aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorRedMatrix <info@friendica.com>2014-06-20 08:57:21 +1000
committerRedMatrix <info@friendica.com>2014-06-20 08:57:21 +1000
commit4c0b8bc637fe6773f8053b1672122c18a5788986 (patch)
treeb0513171eccb338c55b7d1a50da0f67e6e8b6f65 /include
parentc012c648e0691868370a5a8c1eb468020fef6330 (diff)
parentb20887995a2b3277659e01d99ae4de238f7175ef (diff)
downloadvolse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.tar.gz
volse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.tar.bz2
volse-hubzilla-4c0b8bc637fe6773f8053b1672122c18a5788986.zip
Merge pull request #498 from solstag/perms_pending
Implements a new permission level PERMS_PENDING
Diffstat (limited to 'include')
-rwxr-xr-xinclude/items.php14
-rw-r--r--include/permissions.php40
-rw-r--r--include/security.php21
-rw-r--r--include/zot.php26
4 files changed, 59 insertions, 42 deletions
diff --git a/include/items.php b/include/items.php
index f71ebd503..c35a442b2 100755
--- a/include/items.php
+++ b/include/items.php
@@ -943,6 +943,8 @@ function map_scope($scope) {
return 'network: red';
case PERMS_SITE:
return 'site: ' . get_app()->get_hostname();
+ case PERMS_PENDING:
+ return 'any connections';
case PERMS_CONTACTS:
default:
return 'contacts';
@@ -4085,7 +4087,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
}
if(! array_key_exists('nouveau',$arr)) {
- $sql_extra2 = " AND item.parent = item.id ";
+ $sql_extra2 = " AND item.parent = item.id ";
$sql_extra3 = '';
}
@@ -4126,12 +4128,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
$pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records']));
if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) {
- if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) {
+ if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) {
- // Not everybody who shows up in the network stream will be in your address book.
- // By default those that aren't are assumed to have closeness = 99; but this isn't
- // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in
- // the stream with a NULL address book entry.
+ // Not everybody who shows up in the network stream will be in your address book.
+ // By default those that aren't are assumed to have closeness = 99; but this isn't
+ // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in
+ // the stream with a NULL address book entry.
$sql_nets .= " AND ";
diff --git a/include/permissions.php b/include/permissions.php
index 029bc1288..a3ec13925 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -177,32 +177,36 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
continue;
}
- // If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book
- // $x is a valid address book entry
+ // From here on we require that the observer be a connection and
+ // handle whether we're allowing any, approved or specific ones
if(! $x) {
$ret[$perm_name] = false;
continue;
}
-
+
// They are in your address book, but haven't been approved
+ if($r[0][$channel_perm] & PERMS_PENDING) {
+ $ret[$perm_name] = true;
+ continue;
+ }
+
if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) {
$ret[$perm_name] = false;
continue;
}
- if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) {
-
- // They're a contact, so they have permission
+ // They're a contact, so they have permission
+ if($r[0][$channel_perm] & PERMS_CONTACTS) {
$ret[$perm_name] = true;
continue;
}
// Permission granted to certain channels. Let's see if the observer is one of them
- if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) {
+ if($r[0][$channel_perm] & PERMS_SPECIFIC) {
if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
$ret[$perm_name] = true;
continue;
@@ -216,7 +220,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
}
-
$arr = array(
'channel_id' => $uid,
'observer_hash' => $observer_xchan,
@@ -229,7 +232,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
function perm_is_allowed($uid,$observer_xchan,$permission) {
-
$arr = array(
'channel_id' => $uid,
'observer_hash' => $observer_xchan,
@@ -280,7 +282,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
}
}
-
// Check if this $uid is actually the $observer_xchan
if($r[0]['channel_hash'] === $observer_xchan)
@@ -312,16 +313,27 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
if($c)
return true;
return false;
- }
+ }
+
+ // From here on we require that the observer be a connection and
+ // handle whether we're allowing any, approved or specific ones
if(! $x) {
return false;
}
+ // They are in your address book, but haven't been approved
+
+ if($r[0][$channel_perm] & PERMS_PENDING) {
+ return true;
+ }
+
if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) {
return false;
}
+ // They're a contact, so they have permission
+
if($r[0][$channel_perm] & PERMS_CONTACTS) {
return true;
}
@@ -333,13 +345,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return true;
}
-
-
-
// No permissions allowed.
