aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-12-09 18:07:36 -0800
committerfriendica <info@friendica.com>2012-12-09 18:07:36 -0800
commitf8c33243bf0440c6ddab63dbf3a755e4d506122b (patch)
tree24166874ffc80d4da665d7fee43c5da018af86ad
parent7f7767064918e95524de324b4520943ee34e04c3 (diff)
downloadvolse-hubzilla-f8c33243bf0440c6ddab63dbf3a755e4d506122b.tar.gz
volse-hubzilla-f8c33243bf0440c6ddab63dbf3a755e4d506122b.tar.bz2
volse-hubzilla-f8c33243bf0440c6ddab63dbf3a755e4d506122b.zip
start to whip the permissions into shape, also got rid of the mce drop shadow until we can figure out how to do it without the ugly black bars. I tend to prefer "outy" shadows over "inny" shadows anyway, but maybe that's just me.
-rw-r--r--include/ConversationObject.php7
-rw-r--r--include/conversation.php14
-rw-r--r--include/security.php66
-rw-r--r--mod/channel.php64
-rw-r--r--mod/photos.php11
-rwxr-xr-xmod/subthread.php6
-rw-r--r--view/theme/redbasic/css/style.css12
-rw-r--r--view/tpl/head.tpl2
8 files changed, 45 insertions, 137 deletions
diff --git a/include/ConversationObject.php b/include/ConversationObject.php
index 6448cd632..033ce7f76 100644
--- a/include/ConversationObject.php
+++ b/include/ConversationObject.php
@@ -33,6 +33,9 @@ class Conversation extends BaseObject {
$a = $this->get_app();
+ $observer = $a->get_observer();
+ $ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
switch($mode) {
case 'network':
$this->profile_owner = local_user();
@@ -40,11 +43,11 @@ class Conversation extends BaseObject {
break;
case 'channel':
$this->profile_owner = $a->profile['profile_uid'];
- $this->writable = can_write_wall($a,$this->profile_owner);
+ $this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
break;
case 'display':
$this->profile_owner = $a->profile['uid'];
- $this->writable = can_write_wall($a,$this->profile_owner);
+ $this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
break;
default:
logger('[ERROR] Conversation::set_mode : Unhandled mode ('. $mode .').', LOGGER_DEBUG);
diff --git a/include/conversation.php b/include/conversation.php
index 2eabbcb0c..ef0781b09 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -406,7 +406,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
elseif($mode === 'channel') {
$profile_owner = $a->profile['profile_uid'];
- $page_writeable = can_write_wall($a,$profile_owner);
+ $page_writeable = ($profile_owner == local_user());
if(!$update) {
$tab = notags(trim($_GET['tab']));
@@ -427,22 +427,12 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
elseif($mode === 'display') {
$profile_owner = $a->profile['uid'];
- $page_writeable = can_write_wall($a,$profile_owner);
+ $page_writeable = ($profile_owner == local_user());
$live_update_div = '<div id="live-display"></div>' . "\r\n";
}
- elseif($mode === 'community') {
- $profile_owner = 0;
- $page_writeable = false;
-
- if(!$update) {
- $live_update_div = '<div id="live-community"></div>' . "\r\n"
- . "<script> var profile_uid = -1; var netargs = '/?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
-
- }
- }
else if($mode === 'search') {
$live_update_div = '<div id="live-search"></div>' . "\r\n";
}
diff --git a/include/security.php b/include/security.php
index dfe646b8d..c47ab1524 100644
--- a/include/security.php
+++ b/include/security.php
@@ -135,72 +135,6 @@ function authenticate_success($user_record, $login_initial = false, $interactive
}
-
-function can_write_wall(&$a,$owner) {
-
- static $verified = 0;
-
- if((! (local_user())) && (! (remote_user())))
- return false;
-
- $uid = local_user();
-
- if(($uid) && ($uid == $owner)) {
- return true;
- }
-
- if(remote_user()) {
-
- // use remembered decision and avoid a DB lookup for each and every display item
- // DO NOT use this function if there are going to be multiple owners
-
- // We have a contact-id for an authenticated remote user, this block determines if the contact
- // belongs to this page owner, and has the necessary permissions to post content
-
- if($verified === 2)
- return true;
- elseif($verified === 1)
- return false;
- else {
- $cid = 0;
-
- if(is_array($_SESSION['remote'])) {
- foreach($_SESSION['remote'] as $visitor) {
- if($visitor['uid'] == $owner) {
- $cid = $visitor['cid'];
- break;
- }
- }
- }
-
- if(! $cid)
- return false;
-
-
- $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
- WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
- intval($owner),
- intval($cid),
- intval(CONTACT_IS_SHARING),
- intval(CONTACT_IS_FRIEND),
- intval(PAGE_COMMUNITY)
- );
-
- if(count($r)) {
- $verified = 2;
- return true;
- }
- else {
- $verified = 1;
- }
- }
- }
-
- return false;
-}
-
-
function change_channel($change_channel) {
$ret = false;
diff --git a/mod/channel.php b/mod/channel.php
index de5df649e..affef9613 100644
--- a/mod/channel.php
+++ b/mod/channel.php
@@ -53,6 +53,7 @@ function channel_content(&$a, $update = 0) {
}
}
+
if(get_config('system','block_public') && (! get_account_id()) && (! remote_user())) {
return login();
}
@@ -64,9 +65,12 @@ function channel_content(&$a, $update = 0) {
require_once('include/conversation.php');
require_once('include/acl_selectors.php');
require_once('include/items.php');
+ require_once('include/permissions.php');
+
$groups = array();
+
$tab = 'posts';
$o = '';
@@ -80,47 +84,17 @@ function channel_content(&$a, $update = 0) {
}
}
+ $observer = $a->get_observer();
+ $ob_hash = (($observer) ? $observer['xchan_hash'] : '');
- $contact = null;
- $remote_contact = false;
-
- $contact_id = 0;
-
- if(is_array($_SESSION['remote'])) {
- foreach($_SESSION['remote'] as $v) {
- if($v['uid'] == $a->profile['profile_uid']) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if($contact_id) {
- $groups = init_groups_visitor($contact_id);
- $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($a->profile['profile_uid'])
- );
- if(count($r)) {
- $contact = $r[0];
- $remote_contact = true;
- }
- }
-
- if(! $remote_contact) {
- if(local_user()) {
- $contact_id = $_SESSION['cid'];
- $contact = $a->contact;
- }
- }
-
- $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
+ $perms = get_all_perms($a->profile['profile_uid'],$ob_hash);
- if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
- notice( t('Access to this profile has been restricted.') . EOL);
+ if(! $perms['view_stream']) {
+ notice( t('Permission denied.') . EOL);
return;
}
+
if(! $update) {
@@ -129,22 +103,17 @@ function channel_content(&$a, $update = 0) {
$o .= common_friends_visitor_widget($a->profile['profile_uid']);
- $commpage = (($a->profile['page-flags'] == PAGE_COMMUNITY) ? true : false);
- $commvisitor = (($commpage && $remote_contact == true) ? true : false);
-
- $celeb = ((($a->profile['page-flags'] == PAGE_SOAPBOX) || ($a->profile['page-flags'] == PAGE_COMMUNITY)) ? true : false);
-
- if(can_write_wall($a,$a->profile['profile_uid'])) {
+ if($perms['post_wall']) {
$x = array(
'is_owner' => $is_owner,
- 'allow_location' => ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? true : false),
+ 'allow_location' => ((($is_owner || $observer) && $a->profile['allow_location']) ? true : false),
'default_location' => (($is_owner) ? $a->user['default-location'] : ''),
'nickname' => $a->profile['channel_address'],
'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
- 'acl' => (($is_owner) ? populate_acl($channel, $celeb) : ''),
+ 'acl' => (($is_owner) ? populate_acl($channel, false) : ''),
'bang' => '',
- 'visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'),
