aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
authorRedMatrix <info@friendica.com>2014-06-20 08:57:21 +1000
committerRedMatrix <info@friendica.com>2014-06-20 08:57:21 +1000
commit4c0b8bc637fe6773f8053b1672122c18a5788986 (patch)
treeb0513171eccb338c55b7d1a50da0f67e6e8b6f65 /include/security.php
parentc012c648e0691868370a5a8c1eb468020fef6330 (diff)
parentb20887995a2b3277659e01d99ae4de238f7175ef (diff)
downloadvolse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.tar.gz
volse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.tar.bz2
volse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.zip
Merge pull request #498 from solstag/perms_pending
Implements a new permission level PERMS_PENDING
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php21
1 files changed, 13 insertions, 8 deletions
diff --git a/include/security.php b/include/security.php
index 285c4a231..aaf4eb050 100644
--- a/include/security.php
+++ b/include/security.php
@@ -311,7 +311,7 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = '',
}
function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
- $a = get_app();
+ $a = get_app();
logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
header('HTTP/1.1 403 Forbidden');
@@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) {
// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
-// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in.
+// public_timeline, and we can use this in a community page by making
+// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in.
// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
// We always include yourself if logged in because you can always see your own posts
// resolving granular permissions for the observer against every person and every post on the site
// will likely be too expensive.
// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
-function stream_perms_api_uids($perms_min = PERMS_SITE) {
+function stream_perms_api_uids($perms = NULL ) {
+ $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
+
$ret = array();
if(local_user())
$ret[] = local_user();
- $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
- intval($perms_min),
+ $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
+ intval($perms),
intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
);
if($r)
@@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) {
return $str;
}
-function stream_perms_xchans($perms_min = PERMS_SITE) {
+function stream_perms_xchans($perms = NULL ) {
+ $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
+
$ret = array();
if(local_user())
$ret[] = get_observer_hash();
- $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
- intval($perms_min),
+ $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
+ intval($perms),
intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED)
);
if($r)