aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-09-17 17:59:46 -0700
committerfriendica <info@friendica.com>2014-09-17 17:59:46 -0700
commit401409357238183702c1628a02ccef6cf0394d72 (patch)
tree3e44b80aaca8fb79c7571aba7bb66f31386eb4ca /include
parentcd790447782c0a7deba56209afc2e6352e004743 (diff)
downloadvolse-hubzilla-401409357238183702c1628a02ccef6cf0394d72.tar.gz
volse-hubzilla-401409357238183702c1628a02ccef6cf0394d72.tar.bz2
volse-hubzilla-401409357238183702c1628a02ccef6cf0394d72.zip
implement permission roles - the backend should be done except for maybe a couple of small tweaks. Now we just need to define the rest of the roles and create a chooser for them. Adam started on this some time back but I don't know where that has gone.
Diffstat (limited to 'include')
-rw-r--r--include/follow.php13
-rw-r--r--include/identity.php61
-rw-r--r--include/permissions.php11
3 files changed, 73 insertions, 12 deletions
diff --git a/include/follow.php b/include/follow.php
index 18a9e66ea..3c1fcd890 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -63,6 +63,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$my_perms = PERMS_W_STREAM|PERMS_W_MAIL;
+ $role = get_pconfig($uid,'system','permissions_role');
+ if($role) {
+ $x = get_role_perms($role);
+ if($x['perms_follow'])
+ $my_perms = $x['perms_follow'];
+ }
+
logger('follow: ' . $url . ' ' . print_r($j,true), LOGGER_DEBUG);
@@ -153,6 +160,12 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$xchan_hash = $r[0]['xchan_hash'];
$their_perms = 0;
$my_perms = PERMS_W_STREAM|PERMS_W_MAIL;
+ $role = get_pconfig($uid,'system','permissions_role');
+ if($role) {
+ $x = get_role_perms($role);
+ if($x['perms_follow'])
+ $my_perms = $x['perms_follow'];
+ }
}
}
diff --git a/include/identity.php b/include/identity.php
index 2039738e0..38e96ab71 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -215,13 +215,31 @@ function create_identity($arr) {
if(array_key_exists('primary', $arr))
$primary = intval($arr['primary']);
+
$perms_sql = '';
- $defperms = site_default_perms();
- $global_perms = get_perms();
- foreach($defperms as $p => $v) {
- $perms_keys .= ', ' . $global_perms[$p][0];
- $perms_vals .= ', ' . intval($v);
+ $role_permissions = null;
+
+ if(array_key_exists('permissions_role',$arr) && $arr['permissions_role']) {
+ $role_permissions = get_role_perms($arr['permissions_role']);
+ if($role_permissions) {
+ foreach($role_permissions as $p => $v) {
+ if(strpos($p,'channel_') !== false) {
+ $perms_keys .= ', ' . $global_perms[$p][0];
+ $perms_vals .= ', ' . intval($v);
+ }
+ if($p === 'directory_publish')
+ $publish = intval($v);
+ }
+ }
+ }
+ else {
+ $defperms = site_default_perms();
+ $global_perms = get_perms();
+ foreach($defperms as $p => $v) {
+ $perms_keys .= ', ' . $global_perms[$p][0];
+ $perms_vals .= ', ' . intval($v);
+ }
}
$expire = get_config('system', 'default_expire_days');
@@ -322,25 +340,52 @@ function create_identity($arr) {
dbesc($a->get_baseurl() . "/photo/profile/m/{$newuid}")
);
- $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_flags )
- values ( %d, %d, '%s', %d, '%s', '%s', %d ) ",
+ $myperms = 0;
+ if($role_permissions) {
+ $myperms = ((array_key_exists('perms_auto',$role_permissions) && $role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0);
+ }
+
+ $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_flags, abook_my_perms )
+ values ( %d, %d, '%s', %d, '%s', '%s', %d, %d ) ",
intval($ret['channel']['channel_account_id']),
intval($newuid),
dbesc($hash),
intval(0),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
- intval(ABOOK_FLAG_SELF)
+ intval(ABOOK_FLAG_SELF),
+ intval($myperms)
);
if(intval($ret['channel']['channel_account_id'])) {
+ // Save our permissions role so we can perhaps call it up and modify it later.
+
+ if($role_permissions)
+ set_pconfig($newuid,'system','permissions_role',$arr['permissions_role']);
+
// Create a group with no members. This allows somebody to use it
// right away as a default group for new contacts.
require_once('include/group.php');
group_add($newuid, t('Friends'));
+ // if our role_permissions indicate that we're using a default collection ACL, add it.
+
+ if(is_array($role_permissions) && $role_permissions['default_collection']) {
+ $r = q("select hash from groups where uid = %d and name = '%s' limit 1",
+ intval($newuid),
+ dbesc( t('Friends') )
+ );
+ if($r) {
+ q("update channel set channel_allow_gid = '%s' where channel_id = %d limit 1",
+ dbesc('<' . $r[0]['hash'] . '>'),
+ intval($newuid)
+ );
+ }
+ }
+
+
call_hooks('register_account', $newuid);
proc_run('php','include/directory.php', $ret['channel']['channel_id']);
diff --git a/include/permissions.php b/include/permissions.php
index 8e4676f51..70c682cfc 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -419,11 +419,12 @@ function site_default_perms() {
*
* Given a string for the channel role ('social','forum', etc)
* return an array of all permission fields pre-filled for this role.
- * This includes the channel permission scope indicators as well as
- * perms_auto: The permissions to apply automatically on receipt of a connection request
+ * This includes the channel permission scope indicators (anything beginning with 'channel_') as well as
+ * perms_auto: true or false to create auto-permissions for this channel
* perms_follow: The permissions to apply when initiating a connection request to another channel
* perms_accept: The permissions to apply when accepting a connection request from another channel (not automatic)
- *
+ * default_collection: true or false to make the default ACL include the channel's default collection
+ * directory_publish: true or false to publish this channel in the directory
* Any attributes may be extended (new roles defined) and modified (specific permissions altered) by plugins
*
*/
@@ -436,7 +437,9 @@ function get_role_perms($role) {
switch($role) {
case 'social':
- $ret['perms_auto'] = 0;
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
$ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK
|PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;