diff options
| author | friendica <info@friendica.com> | 2014-04-14 16:45:16 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-04-14 16:45:16 -0700 |
| commit | 506ae56385f5f731b7f3a8f5ee7feda2a66ae985 (patch) | |
| tree | c41dd3f148b80a51accece6fad946ea80fd784b7 | |
| parent | bf8f5d5b2b1753333d2ea9a14f728183c40c2dcb (diff) | |
| download | volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.tar.gz volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.tar.bz2 volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.zip | |
Better handling of restricted /channel and /profile permissions. We will show the name, profile photo and a 'connect' button if appropriate on these pages regardless of permissions. A blank page makes it difficult for folks to figure out how to connect and if it is their real life friend 'x' or not. It also matches our overall policy (adopted from Facebook's lessons learned) that the channel name and default profile photo are always visible and can't really be blocked without messing up the usability of the entire network. This also makes sure that a connect button can be found somewhere besides the directory - where the entry could be blocked; and avoid somebody having to figure out the webbie and find the link to "follow" (another related issue).
| -rw-r--r-- | include/identity.php | 30 | ||||
| -rw-r--r-- | include/widgets.php | 12 | ||||
| -rw-r--r-- | mod/profile.php | 5 |
3 files changed, 27 insertions, 20 deletions
diff --git a/include/identity.php b/include/identity.php index 66e572866..b66eaad51 100644 --- a/include/identity.php +++ b/include/identity.php @@ -583,14 +583,16 @@ function profile_load(&$a, $nickname, $profile = '') { } + $a->profile = $p[0]; + $a->profile_uid = $p[0]['profile_uid']; + $a->page['title'] = $a->profile['channel_name'] . " - " . $a->profile['channel_address'] . "@" . $a->get_hostname(); + + $a->profile['permission_to_view'] = $can_view_profile; + if($can_view_profile) { - $a->profile = $p[0]; $online = get_online_status($nickname); $a->profile['online_status'] = $online['result']; - $a->profile_uid = $p[0]['profile_uid']; - - $a->page['title'] = $a->profile['channel_name'] . " - " . $a->profile['channel_address'] . "@" . $a->get_hostname(); } if(local_user()) { @@ -604,18 +606,12 @@ function profile_load(&$a, $nickname, $profile = '') { $_SESSION['theme'] = $p[0]['channel_theme']; - $a->set_template_engine(); // reset the template engine to the default in case the user's theme doesn't specify one +// $a->set_template_engine(); // reset the template engine to the default in case the user's theme doesn't specify one - $theme_info_file = "view/theme/".current_theme()."/php/theme.php"; - if (file_exists($theme_info_file)){ - require_once($theme_info_file); - } - - if(! $can_view_profile) { - // permission denied - notice( t(' Sorry, you don\'t have the permission to view this profile. ') . EOL); - return; - } +// $theme_info_file = "view/theme/".current_theme()."/php/theme.php"; +// if (file_exists($theme_info_file)){ +// require_once($theme_info_file); +// } return; } @@ -739,7 +735,7 @@ logger('online: ' . $profile['online']); $block = true; } - if(($profile['hidewall'] || $block) && (! local_user()) && (! remote_user())) { + if(($profile['hidewall'] && (! local_user()) && (! remote_user())) || $block ) { $location = $pdesc = $gender = $marital = $homepage = $online = False; } @@ -751,7 +747,7 @@ logger('online: ' . $profile['online']); $channel_menu = false; $menu = get_pconfig($profile['uid'],'system','channel_menu'); - if($menu) { + if($menu && ! $block) { require_once('include/menu.php'); $m = menu_fetch($menu,$profile['uid'],$observer['xchan_hash']); if($m) diff --git a/include/widgets.php b/include/widgets.php index 82769d925..678fed833 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -304,6 +304,9 @@ function widget_archive($arr) { if(! feature_enabled($uid,'archives')) return ''; + if(! perm_is_allowed($uid,get_observer_hash(),'view_stream')) + return ''; + $wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0); $style = ((array_key_exists('style', $arr)) ? $arr['style'] : 'select'); @@ -338,6 +341,12 @@ function widget_fullprofile($arr) { function widget_categories($arr) { $a = get_app(); + + + if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))) + return ''; + + $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); @@ -350,6 +359,9 @@ function widget_tagcloud_wall($arr) { $a = get_app(); if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) return ''; + if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')) + return ''; + $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); if(feature_enabled($a->profile['profile_uid'],'tagadelic')) return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); diff --git a/mod/profile.php b/mod/profile.php index fca7c8f9f..792bf34c5 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -61,7 +61,7 @@ function profile_content(&$a, $update = 0) { $o = ''; if(! (perm_is_allowed($a->profile['profile_uid'],get_observer_hash(), 'view_profile'))) { - notice( t('Access to this profile has been restricted.') . EOL); + notice( t('Permission denied.') . EOL); return; } @@ -69,11 +69,10 @@ function profile_content(&$a, $update = 0) { $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false); if($a->profile['hidewall'] && (! $is_owner) && (! remote_user())) { - notice( t('Access to this profile has been restricted.') . EOL); + notice( t('Permission denied.') . EOL); return; } - $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); |