aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/entities.php125
-rw-r--r--engine/lib/widgets.php100
2 files changed, 210 insertions, 15 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index b645fc372..43bb4a710 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -2358,6 +2358,131 @@
$total = get_data_row($query);
return $total->total;
}
+ }
+
+ /**
+ * Get entities based on their private data by multiple keys, in a similar way to metadata.
+ *
+ * @param string $name The name of the setting
+ * @param string $value The value of the setting
+ * @param string $type The type of entity (eg "user", "object" etc)
+ * @param string $subtype The arbitrary subtype of the entity
+ * @param int $owner_guid The GUID of the owning user
+ * @param string $order_by The field to order by; by default, time_created desc
+ * @param int $limit The number of entities to return; 10 by default
+ * @param int $offset The indexing offset, 0 by default
+ * @param boolean $count Set to true to get a count rather than the entities themselves (limits and offsets don't apply in this context). Defaults to false.
+ * @param int $site_guid The site to get entities for. Leave as 0 (default) for the current site; -1 for all sites.
+ * @param int|array $container_guid The container or containers to get entities from (default: all containers).
+ * @return array A list of entities.
+ */
+ function get_entities_from_private_setting_multi(array $name, $type = "", $subtype = "", $owner_guid = 0, $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0, $container_guid = null)
+ {
+ global $CONFIG;
+
+ if ($subtype === false || $subtype === null || $subtype === 0)
+ return false;
+
+ if ($order_by == "") $order_by = "e.time_created desc";
+ $order_by = sanitise_string($order_by);
+ $limit = (int)$limit;
+ $offset = (int)$offset;
+ $site_guid = (int) $site_guid;
+ if ($site_guid == 0)
+ $site_guid = $CONFIG->site_guid;
+
+ $where = array();
+
+ if (is_array($type)) {
+ $tempwhere = "";
+ if (sizeof($type))
+ foreach($type as $typekey => $subtypearray) {
+ foreach($subtypearray as $subtypeval) {
+ $typekey = sanitise_string($typekey);
+ if (!empty($subtypeval)) {
+ $subtypeval = (int) get_subtype_id($typekey, $subtypeval);
+ } else {
+ $subtypeval = 0;
+ }
+ if (!empty($tempwhere)) $tempwhere .= " or ";
+ $tempwhere .= "(e.type = '{$typekey}' and e.subtype = {$subtypeval})";
+ }
+ }
+ if (!empty($tempwhere)) $where[] = "({$tempwhere})";
+
+ } else {
+
+ $type = sanitise_string($type);
+ $subtype = get_subtype_id($type, $subtype);
+
+ if ($type != "")
+ $where[] = "e.type='$type'";
+ if ($subtype!=="")
+ $where[] = "e.subtype=$subtype";
+
+ }
+
+ if ($owner_guid != "") {
+ if (!is_array($owner_guid)) {
+ $owner_array = array($owner_guid);
+ $owner_guid = (int) $owner_guid;
+ // $where[] = "owner_guid = '$owner_guid'";
+ } else if (sizeof($owner_guid) > 0) {
+ $owner_array = array_map('sanitise_int', $owner_guid);
+ // Cast every element to the owner_guid array to int
+ // $owner_guid = array_map("sanitise_int", $owner_guid);
+ // $owner_guid = implode(",",$owner_guid);
+ // $where[] = "owner_guid in ({$owner_guid})";
+ }
+ if (is_null($container_guid)) {
+ $container_guid = $owner_array;
+ }
+ }
+ if ($site_guid > 0)
+ $where[] = "e.site_guid = {$site_guid}";
+
+ if (!is_null($container_guid)) {
+ if (is_array($container_guid)) {
+ foreach($container_guid as $key => $val) $container_guid[$key] = (int) $val;
+ $where[] = "e.container_guid in (" . implode(",",$container_guid) . ")";
+ } else {
+ $container_guid = (int) $container_guid;
+ $where[] = "e.container_guid = {$container_guid}";
+ }
+ }
+
+ if ($name)
+ {
+ $s_join = "";
+ $i = 1;
+ foreach ($name as $k => $n)
+ {
+ $k = sanitise_string($k);
+ $s_join .= " JOIN {$CONFIG->dbprefix}private_settings s$i ON e.guid=s$i.entity_guid";
+ $where[] = "s$i.name = '$k'";
+ $where[] = "s$i.value = '$n'";
+ $i++;
+ }
+ }
+
+ if (!$count) {
+ $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e $s_join where ";
+ } else {
+ $query = "SELECT count(distinct e.guid) as total from {$CONFIG->dbprefix}entities e $s_join where ";
+ }
+ foreach ($where as $w)
+ $query .= " $w and ";
+ $query .= get_access_sql_suffix('e'); // Add access controls
+ if (!$count) {
+ $query .= " order by $order_by";
+ if ($limit) $query .= " limit $offset, $limit"; // Add order and limit
+
+ $dt = get_data($query, "entity_row_to_elggstar");
+ return $dt;
+ } else {
+ $total = get_data_row($query);
+ return $total->total;
+ }
}
/**
diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php
index 1186a8b55..af589f497 100644
--- a/engine/lib/widgets.php
+++ b/engine/lib/widgets.php
@@ -9,7 +9,60 @@
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @copyright Curverider Ltd 2008
* @link http://elgg.org/
- */
+ */
+
+ /**
+ * Override ElggObject in order to store widget data in ultra-private stores.
+ */
+ class ElggWidget extends ElggObject
+ {
+ protected function initialise_attributes()
+ {
+ parent::initialise_attributes();
+
+ $this->attributes['subtype'] = "widget";
+ }
+
+ public function __construct($guid = null) { parent::__construct($guid); }
+
+ /**
+ * Override entity get and sets in order to save data to private data store.
+ */
+ public function get($name)
+ {
+ // See if its in our base attribute
+ if (isset($this->attributes[$name])) {
+ return $this->attributes[$name];
+ }
+
+ // No, so see if its in the private data store.
+ $meta = get_private_setting($this->guid, $name);
+ if ($meta)
+ return $meta;
+
+ // Can't find it, so return null
+ return null;
+ }
+
+ /**
+ * Override entity get and sets in order to save data to private data store.
+ */
+ public function set($name, $value)
+ {
+ if (array_key_exists($name, $this->attributes))
+ {
+ // Check that we're not trying to change the guid!
+ if ((array_key_exists('guid', $this->attributes)) && ($name=='guid'))
+ return false;
+
+ $this->attributes[$name] = $value;
+ }
+ else
+ return set_private_setting($this->guid, $name, $value);
+
+ return true;
+ }
+ }
/**
* Register a particular context for use with widgets.
@@ -118,12 +171,16 @@
* @return array|false An array of widget ElggObjects, or false
*/
function get_widgets($user_guid, $context, $column) {
-
- if ($widgets = get_user_objects_by_metadata($user_guid, "widget", array(
+
+ if ($widgets = get_entities_from_private_setting_multi(array(
+ 'column' => $column,
+ 'context' => $context), "object", "widget", $user_guid, "", 10000))
+ /*if ($widgets = get_user_objects_by_metadata($user_guid, "widget", array(
'column' => $column,
'context' => $context,
), 10000)) {
-
+ */
+ {
$widgetorder = array();
foreach($widgets as $widget) {
@@ -173,16 +230,17 @@
if ($user = get_user($user_guid)) {
- $widget = new ElggObject;
- $widget->subtype = "widget";
+ $widget = new ElggWidget;
+ $widget->owner_guid = $user_guid;
+ $widget->access_id = 1;
+ if (!$widget->save())
+ return false;
+
$widget->handler = $handler;
$widget->context = $context;
$widget->column = $column;
- $widget->order = $order;
- $widget->owner_guid = $user_guid;
- $widget->access_id = 1;
- if (!$widget->save())
- return false;
+ $widget->order = $order;
+
// save_widget_location($widget, $order, $column);
return true;
@@ -302,13 +360,13 @@
// Save the params to the widget
if (is_array($params) && sizeof($params) > 0) {
foreach($params as $name => $value) {
- error_log("ERP: $name". print_r($value, true));
+
if (!empty($name) && !in_array($name,array(
'guid','owner_guid','site_guid'
))) {
if (is_array($value))
{
- error_log("ERP: Here");
+ // TODO: Handle arrays securely
$widget->setMetaData($name, $value, "", true);
}else
$widget->$name = $value;
@@ -428,7 +486,17 @@
return $return;
}
-
+
+ /**
+ * Run some things once.
+ *
+ */
+ function widget_run_once()
+ {
+ // Register a class
+ add_subtype("object", "widget", "ElggWidget");
+ }
+
/**
* Function to initialise widgets functionality on Elgg init
*
@@ -438,7 +506,9 @@
register_action('widgets/reorder');
register_action('widgets/save');
register_action('widgets/add');
-
+
+ // Now run this stuff, but only once
+ run_function_once("widget_run_once");
}
// Register event