more heavy lifting on API - though need to re-visit events and give them all message_ids from the origination site.

5 files changed, 76 insertions, 47 deletions

diff --git a/include/api.php b/include/api.php
index 16acc64f5..9ed025564 100644
--- a/include/api.php
+++ b/include/api.php
@@ -381,32 +381,20 @@ require_once('include/security.php');
 		
 	}
 
-// FIXME
+
 	function api_item_get_user(&$a, $item) {
 		global $usercache;
 
 		// The author is our direct contact, in a conversation with us.
-		if(link_compare($item['url'],$item['author-link'])) {
-			return api_get_user($a,$item['cid']);
-		}
-		else {
-			// The author may be a contact of ours, but is replying to somebody else. 
-			// Figure out if we know him/her.
-			$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
-            if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
-				return api_get_user($a,$a->contacts[$normalised]['id']);
-		}
 
+		if($item['author']['abook_id']) {
+			return api_get_user($a,$item['author']['abook_id']);
+		}	
+		
 		// We don't know this person directly.
 		
-		list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
-		$name=str_replace(")","",$name);
-
-		if ($name == '')
-			$name = $nick;
-
-		if ($nick == '')
-			$nick = $name;
+		$nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@'));
+		$name = $item['author']['xchan_name'];
 
 		// Generating a random ID
 		if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache))
@@ -418,8 +406,8 @@ require_once('include/security.php');
 			'screen_name' => $nick,
 			'location' => '', //$uinfo[0]['default-location'],
 			'description' => '',
-			'profile_image_url' => $item['author-avatar'],
-			'url' => $item['author-link'],
+			'profile_image_url' => $item['author']['xchan_photo_m'],
+			'url' => $item['author']['xchan_url'],
 			'protected' => false,	#
 			'followers_count' => 0,
 			'friends_count' => 0,
@@ -653,12 +641,11 @@ require_once('include/security.php');
 		// get last public message
 
 		$lastwall = q("SELECT * from item where 1
-			and not ( item_flags & %d ) and item_restrict = 0
+			and item_private != 0 and item_restrict = 0
 			and author_xchan = '%s'
 			and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
 			and verb = '%s'
 			order by created desc limit 1",
-			intval(ITEM_PRIVATE),
 			dbesc($user_info['guid']),
 			dbesc(ACTIVITY_POST)
 		);
@@ -723,12 +710,11 @@ require_once('include/security.php');
 		$user_info = api_get_user($a);
 
 		$lastwall = q("SELECT * from item where 1
-			and not ( item_flags & %d ) and item_restrict = 0
+			and item_private != 0 and item_restrict = 0
 			and author_xchan = '%s'
 			and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
 			and verb = '%s'
 			order by created desc limit 1",
-			intval(ITEM_PRIVATE),
 			dbesc($user_info['guid']),
 			dbesc(ACTIVITY_POST)
 		);
@@ -826,7 +812,7 @@ require_once('include/security.php');
 			intval($count)
 		);
 
-		xchan_query($r);
+		xchan_query($r,true);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -882,22 +868,22 @@ require_once('include/security.php');
 
 		if ($max_id > 0)
 			$sql_extra = 'AND `item`.`id` <= '.intval($max_id);
+		require_once('include/security.php');
 
-        $r = q("SELECT * from item where id in (select distinct(uri) from item where item_restrict = 0
+        $r = q("select * from item where item_restrict = 0
 			and allow_cid = ''  and allow_gid = ''
 			and deny_cid  = ''  and deny_gid  = ''
-            and not ( item_flags & %d ) and ( item_flags & %d )
+            and item_private = 0
+			and uid in ( " . stream_perms_api_uids() . " )
 			$sql_extra
-			AND id > %d)
-            ORDER BY received DESC LIMIT %d, %d ",
-			intval(ITEM_PRIVATE),
-			intval(ITEM_WALL),
+			AND id > %d group by uri
+            order by received desc LIMIT %d, %d ",
 			intval($since_id),
 			intval($start),
 			intval($count)
 		);
 
-		xchan_query($r);
+		xchan_query($r,true);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -946,7 +932,7 @@ require_once('include/security.php');
 		$r = q("select * from item where item_restrict = 0 $sql_extra",
 			intval($id)
 		);
-		xchan_query($r);
+		xchan_query($r,true);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -1346,7 +1332,8 @@ require_once('include/security.php');
 
 		foreach($r as $item) {
 			localize_item($item);
-			$status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
+
+			$status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item));
 
 			if($item['parent'] != $item['id']) {
 				$r = q("select id from item where parent= %d and id < %d order by id desc limit 1",
@@ -1358,7 +1345,7 @@ require_once('include/security.php');
 				else
 					$in_reply_to_status_id = $item['parent'];
 
