diff options
author | marijus <mario@mariovavti.com> | 2015-02-05 21:16:21 +0100 |
---|---|---|
committer | marijus <mario@mariovavti.com> | 2015-02-05 21:16:21 +0100 |
commit | be0e6ed6d7467991b51f40266ad9a149cdcda247 (patch) | |
tree | 02960eefa22ea0f4b42a443b2030b30f64b94f15 | |
parent | 9ed23f9081b56369349d4e06c51e3856f950804e (diff) | |
download | volse-hubzilla-be0e6ed6d7467991b51f40266ad9a149cdcda247.tar.gz volse-hubzilla-be0e6ed6d7467991b51f40266ad9a149cdcda247.tar.bz2 volse-hubzilla-be0e6ed6d7467991b51f40266ad9a149cdcda247.zip |
make file activity respect parent dir permissions work
-rw-r--r-- | include/attach.php | 88 |
1 files changed, 66 insertions, 22 deletions
diff --git a/include/attach.php b/include/attach.php index a300e34b0..38fe3173b 100644 --- a/include/attach.php +++ b/include/attach.php @@ -980,13 +980,14 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, if($is_dir) return; -/* //check for recursive perms if we are in a folder if($object['folder']) { $folder_hash = $object['folder']; - $r_perms = check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash); + $r_perms = recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash); + + print_r($r_perms); killme(); $allow_cid = perms2str($r_perms['allow_cid']); $allow_gid = perms2str($r_perms['allow_gid']); @@ -994,8 +995,6 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $deny_gid = perms2str($r_perms['deny_gid']); } -*/ - $mid = item_message_id(); @@ -1147,12 +1146,13 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) { 'created' => $x[0]['created'], 'edited' => $x[0]['edited'] ); - return $object; } -function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash) { +function recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash) { + + $poster = get_app()->get_observer(); $arr_allow_cid = expand_acl($allow_cid); $arr_allow_gid = expand_acl($allow_gid); @@ -1170,11 +1170,19 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo $parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']); $parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']); + + //TODO: should find a much better solution for the allow_cid <-> allow_gid problem. + //Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid. + if($parent_arr['allow_gid']) { + foreach($parent_arr['allow_gid'][$count] as $gid) { + $in_group = in_group($gid); + $parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group)); + } + } + $parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']); $parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']); - $parents_arr = $parent_arr; - $count++; } @@ -1183,6 +1191,16 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo } + //if none of the parent folders is private just return file perms + if(!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) { + $ret['allow_gid'] = $arr_allow_gid; + $ret['allow_cid'] = $arr_allow_cid; + $ret['deny_gid'] = $arr_deny_gid; + $ret['deny_cid'] = $arr_deny_cid; + + return $ret; + } + //if there are no perms on the file we get them from the first parent folder if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) { $arr_allow_cid = $parent_arr['allow_cid'][0]; @@ -1192,42 +1210,68 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo } //allow_cid - foreach ($parents_arr['allow_cid'] as $folder_arr_allow_cid) { + $r_arr_allow_cid = false; + foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) { foreach ($folder_arr_allow_cid as $ac_hash) { $count_values[$ac_hash]++; } } foreach ($arr_allow_cid as $fac_hash) { - if(($count_values[$fac_hash]) && ($count_values[$fac_hash] == $count)) + if($count_values[$fac_hash] == $count) $r_arr_allow_cid[] = $fac_hash; } - //allow_gid - foreach ($parents_arr['allow_gid'] as $folder_arr_allow_gid) { + $r_arr_allow_gid = false; + foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) { foreach ($folder_arr_allow_gid as $ag_hash) { $count_values[$ag_hash]++; } } foreach ($arr_allow_gid as $fag_hash) { - if(($count_values[$fag_hash]) && ($count_values[$fag_hash] == $count)) + if($count_values[$fag_hash] == $count) $r_arr_allow_gid[] = $fag_hash; } //deny_gid - foreach($parents_arr['deny_gid'] as $folder_arr_deny_gid) { - $arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); + foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) { + $r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); } + $r_arr_deny_gid = array_unique($r_arr_deny_gid); //deny_cid - foreach($parents_arr['deny_cid'] as $folder_arr_deny_cid) { - $arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); + foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) { + $r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); + } + $r_arr_deny_cid = array_unique($r_arr_deny_cid); + + //if none is allowed restrict to self + if(($r_arr_allow_gid === false) && ($r_arr_allow_gid === false)) { + $ret['allow_cid'] = $poster['xchan_hash']; + } else { + $ret['allow_gid'] = $r_arr_allow_gid; + $ret['allow_cid'] = $r_arr_allow_cid; + $ret['deny_gid'] = $r_arr_deny_gid; + $ret['deny_cid'] = $r_arr_deny_cid; } - - $ret['allow_gid'] = $r_arr_allow_gid; - $ret['allow_cid'] = $r_arr_allow_cid; - $ret['deny_gid'] = array_unique($r_arr_deny_gid); - $ret['deny_cid'] = array_unique($r_arr_deny_cid); return $ret; + +} + +function in_group($group_id) { + //TODO: make these two queries one with a join. + $x = q("SELECT id FROM groups WHERE hash = '%s'", + dbesc($group_id) + ); + + $r = q("SELECT xchan FROM group_member WHERE gid = %d", + intval($x[0]['id']) + ); + + foreach($r as $ig) { + $group_members[] = $ig['xchan']; + } + + return $group_members; } |