diff options
| author | Mario <mario@mariovavti.com> | 2023-06-02 11:33:44 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2023-06-02 11:33:44 +0000 |
| commit | 48a33f08e2042b0bb809f43f9bec9d7739af3c28 (patch) | |
| tree | 91d6835c6e0421c72ae67f3d4707ed6a316a125e /include/security.php | |
| parent | 4b17ea04a75eba037d5ad5bc2aeffaadddfcfa04 (diff) | |
| download | volse-hubzilla-48a33f08e2042b0bb809f43f9bec9d7739af3c28.tar.gz volse-hubzilla-48a33f08e2042b0bb809f43f9bec9d7739af3c28.tar.bz2 volse-hubzilla-48a33f08e2042b0bb809f43f9bec9d7739af3c28.zip | |
ocap initial checkin
Diffstat (limited to 'include/security.php')
| -rw-r--r-- | include/security.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/include/security.php b/include/security.php index 2fbe1da1a..539e5f5b5 100644 --- a/include/security.php +++ b/include/security.php @@ -330,7 +330,7 @@ function change_channel($change_channel) { * @return string additional SQL where statement */ -function permissions_sql($owner_id, $remote_observer = null, $table = '') { +function permissions_sql($owner_id, $remote_observer = null, $table = '', $token = EMPTY_STR) { $local_channel = local_channel(); @@ -412,6 +412,16 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') { dbesc($gs) ); } + + /* + * OCAP token access + */ + + elseif ($token) { + $sql = " AND ( {$table}allow_cid like '" . protect_sprintf('%<token:' . $token . '>%') . + "' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '' AND {$table}deny_cid = '' AND {$table}deny_gid = '' ) )"; + } + } return $sql; |