aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-09-10 22:00:56 -0700
committerfriendica <info@friendica.com>2012-09-10 22:00:56 -0700
commitc8957b36ea11a41604330c8f87c0fc0611ef18e6 (patch)
tree4a1b2ae68d463a69c388fa6ee0a7453cc8e74498 /include
parent61cca7637af3c4484d90ed9e1208a10845758276 (diff)
downloadvolse-hubzilla-c8957b36ea11a41604330c8f87c0fc0611ef18e6.tar.gz
volse-hubzilla-c8957b36ea11a41604330c8f87c0fc0611ef18e6.tar.bz2
volse-hubzilla-c8957b36ea11a41604330c8f87c0fc0611ef18e6.zip
permissions responder + upstream merge
Diffstat (limited to 'include')
-rw-r--r--include/Contact.php65
-rw-r--r--include/conversation.php118
2 files changed, 118 insertions, 65 deletions
diff --git a/include/Contact.php b/include/Contact.php
index 5e0964d03..571c956f1 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -1,15 +1,15 @@
<?php
-function map_perms($entity,$zguid) {
+function map_perms($entity,$zguid,$zsig) {
$is_contact = false;
$is_site = false;
$is_network = false;
$is_anybody = true;
- if(strlen($zguid)) {
-
+ if(strlen($zguid) && strlen($zsig)) {
+
$is_network = true;
$r = q("select * from contact where guid = '%s' and uid = %d limit 1",
@@ -20,23 +20,76 @@ function map_perms($entity,$zguid) {
$is_contact = true;
$contact = $r[0];
}
- $r = q("select * from entity where entity_global_id = '%s' limit 1",
+ $r = q("select * from entity where entity_global_id = '%s'",
dbesc($zguid)
);
if($r && count($r)) {
- $is_site = true;
+ foreach($r as $rr) {
+ if(base64url_encode(rsa_sign($rr['entity_global_id'],$rr['entity_prvkey'])) === $zsig) {
+ $is_site = true;
+ break;
+ }
+ }
}
}
+ $perms = array(
+ 'view_stream' => array('entity_r_stream', PERMS_R_STREAM ),
+ 'view_profile' => array('entity_r_profile', PERMS_R_PROFILE),
+ 'view_photos' => array('entity_r_photos', PERMS_R_PHOTOS),
+ 'view_contacts' => array('entity_r_abook', PERMS_R_ABOOK),
+
+ 'send_stream' => array('entity_w_stream', PERMS_W_STREAM),
+ 'post_wall' => array('entity_w_wall', PERMS_W_WALL),
+ 'tag_deliver' => array('entity_w_tagwall', PERMS_W_TAGWALL),
+ 'post_comments' => array('entity_w_comment', PERMS_W_COMMENT),
+ 'post_mail' => array('entity_w_mail', PERMS_W_MAIL),
+ 'post_photos' => array('entity_w_photos', PERMS_W_PHOTOS),
+ 'chat' => array('entity_w_chat', PERMS_W_CHAT),
+ );
+ $ret = array();
+ foreach($perms as $k => $v) {
+ $ret[$k] = z_check_perms($k,$v,$entity,$contact,$is_contact,$is_site,$is_network,$is_anybody);
+ }
-}
+ return $ret;
+}
+function z_check_perms($k,$v,$entity,$contact,$is_contact,$is_site,$is_network,$is_anybody) {
+ $allow = (($contact['self']) ? true : false);
+
+ switch($entity[$v[0]]) {
+ case PERMS_PUBLIC:
+ if($is_anybody)
+ $allow = true;
+ break;
+ case PERMS_NETWORK:
+ if($is_network)
+ $allow = true;
+ break;
+ case PERMS_SITE:
+ if($is_site)
+ $allow = true;
+ break;
+ case PERMS_CONTACTS:
+ if($is_contact)
+ $allow = true;
+ break;
+ case PERMS_SPECIFIC:
+ if($is_contact && is_array($contact) && ($contact['my_perms'] & $v[1]))
+ $allow = true;
+ break;
+ default:
+ break;
+ }
+ return $allow;
+}
diff --git a/include/conversation.php b/include/conversation.php
index 7fb341ef3..b5faa0b34 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -113,15 +113,15 @@ function localize_item(&$item){
default:
if($obj['resource-id']){
$post_type = t('photo');
- $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m);
+ $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m);
$rr['plink'] = $m[1];
} else {
$post_type = t('status');
}
}
-
+
$plink = '[url=' . $obj['plink'] . ']' . $post_type . '[/url]';
-
+
switch($item['verb']){
case ACTIVITY_LIKE :
$bodyverb = t('%1$s likes %2$s\'s %3$s');
@@ -131,7 +131,7 @@ function localize_item(&$item){
break;
}
$item['body'] = sprintf($bodyverb, $author, $objauthor, $plink);
-
+
}
if ($item['verb']=== ACTIVITY_FRIEND){
@@ -139,12 +139,12 @@ function localize_item(&$item){
$Aname = $item['author-name'];
$Alink = $item['author-link'];
-
+
$xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">";
-
+
$obj = parse_xml_string($xmlhead.$item['object']);
$links = parse_xml_string($xmlhead."<links>".unxmlify($obj->link)."</links>");
-
+
$Bname = $obj->title;
$Blink = ""; $Bphoto = "";
