aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-07-04 17:55:13 -0700
committerredmatrix <git@macgirvin.com>2016-07-04 17:55:13 -0700
commitd566ffa678dc9f035a022304a82560b19495a838 (patch)
tree2d9792aea61b9807efba95818094c90337622c68
parent6bf2e8a1087546a1986adddcdab486af0891383e (diff)
downloadvolse-hubzilla-d566ffa678dc9f035a022304a82560b19495a838.tar.gz
volse-hubzilla-d566ffa678dc9f035a022304a82560b19495a838.tar.bz2
volse-hubzilla-d566ffa678dc9f035a022304a82560b19495a838.zip
more heavy lifting on extensible perms
-rw-r--r--Zotlabs/Access/Permissions.php14
-rw-r--r--Zotlabs/Module/Connedit.php11
-rw-r--r--include/permissions.php29
3 files changed, 38 insertions, 16 deletions
diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
index bbf14d7dc..520957638 100644
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -34,6 +34,20 @@ class Permissions {
}
+ static public function BlockedAnonPerms() {
+
+ // Perms from the above list that are blocked from anonymous observers.
+ // e.g. you must be authenticated.
+
+ $perms = [ 'send_stream', 'write_pages', 'post_wall', 'write_storage', 'post_comments', 'post_mail', 'post_like', 'tag_deliver', 'chat', 'republish', 'delegate' ];
+
+ $x = array('permissions' => $perms);
+ call_hooks('write_perms',$x);
+ return($x['permissions']);
+
+ }
+
+
static public function OwnerLimitSet($channel_id,$permission,$limit) {
return Zlib\PConfig::Set($channel_id,'perms',$permission,$limit);
}
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 7db4950b1..4469330e8 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -131,6 +131,8 @@ class Connedit extends \Zotlabs\Web\Controller {
foreach($_POST as $k => $v) {
if(strpos($k,'perms_') === 0) {
+ $perm = substr($k,6);
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,(($v) ? 1 : 0));
$abook_my_perms += $v;
}
}
@@ -654,7 +656,8 @@ class Connedit extends \Zotlabs\Web\Controller {
$perms = array();
$channel = \App::get_channel();
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes')));
@@ -671,8 +674,10 @@ class Connedit extends \Zotlabs\Web\Controller {
$affinity = t('Set Affinity & Profile');
foreach($global_perms as $k => $v) {
- $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : '');
- $checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : '');
+ $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
+//fixme
+
+ $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
// For auto permissions (when $self is true) we don't want to look at existing
// permissions because they are enabled for the channel owner
diff --git a/include/permissions.php b/include/permissions.php
index 19242d29f..b4ecb1014 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
if($api)
return get_all_api_perms($uid,$api);
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
// Save lots of individual lookups
@@ -85,7 +85,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// First find out what the channel owner declared permissions to be.
- $channel_perm = $permission[0];
+ $channel_perm = \ZotlabAccess\PermissionLimits::Get($uid,$perm_name);
if(! $channel_checked) {
$r = q("select * from channel where channel_id = %d limit 1",
@@ -105,7 +105,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// These take priority over all other settings.
if($observer_xchan) {
- if($r[0][$channel_perm] & PERMS_AUTHED) {
+ if($channel_perm & PERMS_AUTHED) {
$ret[$perm_name] = true;
continue;
}
@@ -122,7 +122,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
dbesc($observer_xchan)
);
}
-
+ $abperms = load_abconfig($uid,$observer_xchan);
$abook_checked = true;
}
@@ -136,7 +136,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
- if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) {
+ $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms();
+
+
+ if(($x) && ($internal_use) && (in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
$ret[$perm_name] = false;
continue;
}
@@ -154,7 +157,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// if you've moved elsewhere, you will only have read only access
if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) {
- if($r[0]['channel_moved'] && (! $permission[2]))
+ if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms)))
$ret[$perm_name] = false;
else
$ret[$perm_name] = true;
@@ -163,7 +166,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// Anybody at all (that wasn't blocked or ignored). They have permission.
- if($r[0][$channel_perm] & PERMS_PUBLIC) {
+ if($channel_perm & PERMS_PUBLIC) {
$ret[$perm_name] = true;
continue;
}
@@ -178,7 +181,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If we're still here, we have an observer, check the network.
- if($r[0][$channel_perm] & PERMS_NETWORK) {
+ if($channel_perm & PERMS_NETWORK) {
if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) {
$ret[$perm_name] = true;
continue;
@@ -187,7 +190,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If PERMS_SITE is specified, find out if they've got an account on this hub
- if($r[0][$channel_perm] & PERMS_SITE) {
+ if($channel_perm & PERMS_SITE) {
if(! $onsite_checked) {
$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
dbesc($observer_xchan)
@@ -214,7 +217,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They are in your address book, but haven't been approved
- if($r[0][$channel_perm] & PERMS_PENDING) {
+ if($channel_perm & PERMS_PENDING) {
$ret[$perm_name] = true;
continue;
}
@@ -226,15 +229,15 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They're a contact, so they have permission
- if($r[0][$channel_perm] & PERMS_CONTACTS) {
+ if($channel_perm & PERMS_CONTACTS) {
$ret[$perm_name] = true;
continue;
}
// Permission granted to certain channels. Let's see if the observer is one of them
- if($r[0][$channel_perm] & PERMS_SPECIFIC) {
- if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
+ if($channel_perm & PERMS_SPECIFIC) {
+ if(array_key_exists('my_perms',$abperms) && array_key_exists($perm_name,$abperms['my_perms']) && $abperms['my_perms'][$perm_name]) {
$ret[$perm_name] = true;
continue;
}