Hey,
i'm confronted with a problem which needs an easy solution. So users can create objects which have metadata. These metadata are private. Users can change the access of the objects which have those metadata. So if any other user gets access for an object which has private metadata he can't receive those data. I have thwo workarounds in mind.
1. (obvious but kinda dirty): call elgg_set_ignore_access(true) before i try to get the metadata
2. Change all access_ids for the metadata if the access for the object is changed.
Is there a simpler way to sync the access_ids of the metadata with the access_id of the object or do i have to pick one of the workarounds from above?
greets!
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Team Webgalli@webgalli
Team Webgalli - 0 likes
- rob2109@rob2109
rob2109 - 0 likes
- Kevin Jardine@kevin
Kevin Jardine - 0 likes
- Evan Winslow@ewinslow
Evan Winslow - 0 likes
You must log in to post replies.Unless you are saving the metadata's as independent they inherit the access of their parent object.
That's what i thought so far but i could receive the object but not the metadata. I tried to call a elgg_set_ignore_access(true) before i wanted to get the metadata and it worked. Am i wrong now?
greets
How are you saving the metadata?
$entity->metadata_name = $metadata_value
should work just fine, but if you are using an API function in my experience sometimes there is trouble.
@rob2109, this is not an appropriate time to use the elgg_set_ignore_access function. I haven't looked into the details, but if I had to guess, the problem is likely that metadata has an owner_guid too, so when the acl is private, it remains private to the original owner, even though the associated entity has had its owner changed.