aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Acl.php
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-07-13 19:53:28 -0700
committerredmatrix <git@macgirvin.com>2016-07-13 19:53:28 -0700
commit1fd65c934da1efcbc3e44c5ec1c5112859ba50f9 (patch)
treef2d71a643080caace31370a71e2f365e22946f8d /Zotlabs/Module/Acl.php
parentb72720f6b6070fa5c5036f8600c82454b378d1d0 (diff)
downloadvolse-hubzilla-1fd65c934da1efcbc3e44c5ec1c5112859ba50f9.tar.gz
volse-hubzilla-1fd65c934da1efcbc3e44c5ec1c5112859ba50f9.tar.bz2
volse-hubzilla-1fd65c934da1efcbc3e44c5ec1c5112859ba50f9.zip
lots more permission work
Diffstat (limited to 'Zotlabs/Module/Acl.php')
-rw-r--r--Zotlabs/Module/Acl.php59
1 files changed, 41 insertions, 18 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index d7516af33..0e02a2f66 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -58,7 +58,23 @@ class Acl extends \Zotlabs\Web\Controller {
if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
killme();
-
+
+ $permitted = [];
+
+ if(in_array($type, [ 'm', 'a', 'c' ])) {
+
+ // These queries require permission checking. We'll create a simple array of xchan_hash for those with
+ // the requisite permissions which we can check against.
+
+ $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1",
+ intval(local_channel()),
+ dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver')
+ );
+
+ $permitted = ids_to_array($x,'xchan');
+ }
+
+
if($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
@@ -87,13 +103,13 @@ class Acl extends \Zotlabs\Web\Controller {
if($type == '' || $type == 'g') {
- $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname`
- FROM `groups`,`group_member`
- WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d
- AND `group_member`.`gid`=`groups`.`id`
+ $r = q("SELECT groups.id, groups.hash, groups.gname
+ FROM groups,group_member
+ WHERE groups.deleted = 0 AND groups.uid = %d
+ AND group_member.gid=groups.id
$sql_extra
- GROUP BY `groups`.`id`
- ORDER BY `groups`.`gname`
+ GROUP BY groups.id
+ ORDER BY groups.gname
LIMIT %d OFFSET %d",
intval(local_channel()),
intval($count),
@@ -139,7 +155,7 @@ class Acl extends \Zotlabs\Web\Controller {
}
else { // Visitors
- $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, xchan_pubforum, 0 as abook_flags, 0 as abook_self
+ $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
FROM xchan left join xlink on xlink_link = xchan_hash
WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
dbesc(get_observer_hash())
@@ -155,7 +171,7 @@ class Acl extends \Zotlabs\Web\Controller {
$known_hashes[] = "'".$rr['hash']."'";
$known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')';
- $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self
+ $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc");
if($r2)
@@ -184,7 +200,7 @@ class Acl extends \Zotlabs\Web\Controller {
}
if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) {
if((count($r) < 100) && $type == 'c') {
- $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self, xchan_pubforum
+ $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
FROM xchan
WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"
);
@@ -194,20 +210,27 @@ class Acl extends \Zotlabs\Web\Controller {
}
}
elseif($type == 'm') {
-
- $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
+ $r = array();
+ $z = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
FROM abook left join xchan on abook_xchan = xchan_hash
- WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
+ WHERE abook_channel = %d
and xchan_deleted = 0
$sql_extra3
- ORDER BY `xchan_name` ASC ",
- intval(local_channel()),
- intval(PERMS_W_MAIL)
+ ORDER BY xchan_name ASC ",
+ intval(local_channel())
);
+ if($z) {
+ foreach($z as $zz) {
+ if(in_array($zz['id'],$permitted)) {
+ $r[] = $zz;
+ }
+ }
+ }
+
}
elseif($type == 'a') {
- $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , xchan_pubforum, abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
+ $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d
and xchan_deleted = 0
$sql_extra3
@@ -247,7 +270,7 @@ class Acl extends \Zotlabs\Web\Controller {
if(strpos($g['hash'],'/') && $type != 'a')
continue;
- if(($g['xchan_pubforum']) && $type == 'c' && (! $noforums)) {
+ if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
$contacts[] = array(
"type" => "c",
"photo" => "images/twopeople.png",