Skip to content

Instantly share code, notes, and snippets.

@cash

cash/gist:5928150

Last active December 19, 2015 08:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cash/5928150 to your computer and use it in GitHub Desktop.
Save cash/5928150 to your computer and use it in GitHub Desktop.
Download ZIP
Elgg Access System (create, update, and delete)
Raw
gistfile1.md

Creating an entity

  1. Owner check: can write to owner as container (can_write_write_to_container())
  2. Container check: can write to the container as a container (can_write_write_to_container())

Updating an entity

  1. ElggEntity::canEdit()

Deleting an entity

  1. ElggEntity::canEdit()

Adding metadata

No access checks (access to entity not required if using create_metadata())

Updating metadata

No access checks if using the __set magic method, but ElggMetadata::canEdit() if using update_metadata()

Deleting metadata

  1. ElggMetadata::canEdit()

Adding an annotation

no access checks (access to entity not required if using create_annotation())

Updating an annotation

  1. ElggAnnotation::canEdit()

Deleting an annotation

  1. ElggAnnotation::canEdit()

Relationships - create, edit, delete

no access checks

Notes

  1. Updating an entity can change the owner or container in ways that would fail the check during creation.
  2. The access checks for updating metadata on an entity when using the magic method are explicitly turned off
  3. can_write_to_container() is a check if the user can edit the container entity.
  4. A user can edit an entity if any of the following conditions are true
    • user owns the entity
    • user is the container for the entity
    • user is the entity
    • user can edit the container (creates potential for infinite loop)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment