diff options
author | friendica <info@friendica.com> | 2013-09-22 20:55:55 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-09-22 20:55:55 -0700 |
commit | 44354c1aa82796fae1e0180703ae335b394a8adf (patch) | |
tree | 0a49a5aeac17265cb89d6f3b7de24f982e933d03 | |
parent | cdfb5f9dc740734fbd95363a026ab44ae1dd9d94 (diff) | |
download | volse-hubzilla-44354c1aa82796fae1e0180703ae335b394a8adf.tar.gz volse-hubzilla-44354c1aa82796fae1e0180703ae335b394a8adf.tar.bz2 volse-hubzilla-44354c1aa82796fae1e0180703ae335b394a8adf.zip |
bug #150, if deny access is present but nobody has been allowed, create an allow list containing everybody in your address book. Then subtract those who are denied.
-rwxr-xr-x | include/items.php | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/include/items.php b/include/items.php index 44917233f..4aecf9174 100755 --- a/include/items.php +++ b/include/items.php @@ -24,10 +24,31 @@ function collect_recipients($item,&$private) { if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) { $allow_people = expand_acl($item['allow_cid']); $allow_groups = expand_groups(expand_acl($item['allow_gid'])); + + $recipients = array_unique(array_merge($allow_people,$allow_groups)); + + // if you specifically deny somebody but haven't allowed anybody, we'll allow everybody in your + // address book minus the denied connections. The post is still private and can't be seen publicly + // as that would allow the denied person to see the post by logging out. + + if((! $item['allow_cid']) && (! $item['allow_gid'])) { + $r = q("select * from abook where abook_channel = %d and not (abook_flags & %d) and not (abook_flags & %d) and not (abook_flags & %d)", + intval($item['uid']), + intval(ABOOK_FLAG_SELF), + intval(ABOOK_FLAG_PENDING), + intval(ABOOK_FLAG_ARCHIVED) + ); + + if($r) { + foreach($r as $rr) { + $recipients[] = $rr['abook_xchan']; + } + } + } + $deny_people = expand_acl($item['deny_cid']); $deny_groups = expand_groups(expand_acl($item['deny_gid'])); - $recipients = array_unique(array_merge($allow_people,$allow_groups)); $deny = array_unique(array_merge($deny_people,$deny_groups)); $recipients = array_diff($recipients,$deny); $private = true; |