aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2022-01-23 15:03:26 +0000
committerMario <mario@mariovavti.com>2022-01-23 15:03:26 +0000
commita8ac231667b4266d10e0e8110219ddc5dfa6686e (patch)
tree58425d0d253b9e2cdfa73039e565e0622da4d423
parentf7c8791a6d918bfc5ff920c3d97c289f4317760a (diff)
downloadvolse-hubzilla-a8ac231667b4266d10e0e8110219ddc5dfa6686e.tar.gz
volse-hubzilla-a8ac231667b4266d10e0e8110219ddc5dfa6686e.tar.bz2
volse-hubzilla-a8ac231667b4266d10e0e8110219ddc5dfa6686e.zip
make sure that if an existing contact role changes we will re-assign the permissions to all role members and cleanup
-rw-r--r--Zotlabs/Lib/Permcat.php63
-rw-r--r--Zotlabs/Module/Permcats.php167
2 files changed, 129 insertions, 101 deletions
diff --git a/Zotlabs/Lib/Permcat.php b/Zotlabs/Lib/Permcat.php
index bda35a9cb..22b617f6e 100644
--- a/Zotlabs/Lib/Permcat.php
+++ b/Zotlabs/Lib/Permcat.php
@@ -4,7 +4,6 @@ namespace Zotlabs\Lib;
use Zotlabs\Access\PermissionRoles;
use Zotlabs\Access\Permissions;
-use Zotlabs\Lib\Libsync;
use Zotlabs\Daemon\Master;
/**
@@ -40,33 +39,33 @@ class Permcat {
// first check role perms for a perms_connect setting
- $role = get_pconfig($channel_id,'system','permissions_role');
- if($role) {
+ $role = get_pconfig($channel_id, 'system', 'permissions_role');
+ if ($role) {
$x = PermissionRoles::role_perms($role);
- if($x['perms_connect']) {
+ if ($x['perms_connect']) {
$perms = Permissions::FilledPerms($x['perms_connect']);
}
}
// if no role perms it may be a custom role, see if there any autoperms
- if(! $perms) {
+ if (!$perms) {
$perms = Permissions::FilledAutoPerms($channel_id);
}
// if no autoperms it may be a custom role with manual perms
- if(! $perms) {
+ if (!$perms) {
$r = q("select channel_hash from channel where channel_id = %d",
intval($channel_id)
);
- if($r) {
+ if ($r) {
$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
intval($channel_id),
dbesc($r[0]['channel_hash'])
);
- if($x) {
- foreach($x as $xv) {
+ if ($x) {
+ foreach ($x as $xv) {
$perms[$xv['k']] = intval($xv['v']);
}
}
@@ -75,13 +74,13 @@ class Permcat {
// nothing was found - create a filled permission array where all permissions are 0
- if(! $perms) {
+ if (!$perms) {
$perms = Permissions::FilledPerms([]);
}
$this->permcats[] = [
'name' => 'default',
- 'localname' => t('Default','permcat'),
+ 'localname' => t('Default', 'permcat'),
'perms' => Permissions::Operms($perms),
'raw_perms' => $perms,
'system' => 1
@@ -89,8 +88,8 @@ class Permcat {
$p = $this->load_permcats($channel_id);
- if($p) {
- for($x = 0; $x < count($p); $x++) {
+ if ($p) {
+ for ($x = 0; $x < count($p); $x++) {
$this->permcats[] = [
'name' => $p[$x][0],
'localname' => $p[$x][1],
@@ -120,9 +119,9 @@ class Permcat {
* * \e bool \b error if $name not found in permcats true
*/
public function fetch($name) {
- if($name && $this->permcats) {
- foreach($this->permcats as $permcat) {
- if(strcasecmp($permcat['name'], $name) === 0) {
+ if ($name && $this->permcats) {
+ foreach ($this->permcats as $permcat) {
+ if (strcasecmp($permcat['name'], $name) === 0) {
return $permcat;
}
}
@@ -132,7 +131,7 @@ class Permcat {
}
public function load_permcats($uid) {
-/*
+ /*
$permcats = [
[ 'contributor', t('Contributor','permcat'),
[ 'view_stream','view_profile','view_contacts','view_storage','view_pages',
@@ -144,16 +143,16 @@ class Permcat {
'post_comments','write_wiki','post_like' ], 1
],
];
-*/
- if($uid) {
+ */
+ if ($uid) {
$x = q("select * from pconfig where uid = %d and cat = 'permcat'",
intval($uid)
);
- if($x) {
- foreach($x as $xv) {
