diff options
author | friendica <info@friendica.com> | 2014-04-14 16:45:16 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-04-14 16:45:16 -0700 |
commit | 506ae56385f5f731b7f3a8f5ee7feda2a66ae985 (patch) | |
tree | c41dd3f148b80a51accece6fad946ea80fd784b7 /include/widgets.php | |
parent | bf8f5d5b2b1753333d2ea9a14f728183c40c2dcb (diff) | |
download | volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.tar.gz volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.tar.bz2 volse-hubzilla-506ae56385f5f731b7f3a8f5ee7feda2a66ae985.zip |
Better handling of restricted /channel and /profile permissions. We will show the name, profile photo and a 'connect' button if appropriate on these pages regardless of permissions. A blank page makes it difficult for folks to figure out how to connect and if it is their real life friend 'x' or not. It also matches our overall policy (adopted from Facebook's lessons learned) that the channel name and default profile photo are always visible and can't really be blocked without messing up the usability of the entire network. This also makes sure that a connect button can be found somewhere besides the directory - where the entry could be blocked; and avoid somebody having to figure out the webbie and find the link to "follow" (another related issue).
Diffstat (limited to 'include/widgets.php')
-rw-r--r-- | include/widgets.php | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/widgets.php b/include/widgets.php index 82769d925..678fed833 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -304,6 +304,9 @@ function widget_archive($arr) { if(! feature_enabled($uid,'archives')) return ''; + if(! perm_is_allowed($uid,get_observer_hash(),'view_stream')) + return ''; + $wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0); $style = ((array_key_exists('style', $arr)) ? $arr['style'] : 'select'); @@ -338,6 +341,12 @@ function widget_fullprofile($arr) { function widget_categories($arr) { $a = get_app(); + + + if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))) + return ''; + + $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); @@ -350,6 +359,9 @@ function widget_tagcloud_wall($arr) { $a = get_app(); if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) return ''; + if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')) + return ''; + $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); if(feature_enabled($a->profile['profile_uid'],'tagadelic')) return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); |