implement optional moderation of unsolicited comments, minor css fixes and some more work on ocap

9 files changed, 52 insertions, 24 deletions

diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 79821badc..433024cf0 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -2970,13 +2970,23 @@ class Activity {
 				}*/
 
 				if (!$allowed) {
-					logger('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']);
-					logger('rejected: ' . print_r($item, true), LOGGER_DATA);
 
-					// TODO: not implemented
-					// let the sender know we received their comment but we don't permit spam here.
-					// self::send_rejection_activity($channel,$item['author_xchan'],$item);
-					return;
+					if (get_pconfig($channel['channel_id'], 'system', 'moderate_unsolicited_comments')) {
+						$item['item_blocked'] = intval(ITEM_MODERATED);
+						$allowed = true;
+					}
+					else {
+						hz_syslog('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']);
+						logger('rejected: ' . print_r($item, true), LOGGER_DATA);
+
+						// TODO: not implemented
+						// let the sender know we received their comment but we don't permit spam here.
+						// self::send_rejection_activity($channel,$item['author_xchan'],$item);
+
+						return;
+					}
+
+
 				}
 
 				// TODO: not implemented
diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php
index 585761cc4..a8d34b940 100644
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -145,7 +145,7 @@ class Enotify {
 
 		$itemlink = $params['link'];
 
-		$action = t('commented on');
+		$action = (($moderated) ? t('requests to comment on') : t('commented on'));
 
 		if(array_key_exists('item',$params)) {
 
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index cf877ed92..14c9500ff 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -503,7 +503,10 @@ class ThreadItem {
 			'thread_level' => $thread_level,
 			'settings' => $settings,
 			'thr_parent' => (($item['parent_mid'] != $item['thr_parent']) ? gen_link_id($item['thr_parent']) : ''),
-			'contact_id' => (($contact) ? $contact['abook_id'] : '')
+			'contact_id' => (($contact) ? $contact['abook_id'] : ''),
+			'moderate' => ($item['item_blocked'] == ITEM_MODERATED),
+			'moderate_approve' => t('Approve'),
+			'moderate_delete' => t('Delete')
 
 		);
 
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php
index 5f5779b51..710f965ef 100644
--- a/Zotlabs/Module/Attach.php
+++ b/Zotlabs/Module/Attach.php
@@ -95,7 +95,7 @@ class Attach extends Controller {
 			killme();
 		}
 
-		$r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0));
+		$r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0), $token);
 
 		if (!$r['success']) {
 			notice($r['message'] . EOL);
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index 748d990cb..036663681 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -284,13 +284,9 @@ class Channel extends Controller {
 		 * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
 		 */
 
-		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0
-		    and item.item_unpublished = 0 and item.item_pending_remove = 0
-		    and item.item_blocked = 0 ";
-		if (!$is_owner)
-			$item_normal .= "and item.item_delayed = 0 ";
+		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-		$sql_extra          = item_permissions_sql(App::$profile['profile_uid']);
+		$sql_extra = item_permissions_sql(App::$profile['profile_uid']);
 
 		if (feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (!$mid))
 			$page_mode = 'list';
diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php
index 77d56e9a2..efa13b832 100644
--- a/Zotlabs/Module/Hq.php
+++ b/Zotlabs/Module/Hq.php
@@ -17,8 +17,6 @@ class Hq extends \Zotlabs\Web\Controller {
 	function init() {
 		if(! local_channel())
 			return;
-
-		App::$profile_uid = local_channel();
 	}
 
 	function get($update = 0, $load = false) {
@@ -27,6 +25,8 @@ class Hq extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		App::$profile_uid = local_channel();
+
 		$item_hash = '';
 
 		if(argc() > 1 && argv(1) !== 'load') {
@@ -69,7 +69,7 @@ class Hq extends \Zotlabs\Web\Controller {
 
 			//if the item is to be moderated redirect to /moderate
 			if($target_item['item_blocked'] == ITEM_MODERATED) {
-				goaway(z_root() . '/moderate/' . $target_item['id']);
+			//	goaway(z_root() . '/moderate/' . $target_item['id']);
 			}
 
 			$simple_update = '';
diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php
index b66b052a6..b895b4a8c 100644
--- a/Zotlabs/Module/Moderate.php
+++ b/Zotlabs/Module/Moderate.php
@@ -17,7 +17,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 		}
 
 		\App::set_pager_itemspage(30);
-		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));               
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
 