- $value = ((preg_match('|^a:[0-9]+:{.*}$|s', $xv['v'])) ? unserialize($xv['v']) : $xv['v']);
- $permcats[] = [ $xv['k'], $xv['k'], $value, 0 ];
+ if ($x) {
+ foreach ($x as $xv) {
+ $value = ((preg_match('|^a:[0-9]+:{.*}$|s', $xv['v'])) ? unserialize($xv['v']) : $xv['v']);
+ $permcats[] = [$xv['k'], $xv['k'], $value, 0];
}
}
}
@@ -168,11 +167,11 @@ class Permcat {
}
static public function find_permcat($arr, $name) {
- if((! $arr) || (! $name))
+ if ((!$arr) || (!$name))
return false;
- foreach($arr as $p)
- if($p['name'] == $name)
+ foreach ($arr as $p)
+ if ($p['name'] == $name)
return $p['value'];
}
@@ -193,17 +192,17 @@ class Permcat {
*/
public static function assign($channel, $role, $contacts) {
- if(!isset($channel['channel_id'])) {
+ if (!isset($channel['channel_id'])) {
return;
}
- if(!is_array($contacts) || empty($contacts)) {
+ if (!is_array($contacts) || empty($contacts)) {
return;
}
- if(!$role) {
+ if (!$role) {
// lookup the default
- $role = get_pconfig($channel_id, 'system', 'default_permcat', 'default');
+ $role = get_pconfig($channel['channel_id'], 'system', 'default_permcat', 'default');
}
@@ -231,10 +230,10 @@ class Permcat {
foreach ($contacts as $contact) {
foreach ($all_perms as $perm => $desc) {
if (array_key_exists($perm, $perms)) {
- $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', " . intval($perms[$perm]) . "),";
+ $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', " . intval($perms[$perm]) . "),";
}
else {
- $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', 0), ";
+ $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', 0), ";
}
}
}
diff --git a/Zotlabs/Module/Permcats.php b/Zotlabs/Module/Permcats.php
index 8be5bba88..540d7627d 100644
--- a/Zotlabs/Module/Permcats.php
+++ b/Zotlabs/Module/Permcats.php
@@ -3,35 +3,38 @@
namespace Zotlabs\Module;
use App;
+use Zotlabs\Access\PermissionLimits;
+use Zotlabs\Access\Permissions;
use Zotlabs\Web\Controller;
-use Zotlabs\Lib\Apps;
use Zotlabs\Lib\Libsync;
use Zotlabs\Lib\AccessList;
+use Zotlabs\Lib\Permcat;
class Permcats extends Controller {
function post() {
- if(! local_channel())
+ if (!local_channel())
return;
$channel = App::get_channel();
check_form_security_token_redirectOnErr('/permcats', 'permcats');
- $name = escape_tags(trim($_REQUEST['name']));
+ $name = escape_tags(trim($_REQUEST['name']));
$is_system_role = isset($_REQUEST['is_system_role']);
- $return_path = z_root() . '/permcats/' . $_REQUEST['return_path'];
- $group_hash = $_REQUEST['group_select'] ?? '';
- $deleted_role = $_REQUEST['deleted_role'] ?? '';
- $new_role = $_REQUEST['new_role'] ?? '';
- $contacts = [];
+ $return_path = z_root() . '/permcats/' . $_REQUEST['return_path'];
+ $group_hash = $_REQUEST['group_select'] ?? '';
+ $deleted_role = $_REQUEST['deleted_role'] ?? '';
+ $new_role = $_REQUEST['new_role'] ?? '';
+ $contacts = [];
+
if (argv(1) && hex2bin(argv(1)) !== $name) {
$return_path = z_root() . '/permcats/' . bin2hex($name);
}
- if($deleted_role && $new_role) {
+ if ($deleted_role && $new_role) {
$r = q("SELECT abook_xchan FROM abook WHERE abook_channel = %d AND abook_role = '%s' AND abook_self = 0 AND abook_pending = 0",
intval(local_channel()),
dbesc($deleted_role)
@@ -42,13 +45,13 @@ class Permcats extends Controller {
}
if ($contacts) {
- \Zotlabs\Lib\Permcat::assign($channel, $new_role, $contacts);
+ Permcat::assign($channel, $new_role, $contacts);
}
- \Zotlabs\Lib\Permcat::delete(local_channel(), $deleted_role);
+ Permcat::delete(local_channel(), $deleted_role);
$default_role = get_pconfig(local_channel(), 'system', 'default_permcat', 'default');
- if($deleted_role === $default_role) {
+ if ($deleted_role === $default_role) {
set_pconfig(local_channel(), 'system', 'default_permcat', $new_role);
}
@@ -70,6 +73,7 @@ class Permcats extends Controller {
}
}
+ $group = null;
if (!$contacts && $group_hash) {
$group = AccessList::by_hash(local_channel(), $group_hash);
}
@@ -78,8 +82,8 @@ class Permcats extends Controller {
$contacts = AccessList::members_xchan(local_channel(), $group['id']);
}
- if(! $name ) {
- notice( t('Permission category name is required.') . EOL);
+ if (!$name) {
+ notice(t('Permission category name is required.') . EOL);
return;
}
@@ -92,35 +96,62 @@ class Permcats extends Controller {
if ($is_system_role) {
// if we have a system role just set the default and assign if aplicable and be done with it
if ($contacts) {
- \Zotlabs\Lib\Permcat::assign($channel, $name, $contacts);
+ Permcat::assign($channel, $name, $contacts);
}
- info( t('Contact role saved.') . EOL);
+ info(t('Contact role saved.') . EOL);
Libsync::build_sync_packet();
goaway($return_path);
return;
}
- $pcarr = [];
- $all_perms = \Zotlabs\Access\Permissions::Perms();
+ $pcarr = [];
+ $all_perms = Permissions::Perms();
- if($all_perms) {
- foreach($all_perms as $perm => $desc) {
- if(array_key_exists('perms_' . $perm, $_POST)) {
+ if ($all_perms) {
+ foreach ($all_perms as $perm => $desc) {
+ if (array_key_exists('perms_' . $perm, $_POST)) {
$pcarr[] = $perm;
}
}
}
- \Zotlabs\Lib\Permcat::update(local_channel(), $name, $pcarr);
+ $pcat = new Permcat(local_channel());
+ $pcatlist = $pcat->listing();
+ $existing_raw_perms = [];
+
+ if ($pcatlist) {
+ foreach ($pcatlist as $pc) {
+ if ($pc['name'] && ($pc['name'] === $name)) {
+ $existing_raw_perms = $pc['raw_perms'];
+ }
+ }
+ }
+
+ if (!$contacts && array_diff_assoc($existing_raw_perms, Permissions::FilledPerms($pcarr))) {
+ // If we don't haver yet anyone to assign the role to and an existing role has changed,
+ // we will re-assign the changed role to all its members.
+
+ $r = q("SELECT abook_xchan FROM abook WHERE abook_channel = %d AND abook_role = '%s' AND abook_self = 0 AND abook_pending = 0",
+ intval(local_channel()),
+ dbesc($name)
+ );
+
+ if ($r) {
+ $contacts = ids_to_array($r, 'abook_xchan');
+ }
+
+ }
+
+ Permcat::update(local_channel(), $name, $pcarr);
if ($contacts) {
- \Zotlabs\Lib\Permcat::assign($channel, $name, $contacts);
+ Permcat::assign($channel, $name, $contacts);
}
Libsync::build_sync_packet();
- info( t('Contact role saved.') . EOL);
+ info(t('Contact role saved.') . EOL);
goaway($return_path);
return;
@@ -129,35 +160,34 @@ class Permcats extends Controller {
function get() {
- if(! local_channel())
- return;
+ if (!local_channel())
+ return EMPTY_STR;
nav_set_selected('Contact Roles');
- $channel = App::get_channel();
-
- if(argc() > 1) {
+ $name = '';
+ if (argc() > 1) {
$name = hex2bin(argv(1));
}
- $existing = [];
-
- $pcat = new \Zotlabs\Lib\Permcat(local_channel());
- $pcatlist = $pcat->listing();
-
- $is_system_role = false;
+ $perms = [];
+ $existing = [];
+ $pcat = new Permcat(local_channel());
+ $pcatlist = $pcat->listing();
+ $is_system_role = false;
$delete_role_select_options = [];
- $is_default_role = (get_pconfig(local_channel(),'system','default_permcat','default') === $name);
+ $is_default_role = (get_pconfig(local_channel(), 'system', 'default_permcat', 'default') === $name);
+ $localname = '';
- if($pcatlist) {
- foreach($pcatlist as $pc) {
- if(($pc['name']) && ($name) && ($pc['name'] == $name)) {
