diff options
-rw-r--r-- | engine/lib/metadata.php | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 94c0b7b2c..8cc6a7202 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -67,7 +67,21 @@ */ function __set($name, $value) { return $this->set($name, $value); - } + }
+
+ /**
+ * Determines whether or not the user can edit this piece of metadata
+ *
+ * @return true|false Depending on permissions
+ */
+ function canEdit() {
+
+ if ($entity = get_entity($this->get('entity_guid'))) {
+ return $entity->canEdit();
+ }
+ return false;
+
+ } /** * Save matadata object @@ -130,9 +144,9 @@ global $CONFIG; $id = (int)$id; - $access = get_access_sql_suffix("m"); + $access = get_access_sql_suffix("e"); - return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access")); + return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access")); } /**
@@ -228,7 +242,11 @@ { global $CONFIG; - $id = (int)$id; + $id = (int)$id;
+
+ if (!$md = get_metadata($id)) return false;
+ if (!$md->canEdit()) return false;
+ //$name = sanitise_string(trim($name)); //$value = sanitise_string(trim($value)); $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type))); @@ -240,16 +258,15 @@ $access = get_access_sql_suffix(); - // Add the metastring $value = add_metastring($value); if (!$value) return false; $name = add_metastring($name); - if (!$name) return false; + if (!$name) return false;
// If ok then add it - return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and $access"); + return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name'"); } /** @@ -299,8 +316,8 @@ $meta_name = get_metastring_id($meta_name); $entity_guid = (int)$entity_guid; - $access = get_access_sql_suffix("m"); - $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata"); + $access = get_access_sql_suffix("e"); + $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata"); if (!$result) return false; @@ -320,9 +337,9 @@ global $CONFIG; $entity_guid = (int)$entity_guid; - $access = get_access_sql_suffix("m"); + $access = get_access_sql_suffix("e"); - return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata"); + return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata"); } /** |