aboutsummaryrefslogtreecommitdiffstats
path: root/include/widgets.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-04-14 16:45:16 -0700
committerfriendica <info@friendica.com>2014-04-14 16:45:16 -0700
commit506ae56385f5f731b7f3a8f5ee7feda2a66ae985 (patch)
treec41dd3f148b80a51accece6fad946ea80fd784b7 /include/widgets.php
parentbf8f5d5b2b1753333d2ea9a14f728183c40c2dcb (diff)
downloadvolse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.tar.gz
volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.tar.bz2
volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.zip
Better handling of restricted /channel and /profile permissions. We will show the name, profile photo and a 'connect' button if appropriate on these pages regardless of permissions. A blank page makes it difficult for folks to figure out how to connect and if it is their real life friend 'x' or not. It also matches our overall policy (adopted from Facebook's lessons learned) that the channel name and default profile photo are always visible and can't really be blocked without messing up the usability of the entire network. This also makes sure that a connect button can be found somewhere besides the directory - where the entry could be blocked; and avoid somebody having to figure out the webbie and find the link to "follow" (another related issue).
Diffstat (limited to 'include/widgets.php')
-rw-r--r--include/widgets.php12
1 files changed, 12 insertions, 0 deletions
diff --git a/include/widgets.php b/include/widgets.php
index 82769d925..678fed833 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -304,6 +304,9 @@ function widget_archive($arr) {
if(! feature_enabled($uid,'archives'))
return '';
+ if(! perm_is_allowed($uid,get_observer_hash(),'view_stream'))
+ return '';
+
$wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0);
$style = ((array_key_exists('style', $arr)) ? $arr['style'] : 'select');
@@ -338,6 +341,12 @@ function widget_fullprofile($arr) {
function widget_categories($arr) {
$a = get_app();
+
+
+ if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')))
+ return '';
+
+
$cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : '');
$srchurl = $a->query_string;
$srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&');
@@ -350,6 +359,9 @@ function widget_tagcloud_wall($arr) {
$a = get_app();
if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash']))
return '';
+ if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))
+ return '';
+
$limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50);
if(feature_enabled($a->profile['profile_uid'],'tagadelic'))
return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL);