diff options
| author | redmatrix <git@macgirvin.com> | 2016-07-28 16:02:51 -0700 |
|---|---|---|
| committer | redmatrix <git@macgirvin.com> | 2016-07-28 16:02:51 -0700 |
| commit | bc74425872704ad955b37de18639ec831a245761 (patch) | |
| tree | a72a058190905f6f87488d51a97ce02df00f7422 /Zotlabs | |
| parent | 35f17acb388f68745068d6a60e12c7b777b92282 (diff) | |
| download | volse-hubzilla-bc74425872704ad955b37de18639ec831a245761.tar.gz volse-hubzilla-bc74425872704ad955b37de18639ec831a245761.tar.bz2 volse-hubzilla-bc74425872704ad955b37de18639ec831a245761.zip | |
Revert "Merge branch '1.10RC' of https://github.com/redmatrix/hubzilla into 1.10RC_merge"
This reverts commit 35f17acb388f68745068d6a60e12c7b777b92282, reversing
changes made to 58cf5f310d89026fb526e201c301075725044e48.
Diffstat (limited to 'Zotlabs')
30 files changed, 666 insertions, 637 deletions
diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php deleted file mode 100644 index 909b654d5..000000000 --- a/Zotlabs/Access/PermissionLimits.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php - -namespace Zotlabs\Access; - -use \Zotlabs\Lib as ZLib; - -class PermissionLimits { - - static public function Std_Limits() { - $perms = Permissions::Perms(); - $limits = array(); - foreach($perms as $k => $v) { - if(strstr($k,'view')) - $limits[$k] = PERMS_PUBLIC; - else - $limits[$k] = PERMS_SPECIFIC; - } - return $limits; - } - - static public function Set($channel_id,$perm,$perm_limit) { - ZLib\PConfig::Set($channel_id,'perm_limits',$perm,$perm_limit); - } - - static public function Get($channel_id,$perm = '') { - if($perm) { - return Zlib\PConfig::Get($channel_id,'perm_limits',$perm); - } - else { - Zlib\PConfig::Load($channel_id); - if(array_key_exists($channel_id,\App::$config) && array_key_exists('perm_limits',\App::$config[$channel_id])) - return \App::$config[$channel_id]['perm_limits']; - return false; - } - } -}
\ No newline at end of file diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php deleted file mode 100644 index 8b116adc5..000000000 --- a/Zotlabs/Access/PermissionRoles.php +++ /dev/null @@ -1,215 +0,0 @@ -<?php - - -namespace Zotlabs\Access; - -use Zotlabs\Lib as Zlib; - -class PermissionRoles { - - - static function role_perms($role) { - - $ret = array(); - - $ret['role'] = $role; - - switch($role) { - case 'social': - $ret['perms_auto'] = false; - $ret['default_collection'] = false; - $ret['directory_publish'] = true; - $ret['online'] = true; - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', - 'post_mail', 'chat', 'post_like', 'republish' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - break; - - case 'social_restricted': - $ret['perms_auto'] = false; - $ret['default_collection'] = true; - $ret['directory_publish'] = true; - $ret['online'] = true; - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', - 'post_mail', 'chat', 'post_like' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - - break; - - case 'social_private': - $ret['perms_auto'] = false; - $ret['default_collection'] = true; - $ret['directory_publish'] = false; - $ret['online'] = false; - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', - 'post_mail', 'post_like' ]; - $ret['limits'] = PermissionLimits::Std_Limits(); - $ret['limits']['view_contacts'] = PERMS_SPECIFIC; - $ret['limits']['view_storage'] = PERMS_SPECIFIC; - - break; - - case 'forum': - $ret['perms_auto'] = true; - $ret['default_collection'] = false; - $ret['directory_publish'] = true; - $ret['online'] = false; - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', - 'post_mail', 'post_like' , 'republish', 'chat' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - break; - - case 'forum_restricted': - $ret['perms_auto'] = false; - $ret['default_collection'] = true; - $ret['directory_publish'] = true; - $ret['online'] = false; - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', - 'post_mail', 'post_like' , 'chat' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - - break; - - case 'forum_private': - $ret['perms_auto'] = false; - $ret['default_collection'] = true; - $ret['directory_publish'] = false; - $ret['online'] = false; - - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_wall', 'post_comments', - 'post_mail', 'post_like' , 'chat' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - $ret['limits']['view_profile'] = PERMS_SPECIFIC; - $ret['limits']['view_contacts'] = PERMS_SPECIFIC; - $ret['limits']['view_storage'] = PERMS_SPECIFIC; - $ret['limits']['view_pages'] = PERMS_SPECIFIC; - - break; - - case 'feed': - $ret['perms_auto'] = true; - $ret['default_collection'] = false; - $ret['directory_publish'] = true; - $ret['online'] = false; - - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', - 'post_mail', 'post_like' , 'republish' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - - break; - - case 'feed_restricted': - $ret['perms_auto'] = false; - $ret['default_collection'] = true; - $ret['directory_publish'] = false; - $ret['online'] = false; - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', - 'post_mail', 'post_like' , 'republish' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - - break; - - case 'soapbox': - $ret['perms_auto'] = true; - $ret['default_collection'] = false; - $ret['directory_publish'] = true; - $ret['online'] = false; - - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_like' , 'republish' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - - break; - - case 'repository': - $ret['perms_auto'] = true; - $ret['default_collection'] = false; - $ret['directory_publish'] = true; - $ret['online'] = false; - - $ret['perms_connect'] = [ - 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', - 'post_mail', 'post_like' , 'republish', 'chat' ]; - - $ret['limits'] = PermissionLimits::Std_Limits(); - break; - - default: - break; - } - - $x = get_config('system','role_perms'); - // let system settings over-ride any or all - if($x && is_array($x) && array_key_exists($role,$x)) - $ret = array_merge($ret,$x[$role]); - - call_hooks('get_role_perms',$ret); - - return $ret; - } - - - - - static public function roles() { - $roles = [ - t('Social Networking') => [ - 'social' => t('Social - Mostly Public'), - 'social_restricted' => t('Social - Restricted'), - 'social_private' => t('Social - Private') - ], - - t('Community Forum') => [ - 'forum' => t('Forum - Mostly Public'), - 'forum_restricted' => t('Forum - Restricted'), - 'forum_private' => t('Forum - Private') - ], - - t('Feed Republish') => [ - 'feed' => t('Feed - Mostly Public'), - 'feed_restricted' => t('Feed - Restricted') - ], - - t('Special Purpose') => [ - 'soapbox' => t('Special - Celebrity/Soapbox'), - 'repository' => t('Special - Group Repository') - ], - - t('Other') => [ - 'custom' => t('Custom/Expert Mode') - ] - - ]; - - return $roles; - } - - - -}
