aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-08-28 14:21:49 -0700
committerredmatrix <redmatrix@redmatrix.me>2015-08-28 14:21:49 -0700
commita42b23658752709f80da12051b0ee9c11b6a5580 (patch)
tree193415d37a9e45f85ea6d687716ecc091343ab32
parentd05fd9632e4dc60fc3d4043374f6332a1609857f (diff)
downloadvolse-hubzilla-a42b23658752709f80da12051b0ee9c11b6a5580.tar.gz
volse-hubzilla-a42b23658752709f80da12051b0ee9c11b6a5580.tar.bz2
volse-hubzilla-a42b23658752709f80da12051b0ee9c11b6a5580.zip
more AccessList stuff - this time it's mod-item, which is a biggie
-rw-r--r--include/photos.php2
-rw-r--r--mod/item.php91
2 files changed, 20 insertions, 73 deletions
diff --git a/include/photos.php b/include/photos.php
index ac502ed51..b4129fbf1 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -303,7 +303,7 @@ function photo_upload($channel, $observer, $args) {
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['title'] = $title;
$arr['allow_cid'] = $ac['allow_cid'];
- $arr['allow_gid'] = $ac['allow_gid']
+ $arr['allow_gid'] = $ac['allow_gid'];
$arr['deny_cid'] = $ac['deny_cid'];
$arr['deny_gid'] = $ac['deny_gid'];
$arr['verb'] = ACTIVITY_POST;
diff --git a/mod/item.php b/mod/item.php
index 750512bcf..ec5d1b3a1 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -305,7 +305,7 @@ function item_post(&$a) {
}
}
- $ACL = new AccessList($channel);
+ $acl = new AccessList($channel);
$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
@@ -318,28 +318,17 @@ function item_post(&$a) {
$private = 0;
// webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
if($webpage) {
- $str_group_allow = perms2str($_REQUEST['group_allow']);
- $str_contact_allow = perms2str($_REQUEST['contact_allow']);
- $str_group_deny = perms2str($_REQUEST['group_deny']);
- $str_contact_deny = perms2str($_REQUEST['contact_deny']);
+ $acl->set_from_arry($_REQUEST);
}
else {
- $str_group_allow = $orig_post['allow_gid'];
- $str_contact_allow = $orig_post['allow_cid'];
- $str_group_deny = $orig_post['deny_gid'];
- $str_contact_deny = $orig_post['deny_cid'];
+ $acl->set($orig_post);
$public_policy = $orig_post['public_policy'];
$private = $orig_post['item_private'];
}
- if((strlen($str_group_allow))
- || strlen($str_contact_allow)
- || strlen($str_group_deny)
- || strlen($str_contact_deny)
- || strlen($public_policy)
- || $private) {
+ if($private || $public_policy || $acl->is_private())
$private = 1;
- }
+
$location = $orig_post['location'];
$coord = $orig_post['coord'];
@@ -383,38 +372,12 @@ function item_post(&$a) {
}
else {
-
- // if coming from the API and no privacy settings are set,
- // use the user default permissions - as they won't have
- // been supplied via a form.
-
- if(($api_source)
- && (! array_key_exists('contact_allow',$_REQUEST))
- && (! array_key_exists('group_allow',$_REQUEST))
- && (! array_key_exists('contact_deny',$_REQUEST))
- && (! array_key_exists('group_deny',$_REQUEST))) {
- $str_group_allow = $channel['channel_allow_gid'];
- $str_contact_allow = $channel['channel_allow_cid'];
- $str_group_deny = $channel['channel_deny_gid'];
- $str_contact_deny = $channel['channel_deny_cid'];
- }
- elseif($walltowall) {
-
- // use the channel owner's default permissions
-
- $str_group_allow = $channel['channel_allow_gid'];
- $str_contact_allow = $channel['channel_allow_cid'];
- $str_group_deny = $channel['channel_deny_gid'];
- $str_contact_deny = $channel['channel_deny_cid'];
- }
- else {
-
- // use the posted permissions
-
- $str_group_allow = perms2str($_REQUEST['group_allow']);
- $str_contact_allow = perms2str($_REQUEST['contact_allow']);
- $str_group_deny = perms2str($_REQUEST['group_deny']);
- $str_contact_deny = perms2str($_REQUEST['contact_deny']);
+ if((! $walltowall) &&
+ ((array_key_exists('contact_allow',$_REQUEST))
+ || (array_key_exists('group_allow',$_REQUEST))
+ || (array_key_exists('contact_deny',$_REQUEST))
+ || (array_key_exists('group_deny',$_REQUEST)))) {
+ $acl->set_from_array($_REQUEST);
}
@@ -426,33 +389,15 @@ function item_post(&$a) {
$body .= trim($_REQUEST['attachment']);
$postopts = '';
- $private = (
- ( strlen($str_group_allow)
- || strlen($str_contact_allow)
- || strlen($str_group_deny)
- || strlen($str_contact_deny)
- || strlen($public_policy)
- ) ? 1 : 0);
+ $private = intval($acl->is_private() || ($public_policy));
// If this is a comment, set the permissions from the parent.
if($parent_item) {
$private = 0;
-
- if(($parent_item['item_private'])
- || strlen($parent_item['allow_cid'])
- || strlen($parent_item['allow_gid'])
- || strlen($parent_item['deny_cid'])
- || strlen($parent_item['deny_gid'])
- || strlen($parent_item['public_policy'])) {
- $private = (($parent_item['item_private']) ? $parent_item['item_private'] : 1);
- }
-
+ $acl->set($parent_item);
+ $private = intval($acl->is_private() || $parent_item['item_private']);
$public_policy = $parent_item['public_policy'];
- $str_contact_allow = $parent_item['allow_cid'];
- $str_group_allow = $parent_item['allow_gid'];
- $str_contact_deny = $parent_item['deny_cid'];
- $str_group_deny = $parent_item['deny_gid'];
$owner_hash = $parent_item['owner_xchan'];
}
@@ -507,6 +452,11 @@ function item_post(&$a) {
}
}
+ $gacl = $acl->get();
+ $str_contact_allow = $gacl['allow_cid'];
+ $str_group_allow = $gacl['allow_gid'];
+ $str_contact_deny = $gacl['deny_cid'];
+ $str_group_deny = $gacl['deny_gid'];
if($mimetype === 'text/bbcode') {
@@ -571,9 +521,6 @@ function item_post(&$a) {
$body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','red_zrlify_img_callback',$body);
-
-
-
$body = bb_translate_video($body);
/**