aboutsummaryrefslogtreecommitdiffstats
path: root/include/permissions.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-12-10 20:09:19 -0800
committerfriendica <info@friendica.com>2012-12-10 20:09:19 -0800
commit7737382378bc0ec1a1b1685945bbb41a97499bcd (patch)
tree6987f88f0f29e6bb5b0716440d510ac8915a5d64 /include/permissions.php
parentd6fde941088ebd66a231fa098eb2ea3fda9e0975 (diff)
downloadvolse-hubzilla-7737382378bc0ec1a1b1685945bbb41a97499bcd.tar.gz
volse-hubzilla-7737382378bc0ec1a1b1685945bbb41a97499bcd.tar.bz2
volse-hubzilla-7737382378bc0ec1a1b1685945bbb41a97499bcd.zip
revamp permissions, blocking a contact takes priority over all other permission settings, such as "allow anybody in network to do xyz". If they're blocked they can't do it.
Diffstat (limited to 'include/permissions.php')
-rw-r--r--include/permissions.php116
1 files changed, 65 insertions, 51 deletions
diff --git a/include/permissions.php b/include/permissions.php
index 8e0dec6c2..8e0594492 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -67,23 +67,61 @@ function get_all_perms($uid,$observer,$internal_use = true) {
$channel_checked = true;
}
+ // The uid provided doesn't exist. This would be a big fail.
+
if(! $r) {
$ret[$perm_name] = false;
continue;
}
- // Check if this $uid is actually the $observer
- if($r[0]['channel_hash'] === $observer) {
+ // Next we're going to check for blocked or ignored contacts.
+ // These take priority over all other settings.
+
+ if($observer) {
+ if(! $abook_checked) {
+ $x = q("select abook_my_perms, abook_flags from abook
+ where abook_channel = %d and abook_xchan = '%s' limit 1",
+ intval($uid),
+ dbesc($observer)
+ );
+ $abook_checked = true;
+ }
+
+ // If they're blocked - they can't read or write
+
+ if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) {
+ $ret[$perm_name] = false;
+ continue;
+ }
+
+ // Check if this is a write permission and they are being ignored
+ // This flag is only visible internally.
+
+ if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED)) {
+ $ret[$perm_name] = false;
+ continue;
+ }
+ }
+
+ // Check if this $uid is actually the $observer - if it's your content
+ // you always have permission to do anything
+
+ if(($observer) && ($r[0]['channel_hash'] === $observer)) {
$ret[$perm_name] = true;
continue;
}
+ // Anybody at all (that wasn't blocked or ignored). They have permission.
+
if($r[0][$channel_perm] & PERMS_PUBLIC) {
$ret[$perm_name] = true;
continue;
}
+ // From here on out, we need to know who they are. If we can't figure it
+ // out, permission is denied.
+
if(! $observer) {
$ret[$perm_name] = false;
continue;
@@ -116,38 +154,16 @@ function get_all_perms($uid,$observer,$internal_use = true) {
}
// If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book
- // and not blocked/ignored
+ // $x is a valid address book entry
- if(! $abook_checked) {
- $x = q("select abook_my_perms, abook_flags from abook
- where abook_channel = %d and abook_xchan = '%s' limit 1",
- intval($uid),
- dbesc($observer)
- );
- $abook_checked = true;
- }
-
-
- // If they're blocked - they can't read or write
-
- if((! $x) || ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) {
+ if(! $x) {
$ret[$perm_name] = false;
continue;
}
-
- // If we're still going, they are a contact
- if($r && $r[0][$channel_perm] & PERMS_CONTACTS) {
+ if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) {
- // Check if this is a write permission and they are being ignored
- // This flag is only visible internally.
-
- if(($internal_use) && (! $global_perms[$perm_name][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED)) {
- $ret[$perm_name] = false;
- continue;
- }
-
- // Otherwise they're a contact, so they have permission
+ // They're a contact, so they have permission
$ret[$perm_name] = true;
continue;
@@ -156,7 +172,7 @@ function get_all_perms($uid,$observer,$internal_use = true) {
// Permission granted to certain channels. Let's see if the observer is one of them
if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) {
- if(($x) && ($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
+ if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
$ret[$perm_name] = true;
continue;
}
@@ -188,6 +204,23 @@ function perm_is_allowed($uid,$observer,$permission) {
if(! $r)
return false;
+ if($observer) {
+ $x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' limit 1",
+ intval($uid),
+ dbesc($observer)
+ );
+
+ // If they're blocked - they can't read or write
+
+ if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED))
+ return false;
+
+ if(($x) && (! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED))
+ return false;
+
+ }
+
+
// Check if this $uid is actually the $observer
if($r[0]['channel_hash'] === $observer)
@@ -220,36 +253,17 @@ function perm_is_allowed($uid,$observer,$permission) {
return false;
}
- // If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book
- // and not blocked/ignored
-
- $x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' limit 1",
- intval($uid),
- dbesc($observer)
- );
-
- // If they're blocked - they can't read or write
-
- if((! $x) || ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED))
+ if(! $x) {
return false;
-
- // If we're still going, they are a contact
+ }
if($r[0][$channel_perm] & PERMS_CONTACTS) {
-
- // Check if this is a write permission and they are being ignored
-
- if((! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED))
- return false;
-
- // Otherwise they're a contact, so they have permission
-
return true;
}
// Permission granted to certain channels. Let's see if the observer is one of them
- if($r[0][$channel_perm] & PERMS_SPECIFIC) {
+ if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) {
if($x[0]['abook_my_perms'] & $global_perms[$permission][1])
return true;
}