aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Lockview.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2022-01-02 19:33:10 +0000
committerMario <mario@mariovavti.com>2022-01-02 19:33:10 +0000
commit0003e0b8a5841bfc9e845f0b833aa206527826de (patch)
tree389085c0d60edcfddd69b8323841d996f7458d32 /Zotlabs/Module/Lockview.php
parente42703d55793108f456a520dad747db5c9a67518 (diff)
downloadvolse-hubzilla-0003e0b8a5841bfc9e845f0b833aa206527826de.tar.gz
volse-hubzilla-0003e0b8a5841bfc9e845f0b833aa206527826de.tar.bz2
volse-hubzilla-0003e0b8a5841bfc9e845f0b833aa206527826de.zip
lockview: fix guest links for profile groups and photos, cleanup
Diffstat (limited to 'Zotlabs/Module/Lockview.php')
-rw-r--r--Zotlabs/Module/Lockview.php179
1 files changed, 102 insertions, 77 deletions
diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php
index b4ba4caa6..1fab6ff2f 100644
--- a/Zotlabs/Module/Lockview.php
+++ b/Zotlabs/Module/Lockview.php
@@ -1,24 +1,30 @@
<?php
+
namespace Zotlabs\Module;
-use App;
use Zotlabs\Lib\AccessList;
+use Zotlabs\Web\Controller;
require_once('include/security.php');
-class Lockview extends \Zotlabs\Web\Controller {
+class Lockview extends Controller {
function get() {
- $atokens = array();
+ $atokens = [];
+ $atoken_xchans = [];
+ $access_list = [];
+ $guest_access_list = [];
- if(local_channel()) {
+ if (local_channel()) {
$at = q("select * from atoken where atoken_uid = %d",
intval(local_channel())
);
- if($at) {
- foreach($at as $t) {
- $atokens[] = array_merge($t, atoken_xchan($t));
+ if ($at) {
+ foreach ($at as $t) {
+ $atoken_xchan = atoken_xchan($t);
+ $atokens[] = array_merge($t, $atoken_xchan);
+ $atoken_xchans[] = $atoken_xchan['xchan_hash'];
}
}
}
@@ -26,20 +32,20 @@ class Lockview extends \Zotlabs\Web\Controller {
$type = ((argc() > 1) ? argv(1) : 0);
if (is_numeric($type)) {
$item_id = intval($type);
- $type = 'item';
+ $type = 'item';
}
else {
$item_id = ((argc() > 2) ? intval(argv(2)) : 0);
}
- if(! $item_id)
+ if (!$item_id)
killme();
- if (! in_array($type, array('item', 'photo', 'attach', 'event', 'menu_item', 'chatroom')))
+ if (!in_array($type, ['item', 'photo', 'attach', 'menu_item', 'chatroom']))
killme();
// we have different naming in in menu_item table and chatroom table
- switch($type) {
+ switch ($type) {
case 'menu_item':
$id = 'mitem_id';
break;
@@ -56,150 +62,169 @@ class Lockview extends \Zotlabs\Web\Controller {
intval($item_id)
);
- if(! $r)
+ if (!$r)
killme();
$item = $r[0];
- $uid = null;
- $url = '';
+ $uid = null;
+ $url = '';
- switch($type) {
+ switch ($type) {
case 'menu_item':
$uid = $item['mitem_channel_id'];
break;
case 'chatroom':
- $uid = $item['cr_uid'];
+ $uid = $item['cr_uid'];
$channel = channelx_by_n($uid);
- $url = z_root() . '/chat/' . $channel['channel_address'] . '/' . $item['cr_id'];
+ $url = z_root() . '/chat/' . $channel['channel_address'] . '/' . $item['cr_id'];
break;
case 'item':
$uid = $item['uid'];
$url = $item['plink'];
break;
+ case 'photo':
+ $uid = $item['uid'];
+ $channel = channelx_by_n($uid);
+ $url = z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $item['resource_id'];
+ break;
case 'attach':
- $uid = $item['uid'];
+ $uid = $item['uid'];
$channel = channelx_by_n($uid);
- $url = z_root() . '/cloud/' . $channel['channel_address'] . '/' . $item['display_path'];
+ $url = z_root() . '/cloud/' . $channel['channel_address'] . '/' . $item['display_path'];
break;
default:
break;
}
- if($uid != local_channel()) {
+ if (intval($uid) !== local_channel()) {
echo '<div class="dropdown-item-text">' . t('Remote privacy information not available') . '</div>';
killme();
}
- if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
- && (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) {
+ if (intval($item['item_private']) && (!strlen($item['allow_cid'])) && (!strlen($item['allow_gid']))
+ && (!strlen($item['deny_cid'])) && (!strlen($item['deny_gid']))) {
// if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any
// specific recipients, we're the recipient of a post with "bcc" or targeted recipients; so we'll just show it
// as unknown specific recipients. The sender will have the visibility list and will fall through to the
// next section.
