aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Lib/Activity.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-12-15 12:17:19 +0000
committerMario <mario@mariovavti.com>2021-12-15 12:17:19 +0000
commit2968bf8241d2969c4d51f1651fc3f8c7688b2fca (patch)
treedb015d27098c546c32f41682e3b7dac2480b890e /Zotlabs/Lib/Activity.php
parentb37165c62b1037e504d4b68a507241acf97ede5e (diff)
downloadvolse-hubzilla-2968bf8241d2969c4d51f1651fc3f8c7688b2fca.tar.gz
volse-hubzilla-2968bf8241d2969c4d51f1651fc3f8c7688b2fca.tar.bz2
volse-hubzilla-2968bf8241d2969c4d51f1651fc3f8c7688b2fca.zip
merge branch perms_ng into dev
Diffstat (limited to 'Zotlabs/Lib/Activity.php')
-rw-r--r--Zotlabs/Lib/Activity.php30
1 files changed, 20 insertions, 10 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 664886fc2..8e5a4e1a6 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -886,10 +886,6 @@ class Activity {
else
return [];
- if (strpos($i['body'], '[/share]') !== false) {
- $i['obj'] = null;
- }
-
if ($i['obj']) {
if (!is_array($i['obj'])) {
$i['obj'] = json_decode($i['obj'], true);
@@ -899,8 +895,10 @@ class Activity {
}
$obj = self::encode_object($i['obj']);
- if ($obj)
+
+ if ($obj) {
$ret['object'] = $obj;
+ }
else
return [];
}
@@ -1042,7 +1040,7 @@ class Activity {
$tmp = expand_acl($i['allow_cid']);
$list = stringify_array($tmp, true);
if ($list) {
- $details = q("select hubloc_id_url from hubloc where hubloc_hash in (" . $list . ") and hubloc_id_url != ''");
+ $details = q("select hubloc_id_url from hubloc where hubloc_hash in (" . $list . ") and hubloc_id_url != '' and hubloc_deleted = 0");
if ($details) {
foreach ($details as $d) {
$ret[] = $d['hubloc_id_url'];
@@ -1089,10 +1087,11 @@ class Activity {
$ret['type'] = 'Person';
if ($c) {
- $role = get_pconfig($c['channel_id'], 'system', 'permissions_role');
- if (strpos($role, 'forum') !== false) {
+ if (get_pconfig($c['channel_id'], 'system', 'group_actor')) {
$ret['type'] = 'Group';
}
+
+ $ret['manuallyApprovesFollowers'] = ((get_pconfig($c['channel_id'], 'system', 'autoperms')) ? false : true);
}
if ($c) {
@@ -1554,9 +1553,9 @@ class Activity {
/* If there is a default group for this channel and permissions are automatic, add this member to it */
if ($channel['channel_default_group'] && $automatic) {
- $g = Group::rec_byhash($channel['channel_id'], $channel['channel_default_group']);
+ $g = AccessList::by_hash($channel['channel_id'], $channel['channel_default_group']);
if ($g)
- Group::member_add($channel['channel_id'], '', $ret['xchan_hash'], $g['id']);
+ AccessList::member_add($channel['channel_id'], '', $ret['xchan_hash'], $g['id']);
}
@@ -2692,6 +2691,17 @@ class Activity {
// set the owner to the owner of the parent
$item['owner_xchan'] = $p[0]['owner_xchan'];
+ // quietly reject group comment boosts by group owner
+ // (usually only sent via ActivityPub so groups will work on microblog platforms)
+ // This catches those activities if they slipped in via a conversation fetch
+
+ if ($p[0]['parent_mid'] !== $item['parent_mid']) {
+ if ($item['verb'] === 'Announce' && $item['author_xchan'] === $item['owner_xchan']) {
+ logger('group boost activity by group owner rejected');
+ return;
+ }
+ }
+
// check permissions against the author, not the sender
$allowed = perm_is_allowed($channel['channel_id'], $item['author_xchan'], 'post_comments');
if ((!$allowed)/* && $permit_mentions*/) {