aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-07-31 23:17:07 -0700
committerredmatrix <git@macgirvin.com>2016-07-31 23:17:07 -0700
commit3d0c90cbc5b756c6d54c4d41a136c0a38e67b013 (patch)
tree175b6395415767523f1046ee42d654efaf1dac8a
parent9b9621e10d669e7d1bc18a781c40bfc5687330c3 (diff)
downloadvolse-hubzilla-3d0c90cbc5b756c6d54c4d41a136c0a38e67b013.tar.gz
volse-hubzilla-3d0c90cbc5b756c6d54c4d41a136c0a38e67b013.tar.bz2
volse-hubzilla-3d0c90cbc5b756c6d54c4d41a136c0a38e67b013.zip
allow individual permissions on atokens
-rw-r--r--Zotlabs/Module/Settings.php64
-rwxr-xr-xview/tpl/field_acheckbox.tpl2
-rw-r--r--view/tpl/settings_tokens.tpl44
3 files changed, 98 insertions, 12 deletions
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index af3a25c60..48ab6b8bf 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -164,7 +164,23 @@ class Settings extends \Zotlabs\Web\Controller {
dbesc($expires)
);
}
+
+ $atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $name;
+
+ $all_perms = \Zotlabs\Access\Permissions::Perms();
+
+ if($all_perms) {
+ foreach($all_perms as $perm => $desc) {
+ if(array_key_exists('perms_' . $perm, $_POST)) {
+ set_abconfig($channel['channel_id'],$atoken_xchan,'my_perms',$perm,intval($_POST['perms_' . $perm]));
+ }
+ else {
+ set_abconfig($channel['channel_id'],$atoken_xchan,'my_perms',$perm,0);
+ }
+ }
+ }
+
info( t('Token saved.') . EOL);
return;
}
@@ -270,7 +286,7 @@ class Settings extends \Zotlabs\Web\Controller {
$email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : '');
$account = \App::get_account();
if($email != $account['account_email']) {
- if(! valid_email($email))
+ if(! valid_email($email))
$errs[] = t('Not valid email.');
$adm = trim(get_config('system','admin_email'));
if(($adm) && (strcasecmp($email,$adm) == 0)) {
@@ -378,7 +394,7 @@ class Settings extends \Zotlabs\Web\Controller {
intval(local_channel())
);
}
- else {
+ else {
$role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($_POST['permissions_role']);
if(! $role_permissions) {
notice('Permissions category could not be found.');
@@ -773,9 +789,10 @@ class Settings extends \Zotlabs\Web\Controller {
intval(local_channel())
);
- if($atoken)
+ if($atoken) {
$atoken = $atoken[0];
-
+ $atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $atoken['atoken_name'];
+ }
if($atoken && argc() > 3 && argv(3) === 'drop') {
$r = q("delete from atoken where atoken_id = %d",
intval($id)
@@ -786,10 +803,40 @@ class Settings extends \Zotlabs\Web\Controller {
intval(local_channel())
);
- $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access the private content.');
+ $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access private content.');
$desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
+ $existing = get_all_perms(local_channel(),(($atoken_xchan) ? $atoken_xchan : ''));
+
+ if($atoken_xchan) {
+ $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'",
+ intval(local_channel()),
+ dbesc($atoken_xchan)
+ );
+ $their_perms = array();
+ if($theirs) {
+ foreach($theirs as $t) {
+ $their_perms[$t['k']] = $t['v'];
+ }
+ }
+ }
+ foreach($global_perms as $k => $v) {
+ $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
+//fixme
+
+ $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
+
+ if($existing[$k])
+ $thisperm = "1";
+
+ $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
+ }
+
+
+
$tpl = get_markup_template("settings_tokens.tpl");
$o .= replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("settings_tokens"),
@@ -803,6 +850,13 @@ class Settings extends \Zotlabs\Web\Controller {
'$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''),
'$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''),
'$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] != NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''),
+ '$them' => t('Their Settings'),
+ '$me' => t('My Settings'),
+ '$perms' => $perms,
+ '$inherited' => t('inherited'),
+ '$notself' => '1',
+ '$permlbl' => t('Individual Permissions'),
+ '$permnote' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'),
'$submit' => t('Submit')
));
return $o;
diff --git a/view/tpl/field_acheckbox.tpl b/view/tpl/field_acheckbox.tpl
index b54a4f3c3..c87b9ac79 100755
--- a/view/tpl/field_acheckbox.tpl
+++ b/view/tpl/field_acheckbox.tpl
@@ -9,7 +9,7 @@
</td>
{{/if}}
<td class="abook-me">
- {{if $self || !$field.5}}
+ {{if $self || !$field.5 || $twocol }}
<input type="checkbox" name='{{$field.0}}' class='abook-edit-me' id='me_id_{{$field.0}}' value="{{$field.4}}" {{if $field.3}}checked="checked"{{/if}} />
{{/if}}
{{if $notself && $field.5}}
diff --git a/view/tpl/settings_tokens.tpl b/view/tpl/settings_tokens.tpl
index 22af381e9..6f08ce971 100644
--- a/view/tpl/settings_tokens.tpl
+++ b/view/tpl/settings_tokens.tpl
@@ -17,13 +17,45 @@
<div class="settings-submit-wrapper form-group">
<button type="submit" name="submit" class="btn btn-primary">{{$submit}}</button>
</div>
- </form>
- <div class="descriptive-text">{{$desc2}}</div>
- <ul>
- <li>{{$url1}}<span class="zat-example">?f=&zat=<span class="token-mirror"></span></span></li>
- <li>{{$url2}}<span class="zat-example">?f=&zat=<span class="token-mirror"></span></span></li>
- </ul>
</div>
+
+ <div class="panel">
+ <div class="section-subtitle-wrapper" role="tab" id="perms-tool">
+ <h3>
+ <a data-toggle="collapse" data-parent="#contact-edit-tools" href="#perms-tool-collapse" aria-expanded="true" aria-controls="perms-tool-collapse">
+ {{$permlbl}}
+ </a>
+ </h3>
+ </div>
+ <div id="perms-tool-collapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="perms-tool">
+ <div class="section-content-tools-wrapper">
+ <div class="section-content-warning-wrapper">
+ {{$permnote}}
+ </div>
+
+ <table id="perms-tool-table" class=form-group>
+ <tr>
+ <td></td><td class="abook-them">{{$them}}</td><td colspan="2" class="abook-me">{{$me}}</td>
+ </tr>
+ {{foreach $perms as $prm}}
+ {{include file="field_acheckbox.tpl" field=$prm}}
+ {{/foreach}}
+ </table>
+
+ <div class="settings-submit-wrapper" >
+ <button type="submit" name="submit" class="btn btn-primary">{{$submit}}</button>
+ </div>
+ </div>
+ </div>
+ </div>
+ </form>
+
+ <div class="descriptive-text">{{$desc2}}</div>
+ <ul>
+ <li>{{$url1}}<span class="zat-example">?f=&zat=<span class="token-mirror"></span></span></li>
+ <li>{{$url2}}<span class="zat-example">?f=&zat=<span class="token-mirror"></span></span></li>
+ </ul>
+
{{if $tokens}}
<div class="section-content-wrapper-np">
<table id="atoken-index">