From 121af8a020a8f47e12d5e189774a2d43b653cf56 Mon Sep 17 00:00:00 2001
From: Brook Gagnon <brook@pikalabs.com>
Date: Fri, 13 Sep 2024 18:16:17 +0000
Subject: [PATCH] add visibility setting to custom metadata (to exclude some
 fields from public api)

---
 controllers/metadata.php         |  3 ++-
 html/media/metadata_addedit.html |  7 +++++++
 js/media/settings.js             |  1 +
 models/media_model.php           |  1 +
 models/mediametadata_model.php   | 13 ++++++++++++-
 updates/20240913.php             | 20 ++++++++++++++++++++
 6 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 updates/20240913.php

diff --git a/controllers/metadata.php b/controllers/metadata.php
index 671decbe..6b08be9a 100644
--- a/controllers/metadata.php
+++ b/controllers/metadata.php
@@ -83,8 +83,9 @@ public function metadata_save()
         $data['select_options'] = trim($this->data('select_options'));
         $data['mode'] = trim($this->data('mode'));
         $data['id3_key'] = trim($this->data('id3_key'));
-
+        $data['visibility'] = $this->data('visibility');
         $data['default'] = $this->data('default');
+
         if (is_array($data['default'])) {
             $data['default'] = array_map('trim', $data['default']);
         } else {
diff --git a/html/media/metadata_addedit.html b/html/media/metadata_addedit.html
index 6b0d0e18..45b92ba2 100644
--- a/html/media/metadata_addedit.html
+++ b/html/media/metadata_addedit.html
@@ -34,6 +34,13 @@
       </ob-field-select>
     </div>
 
+    <div class="fieldrow">
+      <label class="required" data-t>Visibility</label>
+      <ob-field-select data-edit id="metadata_visibility">
+        <ob-option selected value="public">Allow Public</ob-option>
+        <ob-option value="visible">Internal Only</ob-option>
+    </div>
+
     <div class="fieldrow">
       <label class="required" data-t>Options (one per line)</label>
       <ob-field-textarea data-edit wrap="off" id="metadata_select_options"></ob-field-textarea>
diff --git a/js/media/settings.js b/js/media/settings.js
index db33180f..cd89db16 100644
--- a/js/media/settings.js
+++ b/js/media/settings.js
@@ -429,6 +429,7 @@ OB.Media.metadataSave = function () {
     field.default = $("#metadata_default").val();
     field.mode = document.querySelector("#metadata_mode").value;
     field.id3_key = document.querySelector("#metadata_id3_key").value;
+    field.visibility = document.querySelector("#metadata_visibility").value;
 
     OB.API.post("metadata", "metadata_save", field, function (response) {
         if (response.status == false) {
diff --git a/models/media_model.php b/models/media_model.php
index e3f02443..18ce33e9 100644
--- a/models/media_model.php
+++ b/models/media_model.php
@@ -245,6 +245,7 @@ public function get_init_what($args = [])
         $this->db->what('users.display_name', 'owner_name');
 
         foreach ($args['metadata_fields'] as $metadata_field) {
+            // add the field to the select portion of the query
             $query_select = $metadata_field->querySelect();
             if (!is_array($query_select)) {
                 $query_select = [$query_select];
diff --git a/models/mediametadata_model.php b/models/mediametadata_model.php
index cb33f507..ea845fdf 100644
--- a/models/mediametadata_model.php
+++ b/models/mediametadata_model.php
@@ -48,6 +48,11 @@ public function get_all_objects()
                 $class = 'OB\Classes\Base\Metadata';
             }
 
+            // exclude this field if not public and not authenticated
+            if ($column['visibility'] != 'public' && !$this->user->check_authenticated()) {
+                continue;
+            }
+
             $objects[] = new $class($column['name'], $column['description'], $column['type'], $column['settings']);
         }
 
@@ -194,6 +199,11 @@ public function validate($data, $id)
             return [false,'The field type is not valid.'];
         }
 
+        //T The visibility setting is not valid.
+        if (array_search($data['visibility'], ['visible','public']) === false) {
+            return [false,'The visibility setting is not valid.'];
+        }
+
         return [true,'Valid.'];
     }
 
@@ -210,6 +220,7 @@ public function save($data, $id)
         $save = [];
         $save['settings'] = [];
         $save['description'] = $data['description'];
+        $save['visibility'] = $data['visibility'];
 
         // if editing, use name/type from existing field.
         if ($id) {
@@ -231,7 +242,7 @@ public function save($data, $id)
             $save['settings']['options'] = $save_options;
         }
 
-        // mode, default, and id3 key
+        // visibility, mode, default, and id3 key
         $save['settings']['mode'] = $data['mode'];
         $save['settings']['default'] = $data['default'];
         $save['settings']['id3_key'] = $data['id3_key'];
diff --git a/updates/20240913.php b/updates/20240913.php
new file mode 100644
index 00000000..963efbcd
--- /dev/null
+++ b/updates/20240913.php
@@ -0,0 +1,20 @@
+<?php
+
+class OBUpdate20240913 extends OBUpdate
+{
+    public function items()
+    {
+        $updates = [];
+        $updates[] = 'Add visibility option to metadata fields.';
+        return $updates;
+    }
+
+    public function run()
+    {
+        $this->db->query('
+            ALTER TABLE `media_metadata` ADD COLUMN `visibility` ENUM("visible", "public") NOT NULL DEFAULT "public";
+        ');
+
+        return true;
+    }
+}