aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-07-31 18:08:41 -0700
committerredmatrix <git@macgirvin.com>2016-07-31 18:08:41 -0700
commit86eb923f296ff911e3f516e9052b3edc55a02c8a (patch)
treee41c1f1ef922eff414d48f66534fa4fca37d2812 /include
parent74c68f09e5d7fa28d7345e18e813dc726309ea48 (diff)
downloadvolse-hubzilla-86eb923f296ff911e3f516e9052b3edc55a02c8a.tar.gz
volse-hubzilla-86eb923f296ff911e3f516e9052b3edc55a02c8a.tar.bz2
volse-hubzilla-86eb923f296ff911e3f516e9052b3edc55a02c8a.zip
make guest access tokens work with PERMS_NETWORK, PERMS_SITE, PERMS_PENDING, and PERMS_CONTACTS; or everything but PERMS_SPECIFIC. PERMS_SITE could be contentious, but we're currently denying them as they are a guest and don't actually have a channel on this site. We can't easily make PERMS_SPECIFIC work without providing an abook entry for the guest since we would need to set specific permissions for the guest login, but unfortunately this could be the most desirable setting to use in many cases. There is also an update of hmessages.po in this commit.
Diffstat (limited to 'include')
-rw-r--r--include/permissions.php9
-rw-r--r--include/security.php28
2 files changed, 37 insertions, 0 deletions
diff --git a/include/permissions.php b/include/permissions.php
index 638bedb24..a1e05d120 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -1,4 +1,7 @@
<?php
+
+require_once('include/security.php');
+
/**
* @file include/permissions.php
*
@@ -123,6 +126,9 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
dbesc($observer_xchan)
);
+ // no xchan either, see if they've got a guest access token
+ if(! $y)
+ $x = atoken_abook($uid,$observer_xchan);
}
$abook_checked = true;
@@ -332,6 +338,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
dbesc($observer_xchan)
);
+ // no xchan either, see if they've got a guest access token
+ if(! $y)
+ $x = atoken_abook($uid,$observer_xchan);
}
$abperms = load_abconfig($uid,$observer_xchan,'my_perms');
}
diff --git a/include/security.php b/include/security.php
index c67a1b400..7d2a49bdf 100644
--- a/include/security.php
+++ b/include/security.php
@@ -119,6 +119,34 @@ function atoken_xchan($atoken) {
return null;
}
+function atoken_abook($uid,$xchan_hash) {
+
+ if(substr($xchan_hash,16,1) != '.')
+ return false;
+
+ $r = q("select channel_hash from channel where channel_id = %d limit 1",
+ intval($uid)
+ );
+
+ if(! $r)
+ return false;
+
+ $x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+ intval($uid),
+ dbesc(substr($xchan_hash,17))
+ );
+
+ if($x) {
+ $xchan = atoken_xchan($x[0]);
+ $xchan['abook_blocked'] = 0;
+ $xchan['abook_ignored'] = 0;
+ $xchan['abook_pending'] = 0;
+ return $xchan;
+ }
+
+ return false;
+
+}
/**