+ if ($pcatlist) {
+ foreach ($pcatlist as $pc) {
+ if ($pc['name'] && $name && ($pc['name'] === $name)) {
$existing = $pc['perms'];
if (isset($pc['system']) && intval($pc['system']))
$is_system_role = $pc['name'];
}
- if($pc['name'] == $name) {
+ if ($pc['name'] == $name) {
$localname = $pc['localname'];
}
@@ -177,13 +207,13 @@ class Permcats extends Controller {
$delete_role_select_options
];
- $global_perms = \Zotlabs\Access\Permissions::Perms();
+ $global_perms = Permissions::Perms();
- foreach($global_perms as $k => $v) {
- $thisperm = \Zotlabs\Lib\Permcat::find_permcat($existing,$k);
- $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
+ foreach ($global_perms as $k => $v) {
+ $thisperm = Permcat::find_permcat($existing, $k);
+ $checkinherited = PermissionLimits::Get(local_channel(), $k);
- if($existing[$k])
+ if ($existing[$k])
$thisperm = 1;
$perms[] = [
@@ -198,14 +228,13 @@ class Permcats extends Controller {
];
}
-
$group_select_options = [
'selected' => '',
- 'form_id' => 'group_select',
- 'label' => t('Assign this role to'),
- 'after' => [
- 'name' => t('All my contacts'),
- 'id' => 'all_contacts',
+ 'form_id' => 'group_select',
+ 'label' => t('Assign this role to'),
+ 'after' => [
+ 'name' => t('All my contacts'),
+ 'id' => 'all_contacts',
'selected' => false
]
];
@@ -213,25 +242,25 @@ class Permcats extends Controller {
$group_select = AccessList::select(local_channel(), $group_select_options);
$tpl = get_markup_template("permcats.tpl");
- $o .= replace_macros($tpl, array(
+ $o = replace_macros($tpl, [
'$form_security_token' => get_form_security_token("permcats"),
- '$default_role' => array('default_role', t('Automatically assign this role to new contacts'), intval($is_default_role), '', [t('No'), t('Yes')]),
- '$title' => t('Contact Roles'),
- '$name' => ['name', t('Role name') . ' <span class="required">*</span>', (($localname) ? $localname : ''), (($is_system_role) ? t('System role - not editable') : '') , '', (($is_system_role) ? 'disabled' : '')],
- '$delete_label' => t('Deleting') . ' ' . $localname,
- '$current_role' => $name,
- '$perms' => $perms,
- '$inherited' => t('inherited'),
- '$is_system_role' => $is_system_role,
- '$permlbl' => t('Role Permissions'),
- '$permnote' => t('Some permissions may be inherited from your <a href="settings">channel role</a>, which have higher priority than contact role settings.'),
- '$submit' => t('Submit'),
- '$return_path' => argv(1),
- '$group_select' => $group_select,
- '$delete_role_select' => $delete_role_select,
- '$delet_role_button' => t('Delete')
-
- ));
+ '$default_role' => ['default_role', t('Automatically assign this role to new contacts'), intval($is_default_role), '', [t('No'), t('Yes')]],
+ '$title' => t('Contact Roles'),
+ '$name' => ['name', t('Role name') . ' <span class="required">*</span>', (($localname) ? $localname : ''), (($is_system_role) ? t('System role - not editable') : ''), '', (($is_system_role) ? 'disabled' : '')],
+ '$delete_label' => t('Deleting') . ' ' . $localname,
+ '$current_role' => $name,
+ '$perms' => $perms,
+ '$inherited' => t('inherited'),
+ '$is_system_role' => $is_system_role,
+ '$permlbl' => t('Role Permissions'),
+ '$permnote' => t('Some permissions may be inherited from your <a href="settings">channel role</a>, which have higher priority than contact role settings.'),
+ '$submit' => t('Submit'),
+ '$return_path' => argv(1),
+ '$group_select' => $group_select,
+ '$delete_role_select' => $delete_role_select,
+ '$delet_role_button' => t('Delete')
+ ]);
+
return $o;
}