From db3543cf2a9e59243c1b35be0078a0b9535a8824 Mon Sep 17 00:00:00 2001 From: ben Date: Wed, 24 Sep 2008 11:57:10 +0000 Subject: Metadata permissions now work as advertised, but had to remove caching in the process. Will attempt to re-enable it shortly. git-svn-id: https://code.elgg.org/elgg/trunk@2109 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/access.php | 4 ++-- engine/lib/metadata.php | 28 +++++++++++++++++++--------- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/engine/lib/access.php b/engine/lib/access.php index 2df9aea58..313fc7476 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -25,7 +25,7 @@ global $CONFIG; - if (!isset($access_list)) + //if (!isset($access_list)) $access_list = array(); if ($user_id == 0) $user_id = $_SESSION['id']; @@ -52,7 +52,7 @@ global $CONFIG; static $access_array; - if (!isset($access_array)) + //if (!isset($access_array)) $access_array = array(); if ($user_id == 0) $user_id = $_SESSION['guid']; diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index d509424e2..376c6ecdd 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -151,9 +151,10 @@ global $CONFIG; $id = (int)$id; - $access = get_access_sql_suffix("e"); + $access = get_access_sql_suffix("e"); + $md_access = get_access_sql_suffix("m"); - return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access")); + return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access and $md_access")); } /** @@ -363,11 +364,16 @@ function get_metadata_byname($entity_guid, $meta_name) { global $CONFIG; - - $meta_name = get_metastring_id($meta_name); + + $meta_name = get_metastring_id($meta_name); + + if (empty($meta_name)) return false; + $entity_guid = (int)$entity_guid; - $access = get_access_sql_suffix("e"); - $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata"); + $access = get_access_sql_suffix("e"); + $md_access = get_access_sql_suffix("m"); + + $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access and $md_access", "row_to_elggmetadata"); if (!$result) return false; @@ -387,9 +393,10 @@ global $CONFIG; $entity_guid = (int)$entity_guid; - $access = get_access_sql_suffix("e"); + $access = get_access_sql_suffix("e"); + $md_access = get_access_sql_suffix("e"); - return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata"); + return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access and $md_access", "row_to_elggmetadata"); } /** @@ -442,7 +449,8 @@ $query = "SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where"; foreach ($where as $w) $query .= " $w and "; - $query .= get_access_sql_suffix("e"); // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls + $query .= ' and ' . get_access_sql_suffix("m"); // Add access controls $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "row_to_elggmetadata"); @@ -516,6 +524,7 @@ foreach ($where as $w) $query .= " $w and "; $query .= get_access_sql_suffix("e"); // Add access controls + $query .= ' and ' . get_access_sql_suffix("m"); // Add access controls if (!$count) { $query .= " order by $order_by limit $offset, $limit"; // Add order and limit @@ -622,6 +631,7 @@ foreach ($where as $w) $query .= " $w and "; $query .= get_access_sql_suffix("e"); // Add access controls + $query .= ' and ' . get_access_sql_suffix("e"); // Add access controls if (!$count) { $query .= " order by $order_by limit $offset, $limit"; // Add order and limit -- cgit v1.2.3