diff options
-rw-r--r-- | engine/lib/annotations.php | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index a0d56b56b..703538273 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -97,29 +97,48 @@ * Get a list of annotations for a given object/user/annotation type. * * @param int $object_id - * @param string $annotation_type + * @param string $object_type * @param int $owner_id * @param string $order_by * @param int $limit * @param int $offset */ - function get_annotations($object_id = 0, $annotation_type = "", $owner_id = 0, $order_by = "created desc", $limit = 10, $offset = 0) + function get_annotations($object_id = 0, $object_type = "", $owner_id = 0, $order_by = "created desc", $limit = 10, $offset = 0) { + global $CONFIG; + $object_id = (int)$object_id; - $annotation_type = mysql_real_escape_string(trim($annotation_type)); + $object_type = mysql_real_escape_string(trim($object_type)); $name = mysql_real_escape_string(trim($name)); $value = mysql_real_escape_string(trim($value)); $owner_id = (int)$owner_id; $limit = (int)$limit; $offset = (int)$offset; - $access = get_access_list(); - - - // construct query. + // Construct query + $where = array(); + if ($object_id != 0) + $where[] = "object_id=$object_id"; + + if ($object_type != "") + $where[] = "object_type='$object_type'"; + if ($owner_id != 0) + $where[] = "owner_id=$owner_id"; + + // add access controls + $access = get_access_list(); + $where[] = "(access_id in {$access} or (access_id = 0 and owner_id = {$_SESSION['id']}))"; + + // construct query. + $query = "SELECT * from {$CONFIG->dbprefix}annotations where "; + for ($n = 0; $n < count($where); $n++) + { + if ($n > 0) $query .= " and "; + $query .= $where[$n]; + } return get_data($query); } |