Fixes #3018: Checks DB for access before using memcache-stored entity (suggested...

diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 3896cd58f839f95548b58e26a4a6028ec9991155..7122974dd3ac55a9a2241b53d06b929d68d1fb75 100644 (file)
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -698,7 +698,7 @@ function get_entity($guid) {
        // but that evaluates to a false positive for $guid = TRUE.
        // This is a bit slower, but more thorough.
        if (!is_numeric($guid) || $guid === 0 || $guid === '0') {
-               return FALSE;
+               return false;
        }
        
        // Check local cache first
@@ -715,14 +715,23 @@ function get_entity($guid) {
                        $shared_cache = false;
                }
        }
+
+       // until ACLs in memcache, DB query is required to determine access
+       $entity_row = get_entity_as_row($guid);
+       if (!$entity_row) {
+               return false;
+       }
+
        if ($shared_cache) {
-               $new_entity = $shared_cache->load($guid);
-               if ($new_entity) {
-                       return $new_entity;
+               $cached_entity = $shared_cache->load($guid);
+               // @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3
+               if ($cached_entity) {
+                       // @todo use ACL and cached entity access_id to determine if user can see it
+                       return $cached_entity;
                }
        }
 
-       $new_entity = entity_row_to_elggstar(get_entity_as_row($guid));
+       $new_entity = entity_row_to_elggstar($entity_row);
        if ($new_entity) {
                cache_entity($new_entity);
        }