aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormarijus <mario@mariovavti.com>2015-02-05 21:16:21 +0100
committermarijus <mario@mariovavti.com>2015-02-05 21:16:21 +0100
commitbe0e6ed6d7467991b51f40266ad9a149cdcda247 (patch)
tree02960eefa22ea0f4b42a443b2030b30f64b94f15
parent9ed23f9081b56369349d4e06c51e3856f950804e (diff)
downloadvolse-hubzilla-be0e6ed6d7467991b51f40266ad9a149cdcda247.tar.gz
volse-hubzilla-be0e6ed6d7467991b51f40266ad9a149cdcda247.tar.bz2
volse-hubzilla-be0e6ed6d7467991b51f40266ad9a149cdcda247.zip
make file activity respect parent dir permissions work
-rw-r--r--include/attach.php88
1 files changed, 66 insertions, 22 deletions
diff --git a/include/attach.php b/include/attach.php
index a300e34b0..38fe3173b 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -980,13 +980,14 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid,
if($is_dir)
return;
-/*
//check for recursive perms if we are in a folder
if($object['folder']) {
$folder_hash = $object['folder'];
- $r_perms = check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash);
+ $r_perms = recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash);
+
+ print_r($r_perms); killme();
$allow_cid = perms2str($r_perms['allow_cid']);
$allow_gid = perms2str($r_perms['allow_gid']);
@@ -994,8 +995,6 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid,
$deny_gid = perms2str($r_perms['deny_gid']);
}
-*/
-
$mid = item_message_id();
@@ -1147,12 +1146,13 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) {
'created' => $x[0]['created'],
'edited' => $x[0]['edited']
);
-
return $object;
}
-function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash) {
+function recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash) {
+
+ $poster = get_app()->get_observer();
$arr_allow_cid = expand_acl($allow_cid);
$arr_allow_gid = expand_acl($allow_gid);
@@ -1170,11 +1170,19 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo
$parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']);
$parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']);
+
+ //TODO: should find a much better solution for the allow_cid <-> allow_gid problem.
+ //Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid.
+ if($parent_arr['allow_gid']) {
+ foreach($parent_arr['allow_gid'][$count] as $gid) {
+ $in_group = in_group($gid);
+ $parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group));
+ }
+ }
+
$parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']);
$parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']);
- $parents_arr = $parent_arr;
-
$count++;
}
@@ -1183,6 +1191,16 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo
}
+ //if none of the parent folders is private just return file perms
+ if(!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) {
+ $ret['allow_gid'] = $arr_allow_gid;
+ $ret['allow_cid'] = $arr_allow_cid;
+ $ret['deny_gid'] = $arr_deny_gid;
+ $ret['deny_cid'] = $arr_deny_cid;
+
+ return $ret;
+ }
+
//if there are no perms on the file we get them from the first parent folder
if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) {
$arr_allow_cid = $parent_arr['allow_cid'][0];
@@ -1192,42 +1210,68 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo
}
//allow_cid
- foreach ($parents_arr['allow_cid'] as $folder_arr_allow_cid) {
+ $r_arr_allow_cid = false;
+ foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) {
foreach ($folder_arr_allow_cid as $ac_hash) {
$count_values[$ac_hash]++;
}
}
foreach ($arr_allow_cid as $fac_hash) {
- if(($count_values[$fac_hash]) && ($count_values[$fac_hash] == $count))
+ if($count_values[$fac_hash] == $count)
$r_arr_allow_cid[] = $fac_hash;
}
-
//allow_gid
- foreach ($parents_arr['allow_gid'] as $folder_arr_allow_gid) {
+ $r_arr_allow_gid = false;
+ foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) {
foreach ($folder_arr_allow_gid as $ag_hash) {
$count_values[$ag_hash]++;
}
}
foreach ($arr_allow_gid as $fag_hash) {
- if(($count_values[$fag_hash]) && ($count_values[$fag_hash] == $count))
+ if($count_values[$fag_hash] == $count)
$r_arr_allow_gid[] = $fag_hash;
}
//deny_gid
- foreach($parents_arr['deny_gid'] as $folder_arr_deny_gid) {
- $arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid);
+ foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) {
+ $r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid);
}
+ $r_arr_deny_gid = array_unique($r_arr_deny_gid);
//deny_cid
- foreach($parents_arr['deny_cid'] as $folder_arr_deny_cid) {
- $arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid);
+ foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) {
+ $r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid);
+ }
+ $r_arr_deny_cid = array_unique($r_arr_deny_cid);
+
+ //if none is allowed restrict to self
+ if(($r_arr_allow_gid === false) && ($r_arr_allow_gid === false)) {
+ $ret['allow_cid'] = $poster['xchan_hash'];
+ } else {
+ $ret['allow_gid'] = $r_arr_allow_gid;
+ $ret['allow_cid'] = $r_arr_allow_cid;
+ $ret['deny_gid'] = $r_arr_deny_gid;
+ $ret['deny_cid'] = $r_arr_deny_cid;
}
-
- $ret['allow_gid'] = $r_arr_allow_gid;
- $ret['allow_cid'] = $r_arr_allow_cid;
- $ret['deny_gid'] = array_unique($r_arr_deny_gid);
- $ret['deny_cid'] = array_unique($r_arr_deny_cid);
return $ret;
+
+}
+
+function in_group($group_id) {
+ //TODO: make these two queries one with a join.
+ $x = q("SELECT id FROM groups WHERE hash = '%s'",
+ dbesc($group_id)
+ );
+
+ $r = q("SELECT xchan FROM group_member WHERE gid = %d",
+ intval($x[0]['id'])
+ );
+
+ foreach($r as $ig) {
+ $group_members[] = $ig['xchan'];
+ }
+
+ return $group_members;
}