guest token xchan_network = "token" and remove permission checks since the guest tokens are now added to the abook automatically

5 files changed, 38 insertions, 51 deletions

diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php
index 23573e837..ef10e8046 100644
--- a/Zotlabs/Lib/Libsync.php
+++ b/Zotlabs/Lib/Libsync.php
@@ -384,19 +384,42 @@ class Libsync {
 					// This relies on the undocumented behaviour that red sites send xchan info with the abook
 					// and import_author_xchan will look them up on all federated networks
 
-					if ($abook['abook_xchan'] && $abook['xchan_addr']) {
+					$found = false;
+					if ($abook['abook_xchan'] && $abook['xchan_addr'] && (! in_array($abook['xchan_network'], [ 'token', 'unknown' ]))) {
 						$h = Libzot::get_hublocs($abook['abook_xchan']);
-						if (!$h) {
+						if ($h) {
+							$found = true;
+						}
+						else {
 							$xhash = import_author_xchan(encode_item_xchan($abook));
-							if (!$xhash) {
+							if ($xhash) {
+								$found = true;
+							}
+							else {
 								logger('Import of ' . $abook['xchan_addr'] . ' failed.');
-								continue;
 							}
 						}
 					}
 
+					if (!$found && !in_array($abook['xchan_network'], ['zot6', 'activitypub', 'diaspora'])) {
+						// just import the record.
+						$xc = [];
+						foreach ($abook as $k => $v) {
+							if (strpos($k,'xchan_') === 0) {
+								$xc[$k] = $v;
+							}
+						}
+						$r = q("select * from xchan where xchan_hash = '%s'",
+							dbesc($xc['xchan_hash'])
+						);
+						if (! $r) {
+							xchan_store_lowlevel($xc);
+						}
+					}
+
+
 					foreach ($abook as $k => $v) {
-						if (in_array($k, $disallowed) || (strpos($k, 'abook') !== 0)) {
+						if (in_array($k, $disallowed) || (strpos($k, 'abook_') !== 0)) {
 							continue;
 						}
 						if (!in_array($k, $fields)) {
@@ -410,6 +433,13 @@ class Libsync {
 
 					if (array_key_exists('abook_instance', $clean) && $clean['abook_instance'] && strpos($clean['abook_instance'], z_root()) === false) {
 						$clean['abook_not_here'] = 1;
+
+						// guest pass or access token - don't try to probe since it is one-way
+						// we are relying on the undocumented behaviour that the abook record also contains the xchan
+						if ($abook['xchan_network'] === 'token') {
+							$clean['abook_instance'] .= ',';
+							$clean['abook_instance'] .= z_root();
+						}
 					}
 
 
diff --git a/include/connections.php b/include/connections.php
index 98cd4bbb5..a0a9e04a7 100644
--- a/include/connections.php
+++ b/include/connections.php
@@ -114,7 +114,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
 
 	// don't provide a connect button for transient or one-way identities
 
-	if(in_array($xchan['xchan_network'],['rss','anon','unknown']) || strpos($xchan['xchan_addr'],'guest:') === 0) {
+	if(in_array($xchan['xchan_network'],['rss', 'anon', 'unknown', 'token'])) {
 		$connect = false;
 	}
 
diff --git a/include/conversation.php b/include/conversation.php
index d12151fcc..bdd27c55f 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1061,7 +1061,7 @@ function thread_author_menu($item, $mode = '') {
 		}
 		else {
 			$url = (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']);
-			if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot' ]))) {
+			if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot', 'token']))) {
 				$follow_url = z_root() . '/follow/?f=&url=' . urlencode($url) . '&interactive=0';
 			}
 		}
diff --git a/include/permissions.php b/include/permissions.php
index bbd13ed58..c3a9286c0 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -80,23 +80,6 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_
 					intval($uid),
 					dbesc($observer_xchan)
 				);
-				if(! $x) {
-					// see if they've got a guest access token; these are treated as connections
-					$y = atoken_abook($uid,$observer_xchan);
-					if($y)
-						$x = array($y);
-
-					if(! $x) {
-						// not in address book and no guest token, see if they've got an xchan
-						// these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections
-						$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
-							dbesc($observer_xchan)
-						);
-						if($y) {
-							$x = array(pseudo_abook($y[0]));
-						}
-					}
-				}
 
 				$abook_checked = true;
 			}
@@ -309,32 +292,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
 		if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored']))
 			return false;
 
-		if(! $x) {
-			// see if they've got a guest access token
-			$y = atoken_abook($uid,$observer_xchan);
-			if($y)
-				$x = array($y);
-
-			if(! $x) {
-				// not in address book and no guest token, see if they've got an xchan
-
-				$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
-					dbesc($observer_xchan)
-				);
-				if($y) {
-
-					// This requires an explanation and the effects are subtle.
-					// The following line creates a fake connection, and this allows
-					// access tokens to have specific permissions even though they are
-					// not actual connections.
-					// The existence of this fake entry must be checked when dealing
-					// with connection related permissions.
-
-					$x = array(pseudo_abook($y[0]));
-				}
-			}
-
-		}
 		$abperms = load_abconfig($uid,$observer_xchan,'my_perms');
 	}
 
diff --git a/include/security.php b/include/security.php
index f02fb8023..7f5f3193f 100644
--- a/include/security.php
+++ b/include/security.php
@@ -128,7 +128,7 @@ function atoken_xchan($atoken) {
 			'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
 			'xchan_name' => $atoken['atoken_name'],
 			'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(),
-			'xchan_network' => 'unknown',
+			'xchan_network' => 'token',
 			'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
 			'xchan_hidden' => 1,
 			'xchan_photo_mimetype' => 'image/png',