Marcus Povey <marcus@dushka.co.uk>

* Fixed annotations not returning anything * Access control on db now disabled when run from privileged code block. git-svn-id: https://code.elgg.org/elgg/trunk@780 36083f99-b078-4883-b0ff-0f9b5a30f544
author: icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-06-03 10:50:45 +0000
committer: icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-06-03 10:50:45 +0000
commit: 43828480d83cff68ba2963719858fabc69b2c831 (patch)
tree: 441389aec12c3f230eeb691f14c883bd70cf9cfa /engine/lib/metadata.php
parent: f1caa7a05133f1879c6d74aa581720d5f65f884f (diff)
download: elgg-43828480d83cff68ba2963719858fabc69b2c831.tar.gz
elgg-43828480d83cff68ba2963719858fabc69b2c831.tar.bz2
1 files changed, 13 insertions, 14 deletions
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index dd678b599..798505288 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -130,9 +130,9 @@
 		global $CONFIG;
 
 		$id = (int)$id;
-		$access = get_access_list();
+		$access = get_access_sql_suffix("m");
 				
-		return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))"));
+		return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access"));
 	}
 	
 	/**
@@ -238,7 +238,7 @@
 		
 		$access_id = (int)$access_id;
 		
-		$access = get_access_list();
+		$access = get_access_sql_suffix();
 		
 		
 		// Add the metastring
@@ -249,7 +249,7 @@
 		if (!$name) return false;
 		
 		// If ok then add it
-		return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))");
+		return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and $access");
 	}
 	
 	/**
@@ -299,8 +299,8 @@
 	
 		$meta_name = get_metastring_id($meta_name);
 		$entity_guid = (int)$entity_guid;
-		$access = get_access_list();
-		$result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata");
+		$access = get_access_sql_suffix("m");
+		$result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata");
 		if (!$result) 
 			return false;
 		
@@ -320,9 +320,9 @@
 		global $CONFIG;
 	
 		$entity_guid = (int)$entity_guid;
-		$access = get_access_list();
+		$access = get_access_sql_suffix("m");
 		
-		return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata");
+		return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata");
 	}
 
 	/**
@@ -353,7 +353,6 @@
 		if ($site_guid == 0)
 			$site_guid = $CONFIG->site_guid;
 			
-		$access = get_access_list();
 			
 		$where = array();
 		
@@ -371,7 +370,7 @@
 		$query = "SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where";
 		foreach ($where as $w)
 			$query .= " $w and ";
-		$query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+		$query .= get_access_sql_suffix("e"); // Add access controls
 		$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
 
 		return get_data($query, "row_to_elggmetadata");
@@ -405,7 +404,7 @@
 		if ($site_guid == 0)
 			$site_guid = $CONFIG->site_guid;
 			
-		$access = get_access_list();
+		//$access = get_access_list();
 			
 		$where = array();
 		
@@ -423,7 +422,7 @@
 		$query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid where";
 		foreach ($where as $w)
 			$query .= " $w and ";
-		$query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+		$query .= get_access_sql_suffix("e"); // Add access controls
 		$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
 
 		return get_data($query, "entity_row_to_elggstar");
@@ -473,7 +472,7 @@
 		if ($site_guid == 0)
 			$site_guid = $CONFIG->site_guid;
 			
-		$access = get_access_list();
+		//$access = get_access_list();
 		
 		if ($entity_type!="")
 			$where[] = "e.type = '{$entity_type}'";
@@ -485,7 +484,7 @@
 		$query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e {$join} where";
 		foreach ($where as $w)
 			$query .= " $w and ";
-		$query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+		$query .= get_access_sql_suffix("e"); // Add access controls
 		$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
 
 		return get_data($query, "entity_row_to_elggstar");
author	icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-06-03 10:50:45 +0000
committer	icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-06-03 10:50:45 +0000
commit	43828480d83cff68ba2963719858fabc69b2c831 (patch)
tree	441389aec12c3f230eeb691f14c883bd70cf9cfa /engine/lib/metadata.php
parent	f1caa7a05133f1879c6d74aa581720d5f65f884f (diff)
download	elgg-43828480d83cff68ba2963719858fabc69b2c831.tar.gz elgg-43828480d83cff68ba2963719858fabc69b2c831.tar.bz2