- echo '<div class="dropdown-item">' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>';
+ echo '<div class="dropdown-item">' . translate_scope((!$item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>';
killme();
}
- $allowed_users = expand_acl($item['allow_cid']);
+ $allowed_users = expand_acl($item['allow_cid']);
$allowed_groups = expand_acl($item['allow_gid']);
- $deny_users = expand_acl($item['deny_cid']);
- $deny_groups = expand_acl($item['deny_gid']);
-
- $o = '<div class="dropdown-item-text text-uppercase text-muted text-nowrap h6">' . t('Access') . '</div>';
- $l = array();
+ $deny_users = expand_acl($item['deny_cid']);
+ $deny_groups = expand_acl($item['deny_gid']);
- stringify_array_elms($allowed_groups,true);
- stringify_array_elms($allowed_users,true);
- stringify_array_elms($deny_groups,true);
- stringify_array_elms($deny_users,true);
+ stringify_array_elms($allowed_groups, true);
+ stringify_array_elms($allowed_users, true);
+ stringify_array_elms($deny_groups, true);
+ stringify_array_elms($deny_users, true);
$allowed_xchans = [];
$profile_groups = [];
- if($allowed_groups) {
- foreach($allowed_groups as $g) {
- if(substr($g,0,4) === '\'vp.') {
- $profile_groups[] = '\'' . substr($g,4);
+ if ($allowed_groups) {
+ foreach ($allowed_groups as $g) {
+ if (substr($g, 0, 4) === '\'vp.') {
+ $profile_groups[] = '\'' . substr($g, 4);
}
}
}
- if(count($profile_groups)) {
- $r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
- if($r) {
- foreach($r as $rr) {
- $l[] = '<div class="dropdown-item" title="' . t('Profile','acl') . '">' . $rr['profile_name'] . '</div>';
+ if ($profile_groups) {
+ $r = q("SELECT id, profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
+ if ($r) {
+ foreach ($r as $rr) {
+ $pgrp_members = AccessList::profile_members_xchan($uid, $rr['id']);
+ $allowed_xchans = array_merge($allowed_xchans, $pgrp_members);
+ $access_list[] = '<div class="dropdown-item" title="' . t('Profile', 'acl') . '">' . $rr['profile_name'] . '</div>';
}
}
}
- if(count($allowed_groups)) {
- $r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
- if($r) {
- foreach($r as $rr) {
- $gid = AccessList::by_name($uid, $rr['gname']);
- $pgrp_members = AccessList::members_xchan($uid, $gid);
+ if ($allowed_groups) {
+ $r = q("SELECT id, gname FROM pgrp WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
+ if ($r) {
+ foreach ($r as $rr) {
+ $pgrp_members = AccessList::members_xchan($uid, $rr['id']);
$allowed_xchans = array_merge($allowed_xchans, $pgrp_members);
-
- $l[] = '<div class="dropdown-item" title="' . t('Privacy group') . '">' . $rr['gname'] . '</div>';
+ $access_list[] = '<div class="dropdown-item" title="' . t('Privacy group') . '">' . $rr['gname'] . '</div>';
}
}
}
- if(count($allowed_users)) {
- $r = q("SELECT xchan_name, xchan_hash FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )");
- if($r) {
- foreach($r as $rr) {
+ if ($allowed_users) {
+ $r = q("SELECT xchan_name, xchan_hash FROM xchan WHERE xchan_hash IN ( " . implode(', ', $allowed_users) . " )");
+ if ($r) {
+ foreach ($r as $rr) {
$allowed_xchans[] = $rr['xchan_hash'];
- $l[] = '<div class="dropdown-item">' . $rr['xchan_name'] . '</div>';
+ if (!in_array($rr['xchan_hash'], $atoken_xchans)) {
+ $access_list[] = '<div class="dropdown-item">' . $rr['xchan_name'] . '</div>';
+ }
}
}
}
$profile_groups = [];
- if($deny_groups) {
- foreach($deny_groups as $g) {
- if(substr($g,0,4) === '\'vp.') {
- $profile_groups[] = '\'' . substr($g,4);
+ if ($deny_groups) {
+ foreach ($deny_groups as $g) {
+ if (substr($g, 0, 4) === '\'vp.') {
+ $profile_groups[] = '\'' . substr($g, 4);
}
}
}
- if(count($profile_groups)) {
+ if ($profile_groups) {
$r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
- if($r)
- foreach($r as $rr)
- $l[] = '<div class="dropdown-item" title="' . t('Profile','acl') . '"><strike>' . $rr['profile_name'] . '</strike></b></div>';
+ if ($r) {
+ foreach ($r as $rr) {
+ $access_list[] = '<div class="dropdown-item" title="' . t('Profile', 'acl') . '"><strike>' . $rr['profile_name'] . '</strike></b></div>';
+ }
+ }
}
- if(count($deny_groups)) {
+ if ($deny_groups) {
$r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
- if($r)
- foreach($r as $rr)
- $l[] = '<div class="dropdown-item" title="' . t('Privacy group') .'"><strike>' . $rr['gname'] . '</strike></b></div>';
+ if ($r) {
+ foreach ($r as $rr) {
+ $access_list[] = '<div class="dropdown-item" title="' . t('Privacy group') . '"><strike>' . $rr['gname'] . '</strike></b></div>';
+ }
+ }
}
- if(count($deny_users)) {
+
+ if ($deny_users) {
$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )");
- if($r)
- foreach($r as $rr)
- $l[] = '<div class="dropdown-item"><strike>' . $rr['xchan_name'] . '</strike></div>';
+ if ($r) {
+ foreach ($r as $rr) {
+ $access_list[] = '<div class="dropdown-item"><strike>' . $rr['xchan_name'] . '</strike></div>';
+ }
+ }
}
if ($atokens && $allowed_xchans && $url) {
- $l[] = '<div class="dropdown-divider"></div>';
- $l[] = '<div class="dropdown-item-text text-uppercase text-muted text-nowrap h6">' . t('Guest access') . '</div>';
+ if ($access_list) {
+ $guest_access_list[] = '<div class="dropdown-divider"></div>';
+ }
+
+ $guest_access_list[] = '<div class="dropdown-item-text text-uppercase text-muted text-nowrap h6">' . t('Guest access') . '</div>';
$allowed_xchans = array_unique($allowed_xchans);
- foreach($atokens as $atoken) {
- if(in_array($atoken['xchan_hash'], $allowed_xchans)) {
- $l[] = '<div class="dropdown-item d-flex justify-content-between"><span>' . $atoken['xchan_name'] . '</span><i class="fa fa-copy p-1 cursor-pointer" title="' . sprintf(t('Click to copy link to this ressource for guest %s to clipboard'), $atoken['xchan_name']) . '" data-token="' . $url . '?zat=' . $atoken['atoken_token'] . '" onclick="navigator.clipboard.writeText(this.dataset.token); $.jGrowl(\'Copied\', { sticky: false, theme: \'info\', life: 500 });"></i></div>';
+ foreach ($atokens as $atoken) {
+ if (in_array($atoken['xchan_hash'], $allowed_xchans)) {
+ $guest_access_list[] = '<div class="dropdown-item d-flex justify-content-between"><span>' . $atoken['xchan_name'] . '</span><i class="fa fa-copy p-1 cursor-pointer" title="' . sprintf(t('Copy link to this ressource for guest %s'), $atoken['xchan_name']) . '" data-token="' . $url . '?zat=' . $atoken['atoken_token'] . '" onclick="navigator.clipboard.writeText(this.dataset.token); $.jGrowl(\'' . t('Link copied to clipboard') . '\', { sticky: false, theme: \'info\', life: 3000 });"></i></div>';
}
}
}
- echo $o . implode($l);
+ $o = '';
+ if ($access_list) {
+ $o = '<div class="dropdown-item-text text-uppercase text-muted text-nowrap h6">' . t('Access') . '</div>';
+ }
+
+ echo $o . implode($access_list) . implode($guest_access_list);
killme();
}