diff options
author | Mario <mario@mariovavti.com> | 2022-01-23 15:03:26 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2022-01-23 15:03:26 +0000 |
commit | a8ac231667b4266d10e0e8110219ddc5dfa6686e (patch) | |
tree | 58425d0d253b9e2cdfa73039e565e0622da4d423 | |
parent | f7c8791a6d918bfc5ff920c3d97c289f4317760a (diff) | |
download | volse-hubzilla-a8ac231667b4266d10e0e8110219ddc5dfa6686e.tar.gz volse-hubzilla-a8ac231667b4266d10e0e8110219ddc5dfa6686e.tar.bz2 volse-hubzilla-a8ac231667b4266d10e0e8110219ddc5dfa6686e.zip |
make sure that if an existing contact role changes we will re-assign the permissions to all role members and cleanup
-rw-r--r-- | Zotlabs/Lib/Permcat.php | 63 | ||||
-rw-r--r-- | Zotlabs/Module/Permcats.php | 167 |
2 files changed, 129 insertions, 101 deletions
diff --git a/Zotlabs/Lib/Permcat.php b/Zotlabs/Lib/Permcat.php index bda35a9cb..22b617f6e 100644 --- a/Zotlabs/Lib/Permcat.php +++ b/Zotlabs/Lib/Permcat.php @@ -4,7 +4,6 @@ namespace Zotlabs\Lib; use Zotlabs\Access\PermissionRoles; use Zotlabs\Access\Permissions; -use Zotlabs\Lib\Libsync; use Zotlabs\Daemon\Master; /** @@ -40,33 +39,33 @@ class Permcat { // first check role perms for a perms_connect setting - $role = get_pconfig($channel_id,'system','permissions_role'); - if($role) { + $role = get_pconfig($channel_id, 'system', 'permissions_role'); + if ($role) { $x = PermissionRoles::role_perms($role); - if($x['perms_connect']) { + if ($x['perms_connect']) { $perms = Permissions::FilledPerms($x['perms_connect']); } } // if no role perms it may be a custom role, see if there any autoperms - if(! $perms) { + if (!$perms) { $perms = Permissions::FilledAutoPerms($channel_id); } // if no autoperms it may be a custom role with manual perms - if(! $perms) { + if (!$perms) { $r = q("select channel_hash from channel where channel_id = %d", intval($channel_id) ); - if($r) { + if ($r) { $x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'", intval($channel_id), dbesc($r[0]['channel_hash']) ); - if($x) { - foreach($x as $xv) { + if ($x) { + foreach ($x as $xv) { $perms[$xv['k']] = intval($xv['v']); } } @@ -75,13 +74,13 @@ class Permcat { // nothing was found - create a filled permission array where all permissions are 0 - if(! $perms) { + if (!$perms) { $perms = Permissions::FilledPerms([]); } $this->permcats[] = [ 'name' => 'default', - 'localname' => t('Default','permcat'), + 'localname' => t('Default', 'permcat'), 'perms' => Permissions::Operms($perms), 'raw_perms' => $perms, 'system' => 1 @@ -89,8 +88,8 @@ class Permcat { $p = $this->load_permcats($channel_id); - if($p) { - for($x = 0; $x < count($p); $x++) { + if ($p) { + for ($x = 0; $x < count($p); $x++) { $this->permcats[] = [ 'name' => $p[$x][0], 'localname' => $p[$x][1], @@ -120,9 +119,9 @@ class Permcat { * * \e bool \b error if $name not found in permcats true */ public function fetch($name) { - if($name && $this->permcats) { - foreach($this->permcats as $permcat) { - if(strcasecmp($permcat['name'], $name) === 0) { + if ($name && $this->permcats) { + foreach ($this->permcats as $permcat) { + if (strcasecmp($permcat['name'], $name) === 0) { return $permcat; } } @@ -132,7 +131,7 @@ class Permcat { } public function load_permcats($uid) { -/* + /* $permcats = [ [ 'contributor', t('Contributor','permcat'), [ 'view_stream','view_profile','view_contacts','view_storage','view_pages', @@ -144,16 +143,16 @@ class Permcat { 'post_comments','write_wiki','post_like' ], 1 ], ]; -*/ - if($uid) { + */ + if ($uid) { $x = q("select * from pconfig where uid = %d and cat = 'permcat'", intval($uid) ); - if($x) { - foreach($x as $xv) { - $value = ((preg_match('|^a:[0-9]+:{.*}$|s', $xv['v'])) ? unserialize($xv['v']) : $xv['v']); - $permcats[] = [ $xv['k'], $xv['k'], $value, 0 ]; + if ($x) { + foreach ($x as $xv) { + $value = ((preg_match('|^a:[0-9]+:{.*}$|s', $xv['v'])) ? unserialize($xv['v']) : $xv['v']); + $permcats[] = [$xv['k'], $xv['k'], $value, 0]; } } } @@ -168,11 +167,11 @@ class Permcat { } static public function find_permcat($arr, $name) { - if((! $arr) || (! $name)) + if ((!$arr) || (!$name)) return false; - foreach($arr as $p) - if($p['name'] == $name) + foreach ($arr as $p) + if ($p['name'] == $name) return $p['value']; } @@ -193,17 +192,17 @@ class Permcat { */ public static function assign($channel, $role, $contacts) { - if(!isset($channel['channel_id'])) { + if (!isset($channel['channel_id'])) { return; } - if(!is_array($contacts) || empty($contacts)) { + if (!is_array($contacts) || empty($contacts)) { return; } - if(!$role) { + if (!$role) { // lookup the default - $role = get_pconfig($channel_id, 'system', 'default_permcat', 'default'); + $role = get_pconfig($channel['channel_id'], 'system', 'default_permcat', 'default'); } @@ -231,10 +230,10 @@ class Permcat { foreach ($contacts as $contact) { foreach ($all_perms as $perm => $desc) { if (array_key_exists($perm, $perms)) { - $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', " . intval($perms[$perm]) . "),"; + $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', " . intval($perms[$perm]) . "),"; } else { - $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', 0), "; + $values_sql .= " (" . intval($channel['channel_id']) . ", " . protect_sprintf($contact) . ", 'my_perms', '" . dbesc($perm) . "', 0), "; } } } diff --git a/Zotlabs/Module/Permcats.php b/Zotlabs/Module/Permcats.php index 8be5bba88..540d7627d 100644 --- a/Zotlabs/Module/Permcats.php +++ b/Zotlabs/Module/Permcats.php @@ -3,35 +3,38 @@ namespace Zotlabs\Module; use App; +use Zotlabs\Access\PermissionLimits; +use Zotlabs\Access\Permissions; use Zotlabs\Web\Controller; -use Zotlabs\Lib\Apps; use Zotlabs\Lib\Libsync; use Zotlabs\Lib\AccessList; +use Zotlabs\Lib\Permcat; class Permcats extends Controller { function post() { - if(! local_channel()) + if (!local_channel()) return; $channel = App::get_channel(); check_form_security_token_redirectOnErr('/permcats', 'permcats'); - $name = escape_tags(trim($_REQUEST['name'])); + $name = escape_tags(trim($_REQUEST['name'])); $is_system_role = isset($_REQUEST['is_system_role']); - $return_path = z_root() . '/permcats/' . $_REQUEST['return_path']; - $group_hash = $_REQUEST['group_select'] ?? ''; - $deleted_role = $_REQUEST['deleted_role'] ?? ''; - $new_role = $_REQUEST['new_role'] ?? ''; - $contacts = []; + $return_path = z_root() . '/permcats/' . $_REQUEST['return_path']; + $group_hash = $_REQUEST['group_select'] ?? ''; + $deleted_role = $_REQUEST['deleted_role'] ?? ''; + $new_role = $_REQUEST['new_role'] ?? ''; + $contacts = []; + if (argv(1) && hex2bin(argv(1)) !== $name) { $return_path = z_root() . '/permcats/' . bin2hex($name); } - if($deleted_role && $new_role) { + if ($deleted_role && $new_role) { $r = q("SELECT abook_xchan FROM abook WHERE abook_channel = %d AND abook_role = '%s' AND abook_self = 0 AND abook_pending = 0", intval(local_channel()), dbesc($deleted_role) @@ -42,13 +45,13 @@ class Permcats extends Controller { } if ($contacts) { - \Zotlabs\Lib\Permcat::assign($channel, $new_role, $contacts); + Permcat::assign($channel, $new_role, $contacts); } - \Zotlabs\Lib\Permcat::delete(local_channel(), $deleted_role); + Permcat::delete(local_channel(), $deleted_role); $default_role = get_pconfig(local_channel(), 'system', 'default_permcat', 'default'); - if($deleted_role === $default_role) { + if ($deleted_role === $default_role) { set_pconfig(local_channel(), 'system', 'default_permcat', $new_role); } @@ -70,6 +73,7 @@ class Permcats extends Controller { } } + $group = null; if (!$contacts && $group_hash) { $group = AccessList::by_hash(local_channel(), $group_hash); } @@ -78,8 +82,8 @@ class Permcats extends Controller { $contacts = AccessList::members_xchan(local_channel(), $group['id']); } - if(! $name ) { - notice( t('Permission category name is required.') . EOL); + if (!$name) { + notice(t('Permission category name is required.') . EOL); return; } @@ -92,35 +96,62 @@ class Permcats extends Controller { if ($is_system_role) { // if we have a system role just set the default and assign if aplicable and be done with it if ($contacts) { - \Zotlabs\Lib\Permcat::assign($channel, $name, $contacts); + Permcat::assign($channel, $name, $contacts); } - info( t('Contact role saved.') . EOL); + info(t('Contact role saved.') . EOL); Libsync::build_sync_packet(); goaway($return_path); return; } - $pcarr = []; - $all_perms = \Zotlabs\Access\Permissions::Perms(); + $pcarr = []; + $all_perms = Permissions::Perms(); - if($all_perms) { - foreach($all_perms as $perm => $desc) { - if(array_key_exists('perms_' . $perm, $_POST)) { + if ($all_perms) { + foreach ($all_perms as $perm => $desc) { + if (array_key_exists('perms_' . $perm, $_POST)) { $pcarr[] = $perm; } } } - \Zotlabs\Lib\Permcat::update(local_channel(), $name, $pcarr); + $pcat = new Permcat(local_channel()); + $pcatlist = $pcat->listing(); + $existing_raw_perms = []; + + if ($pcatlist) { + foreach ($pcatlist as $pc) { + if ($pc['name'] && ($pc['name'] === $name)) { + $existing_raw_perms = $pc['raw_perms']; + } + } + } + + if (!$contacts && array_diff_assoc($existing_raw_perms, Permissions::FilledPerms($pcarr))) { + // If we don't haver yet anyone to assign the role to and an existing role has changed, + // we will re-assign the changed role to all its members. + + $r = q("SELECT abook_xchan FROM abook WHERE abook_channel = %d AND abook_role = '%s' AND abook_self = 0 AND abook_pending = 0", + intval(local_channel()), + dbesc($name) + ); + + if ($r) { + $contacts = ids_to_array($r, 'abook_xchan'); + } + + } + + Permcat::update(local_channel(), $name, $pcarr); if ($contacts) { - \Zotlabs\Lib\Permcat::assign($channel, $name, $contacts); + Permcat::assign($channel, $name, $contacts); } Libsync::build_sync_packet(); - info( t('Contact role saved.') . EOL); + info(t('Contact role saved.') . EOL); goaway($return_path); return; @@ -129,35 +160,34 @@ class Permcats extends Controller { function get() { - if(! local_channel()) - return; + if (!local_channel()) + return EMPTY_STR; nav_set_selected('Contact Roles'); - $channel = App::get_channel(); - - if(argc() > 1) { + $name = ''; + if (argc() > 1) { $name = hex2bin(argv(1)); } - $existing = []; - - $pcat = new \Zotlabs\Lib\Permcat(local_channel()); - $pcatlist = $pcat->listing(); - - $is_system_role = false; + $perms = []; + $existing = []; + $pcat = new Permcat(local_channel()); + $pcatlist = $pcat->listing(); + $is_system_role = false; $delete_role_select_options = []; - $is_default_role = (get_pconfig(local_channel(),'system','default_permcat','default') === $name); + $is_default_role = (get_pconfig(local_channel(), 'system', 'default_permcat', 'default') === $name); + $localname = ''; - if($pcatlist) { - foreach($pcatlist as $pc) { - if(($pc['name']) && ($name) && ($pc['name'] == $name)) { + if ($pcatlist) { + foreach ($pcatlist as $pc) { + if ($pc['name'] && $name && ($pc['name'] === $name)) { $existing = $pc['perms']; if (isset($pc['system']) && intval($pc['system'])) $is_system_role = $pc['name']; } - if($pc['name'] == $name) { + if ($pc['name'] == $name) { $localname = $pc['localname']; } @@ -177,13 +207,13 @@ class Permcats extends Controller { $delete_role_select_options ]; - $global_perms = \Zotlabs\Access\Permissions::Perms(); + $global_perms = Permissions::Perms(); - foreach($global_perms as $k => $v) { - $thisperm = \Zotlabs\Lib\Permcat::find_permcat($existing,$k); - $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k); + foreach ($global_perms as $k => $v) { + $thisperm = Permcat::find_permcat($existing, $k); + $checkinherited = PermissionLimits::Get(local_channel(), $k); - if($existing[$k]) + if ($existing[$k]) $thisperm = 1; $perms[] = [ @@ -198,14 +228,13 @@ class Permcats extends Controller { ]; } - $group_select_options = [ 'selected' => '', - 'form_id' => 'group_select', - 'label' => t('Assign this role to'), - 'after' => [ - 'name' => t('All my contacts'), - 'id' => 'all_contacts', + 'form_id' => 'group_select', + 'label' => t('Assign this role to'), + 'after' => [ + 'name' => t('All my contacts'), + 'id' => 'all_contacts', 'selected' => false ] ]; @@ -213,25 +242,25 @@ class Permcats extends Controller { $group_select = AccessList::select(local_channel(), $group_select_options); $tpl = get_markup_template("permcats.tpl"); - $o .= replace_macros($tpl, array( + $o = replace_macros($tpl, [ '$form_security_token' => get_form_security_token("permcats"), - '$default_role' => array('default_role', t('Automatically assign this role to new contacts'), intval($is_default_role), '', [t('No'), t('Yes')]), - '$title' => t('Contact Roles'), - '$name' => ['name', t('Role name') . ' <span class="required">*</span>', (($localname) ? $localname : ''), (($is_system_role) ? t('System role - not editable') : '') , '', (($is_system_role) ? 'disabled' : '')], - '$delete_label' => t('Deleting') . ' ' . $localname, - '$current_role' => $name, - '$perms' => $perms, - '$inherited' => t('inherited'), - '$is_system_role' => $is_system_role, - '$permlbl' => t('Role Permissions'), - '$permnote' => t('Some permissions may be inherited from your <a href="settings">channel role</a>, which have higher priority than contact role settings.'), - '$submit' => t('Submit'), - '$return_path' => argv(1), - '$group_select' => $group_select, - '$delete_role_select' => $delete_role_select, - '$delet_role_button' => t('Delete') - - )); + '$default_role' => ['default_role', t('Automatically assign this role to new contacts'), intval($is_default_role), '', [t('No'), t('Yes')]], + '$title' => t('Contact Roles'), + '$name' => ['name', t('Role name') . ' <span class="required">*</span>', (($localname) ? $localname : ''), (($is_system_role) ? t('System role - not editable') : ''), '', (($is_system_role) ? 'disabled' : '')], + '$delete_label' => t('Deleting') . ' ' . $localname, + '$current_role' => $name, + '$perms' => $perms, + '$inherited' => t('inherited'), + '$is_system_role' => $is_system_role, + '$permlbl' => t('Role Permissions'), + '$permnote' => t('Some permissions may be inherited from your <a href="settings">channel role</a>, which have higher priority than contact role settings.'), + '$submit' => t('Submit'), + '$return_path' => argv(1), + '$group_select' => $group_select, + '$delete_role_select' => $delete_role_select, + '$delet_role_button' => t('Delete') + ]); + return $o; } |