+ 'visitor' => (($is_owner || $observer) ? 'block' : 'none'),
'profile_uid' => $a->profile['profile_uid']
);
@@ -158,6 +127,7 @@ function channel_content(&$a, $update = 0) {
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
+// fixme
$sql_extra = item_permissions_sql($a->profile['profile_uid'],$remote_contact,$groups);
@@ -211,7 +181,7 @@ function channel_content(&$a, $update = 0) {
}
- if($r && count($r)) {
+ if($r) {
$parents_str = ids_to_querystr($r,'item_id');
@@ -233,7 +203,7 @@ function channel_content(&$a, $update = 0) {
}
- if((! $update) && ($tab === 'posts')) {
+ if(! $update) {
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
diff --git a/mod/photos.php b/mod/photos.php
index c98655df3..ee0a930fd 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -25,6 +25,9 @@ function photos_init(&$a) {
$a->data['channel'] = $r[0];
+ $observer = $a->get_observer();
+ $a->data['perms'] = get_all_perms($r[0]['channel_id'],(($observer) ? $observer['xchan_hash'] : ''));
+
$o .= '<div class="vcard">';
$o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
@@ -1394,7 +1397,7 @@ function photos_content(&$a) {
$likebuttons = '';
- if($can_post || can_write_wall($a,$owner_uid)) {
+ if($can_post || $a->data['perms']['post_comments']) {
$likebuttons = replace_macros($like_tpl,array(
'$id' => $link_item['id'],
'$likethis' => t("I like this \x28toggle\x29"),
@@ -1406,7 +1409,7 @@ function photos_content(&$a) {
$comments = '';
if(! count($r)) {
- if($can_post || can_write_wall($a,$owner_uid)) {
+ if($can_post || $a->data['perms']['post_comments']) {
$comments .= replace_macros($cmnt_tpl,array(
'$return_path' => '',
'$jsreload' => $return_url,
@@ -1444,7 +1447,7 @@ function photos_content(&$a) {
- if($can_post || can_write_wall($a,$owner_uid)) {
+ if($can_post || $a->data['perms']['post_comments']) {
$comments .= replace_macros($cmnt_tpl,array(
'$return_path' => '',
'$jsreload' => $return_url,
@@ -1471,7 +1474,7 @@ function photos_content(&$a) {
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
- if($can_post || can_write_wall($a,$owner_uid)) {
+ if($can_post || $a->data['perms']['post_comments']) {
$comments .= replace_macros($cmnt_tpl,array(
'$return_path' => '',
'$jsreload' => $return_url,
diff --git a/mod/subthread.php b/mod/subthread.php
index 7ad7dfd6b..f8918e25d 100755
--- a/mod/subthread.php
+++ b/mod/subthread.php
@@ -28,10 +28,12 @@ function subthread_content(&$a) {
$item = $r[0];
$owner_uid = $item['uid'];
+ $observer = $a->get_observer();
+ $ob_hash = (($observer) ? $observer['xchan_hash'] : '');
- if(! can_write_wall($a,$owner_uid)) {
+ if(! perm_is_allowed($owner_uid,$ob_hash,'post_comments'))
return;
- }
+
$remote_owner = null;
diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index d040565a7..f355471b9 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -1719,21 +1719,27 @@ width: 90%;
/* TinyMCE */
DIV#profile-jot-text_toolbargroup{
-background: #333;
+background: #FFF;
border: 1px #111;
-box-shadow: 5px 5px 5px #000 inset;
+/*box-shadow: 5px 5px 5px #000 inset;*/
}
-
+/*
#profile-jot-text_parent, .mceLayout {
border-radius: 5px;
-moz-border-radius: 5px;
box-shadow: 4px 4px 3px 0 #444444;
}
+*/
+
iframe#profile-jot-text_ifr {
width: 100% !important;
height: 100% !important;
+box-shadow: 5px 5px 5px #000 inset !important;}
+
+tr.mceLast {
+
}
/* Not MCE */
diff --git a/view/tpl/head.tpl b/view/tpl/head.tpl
index c12871924..9c0e6b09a 100644
--- a/view/tpl/head.tpl
+++ b/view/tpl/head.tpl
@@ -12,7 +12,7 @@ $js_strings
$head_js
-<link rel="shortcut icon" href="$baseurl/images/friendica-32.png" />
+<link rel="shortcut icon" href="$baseurl/images/fred-32.png" />
<link rel="search"
href="$baseurl/opensearch"
type="application/opensearchdescription+xml"