return false;
-
}
@@ -356,7 +364,6 @@ function check_list_permissions($uid,$arr,$perm) {
}
-
function site_default_perms() {
$typical = array(
@@ -378,7 +385,6 @@ function site_default_perms() {
'delegate' => 0,
);
-
$global_perms = get_perms();
$ret = array();
diff --git a/include/security.php b/include/security.php
index 285c4a231..aaf4eb050 100644
--- a/include/security.php
+++ b/include/security.php
@@ -311,7 +311,7 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = '',
}
function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
- $a = get_app();
+ $a = get_app();
logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
header('HTTP/1.1 403 Forbidden');
@@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) {
// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
-// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in.
+// public_timeline, and we can use this in a community page by making
+// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in.
// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
// We always include yourself if logged in because you can always see your own posts
// resolving granular permissions for the observer against every person and every post on the site
// will likely be too expensive.
// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
-function stream_perms_api_uids($perms_min = PERMS_SITE) {
+function stream_perms_api_uids($perms = NULL ) {
+ $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
+
$ret = array();
if(local_user())
$ret[] = local_user();
- $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
- intval($perms_min),
+ $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
+ intval($perms),
intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
);
if($r)
@@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) {
return $str;
}
-function stream_perms_xchans($perms_min = PERMS_SITE) {
+function stream_perms_xchans($perms = NULL ) {
+ $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
+
$ret = array();
if(local_user())
$ret[] = get_observer_hash();
- $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
- intval($perms_min),
+ $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
+ intval($perms),
intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED)
);
if($r)
diff --git a/include/zot.php b/include/zot.php
index 2137a6b52..4f42ea2b4 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -314,11 +314,8 @@ function zot_refresh($them,$channel = null, $force = false) {
if(! $x['success'])
return false;
- $xchan_hash = $x['hash'];
-
$their_perms = 0;
-
if($channel) {
$global_perms = get_perms();
if($j['permissions']['data']) {
@@ -417,6 +414,9 @@ function zot_refresh($them,$channel = null, $force = false) {
if($z)
$default_perms = intval($z[0]['abook_my_perms']);
+ // Keep original perms to check if we need to notify them
+ $previous_perms = get_all_perms($channel['channel_id'],$x['hash']);
+
$y = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_flags ) values ( %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )",
intval($channel['channel_account_id']),
intval($channel['channel_id']),
@@ -431,8 +431,9 @@ function zot_refresh($them,$channel = null, $force = false) {
if($y) {
logger("New introduction received for {$channel['channel_name']}");
- if($default_perms) {
- // send back a permissions update for auto-friend/auto-permissions
+ $new_perms = get_all_perms($channel['channel_id'],$x['hash']);
+ if($new_perms != $previous_perms) {
+ // Send back a permissions update if permissions have changed
$z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1",
dbesc($x['hash']),
intval($channel['channel_id']),
@@ -455,8 +456,11 @@ function zot_refresh($them,$channel = null, $force = false) {
));
}
- if($new_connection && (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) && ($their_perms & PERMS_R_STREAM))
+ if($new_connection && ($their_perms & PERMS_R_STREAM)) {
+ if(($channel['channel_w_stream'] & PERMS_PENDING)
+ || (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) )
proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']);
+ }
}
}
@@ -1135,7 +1139,7 @@ function zot_import($arr, $sender_url) {
if(array_key_exists('iv',$data)) {
$data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true);
- }
+ }
$incoming = $data['pickup'];
@@ -1147,7 +1151,7 @@ function zot_import($arr, $sender_url) {
if(array_key_exists('iv',$i['notify'])) {
$i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true);
- }
+ }
logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA);
@@ -1329,7 +1333,7 @@ function public_recips($msg) {
if(! $r)
$r = array();
- $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_CONTACTS . " ) ",
+ $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ",
dbesc($msg['notify']['sender']['hash'])
);
@@ -2044,12 +2048,12 @@ function build_sync_packet($uid = 0, $packet = null) {
if(! $uid)
return;
- $r = q("select * from channel where channel_id = %d limit 1",
+ $r = q("select * from channel where channel_id = %d limit 1",
intval($uid)
);
if(! $r)
return;
-
+
$channel = $r[0];
$h = q("select * from hubloc where hubloc_hash = '%s'",