From 0cc34b975d829e2fd7da8096ac09094b7b230424 Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 13 Jun 2008 17:12:43 +0000
Subject: Metadata now inherits its parent entity's permissions

git-svn-id: https://code.elgg.org/elgg/trunk@916 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/metadata.php | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

(limited to 'engine/lib')

diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 94c0b7b2c..8cc6a7202 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -67,7 +67,21 @@
 		 */
 		function __set($name, $value) {
 			return $this->set($name, $value);
-		}		
+		}
+
+		/**
+		 * Determines whether or not the user can edit this piece of metadata
+		 *
+		 * @return true|false Depending on permissions
+		 */
+		function canEdit() {
+			
+			if ($entity = get_entity($this->get('entity_guid'))) {
+				return $entity->canEdit();
+			}
+			return false;
+			
+		}
 		
 		/**
 		 * Save matadata object
@@ -130,9 +144,9 @@
 		global $CONFIG;
 
 		$id = (int)$id;
-		$access = get_access_sql_suffix("m");
+		$access = get_access_sql_suffix("e");
 				
-		return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access"));
+		return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access"));
 	}
 	
 	/**
@@ -228,7 +242,11 @@
 	{
 		global $CONFIG;
 
-		$id = (int)$id;
+		$id = (int)$id;
+		
+		if (!$md = get_metadata($id)) return false;
+		if (!$md->canEdit()) return false;
+		
 		//$name = sanitise_string(trim($name));
 		//$value = sanitise_string(trim($value));
 		$value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
@@ -240,16 +258,15 @@
 		
 		$access = get_access_sql_suffix();
 		
-		
 		// Add the metastring
 		$value = add_metastring($value);
 		if (!$value) return false;
 		
 		$name = add_metastring($name);
-		if (!$name) return false;
+		if (!$name) return false;
 		
 		// If ok then add it
-		return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and $access");
+		return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name'");
 	}
 	
 	/**
@@ -299,8 +316,8 @@
 	
 		$meta_name = get_metastring_id($meta_name);
 		$entity_guid = (int)$entity_guid;
-		$access = get_access_sql_suffix("m");
-		$result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata");
+		$access = get_access_sql_suffix("e");
+		$result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata");
 		if (!$result) 
 			return false;
 		
@@ -320,9 +337,9 @@
 		global $CONFIG;
 	
 		$entity_guid = (int)$entity_guid;
-		$access = get_access_sql_suffix("m");
+		$access = get_access_sql_suffix("e");
 		
-		return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata");
+		return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata");
 	}
 
 	/**
-- 
cgit v1.2.3