diff options
author | friendica <info@friendica.com> | 2012-09-10 22:00:56 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-09-10 22:00:56 -0700 |
commit | c8957b36ea11a41604330c8f87c0fc0611ef18e6 (patch) | |
tree | 4a1b2ae68d463a69c388fa6ee0a7453cc8e74498 /include | |
parent | 61cca7637af3c4484d90ed9e1208a10845758276 (diff) | |
download | volse-hubzilla-c8957b36ea11a41604330c8f87c0fc0611ef18e6.tar.gz volse-hubzilla-c8957b36ea11a41604330c8f87c0fc0611ef18e6.tar.bz2 volse-hubzilla-c8957b36ea11a41604330c8f87c0fc0611ef18e6.zip |
permissions responder + upstream merge
Diffstat (limited to 'include')
-rw-r--r-- | include/Contact.php | 65 | ||||
-rw-r--r-- | include/conversation.php | 118 |
2 files changed, 118 insertions, 65 deletions
diff --git a/include/Contact.php b/include/Contact.php index 5e0964d03..571c956f1 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -1,15 +1,15 @@ <?php -function map_perms($entity,$zguid) { +function map_perms($entity,$zguid,$zsig) { $is_contact = false; $is_site = false; $is_network = false; $is_anybody = true; - if(strlen($zguid)) { - + if(strlen($zguid) && strlen($zsig)) { + $is_network = true; $r = q("select * from contact where guid = '%s' and uid = %d limit 1", @@ -20,23 +20,76 @@ function map_perms($entity,$zguid) { $is_contact = true; $contact = $r[0]; } - $r = q("select * from entity where entity_global_id = '%s' limit 1", + $r = q("select * from entity where entity_global_id = '%s'", dbesc($zguid) ); if($r && count($r)) { - $is_site = true; + foreach($r as $rr) { + if(base64url_encode(rsa_sign($rr['entity_global_id'],$rr['entity_prvkey'])) === $zsig) { + $is_site = true; + break; + } + } } } + $perms = array( + 'view_stream' => array('entity_r_stream', PERMS_R_STREAM ), + 'view_profile' => array('entity_r_profile', PERMS_R_PROFILE), + 'view_photos' => array('entity_r_photos', PERMS_R_PHOTOS), + 'view_contacts' => array('entity_r_abook', PERMS_R_ABOOK), + + 'send_stream' => array('entity_w_stream', PERMS_W_STREAM), + 'post_wall' => array('entity_w_wall', PERMS_W_WALL), + 'tag_deliver' => array('entity_w_tagwall', PERMS_W_TAGWALL), + 'post_comments' => array('entity_w_comment', PERMS_W_COMMENT), + 'post_mail' => array('entity_w_mail', PERMS_W_MAIL), + 'post_photos' => array('entity_w_photos', PERMS_W_PHOTOS), + 'chat' => array('entity_w_chat', PERMS_W_CHAT), + ); + $ret = array(); + foreach($perms as $k => $v) { + $ret[$k] = z_check_perms($k,$v,$entity,$contact,$is_contact,$is_site,$is_network,$is_anybody); + } -} + return $ret; +} +function z_check_perms($k,$v,$entity,$contact,$is_contact,$is_site,$is_network,$is_anybody) { + $allow = (($contact['self']) ? true : false); + + switch($entity[$v[0]]) { + case PERMS_PUBLIC: + if($is_anybody) + $allow = true; + break; + case PERMS_NETWORK: + if($is_network) + $allow = true; + break; + case PERMS_SITE: + if($is_site) + $allow = true; + break; + case PERMS_CONTACTS: + if($is_contact) + $allow = true; + break; + case PERMS_SPECIFIC: + if($is_contact && is_array($contact) && ($contact['my_perms'] & $v[1])) + $allow = true; + break; + default: + break; + } + return $allow; +} diff --git a/include/conversation.php b/include/conversation.php index 7fb341ef3..b5faa0b34 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -113,15 +113,15 @@ function localize_item(&$item){ default: if($obj['resource-id']){ $post_type = t('photo'); - $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m); + $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m); $rr['plink'] = $m[1]; } else { $post_type = t('status'); } } - + $plink = '[url=' . $obj['plink'] . ']' . $post_type . '[/url]'; - + switch($item['verb']){ case ACTIVITY_LIKE : $bodyverb = t('%1$s likes %2$s\'s %3$s'); @@ -131,7 +131,7 @@ function localize_item(&$item){ break; } $item['body'] = sprintf($bodyverb, $author, $objauthor, $plink); - + } if ($item['verb']=== ACTIVITY_FRIEND){ @@ -139,12 +139,12 @@ function localize_item(&$item){ $Aname = $item['author-name']; $Alink = $item['author-link']; - + $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - + $obj = parse_xml_string($xmlhead.$item['object']); $links = parse_xml_string($xmlhead."<links>".unxmlify($obj->link)."</links>"); - + $Bname = $obj->title; $Blink = ""; $Bphoto = ""; foreach ($links->link as $l){ @@ -153,9 +153,9 @@ function localize_item(&$item){ case "alternate": $Blink = $atts['href']; case "photo": $Bphoto = $atts['href']; } - + } - + $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]'; $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]'; if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img]' . $Bphoto . '[/img][/url]'; @@ -171,12 +171,12 @@ function localize_item(&$item){ $Aname = $item['author-name']; $Alink = $item['author-link']; - + $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - + $obj = parse_xml_string($xmlhead.