more permissions optimisations

6 files changed, 63 insertions, 36 deletions

diff --git a/README.md b/README.md
index 61a8e5532..54f80bebe 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Hubzilla - Community Server
 
 Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online. 
 
-Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework. 
+Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework - and it is all decentralised. 
 
 Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - even with channels on different servers or other communications services.
 
diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
index 52526d020..d51e4d0ea 100644
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -94,6 +94,10 @@ class Permissions {
 	// Undeclared permissions are set to 0
 
 	static public function FilledPerms($arr) {
+		if(is_null($arr)) {
+			btlogger('FilledPerms: null');
+		}
+
 		$everything = self::Perms();
 		$ret = [];
 		foreach($everything as $k => $v) {
diff --git a/Zotlabs/Lib/Permcat.php b/Zotlabs/Lib/Permcat.php
index 7988aff97..505ee2cfc 100644
--- a/Zotlabs/Lib/Permcat.php
+++ b/Zotlabs/Lib/Permcat.php
@@ -10,24 +10,52 @@ class Permcat {
 
 	public function __construct($channel_id) {
 
-		$name = 'default';
-		$localname = t('default','permcat');
-		
-		$perms = Zaccess\Permissions::FilledAutoPerms($channel_id);
-		if(! $perms) {
-			$role = get_pconfig($channel_id,'system','permissions_role');
-			if($role) {
-				$x = Zaccess\PermissionRoles::role_perms($role);
+		$perms = [];
+
+		// first check role perms for a perms_connect setting
+
+		$role = get_pconfig($channel_id,'system','permissions_role');
+		if($role) {
+			$x = Zaccess\PermissionRoles::role_perms($role);
+			if($x['perms_connect']) {
 				$perms = Zaccess\Permissions::FilledPerms($x['perms_connect']);
 			}
-			if(! $perms) {
-				$perms = Zaccess\Permissions::FilledPerms([]);
+		}
+
+		// if no role perms it may be a custom role, see if there any autoperms
+
+		if(! $perms) {
+			$perms = Zaccess\Permissions::FilledAutoPerms($channel_id);
+		}
+
+		// if no autoperms it may be a custom role with manual perms
+
+		if(! $perms) {
+			$r = q("select channel_hash from channel where channel_id = %d",
+				intval($channel_id)
+			);
+			if($r) {
+				$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
+					intval($channel_id),
+					dbesc($r[0]['channel_hash'])
+				);
+				if($x) {
+					foreach($x as $xv) {
+						$perms[$xv['k']] = intval($xv['v']);
+					}
+				}
 			}
 		}
 
+		// nothing was found - create a filled permission array where all permissions are 0
+
+		if(! $perms) {
+			$perms = Zaccess\Permissions::FilledPerms([]);
+		}
+
 		$this->permcats[] = [
-			'name'      => $name,
-			'localname' => $localname,
+			'name'      => 'default',
+			'localname' => t('default','permcat'),
 			'perms'     => Zaccess\Permissions::Operms($perms),
 			'system'    => 1
 		];
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index ccaf5cd5b..d8422266c 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -212,6 +212,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 		}
 	
 		if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) {
+
 			$new_friend = true;
 	
 			// @fixme it won't be common, but when you accept a new connection request
@@ -221,21 +222,13 @@ class Connedit extends \Zotlabs\Web\Controller {
 			// request. The workaround is to approve the connection, then go back and
 			// adjust permissions as desired.
 	
-			$abook_my_perms = get_channel_default_perms(local_channel());
-	
-			$role = get_pconfig(local_channel(),'system','permissions_role');
-			if($role) {
-				$x = \Zotlabs\Access\PermissionRoles::role_perms($role);
-				if($x['perms_connect']) {
-					$abook_my_perms = $x['perms_connect'];
+			$p = \Zotlabs\Access\Permissions::connect_perms(local_channel());
+			$my_perms = $p['perms'];
+			if($my_perms) {
+				foreach($my_perms as $k => $v) {
+					set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v);
 				}
 			}
-
-			$filled_perms = \Zotlabs\Access\Permissions::FilledPerms($abook_my_perms);
-			foreach($filled_perms as $k => $v) {
-				set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v);
-			}
-
 		}
 
 		$abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']);
diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php
index a89d83544..9ea459dab 100644
--- a/Zotlabs/Module/Settings/Channel.php
+++ b/Zotlabs/Module/Settings/Channel.php
@@ -88,15 +88,17 @@ class Channel {
 							intval(local_channel())
 					);
 				}
-	
-				$x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']);
-				foreach($x as $k => $v) {
-					set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k, $v);
-					if($role_permissions['perms_auto']) {
-						set_pconfig(local_channel(),'autoperms',$k,$v);
-					}
-					else {
-						del_pconfig(local_channel(),'autoperms',$k);
+
+				if($role_permissions['perms_connect']) {	
+					$x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']);
+					foreach($x as $k => $v) {
+						set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k, $v);
+						if($role_permissions['perms_auto']) {
+							set_pconfig(local_channel(),'autoperms',$k,$v);
+						}
+						else {
+							del_pconfig(local_channel(),'autoperms',$k);
+						}
 					}
 				}	
 
diff --git a/doc/README.md b/doc/README.md
index 61a8e5532..54f80bebe 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -12,7 +12,7 @@ Hubzilla - Community Server
 
 Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online. 
 
-Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework. 
+Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework - and it is all decentralised. 
 
 Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - even with channels on different servers or other communications services.