From 6600a8ea777eef3603f947c795d74c295af8c861 Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 17 Feb 2008 16:30:48 +0000
Subject: Full object and object metadata CRUD functionality

git-svn-id: https://code.elgg.org/elgg/trunk@45 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/objects.php | 133 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 126 insertions(+), 7 deletions(-)

(limited to 'engine/lib/objects.php')

diff --git a/engine/lib/objects.php b/engine/lib/objects.php
index 6a58f2709..f17dcdda1 100644
--- a/engine/lib/objects.php
+++ b/engine/lib/objects.php
@@ -66,7 +66,6 @@
 	 * @param int $object_id The ID of the object to load
 	 * @return object A database representation of the object
 	 */
-		
 		function get_object($object_id) {
 			
 			global $CONFIG;
@@ -91,13 +90,14 @@
 			$object_id = (int) $object_id;
 			$access = get_access_list();
 			
-			if (delete_data("delete from {$CONFIG->dbprefix}objects where o.owner_id = {$_SESSION['id']}")) {
-				remove_object_metadata("",$object_id);
+			if (delete_data("delete from {$CONFIG->dbprefix}objects where o.id = {$object_id} and o.owner_id = {$_SESSION['id']}")) {
+				remove_object_metadata($object_id);
 				return true;
 			}
 			
 			return false;
 		}
+
 		
 	/**
 	 * Creates an object
@@ -137,6 +137,51 @@
 			return false;
 			
 		}
+
+	/**
+	 * Update an object
+	 * Note that to write to an object, you must be logged in as the owner
+	 *
+	 * @param int $id The ID of the object
+	 * @param string $title Object title
+	 * @param string $description A description of the object
+	 * @param string $type The textual type of the object (eg "blog")
+	 * @param int $owner The owner of the object (defaults to currently logged in user)
+	 * @param int $access_id The access restriction on the object (defaults to private)
+	 * @param int $site_id The site the object belongs to
+	 * @return int|false Either 1 or 0 (the number of objects updated) or false on failure
+	 */
+		
+		function update_object($id, $title = null, $description = null, $type = null, $owner = null, $access_id = null, $site_id = null) {
+
+			global $CONFIG;
+			
+			$id = (int) $id;
+			if ($title != null) $title = sanitise_string($title);
+			if ($description != null) $description = sanitise_string($description);
+			if ($owner_id != null) $owner_id = (int) $owner_id;
+			if ($site_id != null) $site_id = (int) $site_id;
+			if ($access_id != null) $access_id = (int) $access_id;
+			if ($site_id != null) if ($site_id == 0) $site_id = $CONFIG->site_id;
+			if ($owner_id != null) if ($owner_id == 0) $owner = $_SESSION['id'];
+			
+			// We can't let non-logged in users create data
+			// We also need the access restriction to be valid
+			if ($owner > 0 && in_array($access_id,get_access_array())) {
+			
+				$params = array();
+				foreach(array('title','description','owner','site_id','access_id','site_id','owner') as $param) {
+					if ($$param != null) {
+						$params[] = "{$param} = '{$$param}'";
+					}
+				}
+				
+				return update_data("update {$CONFIG->prefix}objects set " . implode(",",$params) . " where id = {$id} and owner_id = {$_SESSION['id']}");
+				
+			}
+			return false;
+			
+		}
 		
 	/**
 	 * Gets the ID of an object type in the database, setting it if necessary 
@@ -158,6 +203,44 @@
 			
 		}
 		
+	/**
+	 * Gets the ID of an object metadata type in the database, setting it if necessary 
+	 *
+	 * @param string $type The name of the metadata type
+	 * @return int|false The database ID of the metadata type, or false if the given type was invalid
+	 */
+		function get_metadata_type_id($type) {
+			
+			global $CONFIG;
+			$type = strtolower(trim(sanitise_string($type)));
+			if (!empty($type) && $dbtype = get_data_row("select id from {$CONFIG->dbprefix}metadata_type where name = '{$type}'")) {
+				return $dbtype->id;
+			} else if (!empty($type)) {
+				return insert_data("insert into {$CONFIG->dbprefix}metadata_type set name = '{$type}'");
+			}
+			return false;
+			
+		}
+
+	/**
+	 * Gets the ID of an object metadata value in the database, setting it if necessary 
+	 *
+	 * @param string $type The metadata value
+	 * @return int|false The database ID of the metadata value, or false if the given value was invalid
+	 */
+		function get_metadata_value_id($value) {
+			
+			global $CONFIG;
+			$type = strtolower(trim(sanitise_string($value)));
+			if (!empty($value) && $dbtype = get_data_row("select id from {$CONFIG->dbprefix}metadata_value where value = '{$value}'")) {
+				return $dbtype->id;
+			} else if (!empty($value)) {
+				return insert_data("insert into {$CONFIG->dbprefix}metadata_value set value = '{$value}'");
+			}
+			return false;
+			
+		}
+		
 	/**
 	 * Sets a piece of metadata for a particular object.
 	 *
@@ -167,18 +250,54 @@
 	 * @param int $object_id The ID of the object
 	 * @return true|false depending on success
 	 */
-		function set_object_metadata($metadata_name, $metadata_value, $access_id, $object_id) {
-			return true;
+		function set_object_metadata($metadata_name, $metadata_value, $access_id, $object_id, $site_id = 0) {
+			global $CONFIG;
+			$object_id = (int) $object_id;
+			if ($object = get_object($object_id)) {
+				if ($object->owner_id == $_SESSION['id']) {
+					
+					$access_id = (int) $access_id;
+					if ($site_id == 0) $site_id = $CONFIG->site_id;
+					$site_id = (int) $site_id;
+					
+					if ($type_id = get_object_metadata_type_id($metadata_name)
+						&& $value_id = get_object_metadata_value_id($metadata_value)
+						&& in_array($access_id,get_access_array())) {
+						delete_data("delete from {$CONFIG->dbprefix}object_metadata where metadata_type_id = {$type_id} and object_id = {$object_id}");
+						return insert_data("insert into {$CONFIG->dbprefix}object_metadata set object_id = {$object_id}, access_id = {$access_id}, metadata_type_id = {$type_id}, value_id = {$value_id}, site_id = {$site_id}");						
+					} else {
+						return false;
+					}
+					
+				}
+			} else {
+				return false;
+			}
 		}
 
 	/**
 	 * Removes a piece of (or all) metadata for a particular object.
 	 *
-	 * @param string $metadata_name The type of metadata; blank for all metadata
 	 * @param int $object_id The ID of the object
+	 * @param string $metadata_name The type of metadata; blank for all metadata
 	 * @return true|false depending on success
 	 */
-		function remove_object_metadata($metadata_name = "", $object_id) {
+		function remove_object_metadata($object_id, $metadata_name = "") {
+			global $CONFIG;
+			$object_id = (int) $object_id;
+			if ($object = get_object($object_id)) {
+				if ($object->owner_id == $_SESSION['id']) {
+					
+					if ($type_id = get_object_metadata_type_id($metadata_name)) {
+						return delete_data("delete from {$CONFIG->dbprefix}object_metadata where metadata_type_id = {$type_id} and object_id = {$object_id}");						
+					} else {
+						return false;
+					}
+					
+				}
+			} else {
+				return false;
+			}
 			return true;
 		}
 
-- 
cgit v1.2.3