diff options
author | RedMatrix <info@friendica.com> | 2014-06-20 08:57:21 +1000 |
---|---|---|
committer | RedMatrix <info@friendica.com> | 2014-06-20 08:57:21 +1000 |
commit | 4c0b8bc637fe6773f8053b1672122c18a5788986 (patch) | |
tree | b0513171eccb338c55b7d1a50da0f67e6e8b6f65 /include/security.php | |
parent | c012c648e0691868370a5a8c1eb468020fef6330 (diff) | |
parent | b20887995a2b3277659e01d99ae4de238f7175ef (diff) | |
download | volse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.tar.gz volse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.tar.bz2 volse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.zip |
Merge pull request #498 from solstag/perms_pending
Implements a new permission level PERMS_PENDING
Diffstat (limited to 'include/security.php')
-rw-r--r-- | include/security.php | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/include/security.php b/include/security.php index 285c4a231..aaf4eb050 100644 --- a/include/security.php +++ b/include/security.php @@ -311,7 +311,7 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = '', } function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { - $a = get_app(); + $a = get_app(); logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); header('HTTP/1.1 403 Forbidden'); @@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) { // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the -// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// public_timeline, and we can use this in a community page by making +// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. // Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) // We always include yourself if logged in because you can always see your own posts // resolving granular permissions for the observer against every person and every post on the site // will likely be too expensive. // Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query -function stream_perms_api_uids($perms_min = PERMS_SITE) { +function stream_perms_api_uids($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); if($r) @@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) { return $str; } -function stream_perms_xchans($perms_min = PERMS_SITE) { +function stream_perms_xchans($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) ); if($r) |