diff options
-rw-r--r-- | engine/lib/objects.php | 133 |
1 files changed, 126 insertions, 7 deletions
diff --git a/engine/lib/objects.php b/engine/lib/objects.php index 6a58f2709..f17dcdda1 100644 --- a/engine/lib/objects.php +++ b/engine/lib/objects.php @@ -66,7 +66,6 @@ * @param int $object_id The ID of the object to load
* @return object A database representation of the object
*/
-
function get_object($object_id) {
global $CONFIG;
@@ -91,13 +90,14 @@ $object_id = (int) $object_id;
$access = get_access_list();
- if (delete_data("delete from {$CONFIG->dbprefix}objects where o.owner_id = {$_SESSION['id']}")) {
- remove_object_metadata("",$object_id);
+ if (delete_data("delete from {$CONFIG->dbprefix}objects where o.id = {$object_id} and o.owner_id = {$_SESSION['id']}")) {
+ remove_object_metadata($object_id);
return true;
}
return false;
}
+
/**
* Creates an object
@@ -137,6 +137,51 @@ return false;
}
+
+ /**
+ * Update an object
+ * Note that to write to an object, you must be logged in as the owner
+ *
+ * @param int $id The ID of the object
+ * @param string $title Object title
+ * @param string $description A description of the object
+ * @param string $type The textual type of the object (eg "blog")
+ * @param int $owner The owner of the object (defaults to currently logged in user)
+ * @param int $access_id The access restriction on the object (defaults to private)
+ * @param int $site_id The site the object belongs to
+ * @return int|false Either 1 or 0 (the number of objects updated) or false on failure
+ */
+
+ function update_object($id, $title = null, $description = null, $type = null, $owner = null, $access_id = null, $site_id = null) {
+
+ global $CONFIG;
+
+ $id = (int) $id;
+ if ($title != null) $title = sanitise_string($title);
+ if ($description != null) $description = sanitise_string($description);
+ if ($owner_id != null) $owner_id = (int) $owner_id;
+ if ($site_id != null) $site_id = (int) $site_id;
+ if ($access_id != null) $access_id = (int) $access_id;
+ if ($site_id != null) if ($site_id == 0) $site_id = $CONFIG->site_id;
+ if ($owner_id != null) if ($owner_id == 0) $owner = $_SESSION['id'];
+
+ // We can't let non-logged in users create data
+ // We also need the access restriction to be valid
+ if ($owner > 0 && in_array($access_id,get_access_array())) {
+
+ $params = array();
+ foreach(array('title','description','owner','site_id','access_id','site_id','owner') as $param) {
+ if ($$param != null) {
+ $params[] = "{$param} = '{$$param}'";
+ }
+ }
+
+ return update_data("update {$CONFIG->prefix}objects set " . implode(",",$params) . " where id = {$id} and owner_id = {$_SESSION['id']}");
+
+ }
+ return false;
+
+ }
/**
* Gets the ID of an object type in the database, setting it if necessary
@@ -159,6 +204,44 @@ }
/**
+ * Gets the ID of an object metadata type in the database, setting it if necessary
+ *
+ * @param string $type The name of the metadata type
+ * @return int|false The database ID of the metadata type, or false if the given type was invalid
+ */
+ function get_metadata_type_id($type) {
+
+ global $CONFIG;
+ $type = strtolower(trim(sanitise_string($type)));
+ if (!empty($type) && $dbtype = get_data_row("select id from {$CONFIG->dbprefix}metadata_type where name = '{$type}'")) {
+ return $dbtype->id;
+ } else if (!empty($type)) {
+ return insert_data("insert into {$CONFIG->dbprefix}metadata_type set name = '{$type}'");
+ }
+ return false;
+
+ }
+
+ /**
+ * Gets the ID of an object metadata value in the database, setting it if necessary
+ *
+ * @param string $type The metadata value
+ * @return int|false The database ID of the metadata value, or false if the given value was invalid
+ */
+ function get_metadata_value_id($value) {
+
+ global $CONFIG;
+ $type = strtolower(trim(sanitise_string($value)));
+ if (!empty($value) && $dbtype = get_data_row("select id from {$CONFIG->dbprefix}metadata_value where value = '{$value}'")) {
+ return $dbtype->id;
+ } else if (!empty($value)) {
+ return insert_data("insert into {$CONFIG->dbprefix}metadata_value set value = '{$value}'");
+ }
+ return false;
+
+ }
+
+ /**
* Sets a piece of metadata for a particular object.
*
* @param string $metadata_name The type of metadata
@@ -167,18 +250,54 @@ * @param int $object_id The ID of the object
* @return true|false depending on success
*/
- function set_object_metadata($metadata_name, $metadata_value, $access_id, $object_id) {
- return true;
+ function set_object_metadata($metadata_name, $metadata_value, $access_id, $object_id, $site_id = 0) {
+ global $CONFIG;
+ $object_id = (int) $object_id;
+ if ($object = get_object($object_id)) {
+ if ($object->owner_id == $_SESSION['id']) {
+
+ $access_id = (int) $access_id;
+ if ($site_id == 0) $site_id = $CONFIG->site_id;
+ $site_id = (int) $site_id;
+
+ if ($type_id = get_object_metadata_type_id($metadata_name)
+ && $value_id = get_object_metadata_value_id($metadata_value)
+ && in_array($access_id,get_access_array())) {
+ delete_data("delete from {$CONFIG->dbprefix}object_metadata where metadata_type_id = {$type_id} and object_id = {$object_id}");
+ return insert_data("insert into {$CONFIG->dbprefix}object_metadata set object_id = {$object_id}, access_id = {$access_id}, metadata_type_id = {$type_id}, value_id = {$value_id}, site_id = {$site_id}");
+ } else {
+ return false;
+ }
+
+ }
+ } else {
+ return false;
+ }
}
/**
* Removes a piece of (or all) metadata for a particular object.
*
- * @param string $metadata_name The type of metadata; blank for all metadata
* @param int $object_id The ID of the object
+ * @param string $metadata_name The type of metadata; blank for all metadata
* @return true|false depending on success
*/
- function remove_object_metadata($metadata_name = "", $object_id) {
+ function remove_object_metadata($object_id, $metadata_name = "") {
+ global $CONFIG;
+ $object_id = (int) $object_id;
+ if ($object = get_object($object_id)) {
+ if ($object->owner_id == $_SESSION['id']) {
+
+ if ($type_id = get_object_metadata_type_id($metadata_name)) {
+ return delete_data("delete from {$CONFIG->dbprefix}object_metadata where metadata_type_id = {$type_id} and object_id = {$object_id}");
+ } else {
+ return false;
+ }
+
+ }
+ } else {
+ return false;
+ }
return true;
}
|