$item['object']); $links = parse_xml_string($xmlhead."<links>".unxmlify($obj->link)."</links>"); - + $Bname = $obj->title; $Blink = ""; $Bphoto = ""; foreach ($links->link as $l){ @@ -185,9 +185,9 @@ function localize_item(&$item){ case "alternate": $Blink = $atts['href']; case "photo": $Bphoto = $atts['href']; } - + } - + $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]'; $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]'; if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img=80x80]' . $Bphoto . '[/img][/url]'; @@ -243,19 +243,19 @@ function localize_item(&$item){ default: if($obj['resource-id']){ $post_type = t('photo'); - $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m); + $m=array(); preg_match("/\[url=([^]]*)\]/", $obj['body'], $m); $rr['plink'] = $m[1]; } else { $post_type = t('status'); } } $plink = '[url=' . $obj['plink'] . ']' . $post_type . '[/url]'; - + $parsedobj = parse_xml_string($xmlhead.$item['object']); - + $tag = sprintf('#[url=%s]%s[/url]', $parsedobj->id, $parsedobj->content); $item['body'] = sprintf( t('%1$s tagged %2$s\'s %3$s with %4$s'), $author, $objauthor, $plink, $tag ); - + } if ($item['verb']=== ACTIVITY_FAVORITE){ @@ -264,9 +264,9 @@ function localize_item(&$item){ $Aname = $item['author-name']; $Alink = $item['author-link']; - + $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - + $obj = parse_xml_string($xmlhead.$item['object']); if(strlen($obj->id)) { $r = q("select * from item where uri = '%s' and uid = %d limit 1", @@ -340,18 +340,18 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $wallwall_template = 'wallwall_thread.tpl'; $items_seen = 0; $nb_items = count($items); - + $total_children = $nb_items; - + foreach($items as $item) { if($item['verb'] === ACTIVITY_LIKE || $item['verb'] === ACTIVITY_DISLIKE) { $nb_items --; continue; } - + $items_seen++; - + $comment = ''; $template = $wall_template; $commentww = ''; @@ -404,10 +404,10 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $drop = array( 'dropping' => $dropping, - 'select' => t('Select'), + 'select' => t('Select'), 'delete' => t('Delete'), ); - + $filer = (($profile_owner == local_user()) ? t("save to folder") : false); $diff_author = ((link_compare($item['url'],$item['author-link'])) ? false : true); @@ -420,7 +420,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr if($sp) $sparkle = ' sparkle'; else - $profile_link = zrl($profile_link); + $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); if(x($a->contacts,$normalised)) @@ -453,7 +453,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $owner_photo = $a->page_contact['thumb']; $owner_name = $a->page_contact['name']; $template = $wallwall_template; - $commentww = 'ww'; + $commentww = 'ww'; } else if($item['owner-link']) { @@ -463,14 +463,14 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr if((! $owner_linkmatch) && (! $alias_linkmatch) && (! $owner_namematch)) { // The author url doesn't match the owner (typically the contact) - // and also doesn't match the contact alias. - // The name match is a hack to catch several weird cases where URLs are + // and also doesn't match the contact alias. + // The name match is a hack to catch several weird cases where URLs are // all over the park. It can be tricked, but this prevents you from // seeing "Bob Smith to Bob Smith via Wall-to-wall" and you know darn - // well that it's the same Bob Smith. + // well that it's the same Bob Smith. + + // But it could be somebody else with the same name. It just isn't highly likely. - // But it could be somebody else with the same name. It just isn't highly likely. - $owner_url = $item['owner-link']; $owner_photo = $item['owner-avatar']; @@ -478,7 +478,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $template = $wallwall_template; $commentww = 'ww'; // If it is our contact, use a friendly redirect link - if((link_compare($item['owner-link'],$item['url'])) + if((link_compare($item['owner-link'],$item['url'])) && ($item['network'] === NETWORK_DFRN)) { $owner_url = $redirect_url; $osparkle = ' sparkle'; @@ -543,7 +543,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr } $comment = replace_macros($cmnt_tpl,array( '$return_path' => '', - '$threaded' => $comments_threaded, + '$threaded' => $comments_threaded, '$jsreload' => (($mode === 'display') ? $_SESSION['return_url'] : ''), '$type' => (($mode === 'profile') ? 