway relationship requested by another user' logic that was causing PHP Notice and permission issue

---
 user_relationships_ui/user_relationships_ui.module |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/user_relationships_ui/user_relationships_ui.module b/user_relationships_ui/user_relationships_ui.module
index 89af157..3556ef0 100644
--- a/user_relationships_ui/user_relationships_ui.module
+++ b/user_relationships_ui/user_relationships_ui.module
@@ -169,10 +169,6 @@ function user_relationships_ui_check_access($type, $account = NULL, $relationshi
       }
       break;
     case 'delete':
-      // Do not allow access if this is a oneway relationship requested by another user.
-      if (is_object($relationship_type) && $relationship_type->is_oneway && $relationship_type->requester_id != $user->uid) {
-        return FALSE;
-      }
       if ($account->uid == $user->uid && user_relationships_user_access('delete @relationship relationships', $relationship_type)) {
         return TRUE;
       }
-- 
1.7.4.msysgit.0