aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-09-06 09:10:19 +0000
committerMario <mario@mariovavti.com>2021-09-06 09:10:19 +0000
commit8d28649e1b64e8d4eb15fd3923020950a58966e7 (patch)
tree17350748850255de7129339f0abfc4725b267714 /Zotlabs
parent9495fef79bb299aa114bbda72e32ae0a2659e436 (diff)
downloadvolse-hubzilla-8d28649e1b64e8d4eb15fd3923020950a58966e7.tar.gz
volse-hubzilla-8d28649e1b64e8d4eb15fd3923020950a58966e7.tar.bz2
volse-hubzilla-8d28649e1b64e8d4eb15fd3923020950a58966e7.zip
check the post_mail permission for direct messages
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Lib/Activity.php14
-rw-r--r--Zotlabs/Lib/Libzot.php6
2 files changed, 19 insertions, 1 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 971381fb2..14d4a1d71 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -1815,12 +1815,19 @@ class Activity {
}
else {
if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') && !$is_sys_channel) {
- logger('no permission');
+ logger('no send_stream permission');
return;
}
$s['owner_xchan'] = $s['author_xchan'] = $observer_hash;
}
+ if (intval($item['item_private']) === 2) {
+ if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'post_mail')) {
+ logger('no post_mail permission');
+ return;
+ }
+ }
+
$abook = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
dbesc($observer_hash),
intval($channel['channel_id'])
@@ -2672,6 +2679,11 @@ class Activity {
$allowed = true;
}
+ if (intval($item['item_private']) === 2) {
+ if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'post_mail')) {
+ $allowed = false;
+ }
+ }
if ($is_sys_channel) {
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
index cb55a4e67..9c232f34d 100644
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -1601,6 +1601,12 @@ class Libzot {
$friendofriend = true;
}
+ if (intval($arr['item_private']) === 2) {
+ if (!perm_is_allowed($channel['channel_id'], $sender, 'post_mail')) {
+ $allowed = false;
+ }
+ }
+
if (!$allowed) {
logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
$DR->update('permission denied');