From dba0e07bd47324501123090ef6159b07a672d004 Mon Sep 17 00:00:00 2001 From: ben Date: Mon, 7 Apr 2008 14:31:25 +0000 Subject: Much better handling for deleting entities and metadata git-svn-id: https://code.elgg.org/elgg/trunk@409 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/entities.php | 8 ++++---- engine/lib/metadata.php | 49 ++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 46 insertions(+), 11 deletions(-) diff --git a/engine/lib/entities.php b/engine/lib/entities.php index eba5b8a4d..9d7f98079 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -681,10 +681,10 @@ // TODO Make sure this deletes all metadata/annotations/relationships/etc!! $guid = (int)$guid; - - $access = get_access_list(); - - return delete_data("DELETE from {$CONFIG->dbprefix}entities where where guid=$guid and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + $entity = get_entity($guid); + + if ($entity->canEdit()) + return delete_data("DELETE from {$CONFIG->dbprefix}entities where where guid=$guid"); } diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 37a89f09e..99153a98a 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -72,9 +72,40 @@ { return delete_metadata($this->id); } + + /** + * Determines whether or not the specified user can edit this + * + * @param int $user_guid The GUID of the user (defaults to currently logged in user) + * @return true|false + */ + function canEdit($user_guid = 0) { + return can_edit_metadata($this->id,$user_guid); + } } - + + /** + * Determines whether or not the specified user can edit the specified piece of metadata + * + * @param int $metadata_id The ID of the piece of metadata + * @param int $user_guid The GUID of the user + * @return true|false + */ + function can_edit_metadata($metadata_id, $user_guid = 0) { + + if ($user_guid == 0) { + $user = $_SESSION['user']; + } else { + $user = get_entity($user_guid); + } + $metadata = get_metadata($metadata_id); + + if ($metadata->owner_guid == $user->getGUID()) return true; + + return trigger_plugin_hook('permissions_check','metadata',array('entity' => $entity, 'user' => $user),false); + + } /** * Convert a database row to a new ElggMetadata @@ -244,10 +275,11 @@ { global $CONFIG; - $id = (int)$id; - $access = get_access_list(); - - return delete_data("DELETE from {$CONFIG->dbprefix}metadata where id=$id and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + $id = (int)$id; + $metadata = get_metadata($id); + + if ($metadata->canEdit()) + return delete_data("DELETE from {$CONFIG->dbprefix}metadata where id=$id"); } @@ -346,8 +378,11 @@ global $CONFIG; $entity_guid = (int)$entity_guid; - - return delete_data("DELETE from {$CONFIG->dbprefix}metadata where entity_guid=$entity_guid and access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']})"); + if ($entity = get_entity($entity_guid)) { + if ($entity->canEdit()) + return delete_data("DELETE from {$CONFIG->dbprefix}metadata where entity_guid={$entity_guid}"); + } + return false; } /** -- cgit v1.2.3