From 93f4700378ba8c318398f8efe45cff7e4919912e Mon Sep 17 00:00:00 2001 From: icewing Date: Thu, 13 Mar 2008 14:14:09 +0000 Subject: Marcus Povey * Ooops... forgot access controls git-svn-id: https://code.elgg.org/elgg/trunk@197 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/entities.php | 90 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 86 insertions(+), 4 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 5d9858125..f87cc87f5 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -71,8 +71,14 @@ */ public function set($name, $value) { - if (array_key_exists($name, $this->attributes)) + if (array_key_exists($name, $this->attributes)) + { + // Check that we're not trying to change the guid! + if ((array_key_exists('guid')) && ($name=='guid')) + return false; + $this->attributes[$name] = $value; + } else return setMetaData($name, $value); @@ -101,6 +107,11 @@ // TODO: WRITEME } + public function clearMetaData() + { + // TODO: WRITEME + } + /** * Adds an annotation to an entity. By default, the type is detected automatically; however, * it can also be set. Note that by default, annotations are private. @@ -128,6 +139,66 @@ // TODO: WRITEME } + /** + * Remove all annotations or all annotations for this entity. + * + * @param string $name + */ + function clearAnnotations($name = "") + { + + } + + /** + * Return the annotations for the entity. + * + * @param string $name The type of annotation. + */ + function countAnnotations($name) + { + + } + + /** + * Get the average of an integer type annotation. + * + * @param string $name + */ + function getAnnotationsAvg($name) + { + + } + + /** + * Get the sum of integer type annotations of a given name. + * + * @param string $name + */ + function getAnnotationsSum($name) + { + + } + + /** + * Get the minimum of integer type annotations of given name. + * + * @param string $name + */ + function getAnnotationsMin($name) + { + + } + + /** + * Get the maximum of integer type annotations of a given name. + * + * @param string $name + */ + function getAnnotationsMax($name) + { + + } + public function getGUID() { return $this->get('guid'); } public function getOwner() { return $this->get('owner_guid'); } public function getType() { return $this->get('type'); } @@ -186,6 +257,14 @@ return false; } + /** + * Delete this entity. + */ + public function delete() + { + return delete_entity($this->get('guid')); + } + } /** @@ -290,7 +369,9 @@ $guid = (int)$guid; - return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid"); + $access = get_access_list(); + + return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); } /** @@ -374,9 +455,10 @@ $guid = (int)$guid; - return delete_data("DELETE from {$CONFIG->dbprefix}entities where where guid=$guid"); + $access = get_access_list(); + + return delete_data("DELETE from {$CONFIG->dbprefix}entities where where guid=$guid and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); - // TODO: Clean up subtables, or is this better handled by an object or by cascading? } -- cgit v1.2.3