foreach ($links->link as $l){
@@ -153,9 +153,9 @@ function localize_item(&$item){
case "alternate": $Blink = $atts['href'];
case "photo": $Bphoto = $atts['href'];
}
-
+
}
-
+
$A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]';
$B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]';
if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img]' . $Bphoto . '[/img][/url]';
@@ -171,12 +171,12 @@ function localize_item(&$item){
$Aname = $item['author-name'];
$Alink = $item['author-link'];
-
+
$xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">";
-
+
$obj = parse_xml_string($xmlhead.$item['object']);
$links = parse_xml_string($xmlhead."<links>".unxmlify($obj->link)."</links>");
-
+
$Bname = $obj->title;
$Blink = ""; $Bphoto = "";
foreach ($links->link as $l){
@@ -185,9 +185,9 @@ function localize_item(&$item){
case "alternate": $Blink = $atts['href'];
case "photo": $Bphoto = $atts['href'];
}
-
+
}
-
+
$A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]';
$B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]';
if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img=80x80]' . $Bphoto . '[/img][/url]';
@@ -243,19 +243,19 @@ function localize_item(&$item){
default:
if($obj['resource-id']){
$post_type = t('photo');
- $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m);
+ $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m);
$rr['plink'] = $m[1];
} else {
$post_type = t('status');
}
}
$plink = '[url=' . $obj['plink'] . ']' . $post_type . '[/url]';
-
+
$parsedobj = parse_xml_string($xmlhead.$item['object']);
-
+
$tag = sprintf('#[url=%s]%s[/url]', $parsedobj->id, $parsedobj->content);
$item['body'] = sprintf( t('%1$s tagged %2$s\'s %3$s with %4$s'), $author, $objauthor, $plink, $tag );
-
+
}
if ($item['verb']=== ACTIVITY_FAVORITE){
@@ -264,9 +264,9 @@ function localize_item(&$item){
$Aname = $item['author-name'];
$Alink = $item['author-link'];
-
+
$xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">";
-
+
$obj = parse_xml_string($xmlhead.$item['object']);
if(strlen($obj->id)) {
$r = q("select * from item where uri = '%s' and uid = %d limit 1",
@@ -340,18 +340,18 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$wallwall_template = 'wallwall_thread.tpl';
$items_seen = 0;
$nb_items = count($items);
-
+
$total_children = $nb_items;
-
+
foreach($items as $item) {
if($item['verb'] === ACTIVITY_LIKE || $item['verb'] === ACTIVITY_DISLIKE) {
$nb_items --;
continue;
}
-
+
$items_seen++;
-
+
$comment = '';
$template = $wall_template;
$commentww = '';
@@ -404,10 +404,10 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$drop = array(
'dropping' => $dropping,
- 'select' => t('Select'),
+ 'select' => t('Select'),
'delete' => t('Delete'),
);
-
+
$filer = (($profile_owner == local_user()) ? t("save to folder") : false);
$diff_author = ((link_compare($item['url'],$item['author-link'])) ? false : true);
@@ -420,7 +420,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
if($sp)
$sparkle = ' sparkle';
else
- $profile_link = zrl($profile_link);
+ $profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(x($a->contacts,$normalised))
@@ -453,7 +453,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$owner_photo = $a->page_contact['thumb'];
$owner_name = $a->page_contact['name'];
$template = $wallwall_template;
- $commentww = 'ww';
+ $commentww = 'ww';
}
else if($item['owner-link']) {
@@ -463,14 +463,14 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
if((! $owner_linkmatch) && (! $alias_linkmatch) && (! $owner_namematch)) {
// The author url doesn't match the owner (typically the contact)
- // and also doesn't match the contact alias.
- // The name match is a hack to catch several weird cases where URLs are
+ // and also doesn't match the contact alias.
+ // The name match is a hack to catch several weird cases where URLs are
// all over the park. It can be tricked, but this prevents you from
// seeing "Bob Smith to Bob Smith via Wall-to-wall" and you know darn
- // well that it's the same Bob Smith.
+ // well that it's the same Bob Smith.
+
+ // But it could be somebody else with the same name. It just isn't highly likely.
- // But it could be somebody else with the same name. It just isn't highly likely.
