aboutsummaryrefslogtreecommitdiffstats
path: root/include/items.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-08-07 17:14:11 -0700
committerfriendica <info@friendica.com>2014-08-07 17:14:11 -0700
commit640dbdf5e9c5b271cdfe578267963a8aa7729d82 (patch)
treee6a8173f7c4e254c242127bb89da72a668a606c1 /include/items.php
parentf475317dbae8642a2ac77212fe700fbd62a98437 (diff)
downloadvolse-hubzilla-640dbdf5e9c5b271cdfe578267963a8aa7729d82.tar.gz
volse-hubzilla-640dbdf5e9c5b271cdfe578267963a8aa7729d82.tar.bz2
volse-hubzilla-640dbdf5e9c5b271cdfe578267963a8aa7729d82.zip
a bit more cleanup and a bug fix or two for the new private post security model
Diffstat (limited to 'include/items.php')
-rwxr-xr-xinclude/items.php23
1 files changed, 15 insertions, 8 deletions
diff --git a/include/items.php b/include/items.php
index 08c814e10..6af92d7e5 100755
--- a/include/items.php
+++ b/include/items.php
@@ -7,17 +7,13 @@ require_once('include/photo/photo_driver.php');
require_once('include/permissions.php');
-function collect_recipients($item,&$private) {
+function collect_recipients($item,&$private_envelope) {
require_once('include/group.php');
- $private = ((intval($item['item_private'])) ? true : false);
+ $private_envelope = ((intval($item['item_private'])) ? true : false);
$recipients = array();
- // if the post is marked private but there are no recipients, only add the author and owner
- // as recipients. The ACL for the post may live on the hub of a different clone. We need to
- // get the post to that hub.
-
if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) {
// it is private
@@ -49,10 +45,21 @@ function collect_recipients($item,&$private) {
$deny = array_unique(array_merge($deny_people,$deny_groups));
$recipients = array_diff($recipients,$deny);
- $private = true;
+ $private_envelope = true;
}
else {
- if($item['public_policy'] || (! $private)) {
+
+ // if the post is marked private but there are no recipients and public_policy/scope = self,
+ // only add the author and owner as recipients. The ACL for the post may live on the hub of
+ // a different clone. We need to get the post to that hub.
+
+ // The post may be private by virtue of not being visible to anybody on the internet,
+ // but there are no envelope recipients, so set this to false. Delivery is controlled
+ // by the directives in $item['public_policy'].
+
+ $private_envelope = false;
+
+ if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') {
$r = q("select abook_xchan from abook where abook_channel = %d and not (abook_flags & %d) ",
intval($item['uid']),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED)