diff options
author | zotlabs <mike@macgirvin.com> | 2016-12-01 15:52:54 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2016-12-01 15:52:54 -0800 |
commit | 97e70d62bf52de9e8879f832cc2d53c74f9c27f3 (patch) | |
tree | 19a3c2849834bc2aa520711a967e90c3e522ca50 | |
parent | 47a356ff52900fd8cd8d4980b44c69c13b2e612f (diff) | |
download | volse-hubzilla-97e70d62bf52de9e8879f832cc2d53c74f9c27f3.tar.gz volse-hubzilla-97e70d62bf52de9e8879f832cc2d53c74f9c27f3.tar.bz2 volse-hubzilla-97e70d62bf52de9e8879f832cc2d53c74f9c27f3.zip |
extensible perms: the really, really hard part - figuring out what to do about people with custom permissions so as to set sane defaults.
-rw-r--r-- | Zotlabs/Access/PermissionRoles.php | 42 | ||||
-rw-r--r-- | Zotlabs/Access/Permissions.php | 9 | ||||
-rwxr-xr-x | boot.php | 28 |
3 files changed, 69 insertions, 10 deletions
diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index 8b116adc5..3878777cf 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -160,6 +160,7 @@ class PermissionRoles { $ret['limits'] = PermissionLimits::Std_Limits(); break; + case 'custom': default: break; } @@ -174,7 +175,48 @@ class PermissionRoles { return $ret; } + static public function new_custom_perms($uid,$perm,$abooks) { + // set permissionlimits for this permission here, for example: + + // if($perm === 'mynewperm') + // \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1); + + + // set autoperms here if applicable + // choices are to set to 0, 1, or the value of an existing perm + + if(get_pconfig($uid,'system','autoperms')) { + + $c = channelx_by_n($uid); + $value = 0; + + // if($perm === 'mynewperm') + // $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm')); + + if($c) { + set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value); + } + + + } + + // now set something for all existing connections. + + if($abooks) { + foreach($abooks as $ab) { + switch($perm) { + // case 'mynewperm': + // choices are to set to 1, set to 0, or clone an existing perm + // set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm, + // get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm')); + + default: + break; + } + } + } + } static public function roles() { diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index 61ea51a48..1951f2f0f 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -10,9 +10,18 @@ class Permissions { /** * Extensible permissions. * To add new permissions, add to the list of $perms below, with a simple description. + * * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role * if this permission should be granted to new connections. * + * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom + * permission roles. You will want to set a default PermissionLimit for each channel and also + * provide a sane default for any existing connections. You may or may not wish to provide a + * default auto permission. If in doubt, leave this alone as custom permissions by definition + * are the responsbility of the channel owner to manage. You just don't want to create any + * suprises or break things so you have an opportunity to provide sane settings. + * + * * Permissions with 'view' in the name are considered read permissions. Anything * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else * is given PERMS_SPECIFIC. @@ -2483,19 +2483,27 @@ function check_for_new_perms() { // get the permissions role details $rp = \Zotlabs\Access\PermissionRoles::role_perms($r[0]['v']); if($rp) { - // set the channel limits if appropriate or 0 - if(array_key_exists('limits',$rp) && array_key_exists($p,$rp['limits'])) { - \Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,$rp['limits'][$p]); + + // for custom permission roles we need to customise how we initiate this new permission + if(array_key_exists('role',$rp) && ($rp['role'] === 'custom' || $rp['role'] === '')) { + \Zotlabs\Access\PermissionRoles::new_custom_perms($cc['uid'],$p,$x); } else { - \Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,0); - } + // set the channel limits if appropriate or 0 + if(array_key_exists('limits',$rp) && array_key_exists($p,$rp['limits'])) { + \Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,$rp['limits'][$p]); + } + else { + \Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,0); + } + - $set = ((array_key_exists('perms_connect',$rp) && array_key_exists($p,$rp['perms_connect'])) ? true : false); - // foreach connection set to the perms_connect value - if($x) { - foreach($x as $xx) { - set_abconfig($cc['uid'],$xx['abook_xchan'],'my_perms',$p,intval($set)); + $set = ((array_key_exists('perms_connect',$rp) && array_key_exists($p,$rp['perms_connect'])) ? true : false); + // foreach connection set to the perms_connect value + if($x) { + foreach($x as $xx) { + set_abconfig($cc['uid'],$xx['abook_xchan'],'my_perms',$p,intval($set)); + } } } } |