diff options
| author | Mario Vavti <mario@mariovavti.com> | 2018-09-05 12:20:06 +0200 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2018-09-05 12:20:06 +0200 |
| commit | 6667ba4172188825dd4757758256d9c637a9d405 (patch) | |
| tree | e72c444f89bff346779e45cdbcdff0d48f4e15ae | |
| parent | 75e8aa8aee9c735308ed36bef5648cdceff6351e (diff) | |
| parent | a81a1bd5f1cbaf3bad1735ba0a188128c8e54577 (diff) | |
| download | volse-hubzilla-6667ba4172188825dd4757758256d9c637a9d405.tar.gz volse-hubzilla-6667ba4172188825dd4757758256d9c637a9d405.tar.bz2 volse-hubzilla-6667ba4172188825dd4757758256d9c637a9d405.zip | |
Merge branch 'dev' of https://framagit.org/hubzilla/core into dev
| -rw-r--r-- | Zotlabs/Module/Item.php | 12 | ||||
| -rw-r--r-- | include/zot.php | 29 |
2 files changed, 29 insertions, 12 deletions
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 640b4fa5c..a24d6da9c 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -29,7 +29,7 @@ use \Zotlabs\Lib as Zlib; class Item extends \Zotlabs\Web\Controller { function post() { - + // This will change. Figure out who the observer is and whether or not // they have permission to post here. Else ignore the post. @@ -237,10 +237,12 @@ class Item extends \Zotlabs\Web\Controller { if($parent) { logger('mod_item: item_post parent=' . $parent); $can_comment = false; - if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])) - $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments'); - else - $can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item); + + $can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item); + if (!$can_comment) { + if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])==1 ) + $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments'); + } if(! $can_comment) { notice( t('Permission denied.') . EOL) ; diff --git a/include/zot.php b/include/zot.php index 52102e147..e8ac2df02 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1808,13 +1808,28 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ else { $arr['item_wall'] = 0; } - - if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) { - logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}"); - $DR->update('permission denied'); - $result[] = $DR->get(); - continue; - } + + + if ((! $tag_delivery) && (! $local_public)) { + $allowed = (perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)); + + if((! $allowed) && $perm == 'post_comments') { + $parent = q("select * from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['parent_mid']), + intval($channel['channel_id']) + ); + if ($parent) { + $allowed = can_comment_on_post($d['hash'],$parent[0]); + } + } + + if (! $allowed) { + logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}"); + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } + } if($arr['mid'] != $arr['parent_mid']) { |