aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/metadata.php39
1 files changed, 28 insertions, 11 deletions
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 94c0b7b2c..8cc6a7202 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -67,7 +67,21 @@
*/
function __set($name, $value) {
return $this->set($name, $value);
- }
+ }
+
+ /**
+ * Determines whether or not the user can edit this piece of metadata
+ *
+ * @return true|false Depending on permissions
+ */
+ function canEdit() {
+
+ if ($entity = get_entity($this->get('entity_guid'))) {
+ return $entity->canEdit();
+ }
+ return false;
+
+ }
/**
* Save matadata object
@@ -130,9 +144,9 @@
global $CONFIG;
$id = (int)$id;
- $access = get_access_sql_suffix("m");
+ $access = get_access_sql_suffix("e");
- return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access"));
+ return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access"));
}
/**
@@ -228,7 +242,11 @@
{
global $CONFIG;
- $id = (int)$id;
+ $id = (int)$id;
+
+ if (!$md = get_metadata($id)) return false;
+ if (!$md->canEdit()) return false;
+
//$name = sanitise_string(trim($name));
//$value = sanitise_string(trim($value));
$value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
@@ -240,16 +258,15 @@
$access = get_access_sql_suffix();
-
// Add the metastring
$value = add_metastring($value);
if (!$value) return false;
$name = add_metastring($name);
- if (!$name) return false;
+ if (!$name) return false;
// If ok then add it
- return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and $access");
+ return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name'");
}
/**
@@ -299,8 +316,8 @@
$meta_name = get_metastring_id($meta_name);
$entity_guid = (int)$entity_guid;
- $access = get_access_sql_suffix("m");
- $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata");
+ $access = get_access_sql_suffix("e");
+ $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata");
if (!$result)
return false;
@@ -320,9 +337,9 @@
global $CONFIG;
$entity_guid = (int)$entity_guid;
- $access = get_access_sql_suffix("m");
+ $access = get_access_sql_suffix("e");
- return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata");
+ return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata");
}
/**