-				xchan_query($r);
+				xchan_query($r,true);
 
 				$in_reply_to_screen_name = $r[0]['author']['xchan_name'];
 				$in_reply_to_user_id = $r[0]['author']['abook_id'];
diff --git a/include/event.php b/include/event.php
index 685842fc3..73a050cec 100644
--- a/include/event.php
+++ b/include/event.php
@@ -291,7 +291,7 @@ function event_store($arr) {
 
 			$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
 
-			q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1",
+			q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d  WHERE id = %d AND uid = %d LIMIT 1",
 				dbesc($arr['summary']),
 				dbesc(format_event_bbcode($arr)),
 				dbesc($object),
@@ -300,7 +300,8 @@ function event_store($arr) {
 				dbesc($arr['deny_cid']),
 				dbesc($arr['deny_gid']),
 				dbesc($arr['edited']),
-				intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE),
+				intval($r[0]['item_flags']),
+				intval($private),
 				intval($r[0]['id']),
 				intval($arr['uid'])
 			);
@@ -368,8 +369,6 @@ function event_store($arr) {
 		$uri = item_message_id();
 
 		$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
-		if($private)
-			$item_flags |= ITEM_PRIVATE;
 				
 		$item_arr = array();
 
@@ -387,6 +386,7 @@ function event_store($arr) {
 		$item_arr['allow_gid']     = $arr['allow_gid'];
 		$item_arr['deny_cid']      = $arr['deny_cid'];
 		$item_arr['deny_gid']      = $arr['deny_gid'];
+		$item_arr['private']       = (($arr['private'] || $private) ? 1 : 0);
 		$item_arr['verb']          = ACTIVITY_POST;
 
 		$item_arr['resource_type'] = 'event';
diff --git a/include/items.php b/include/items.php
index 0217884fd..fe8aadcbf 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) {
 	$private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0;
 
 	$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
-	if($private)
-		$flag_bits = $flag_bits | ITEM_PRIVATE;
 
 	$r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', 
-		deny_cid = '%s', deny_gid = '%s'  where id = %d limit 1",
+		deny_cid = '%s', deny_gid = '%s', item_private = %d  where id = %d limit 1",
 		intval($flag_bits),
 		dbesc($u[0]['channel_hash']),
 		dbesc($u[0]['allow_cid']),
 		dbesc($u[0]['allow_gid']),
 		dbesc($u[0]['deny_cid']),
 		dbesc($u[0]['deny_gid']),
+		intval($private),
 		intval($item_id)
 	);
 	if($r)
diff --git a/include/security.php b/include/security.php
index 0783a3c20..25318b3e8 100644
--- a/include/security.php
+++ b/include/security.php
@@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 	 * default permissions - anonymous user
 	 */
 
-	$sql = " AND not (item_flags & " . ITEM_PRIVATE . ") ";  
+	$sql = " AND not item_private ";
 			
 
 	/**
@@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) {
 }}
 
 
+
+
+
+// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the 
+// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. 
+// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
+// We always include yourself if logged in because you can always see your own posts
+// resolving granular permissions for the observer against every person and every post on the site
+// will likely be too expensive. 
+// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
+
+function stream_perms_api_uids($perms_min = PERMS_SITE) {
+	$ret = array();
+	if(local_user())
+		$ret[] = local_user();
+	$r = q("select channel_id from channel where channel_r_stream <= %d",
+		intval($perms_min)
+	);
+	if($r)
+		foreach($r as $rr)
+			if(! in_array($rr['channel_id'],$ret))
+				$ret[] = $rr['channel_id']; 
+
+	$str = '';
+	if($ret)
+		foreach($ret as $rr) {
+			if($str)
+				$str .= ',';
+			$str .= intval($rr); 
+		}
+	return $str;
+}
+
diff --git a/include/text.php b/include/text.php
index 1cfc89cae..6f2caa510 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1718,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') {
 	return(implode(',', $t));
 }
 
-function xchan_query(&$items) {
+// Fetches xchan and hubloc data for an array of items with only an 
+// author_xchan and owner_xchan. If $abook is true also include the abook info. 
+// This is needed in the API to save extra per item lookups there.
+
+function xchan_query(&$items,$abook = false) {
 	$arr = array();
 	if($items && count($items)) {
 		foreach($items as $item) {
@@ -1729,8 +1733,14 @@ function xchan_query(&$items) {
 		}
 	}
 	if(count($arr)) {
-		$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
-			where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+		if($abook) {
+			$chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash
+				where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+		}
+		else {
+			$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
+				where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+		}
 	}
 	if($items && count($items) && $chans && count($chans)) {
 		for($x = 0; $x < count($items); $x ++) {