diff options
| author | Mario <mario@mariovavti.com> | 2021-09-06 09:10:19 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-09-06 09:10:19 +0000 |
| commit | 8d28649e1b64e8d4eb15fd3923020950a58966e7 (patch) | |
| tree | 17350748850255de7129339f0abfc4725b267714 /Zotlabs/Lib/Activity.php | |
| parent | 9495fef79bb299aa114bbda72e32ae0a2659e436 (diff) | |
| download | volse-hubzilla-8d28649e1b64e8d4eb15fd3923020950a58966e7.tar.gz volse-hubzilla-8d28649e1b64e8d4eb15fd3923020950a58966e7.tar.bz2 volse-hubzilla-8d28649e1b64e8d4eb15fd3923020950a58966e7.zip | |
check the post_mail permission for direct messages
Diffstat (limited to 'Zotlabs/Lib/Activity.php')
| -rw-r--r-- | Zotlabs/Lib/Activity.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 971381fb2..14d4a1d71 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -1815,12 +1815,19 @@ class Activity { } else { if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') && !$is_sys_channel) { - logger('no permission'); + logger('no send_stream permission'); return; } $s['owner_xchan'] = $s['author_xchan'] = $observer_hash; } + if (intval($item['item_private']) === 2) { + if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'post_mail')) { + logger('no post_mail permission'); + return; + } + } + $abook = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($observer_hash), intval($channel['channel_id']) @@ -2672,6 +2679,11 @@ class Activity { $allowed = true; } + if (intval($item['item_private']) === 2) { + if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'post_mail')) { + $allowed = false; + } + } if ($is_sys_channel) { |