\ No newline at end of file diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php deleted file mode 100644 index 61ea51a48..000000000 --- a/Zotlabs/Access/Permissions.php +++ /dev/null @@ -1,116 +0,0 @@ -<?php - - -namespace Zotlabs\Access; - -use Zotlabs\Lib as Zlib; - -class Permissions { - - /** - * Extensible permissions. - * To add new permissions, add to the list of $perms below, with a simple description. - * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role - * if this permission should be granted to new connections. - * - * Permissions with 'view' in the name are considered read permissions. Anything - * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else - * is given PERMS_SPECIFIC. - * - * PermissionLimits::Std_limits() retrieves the standard limits. A permission role - * MAY alter an individual setting after retrieving the Std_limits if you require - * something different for a specific permission within the given role. - * - */ - - - static public function Perms($filter = '') { - - $perms = [ - 'view_stream' => t('Can view my channel stream and posts'), - 'send_stream' => t('Can send me their channel stream and posts'), - 'view_profile' => t('Can view my default channel profile'), - 'view_contacts' => t('Can view my connections'), - 'view_storage' => t('Can view my file storage and photos'), - 'write_storage' => t('Can upload/modify my file storage and photos'), - 'view_pages' => t('Can view my channel webpages'), - 'write_pages' => t('Can create/edit my channel webpages'), - 'post_wall' => t('Can post on my channel (wall) page'), - 'post_comments' => t('Can comment on or like my posts'), - 'post_mail' => t('Can send me private mail messages'), - 'post_like' => t('Can like/dislike profiles and profile things'), - 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts'), - 'chat' => t('Can chat with me'), - 'republish' => t('Can source my public posts in derived channels'), - 'delegate' => t('Can administer my channel') - ]; - - $x = array('permissions' => $perms, 'filter' => $filter); - call_hooks('permissions_list',$x); - return($x['permissions']); - - } - - static public function BlockedAnonPerms() { - - // Perms from the above list that are blocked from anonymous observers. - // e.g. you must be authenticated. - - $res = array(); - $perms = PermissionLimits::Std_limits(); - foreach($perms as $perm => $limit) { - if($limit != PERMS_PUBLIC) { - $res[] = $perm; - } - } - - $x = array('permissions' => $res); - call_hooks('write_perms',$x); - return($x['permissions']); - - } - - // converts [ 0 => 'view_stream', ... ] - // to [ 'view_stream' => 1 ] - // for any permissions in $arr; - // Undeclared permissions are set to 0 - - static public function FilledPerms($arr) { - $everything = self::Perms(); - $ret = []; - foreach($everything as $k => $v) { - if(in_array($k,$arr)) - $ret[$k] = 1; - else - $ret[$k] = 0; - } - return $ret; - - } - - static public function FilledAutoperms($channel_id) { - if(! intval(get_pconfig($channel_id,'system','autoperms'))) - return false; - - $arr = []; - $r = q("select * from pconfig where uid = %d and cat = 'autoperms'", - intval($channel_id) - ); - if($r) { - foreach($r as $rr) { - $arr[$rr['k']] = $arr[$rr['v']]; - } - } - return $arr; - } - - static public function PermsCompare($p1,$p2) { - foreach($p1 as $k => $v) { - if(! array_key_exists($k,$p2)) - return false; - if($p1[$k] != $p2[$k]) - return false; - } - return true; - } -}
\ No newline at end of file diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php index 21c46cec5..036a4991b 100644 --- a/Zotlabs/Daemon/Onepoll.php +++ b/Zotlabs/Daemon/Onepoll.php @@ -102,9 +102,7 @@ class Onepoll { $fetch_feed = true; $x = null; - $can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream')); - - if(! $can_view_stream) + if(! ($contact['abook_their_perms'] & PERMS_R_STREAM )) $fetch_feed = false; if($fetch_feed) { diff --git a/Zotlabs/Lib/AbConfig.php b/Zotlabs/Lib/AbConfig.php index cb5d96951..cab59abbd 100644 --- a/Zotlabs/Lib/AbConfig.php +++ b/Zotlabs/Lib/AbConfig.php @@ -7,7 +7,7 @@ class AbConfig { static public function Load($chan,$xhash,$family = '') { if($family) - $where = sprintf(" and cat = '%s' ",dbesc($family)); + $where = sprintf(" and family = '%s' ",dbesc($family)); $r = q("select * from abconfig where chan = %d and xchan = '%s' $where", intval($chan), dbesc($xhash) diff --git a/Zotlabs/Lib/Cache.php b/Zotlabs/Lib/Cache.php index f211269be..35c8f56ad 100644 --- a/Zotlabs/Lib/Cache.php +++ b/Zotlabs/Lib/Cache.php @@ -8,9 +8,6 @@ namespace Zotlabs\Lib; class Cache { public static function get($key) { - - $key = substr($key,0,254); - $r = q("SELECT v FROM cache WHERE k = '%s' limit 1", dbesc($key) ); @@ -22,8 +19,6 @@ class Cache { public static function set($key,$value) { - $key = substr($key,0,254); - $r = q("SELECT * FROM cache WHERE k = '%s' limit 1", dbesc($key) ); diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index a481667a5..195321375 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -17,20 +17,12 @@ class PConfig { */ static public function Load($uid) { - if(is_null($uid) || $uid === false) + if($uid === false) return false; if(! array_key_exists($uid, \App::$config)) \App::$config[$uid] = array(); - if(! is_array(\App::$config)) { - btlogger('App::$config not an array: ' . $uid); - } - - if(! is_array(\App::$config[$uid])) { - btlogger('App::$config[$uid] not an array: ' . $uid); - } - $r = q("SELECT * FROM pconfig WHERE uid = %d", intval($uid) ); @@ -69,7 +61,7 @@ class PConfig { static public function Get($uid,$family,$key,$instore = false) { - if(is_null($uid) || $uid === false) + if($uid === false) return false; if(! array_key_exists($uid, \App::$config)) @@ -110,7 +102,7 @@ class PConfig { // we provide a function backtrace in the logs so that we can find // and fix the calling function. - if(is_null($uid) || $uid === false) { + if($uid === false) { btlogger('UID is FALSE!', LOGGER_NORMAL, LOG_ERR); return; } @@ -180,9 +172,6 @@ class PConfig { static public function Delete($uid, $family, $key) { - if(is_null($uid) || $uid === false) - return false; - $ret = false; if(array_key_exists($key, \App::$config[$uid][$family])) diff --git a/Zotlabs/Lib/PermissionDescription.php b/Zotlabs/Lib/PermissionDescription.php index b6c6dd29d..55aac2dea 100644 --- a/Zotlabs/Lib/PermissionDescription.php +++ b/Zotlabs/Lib/PermissionDescription.php @@ -78,13 +78,22 @@ class PermissionDescription { $result = null; - $global_perms = \Zotlabs\Access\Permissions::Perms(); + $global_perms = get_perms(); if (array_key_exists($permname, $global_perms)) { - $channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'],$permname); - - $result = new PermissionDescription('', $channelPerm); + $permDetails = $global_perms[$permname]; + + // It should be OK to always just read the permissions from App::$channel + // + // App::$profile is a union of channel and profile fields. + // The distinction is basically that App::$profile is pointing to the resource + // being observed. App::$channel is referring to the current logged-in channel + // member (if this is a local channel) e.g. the observer. We only show the ACL + // widget to the page owner (observer and observed are the same) so in that case + // I believe either may be safely used here. + $channelPerm = \App::$channel[$permDetails[0]]; + $result = new PermissionDescription($permDetails[1], $channelPerm); } else { // The acl dialog can handle null arguments, but it shouldn't happen logger('null PermissionDescription from unknown global permission: ' . $permname ,LOGGER_DEBUG, LOG_ERROR); diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 03dc6c5d3..76a001fdd 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -58,23 +58,7 @@ class Acl extends \Zotlabs\Web\Controller { if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) killme(); - - $permitted = []; - - if(in_array($type, [ 'm', 'a', 'c' ])) { - - // These queries require permission checking. We'll create a simple array of xchan_hash for those with - // the requisite permissions which we can check against. - - $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1", - intval(local_channel()), - dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver') - ); - - $permitted = ids_to_array($x,'xchan'); - } - - + if($search) { $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; @@ -103,13 +87,13 @@ class Acl extends \Zotlabs\Web\Controller { if($type == '' || $type == 'g') { - $r = q("SELECT groups.id, groups.hash, groups.gname - FROM groups,group_member - WHERE groups.deleted = 0 AND groups.uid = %d - AND group_member.gid=groups.id + $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname` + FROM `groups`,`group_member` + WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d + AND `group_member`.`gid`=`groups`.`id` $sql_extra - GROUP BY groups.id - ORDER BY groups.gname + GROUP BY `groups`.`id` + ORDER BY `groups`.`gname` LIMIT %d OFFSET %d", intval(local_channel()), intval($count), @@ -172,7 +156,7 @@ class Acl extends \Zotlabs\Web\Controller { } - $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) @@ -237,24 +221,16 @@ class Acl extends \Zotlabs\Web\Controller { } } elseif($type == 'm') { - - $r = array(); - $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + + $r = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) and xchan_deleted = 0 $sql_extra3 - ORDER BY xchan_name ASC ", - intval(local_channel()) + ORDER BY `xchan_name` ASC ", + intval(local_channel()), + intval(PERMS_W_MAIL) ); - if($z) { - foreach($z as $zz) { - if(in_array($zz['id'],$permitted)) { - $r[] = $zz; - } - } - } - } elseif($type == 'a') { @@ -298,7 +274,7 @@ class Acl extends \Zotlabs\Web\Controller { if(strpos($g['hash'],'/') && $type != 'a') continue; - if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) { + if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 93ee30999..7db4950b1 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -126,30 +126,15 @@ class Connedit extends \Zotlabs\Web\Controller { $rating = 10; $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - - $all_perms = \Zotlabs\Access\Permissions::Perms(); - - if($all_perms) { - foreach($all_perms as $perm => $desc) { - if(array_key_exists('perms_' . $perm, $_POST)) { - set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm, - intval($_POST['perms_' . $perm])); - if($autoperms) { - set_pconfig($channel['channel_id'],'autoperms',$perm,intval($_POST['perms_' . $perm])); - } - } - else { - set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0); - if($autoperms) { - set_pconfig($channel['channel_id'],'autoperms',$perm,0); - } - } + + $abook_my_perms = 0; + + foreach($_POST as $k => $v) { + if(strpos($k,'perms_') === 0) { + $abook_my_perms += $v; } } - - if(! is_null($autoperms)) - set_pconfig($channel['channel_id'],'system','autoperms',$autoperms); - + $new_friend = false; if(! $is_self) { @@ -209,25 +194,19 @@ class Connedit extends \Zotlabs\Web\Controller { $role = get_pconfig(local_channel(),'system','permissions_role'); if($role) { - $x = \Zotlabs\Access\PermissionRoles::role_perms($role); - if($x['perms_connect']) { - $abook_my_perms = $x['perms_connect']; - } - } - - $filled_perms = \Zotlabs\Access\Permissions::FilledPerms($abook_my_perms); - foreach($filled_perms as $k => $v) { - set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v); + $x = get_role_perms($role); + if($x['perms_accept']) + $abook_my_perms = $x['perms_accept']; } - } - + $abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']); - $r = q("UPDATE abook SET abook_profile = '%s', abook_closeness = %d, abook_pending = %d, + $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_pending = %d, abook_incl = '%s', abook_excl = '%s' where abook_id = %d AND abook_channel = %d", dbesc($profile_id), + intval($abook_my_perms), intval($closeness), intval($abook_pending), dbesc($abook_incl), @@ -248,13 +227,10 @@ class Connedit extends \Zotlabs\Web\Controller { info( t('Connection updated.') . EOL); else notice( t('Failed to update connection record.') . EOL); - - if(! intval(\App::$poi['abook_self'])) { - \Zotlabs\Daemon\Master::Summon( [ - 'Notifier', - (($new_friend) ? 'permission_create' : 'permission_update'), - $contact_id - ]); + + if(\App::$poi && \App::$poi['abook_my_perms'] != $abook_my_perms + && (! intval(\App::$poi['abook_self']))) { + \Zotlabs\Daemon\Master::Summon(array('Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), $contact_id)); } if($new_friend) { @@ -395,9 +371,9 @@ class Connedit extends \Zotlabs\Web\Controller { $my_perms = get_channel_default_perms(local_channel()); $role = get_pconfig(local_channel(),'system','permissions_role'); if($role) { - $x = \Zotlabs\Access\PermissionRoles::role_perms($role); - if($x['perms_connect']) - $my_perms = $x['perms_connect']; + $x = get_role_perms($role); + if($x['perms_accept']) + $my_perms = $x['perms_accept']; } $yes_no = array(t('No'),t('Yes')); @@ -678,8 +654,7 @@ class Connedit extends \Zotlabs\Web\Controller { $perms = array(); $channel = \App::get_channel(); - $global_perms = \Zotlabs\Access\Permissions::Perms(); - + $global_perms = get_perms(); $existing = get_all_perms(local_channel(),$contact['abook_xchan']); $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes'))); @@ -695,32 +670,16 @@ class Connedit extends \Zotlabs\Web\Controller { if($slide && $multiprofs) $affinity = t('Set Affinity & Profile'); - $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'", - intval(local_channel()), - dbesc($contact['abook_xchan']) - ); - $their_perms = array(); - if($theirs) { - foreach($theirs as $t) { - $their_perms[$t['k']] = $t['v']; - } - } - foreach($global_perms as $k => $v) { - $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k); -//fixme - - $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k); + $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); + $checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : ''); // For auto permissions (when $self is true) we don't want to look at existing // permissions because they are enabled for the channel owner if((! $self) && ($existing[$k])) $thisperm = "1"; - - - - $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); + $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4], $checkinherited); } $locstr = ''; diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index 838fe9e4f..da859de3e 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -47,9 +47,9 @@ class Editpost extends \Zotlabs\Web\Controller { if(intval($itm[0]['item_obscured'])) { $key = get_config('system','prvkey'); if($itm[0]['title']) - $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key); + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); if($itm[0]['body']) - $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key); + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); } $category = ''; diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index a55f81101..be4803a07 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -108,9 +108,9 @@ class Editwebpage extends \Zotlabs\Web\Controller { if(intval($itm[0]['item_obscured'])) { $key = get_config('system','prvkey'); if($itm[0]['title']) - $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key); + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); if($itm[0]['body']) - $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key); + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); } $item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1", diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php deleted file mode 100644 index 999b241f1..000000000 --- a/Zotlabs/Module/File_upload.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php -namespace Zotlabs\Module; - -require_once('include/attach.php'); -require_once('include/channel.php'); -require_once('include/photos.php'); - - -class File_upload extends \Zotlabs\Web\Controller { - - function post() { - - // logger('file upload: ' . print_r($_REQUEST,true)); - - $channel = (($_REQUEST['channick']) ? get_channel_by_nick($_REQUEST['channick']) : null); - - if(! $channel) { - logger('channel not found'); - killme(); - } - - $_REQUEST['source'] = 'file_upload'; - - if($channel['channel_id'] != local_channel()) { - $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); - $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); - $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); - $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); - } - - if($_REQUEST['directory_name']) - $r = attach_mkdir($channel,get_observer_hash(),$_REQUEST); - else - $r = attach_store($channel,get_observer_hash(), '', $_REQUEST); - - goaway(z_root() . '/' . $_REQUEST['return_url']); - - } - -} diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index da9ab3670..3641330c9 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -47,13 +47,12 @@ class Follow extends \Zotlabs\Web\Controller { if($abconfig) $clone['abconfig'] = $abconfig; - build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)), true); + build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone))); - $can_view_stream = intval(get_abconfig($channel['channel_id'],$clone['abook_xchan'],'their_perms','view_stream')); // If we can view their stream, pull in some posts - if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss')) + if(($result['abook']['abook_their_perms'] & PERMS_R_STREAM) || ($result['abook']['xchan_network'] === 'rss')) \Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id'])); goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php new file mode 100644 index 000000000..e053bf99c --- /dev/null +++ b/Zotlabs/Module/Id.php @@ -0,0 +1,319 @@ +<?php +namespace Zotlabs\Module; + +/** + * @file mod/id.php + * @brief OpenID implementation + */ + +require 'library/openid/provider/provider.php'; + + +$attrMap = array( + 'namePerson/first' => t('First Name'), + 'namePerson/last' => t('Last Name'), + 'namePerson/friendly' => t('Nickname'), + 'namePerson' => t('Full Name'), + 'contact/internet/email' => t('Email'), + 'contact/email' => t('Email'), + 'media/image/aspect11' => t('Profile Photo'), + 'media/image' => t('Profile Photo'), + 'media/image/default' => t('Profile Photo'), + 'media/image/16x16' => t('Profile Photo 16px'), + 'media/image/32x32' => t('Profile Photo 32px'), + 'media/image/48x48' => t('Profile Photo 48px'), + 'media/image/64x64' => t('Profile Photo 64px'), + 'media/image/80x80' => t('Profile Photo 80px'), + 'media/image/128x128' => t('Profile Photo 128px'), + 'timezone' => t('Timezone'), + 'contact/web/default' => t('Homepage URL'), + 'language/pref' => t('Language'), + 'birthDate/birthYear' => t('Birth Year'), + 'birthDate/birthMonth' => t('Birth Month'), + 'birthDate/birthday' => t('Birth Day'), + 'birthDate' => t('Birthdate'), + 'gender' => t('Gender'), +); + + +/** + * @brief Entrypoint for the OpenID implementation. + * + * @param App &$a + */ + +class Id extends \Zotlabs\Web\Controller { + + function init() { + + logger('id: ' . print_r($_REQUEST, true)); + + if(argc() > 1) { + $which = argv(1); + } else { + \App::$error = 404; + return; + } + + $profile = ''; + $channel = \App::get_channel(); + profile_load($which,$profile); + + $op = new MysqlProvider; + $op->server(); + } + + /** + * @brief Returns user data needed for OpenID. + * + * If no $handle is provided we will use local_channel() by default. + * + * @param string $handle (default null) + * @return boolean|array + */ + static public function getUserData($handle = null) { + if (! local_channel()) { + notice( t('Permission denied.') . EOL); + \App::$page['content'] = login(); + + return false; + } + + // logger('handle: ' . $handle); + + if ($handle) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", + dbesc($handle) + ); + } else { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d", + intval(local_channel()) + ); + } + + if (! r) + return false; + + $x = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if ($x) + $r[0]['email'] = $x[0]['account_email']; + + $p = q("select * from profile where is_default = 1 and uid = %d limit 1", + intval($r[0]['channel_account_id']) + ); + + $gender = ''; + if ($p[0]['gender'] == t('Male')) + $gender = 'M'; + if ($p[0]['gender'] == t('Female')) + $gender = 'F'; + + $r[0]['firstName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],0,strpos($r[0]['channel_name'],' ')) : $r[0]['channel_name']); + $r[0]['lastName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],strpos($r[0]['channel_name'],' ')+1) : ''); + $r[0]['namePerson'] = $r[0]['channel_name']; + $r[0]['pphoto'] = $r[0]['xchan_photo_l']; + $r[0]['pphoto16'] = z_root() . '/photo/profile/16/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto32'] = z_root() . '/photo/profile/32/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto48'] = z_root() . '/photo/profile/48/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto64'] = z_root() . '/photo/profile/64/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto80'] = z_root() . '/photo/profile/80/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto128'] = z_root() . '/photo/profile/128/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['timezone'] = $r[0]['channel_timezone']; + $r[0]['url'] = $r[0]['xchan_url']; + $r[0]['language'] = (($x[0]['account_language']) ? $x[0]['account_language'] : 'en'); + $r[0]['birthyear'] = ((intval(substr($p[0]['dob'],0,4))) ? intval(substr($p[0]['dob'],0,4)) : ''); + $r[0]['birthmonth'] = ((intval(substr($p[0]['dob'],5,2))) ? intval(substr($p[0]['dob'],5,2)) : ''); + $r[0]['birthday'] = ((intval(substr($p[0]['dob'],8,2))) ? intval(substr($p[0]['dob'],8,2)) : ''); + $r[0]['birthdate'] = (($r[0]['birthyear'] && $r[0]['birthmonth'] && $r[0]['birthday']) ? $p[0]['dob'] : ''); + $r[0]['gender'] = $gender; + + return $r[0]; + + /* + * if(isset($_POST['login'],$_POST['password'])) { + * $login = mysql_real_escape_string($_POST['login']); + * $password = sha1($_POST['password']); + * $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'"); + * if($data = mysql_fetch_assoc($q)) { + * return $data; + * } + * if($handle) { + * echo 'Wrong login/password.'; + * } + * } + * if($handle) { + * ?> + * <form action="" method="post"> + * <input type="hidden" name="openid.assoc_handle" value="<?php +namespace Zotlabs\Module; echo $handle?>"> + * Login: <input type="text" name="login"><br> + * Password: <input type="password" name="password"><br> + * <button>Submit</button> + * </form> + * <?php +namespace Zotlabs\Module; + * die(); + * } + */ + + } +} + + + /** + * @brief MySQL provider for OpenID implementation. + * + */ + class MysqlProvider extends \LightOpenIDProvider { + + // See http://openid.net/specs/openid-attribute-properties-list-1_0-01.html + // This list contains a few variations of these attributes to maintain + // compatibility with legacy clients + + private $attrFieldMap = array( + 'namePerson/first' => 'firstName', + 'namePerson/last' => 'lastName', + 'namePerson/friendly' => 'channel_address', + 'namePerson' => 'namePerson', + 'contact/internet/email' => 'email', + 'contact/email' => 'email', + 'media/image/aspect11' => 'pphoto', + 'media/image' => 'pphoto', + 'media/image/default' => 'pphoto', + 'media/image/16x16' => 'pphoto16', + 'media/image/32x32' => 'pphoto32', + 'media/image/48x48' => 'pphoto48', + 'media/image/64x64' => 'pphoto64', + 'media/image/80x80' => 'pphoto80', + 'media/image/128x128' => 'pphoto128', + 'timezone' => 'timezone', + 'contact/web/default' => 'url', + 'language/pref' => 'language', + 'birthDate/birthYear' => 'birthyear', + 'birthDate/birthMonth' => 'birthmonth', + 'birthDate/birthday' => 'birthday', + 'birthDate' => 'birthdate', + 'gender' => 'gender', + ); + + function setup($identity, $realm, $assoc_handle, $attributes) { + global $attrMap; + + // logger('identity: ' . $identity); + // logger('realm: ' . $realm); + // logger('assoc_handle: ' . $assoc_handle); + // logger('attributes: ' . print_r($attributes,true)); + + $data = \Zotlabs\Module\Id::getUserData($assoc_handle); + + + /** @FIXME this needs to be a template with localised strings */ + + $o .= '<form action="" method="post">' + . '<input type="hidden" name="openid.assoc_handle" value="' . $assoc_handle . '">' + . '<input type="hidden" name="login" value="' . $_POST['login'] .'">' + . '<input type="hidden" name="password" value="' . $_POST['password'] .'">' + . "<b>$realm</b> wishes to authenticate you."; + if($attributes['required'] || $attributes['optional']) { + $o .= " It also requests following information (required fields marked with *):" + . '<ul>'; + + foreach($attributes['required'] as $attr) { + if(isset($this->attrMap[$attr])) { + $o .= '<li>' + . '<input type="checkbox" name="attributes[' . $attr . ']"> ' + . $this->attrMap[$attr] . ' <span class="required">*</span></li>'; + } + } + + foreach($attributes['optional'] as $attr) { + if(isset($this->attrMap[$attr])) { + $o .= '<li>' + . '<input type="checkbox" name="attributes[' . $attr . ']"> ' + . $this->attrMap[$attr] . '</li>'; + } + } + $o .= '</ul>'; + } + $o .= '<br>' + . '<button name="once">Allow once</button> ' + . '<button name="always">Always allow</button> ' + . '<button name="cancel">cancel</button> ' + . '</form>'; + + \App::$page['content'] .= $o; + } + + function checkid($realm, &$attributes) { + + logger('checkid: ' . $realm); + logger('checkid attrs: ' . print_r($attributes,true)); + + if(isset($_POST['cancel'])) { + $this->cancel(); + } + + $data = \Zotlabs\Module\Id::getUserData(); + if(! $data) { + return false; + } + + $q = get_pconfig(local_channel(), 'openid', $realm); + + $attrs = array(); + if($q) { + $attrs = $q; + } elseif(isset($_POST['attributes'])) { + $attrs = array_keys($_POST['attributes']); + } elseif(!isset($_POST['once']) && !isset($_POST['always'])) { + return false; + } + + $attributes = array(); + foreach($attrs as $attr) { + if(isset($this->attrFieldMap[$attr])) { + $attributes[$attr] = $data[$this->attrFieldMap[$attr]]; + } + } + + if(isset($_POST['always'])) { + set_pconfig(local_channel(),'openid',$realm,array_keys($attributes)); + } + + return z_root() . '/id/' . $data['channel_address']; + } + + function assoc_handle() { + logger('assoc_handle'); + $channel = \App::get_channel(); + + return z_root() . '/channel/' . $channel['channel_address']; + } + + function setAssoc($handle, $data) { + logger('setAssoc'); + $channel = channelx_by_nick(basename($handle)); + if($channel) + set_pconfig($channel['channel_id'],'openid','associate',$data); + } + + function getAssoc($handle) { + logger('getAssoc: ' . $handle); + + $channel = channelx_by_nick(basename($handle)); + if($channel) + return get_pconfig($channel['channel_id'], 'openid', 'associate'); + + return false; + } + + function delAssoc($handle) { + logger('delAssoc'); + $channel = channelx_by_nick(basename($handle)); + if($channel) + return del_pconfig($channel['channel_id'], 'openid', 'associate'); + } + } + diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index d27f013b9..e34f5e49e 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -8,7 +8,6 @@ namespace Zotlabs\Module; require_once('include/zot.php'); require_once('include/channel.php'); require_once('include/import.php'); -require_once('include/perm_upgrade.php'); @@ -340,8 +339,6 @@ class Import extends \Zotlabs\Web\Controller { $abooks = $data['abook']; if($abooks) { foreach($abooks as $abook) { - - $abook_copy = $abook; $abconfig = null; if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig'])) @@ -350,10 +347,6 @@ class Import extends \Zotlabs\Web\Controller { unset($abook['abook_id']); unset($abook['abook_rating']); unset($abook['abook_rating_text']); - unset($abook['abconfig']); - unset($abook['abook_their_perms']); - unset($abook['abook_my_perms']); - $abook['abook_account'] = $account_id; $abook['abook_channel'] = $channel['channel_id']; if(! array_key_exists('abook_blocked',$abook)) { @@ -392,8 +385,6 @@ class Import extends \Zotlabs\Web\Controller { $friends ++; if(intval($abook['abook_feed'])) $feeds ++; - - translate_abook_perms_inbound($channel,$abook_copy); if($abconfig) { // @fixme does not handle sync of del_abconfig diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 2d0c1ba02..b54099d74 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -318,11 +318,9 @@ class Item extends \Zotlabs\Web\Controller { } $acl = new \Zotlabs\Access\AccessList($channel); - - $view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'); - $comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments'); - $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($view_policy,true)); + + $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true)); if($webpage) $public_policy = ''; if($public_policy) @@ -530,11 +528,11 @@ class Item extends \Zotlabs\Web\Controller { if((! $parent) && (get_pconfig($profile_uid,'system','tagifonlyrecip')) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) { - $x = q("select abook_id, abconfig.v from abook left join abconfig on abook_xchan = abconfig.xchan and abook_channel = abconfig.chan and cat= 'their_perms' and abconfig.k = 'tag_deliver' and abconfig.v = 1 and abook_xchan = '%s' and abook_channel = %d limit 1", + $x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)), intval($profile_uid) ); - if($x) + if($x && ($x[0]['abook_their_perms'] & PERMS_W_TAGWALL)) $body .= "\n\n@group+" . $x[0]['abook_id'] . "\n"; } @@ -814,7 +812,7 @@ class Item extends \Zotlabs\Web\Controller { $datarray['layout_mid'] = $layout_mid; $datarray['public_policy'] = $public_policy; - $datarray['comment_policy'] = map_scope($comment_policy); + $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); $datarray['term'] = $post_tags; $datarray['plink'] = $plink; $datarray['route'] = $route; diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 170349509..1ca37d646 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -264,22 +264,23 @@ class Like extends \Zotlabs\Web\Controller { logger('like: no item ' . $item_id); killme(); } - - - xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel())); - + + $item = $r[0]; - - $owner_uid = $r[0]['uid']; - $owner_aid = $r[0]['aid']; - - $can_comment = false; - if((array_key_exists('owner',$item)) && intval($item['owner']['abook_self'])) - $can_comment = perm_is_allowed($item['uid'],$observer['xchan_hash'],'post_comments'); - else - $can_comment = can_comment_on_post($observer['xchan_hash'],$item); - - if(! $can_comment) { + $owner_uid = $item['uid']; + $owner_aid = $item['aid']; + + + $sys = get_sys_channel(); + + + // if this is a "discover" item, (item['uid'] is the sys channel), + // fallback to the item comment policy, which should've been + // respected when generating the conversation thread. + // Even if the activity is rejected by the item owner, it should still get attached + // to the local discover conversation on this site. + + if(($owner_uid != $sys['channel_id']) && (! perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_comments'))) { notice( t('Permission denied') . EOL); killme(); } diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index 043c28078..aae7585c4 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -57,6 +57,8 @@ class Mail extends \Zotlabs\Web\Controller { $their_perms = 0; + $global_perms = get_perms(); + if($j['permissions']['data']) { $permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']); if($permissions) @@ -66,7 +68,13 @@ class Mail extends \Zotlabs\Web\Controller { else $permissions = $j['permissions']; - if(! ($permissions['post_mail'])) { + foreach($permissions as $k => $v) { + if($v) { + $their_perms = $their_perms | intval($global_perms[$k][1]); + } + } + + if(! ($their_perms & PERMS_W_MAIL)) { notice( t('Selected channel has private message restrictions. Send failed.')); // reported issue: let's still save the message and continue. We'll just tell them // that nothing useful is likely to happen. They might have spent hours on it. @@ -112,7 +120,7 @@ class Mail extends \Zotlabs\Web\Controller { } - function get() { + function get() { $o = ''; nav_set_selected('messages'); diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php index 8f815d6d4..4ca044c4a 100644 --- a/Zotlabs/Module/Manage.php +++ b/Zotlabs/Module/Manage.php @@ -143,9 +143,9 @@ class Manage extends \Zotlabs\Web\Controller { $create = array( 'new_channel', t('Create a new channel'), t('Create New')); $delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where - abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = 1 )", + abook_channel = %d and (abook_their_perms & %d) > 0", intval(local_channel()), - intval(local_channel()) + intval(PERMS_A_DELEGATE) ); if($delegates) { diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php new file mode 100644 index 000000000..8cbc6d2fd --- /dev/null +++ b/Zotlabs/Module/Openid.php @@ -0,0 +1,198 @@ +<?php +namespace Zotlabs\Module; + + +require_once('library/openid/openid.php'); +require_once('include/auth.php'); + + +class Openid extends \Zotlabs\Web\Controller { + + function get() { + + $noid = get_config('system','disable_openid'); + if($noid) + goaway(z_root()); + + logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); + + if(x($_REQUEST,'openid_mode')) { + + $openid = new LightOpenID(z_root()); + + if($openid->validate()) { + + logger('openid: validate'); + + $authid = normalise_openid($_REQUEST['openid_identity']); + + if(! strlen($authid)) { + logger( t('OpenID protocol error. No ID returned.') . EOL); + goaway(z_root()); + } + + $x = match_openid($authid); + if($x) { + + $r = q("select * from channel where channel_id = %d limit 1", + intval($x) + ); + if($r) { + $y = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if($y) { + foreach($y as $record) { + if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) { + logger('mod_openid: openid success for ' . $x[0]['channel_name']); + $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['account_id'] = $r[0]['channel_account_id']; + $_SESSION['authenticated'] = true; + authenticate_success($record,$r[0],true,true,true,true); + goaway(z_root()); + } + } + } + } + } + + // Successful OpenID login - but we can't match it to an existing account. + // See if they've got an xchan + + $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", + dbesc($authid) + ); + + if($r) { + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $r[0]['xchan_hash']; + $_SESSION['my_url'] = $r[0]['xchan_url']; + $_SESSION['my_address'] = $r[0]['xchan_addr']; + $arr = array('xchan' => $r[0], 'session' => $_SESSION); + call_hooks('magic_auth_openid_success',$arr); + \App::set_observer($r[0]); + require_once('include/security.php'); + \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name'])); + logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); + if($_SESSION['return_url']) + goaway($_SESSION['return_url']); + goaway(z_root()); + } + + // no xchan... + // create one. + // We should probably probe the openid url and figure out if they have any kind of social presence we might be able to + // scrape some identifying info from. + + $name = $authid; + $url = trim($_REQUEST['openid_identity'],'/'); + if(strpos($url,'http') === false) + $url = 'https://' . $url; + $pphoto = z_root() . '/' . get_default_profile_photo(); + $parsed = @parse_url($url); + if($parsed) { + $host = $parsed['host']; + } + + $attr = $openid->getAttributes(); + + if(is_array($attr) && count($attr)) { + foreach($attr as $k => $v) { + if($k === 'namePerson/friendly') + $nick = notags(trim($v)); + if($k === 'namePerson/first') + $first = notags(trim($v)); + if($k === 'namePerson') + $name = notags(trim($v)); + if($k === 'contact/email') + $addr = notags(trim($v)); + if($k === 'media/image/aspect11') + $photosq = trim($v); + if($k === 'media/image/default') + $photo_other = trim($v); + } + } + if(! $nick) { + if($first) + $nick = $first; + else + $nick = $name; + } + + require_once('library/urlify/URLify.php'); + $x = strtolower(\URLify::transliterate($nick)); + if($nick & $host) + $addr = $nick . '@' . $host; + $network = 'unknown'; + + if($photosq) + $pphoto = $photosq; + elseif($photo_other) + $pphoto = $photo_other; + + $mimetype = guess_image_type($pphoto); + + $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype, + xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, + xchan_name_date, xchan_hidden) + values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", + dbesc($url), + dbesc(''), + dbesc(''), + dbesc(''), + dbesc($mimetype), + dbesc($pphoto), + dbesc($addr), + dbesc($url), + dbesc(''), + dbesc(''), + dbesc(''), + dbesc($name), + dbesc($network), + dbesc(datetime_convert()), + dbesc(datetime_convert()) + ); + if($x) { + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($url) + ); + if($r) { + + $photos = import_xchan_photo($pphoto,$url); + if($photos) { + $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', + xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", + dbesc(datetime_convert()), + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc($photos[3]), + dbesc($url) + ); + } + + set_xconfig($url,'system','openid',$authid); + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $r[0]['xchan_hash']; + $_SESSION['my_url'] = $r[0]['xchan_url']; + $_SESSION['my_address'] = $r[0]['xchan_addr']; + $arr = array('xchan' => $r[0], 'session' => $_SESSION); + call_hooks('magic_auth_openid_success',$arr); + \App::set_observer($r[0]); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name'])); + logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); + if($_SESSION['return_url']) + goaway($_SESSION['return_url']); + goaway(z_root()); + } + } + + } + } + notice( t('Login failed.') . EOL); + goaway(z_root()); + // NOTREACHED + } + +} diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index 7fc0e8ff5..dda792131 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -23,6 +23,8 @@ class Probe extends \Zotlabs\Web\Controller { $j = \Zotlabs\Zot\Finger::run($addr,$channel,false); + // $res = zot_finger($addr,$channel,false); + $o .= '<pre>'; if(! $j['success']) { $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n"); diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index 4b05182c2..899c79b15 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -708,7 +708,7 @@ class Profiles extends \Zotlabs\Web\Controller { '$profile_id' => $r[0]['id'], '$profile_name' => array('profile_name', t('Profile name'), $r[0]['profile_name'], t('Required'), '*'), '$is_default' => $is_default, - '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))), + '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope($channel['channel_r_profile'])), '$advanced' => $advanced, '$name' => array('name', t('Your full name'), $r[0]['fullname'], t('Required'), '*'), '$pdesc' => array('pdesc', t('Title/Description'), $r[0]['pdesc']), @@ -767,7 +767,7 @@ class Profiles extends \Zotlabs\Web\Controller { '$alt' => t('Profile Image'), '$profile_name' => $rr['profile_name'], '$visible' => (($rr['is_default']) - ? '<strong>' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '</strong>' + ? '<strong>' . translate_scope(map_scope($channel['channel_r_profile'])) . '</strong>' : '<a href="' . z_root() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>') )); } diff --git a/Zotlabs/Module/Ratingsearch.php b/Zotlabs/Module/Ratingsearch.php index dcbfd6a9b..5f463b378 100644 --- a/Zotlabs/Module/Ratingsearch.php +++ b/Zotlabs/Module/Ratingsearch.php @@ -58,9 +58,7 @@ class Ratingsearch extends \Zotlabs\Web\Controller { $ret['success'] = true; $r = q("select * from xlink left join xchan on xlink_xchan = xchan_hash - where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 - and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 - order by xchan_name asc", + where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 order by xchan_name asc", dbesc($target) ); diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 9252d1f1d..26b0c46a6 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -2,6 +2,7 @@ namespace Zotlabs\Module; + class Rmagic extends \Zotlabs\Web\Controller { function init() { @@ -31,6 +32,18 @@ class Rmagic extends \Zotlabs\Web\Controller { $arr = array('address' => $address); call_hooks('reverse_magic_auth', $arr); + try { + require_once('library/openid/openid.php'); + $openid = new \LightOpenID(z_root()); + $openid->identity = $address; + $openid->returnUrl = z_root() . '/openid'; + $openid->required = array('namePerson/friendly', 'namePerson'); + $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); + goaway($openid->authUrl()); + } catch (\Exception $e) { + notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage()); + } + // if they're still here... notice( t('Authentication failed.') . EOL); return; diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index af3a25c60..b1258e049 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -21,7 +21,10 @@ class Settings extends \Zotlabs\Web\Controller { // We are setting these values - don't use the argc(), argv() functions here \App::$argc = 2; \App::$argv[] = 'channel'; - } + } + + + } @@ -35,7 +38,7 @@ class Settings extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - // logger('mod_settings: ' . print_r($_REQUEST,true)); + logger('mod_settings: ' . print_r($_REQUEST,true)); if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){ @@ -360,10 +363,10 @@ class Settings extends \Zotlabs\Web\Controller { intval(local_channel()) ); - $global_perms = \Zotlabs\Access\Permissions::Perms(); + $global_perms = get_perms(); foreach($global_perms as $k => $v) { - \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,intval($_POST[$k])); + $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; } $acl = new \Zotlabs\Access\AccessList($channel); $acl->set_from_array($_POST); @@ -379,7 +382,7 @@ class Settings extends \Zotlabs\Web\Controller { ); } else { - $role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($_POST['permissions_role']); + $role_permissions = get_role_perms($_POST['permissions_role']); if(! $role_permissions) { notice('Permissions category could not be found.'); return; @@ -419,25 +422,20 @@ class Settings extends \Zotlabs\Web\Controller { ); } - $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']); - foreach($x as $k => $v) { - set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k, $v); - if($role_permissions['perms_auto']) { - set_pconfig(local_channel(),'autoperms',$k,$v); - } - else { - del_pconfig(local_channel(),'autoperms',$k); + $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1", + intval((array_key_exists('perms_accept',$role_permissions)) ? $role_permissions['perms_accept'] : 0), + intval(local_channel()) + ); + set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0)); + + foreach($role_permissions as $p => $v) { + if(strpos($p,'channel_') !== false) { + $set_perms .= ', ' . $p . ' = ' . intval($v) . ' '; } - } - - if($role_permissions['limits']) { - foreach($role_permissions['limits'] as $k => $v) { - \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,$v); + if($p === 'directory_publish') { + $publish = intval($v); } } - if(array_key_exists('directory_publish',$role_permissions)) { - $publish = intval($role_permissions['directory_publish']); - } } set_pconfig(local_channel(),'system','hide_online_status',$hide_presence); @@ -965,7 +963,11 @@ class Settings extends \Zotlabs\Web\Controller { return $o; } - + + + + + if(argv(1) === 'channel') { require_once('include/acl_selectors.php'); @@ -982,8 +984,9 @@ class Settings extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - $global_perms = \Zotlabs\Access\Permissions::Perms(); - + + $global_perms = get_perms(); + $permiss = array(); $perm_opts = array( @@ -997,18 +1000,19 @@ class Settings extends \Zotlabs\Web\Controller { array( t('Anybody on the internet'), PERMS_PUBLIC) ); - $limits = \Zotlabs\Access\PermissionLimits::Get(local_channel()); foreach($global_perms as $k => $perm) { $options = array(); foreach($perm_opts as $opt) { + if((! $perm[2]) && $opt[1] == PERMS_PUBLIC) + continue; $options[$opt[1]] = $opt[0]; } - $permiss[] = array($k,$perm,$limits[$k],'',$options); + $permiss[] = array($k,$perm[3],$channel[$perm[0]],$perm[4],$options); } - //logger('permiss: ' . print_r($permiss,true)); + // logger('permiss: ' . print_r($permiss,true)); diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index 995976dcd..2325a614b 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -219,7 +219,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { } /** - * @brief Sets the timezone from the channel in BasicAuth. + * @brief Sets the timezone from the channel in RedBasicAuth. * * Set in mod/cloud.php if the channel has a timezone set. * diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index 93c55bd4c..713d75108 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -274,22 +274,6 @@ class Browser extends DAV\Browser\Plugin { // SimpleCollection, we won't need to show the panel either. if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') return; - require_once('include/acl_selectors.php'); - - $aclselect = null; - $lockstate = ''; - - if($this->auth-owner_id) { - $channel = channelx_by_n($this->auth->owner_id); - if($channel) { - $acl = new \Zotlabs\Access\AccessList($channel); - $channel_acl = $acl->get(); - $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); - - $aclselect = ((local_channel() == $this->auth->owner_id) ? populate_acl($channel_acl,false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''); - - } - } // Storage and quota for the account (all channels of the owner of this directory)! $limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit')); @@ -309,6 +293,7 @@ class Browser extends DAV\Browser\Plugin { userReadableSize($limit), round($used / $limit, 1) * 100); } + // prepare quota for template $quota = array(); $quota['used'] = $used; @@ -321,12 +306,7 @@ class Browser extends DAV\Browser\Plugin { '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), - '$quota' => $quota, - '$channick' => $this->auth->owner_nick, - '$aclselect' => $aclselect, - '$lockstate' => $lockstate, - '$return_url' => \App::$cmd, - '$dragdroptext' => t('Drop files here to immediately upload') + '$quota' => $quota )); } diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 4ba2a450d..f9290ac30 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -152,7 +152,6 @@ class Router { // pretend this is a module so it will initialise the theme \App::$module = '404'; \App::$module_loaded = true; - \App::$error = true; } } } diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 5bb0e08e8..d4f3cb9ea 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -124,7 +124,7 @@ class WebServer { // now that we've been through the module content, see if the page reported // a permission problem and if so, a 403 response would seem to be in order. - if(is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { + if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.')); } |