-
$owner_url = $item['owner-link'];
$owner_photo = $item['owner-avatar'];
@@ -478,7 +478,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$template = $wallwall_template;
$commentww = 'ww';
// If it is our contact, use a friendly redirect link
- if((link_compare($item['owner-link'],$item['url']))
+ if((link_compare($item['owner-link'],$item['url']))
&& ($item['network'] === NETWORK_DFRN)) {
$owner_url = $redirect_url;
$osparkle = ' sparkle';
@@ -543,7 +543,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
}
$comment = replace_macros($cmnt_tpl,array(
'$return_path' => '',
- '$threaded' => $comments_threaded,
+ '$threaded' => $comments_threaded,
'$jsreload' => (($mode === 'display') ? $_SESSION['return_url'] : ''),
'$type' => (($mode === 'profile') ? 'wall-comment' : 'net-comment'),
'$id' => $item['item_id'],
@@ -584,7 +584,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
'comment_lastcollapsed' => $lastcollapsed,
// template to use to render item (wall, walltowall, search)
'template' => $template,
-
+
'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
'tags' => $tags,
'body' => template_escape($body),
@@ -654,7 +654,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$item_result['comment'] = false;
}
}
-
+
$result[] = $item_result;
}
@@ -667,7 +667,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
* - Sequential or unthreaded ("New Item View" or search results)
* - conversation view
* The $mode parameter decides between the various renderings and also
- * figures out how to determine page owner and other contextual items
+ * figures out how to determine page owner and other contextual items
* that are based on unique features of the calling module.
*
*/
@@ -735,19 +735,19 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
$alike = array();
$dlike = array();
-
-
+
+
// array with html for each thread (parent+comments)
$threads = array();
$threadsid = -1;
$page_template = get_markup_template("conversation.tpl");
-
+
if($items && count($items)) {
if($mode === 'network-new' || $mode === 'search' || $mode === 'community') {
- // "New Item View" on network page or search page results
+ // "New Item View" on network page or search page results
// - just loop through the items and format them minimally for display
//$tpl = get_markup_template('search_item.tpl');
@@ -782,7 +782,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
if($sp)
$sparkle = ' sparkle';
else
- $profile_link = zrl($profile_link);
+ $profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(x($a->contacts,$normalised))
@@ -1356,7 +1356,7 @@ function item_photo_menu($item){
$profile_link = zrl($profile_link);
if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) {
$cid = $item['contact-id'];
- }
+ }
else {
$cid = 0;
}
@@ -1382,18 +1382,18 @@ function item_photo_menu($item){
t("View Status") => $status_link,
t("View Profile") => $profile_link,
t("View Photos") => $photos_link,
- t("Network Posts") => $posts_link,
+ t("Network Posts") => $posts_link,
t("Edit Contact") => $contact_url,
t("Send PM") => $pm_url,
t("Poke") => $poke_link
);
-
-
+
+
$args = array('item' => $item, 'menu' => $menu);
-
+
call_hooks('item_photo_menu', $args);
- $menu = $args['menu'];
+ $menu = $args['menu'];
$o = "";
foreach($menu as $k=>$v){
@@ -1425,7 +1425,7 @@ function like_puller($a,$item,&$arr,$mode) {
$arr[$item['thr-parent'] . '-l'] = array();
if(! isset($arr[$item['thr-parent']]))
$arr[$item['thr-parent']] = 1;
- else
+ else
$arr[$item['thr-parent']] ++;
$arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . $item['author-name'] . '</a>';
}
@@ -1446,10 +1446,10 @@ function format_like($cnt,$arr,$type,$id) {
$o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL ;
else {
$spanatts = 'class="fakelink" onclick="openClose(\'' . $type . 'list-' . $id . '\');"';
- $o .= (($type === 'like') ?
+ $o .= (($type === 'like') ?
sprintf( t('<span %1$s>%2$d people</span> like this.'), $spanatts, $cnt)
- :
- sprintf( t('<span %1$s>%2$d people</span> don\'t like this.'), $spanatts, $cnt) );
+ :
+ sprintf( t('<span %1$s>%2$d people</span> don\'t like this.'), $spanatts, $cnt) );
$o .= EOL ;
$total = count($arr);
if($total >= MAX_LIKERS)
@@ -1469,7 +1469,7 @@ function format_like($cnt,$arr,$type,$id) {
function status_editor($a,$x, $notes_cid = 0, $popup=false) {
$o = '';
-
+
$geotag = (($x['allow_location']) ? get_markup_template('jot_geotag.tpl') : '');
$plaintext = false;
@@ -1495,7 +1495,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
$tpl = get_markup_template("jot.tpl");
-
+
$jotplugins = '';
$jotnets = '';
@@ -1505,7 +1505,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
if($notes_cid)
$jotnets .= '<input type="hidden" name="contact_allow[]" value="' . $notes_cid .'" />';
- $tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
+ $tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
$o .= replace_macros($tpl,array(
'$return_path' => $a->query_string,
@@ -1553,7 +1553,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
if ($popup==true){
$o = '<div id="jot-popup" style="display: none;">'.$o.'</div>';
-
+
}
return $o;
@@ -1620,7 +1620,7 @@ function conv_sort($arr,$order) {
usort($parents,'sort_thr_commented');
if(count($parents))
- foreach($parents as $i=>$_x)
+ foreach($parents as $i=>$_x)
$parents[$i]['children'] = get_item_children($arr, $_x);
/*foreach($arr as $x) {
@@ -1638,7 +1638,7 @@ function conv_sort($arr,$order) {
usort($y,'sort_thr_created_rev');
$parents[$k]['children'] = $y;*/
}
- }
+ }
}
$ret = array();