 		//show all items
 		if(argc() == 1) {
@@ -40,8 +40,13 @@ class Moderate extends \Zotlabs\Web\Controller {
 
 		if(argc() > 2) {
 			$post_id = intval(argv(1));
-			if(! $post_id)
+			if(! $post_id) {
+				if (is_ajax()) {
+					killme();
+				}
+
 				goaway(z_root() . '/moderate');
+			}
 
 			$action = argv(2);
 
@@ -61,18 +66,20 @@ class Moderate extends \Zotlabs\Web\Controller {
 					);
 
 					$item['item_blocked'] = 0;
-
 					item_update_parent_commented($item);
-
 					notice( t('Comment approved') . EOL);
 				}
 				elseif($action === 'drop') {
+					// TODO: not implemented
+					// let the sender know we received their comment but we don't permit spam here.
+					// Activity::send_rejection_activity(App::get_channel(), $item['author_xchan'], $item);
+
 					drop_item($post_id,false);
 					notice( t('Comment deleted') . EOL);
-				} 
+				}
 
 				// refetch the item after changes have been made
-			
+
 				$r = q("select * from item where id = %d",
 					intval($post_id)
 				);
@@ -84,6 +91,11 @@ class Moderate extends \Zotlabs\Web\Controller {
 				if($action === 'approve') {
 					\Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment-new', $post_id));
 				}
+
+				if (is_ajax()) {
+					killme();
+				}
+
 				goaway(z_root() . '/moderate');
 			}
 		}
diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php
index 00fed55c2..dcc209d1d 100644
--- a/Zotlabs/Module/Network.php
+++ b/Zotlabs/Module/Network.php
@@ -43,6 +43,8 @@ class Network extends \Zotlabs\Web\Controller {
 			return login(false);
 		}
 
+		App::$profile_uid = local_channel();
+
 		$o = '';
 
 		$arr = array('query' => App::$query_string);
diff --git a/Zotlabs/Module/Settings/Privacy.php b/Zotlabs/Module/Settings/Privacy.php
index 24249a865..588ece1f1 100644
--- a/Zotlabs/Module/Settings/Privacy.php
+++ b/Zotlabs/Module/Settings/Privacy.php
@@ -25,6 +25,9 @@ class Privacy {
 		$permit_all_mentions = (((x($_POST, 'permit_all_mentions')) && (intval($_POST['permit_all_mentions']) == 1)) ? 1 : 0);
 		set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions);
 
+		$moderate_unsolicited_comments = (((x($_POST, 'moderate_unsolicited_comments')) && (intval($_POST['moderate_unsolicited_comments']) == 1)) ? 1 : 0);
+		set_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments', $moderate_unsolicited_comments);
+
 		$ocap_enabled = (((x($_POST, 'ocap_enabled')) && (intval($_POST['ocap_enabled']) == 1)) ? 1 : 0);
 		set_pconfig(local_channel(), 'system', 'ocap_enabled', $ocap_enabled);
 
@@ -106,6 +109,7 @@ class Privacy {
 		$index_opt_out = get_pconfig(local_channel(), 'system', 'index_opt_out');
 		$group_actor = get_pconfig(local_channel(), 'system', 'group_actor');
 		$permit_all_mentions = get_pconfig(local_channel(), 'system', 'permit_all_mentions');
+		$moderate_unsolicited_comments = get_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments');
 		$ocap_enabled = get_pconfig(local_channel(), 'system', 'ocap_enabled');
 
 		$permissions_role   = get_pconfig(local_channel(), 'system', 'permissions_role', 'custom');
@@ -129,6 +133,7 @@ class Privacy {
 			'$index_opt_out' => ['index_opt_out', t('Opt-out of search engine indexing'), $index_opt_out, '', [t('No'), t('Yes')]],
 			'$group_actor' => ['group_actor', t('Group actor'), $group_actor, t('Allow this channel to act as a forum'), [t('No'), t('Yes')]],
 			'$permit_all_mentions' => ['permit_all_mentions', t('Accept all messages which mention you'), $permit_all_mentions, t('This setting bypasses normal permissions'), [t('No'), t('Yes')]],
+			'$moderate_unsolicited_comments' => ['moderate_unsolicited_comments', t('Moderate unsolicited comments'), $moderate_unsolicited_comments, t('Otherwise they will be silently dropped'), [t('No'), t('Yes')]],
 			'$ocap_enabled' => ['ocap_enabled', t('Enable OCAP access'), $ocap_enabled, t('Grant limited posts the right to access linked private media'), [t('No'), t('Yes')]],
 		]);