'wall-comment' : 'net-comment'), '$id' => $item['item_id'], @@ -584,7 +584,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr 'comment_lastcollapsed' => $lastcollapsed, // template to use to render item (wall, walltowall, search) 'template' => $template, - + 'type' => implode("",array_slice(explode("/",$item['verb']),-1)), 'tags' => $tags, 'body' => template_escape($body), @@ -654,7 +654,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $item_result['comment'] = false; } } - + $result[] = $item_result; } @@ -667,7 +667,7 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr * - Sequential or unthreaded ("New Item View" or search results) * - conversation view * The $mode parameter decides between the various renderings and also - * figures out how to determine page owner and other contextual items + * figures out how to determine page owner and other contextual items * that are based on unique features of the calling module. * */ @@ -735,19 +735,19 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { $alike = array(); $dlike = array(); - - + + // array with html for each thread (parent+comments) $threads = array(); $threadsid = -1; $page_template = get_markup_template("conversation.tpl"); - + if($items && count($items)) { if($mode === 'network-new' || $mode === 'search' || $mode === 'community') { - // "New Item View" on network page or search page results + // "New Item View" on network page or search page results // - just loop through the items and format them minimally for display //$tpl = get_markup_template('search_item.tpl'); @@ -782,7 +782,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { if($sp) $sparkle = ' sparkle'; else - $profile_link = zrl($profile_link); + $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); if(x($a->contacts,$normalised)) @@ -1356,7 +1356,7 @@ function item_photo_menu($item){ $profile_link = zrl($profile_link); if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) { $cid = $item['contact-id']; - } + } else { $cid = 0; } @@ -1382,18 +1382,18 @@ function item_photo_menu($item){ t("View Status") => $status_link, t("View Profile") => $profile_link, t("View Photos") => $photos_link, - t("Network Posts") => $posts_link, + t("Network Posts") => $posts_link, t("Edit Contact") => $contact_url, t("Send PM") => $pm_url, t("Poke") => $poke_link ); - - + + $args = array('item' => $item, 'menu' => $menu); - + call_hooks('item_photo_menu', $args); - $menu = $args['menu']; + $menu = $args['menu']; $o = ""; foreach($menu as $k=>$v){ @@ -1425,7 +1425,7 @@ function like_puller($a,$item,&$arr,$mode) { $arr[$item['thr-parent'] . '-l'] = array(); if(! isset($arr[$item['thr-parent']])) $arr[$item['thr-parent']] = 1; - else + else $arr[$item['thr-parent']] ++; $arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . $item['author-name'] . '</a>'; } @@ -1446,10 +1446,10 @@ function format_like($cnt,$arr,$type,$id) { $o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL ; else { $spanatts = 'class="fakelink" onclick="openClose(\'' . $type . 'list-' . $id . '\');"'; - $o .= (($type === 'like') ? + $o .= (($type === 'like') ? sprintf( t('<span %1$s>%2$d people</span> like this.'), $spanatts, $cnt) - : - sprintf( t('<span %1$s>%2$d people</span> don\'t like this.'), $spanatts, $cnt) ); + : + sprintf( t('<span %1$s>%2$d people</span> don\'t like this.'), $spanatts, $cnt) ); $o .= EOL ; $total = count($arr); if($total >= MAX_LIKERS) @@ -1469,7 +1469,7 @@ function format_like($cnt,$arr,$type,$id) { function status_editor($a,$x, $notes_cid = 0, $popup=false) { $o = ''; - + $geotag = (($x['allow_location']) ? get_markup_template('jot_geotag.tpl') : ''); $plaintext = false; @@ -1495,7 +1495,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { $tpl = get_markup_template("jot.tpl"); - + $jotplugins = ''; $jotnets = ''; @@ -1505,7 +1505,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { if($notes_cid) $jotnets .= '<input type="hidden" name="contact_allow[]" value="' . $notes_cid .'" />'; - $tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); + $tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); $o .= replace_macros($tpl,array( '$return_path' => $a->query_string, @@ -1553,7 +1553,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { if ($popup==true){ $o = '<div id="jot-popup" style="display: none;">'.$o.'</div>'; - + } return $o; @@ -1620,7 +1620,7 @@ function conv_sort($arr,$order) { usort($parents,'sort_thr_commented'); if(count($parents)) - foreach($parents as $i=>$_x) + foreach($parents as $i=>$_x) $parents[$i]['children'] = get_item_children($arr, $_x); /*foreach($arr as $x) { @@ -1638,7 +1638,7 @@ function conv_sort($arr,$order) { usort($y,'sort_thr_created_rev'); $parents[$k]['children'] = $y;*/ } - } + } } $ret = array(); |