diff options
author | Andrew Manning <tamanning@zoho.com> | 2016-07-21 21:14:54 -0400 |
---|---|---|
committer | Andrew Manning <tamanning@zoho.com> | 2016-07-21 21:14:54 -0400 |
commit | 5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6 (patch) | |
tree | 84b9b847f384c42a462a0035142b4b5757906922 /include | |
parent | d504197a786eb46a780278fccb529daa13bfa443 (diff) | |
parent | 8566f9130395ecdbe19f9fce85a26dac39d9fe24 (diff) | |
download | volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.gz volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.bz2 volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.zip |
Merge remote-tracking branch 'upstream/dev' into website-import
Diffstat (limited to 'include')
-rw-r--r-- | include/account.php | 2 | ||||
-rw-r--r-- | include/api.php | 3 | ||||
-rw-r--r-- | include/api_auth.php | 14 | ||||
-rw-r--r-- | include/auth.php | 139 | ||||
-rw-r--r-- | include/channel.php | 107 | ||||
-rw-r--r-- | include/config.php | 1 | ||||
-rw-r--r-- | include/connections.php | 10 | ||||
-rw-r--r-- | include/conversation.php | 6 | ||||
-rw-r--r-- | include/event.php | 4 | ||||
-rw-r--r-- | include/follow.php | 48 | ||||
-rw-r--r-- | include/import.php | 47 | ||||
-rwxr-xr-x | include/items.php | 39 | ||||
-rw-r--r-- | include/oauth.php | 2 | ||||
-rwxr-xr-x | include/oembed.php | 11 | ||||
-rw-r--r-- | include/perm_upgrade.php | 236 | ||||
-rw-r--r-- | include/permissions.php | 519 | ||||
-rw-r--r-- | include/photos.php | 2 | ||||
-rw-r--r-- | include/security.php | 70 | ||||
-rw-r--r-- | include/text.php | 16 | ||||
-rw-r--r-- | include/widgets.php | 11 | ||||
-rw-r--r-- | include/zot.php | 192 |
21 files changed, 913 insertions, 566 deletions
diff --git a/include/account.php b/include/account.php index c02a74928..142ad1bea 100644 --- a/include/account.php +++ b/include/account.php @@ -515,7 +515,7 @@ function account_approve($hash) { auto_channel_create($register[0]['uid']); else { $_SESSION['login_return_url'] = 'new_channel'; - authenticate_success($account[0],true,true,false,true); + authenticate_success($account[0],null,true,true,false,true); } diff --git a/include/api.php b/include/api.php index df6aba957..8d475c5fa 100644 --- a/include/api.php +++ b/include/api.php @@ -282,7 +282,8 @@ require_once('include/api_auth.php'); intval($uinfo[0]['xchan_hash']) ); $countitms = $r[0]['count']; - $following = (($uinfo[0]['abook_myperms'] & PERMS_R_STREAM) ? true : false ); + + $following = ((get_abconfig($uinfo[0]['abook_channel'],$uinfo[0]['abook_xchan'],'my_perms','view_stream')) ? true : false ); } diff --git a/include/api_auth.php b/include/api_auth.php index dc8492b20..7a71bad73 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -59,20 +59,12 @@ function api_login(&$a){ if(isset($_SERVER['PHP_AUTH_USER'])) { $channel_login = 0; $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); - if(! $record) { - $r = q("select * from channel left join account on account.account_id = channel.channel_account_id - where channel.channel_address = '%s' limit 1", - dbesc($_SERVER['PHP_AUTH_USER']) - ); - if ($r) { - $record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']); - if($record) - $channel_login = $r[0]['channel_id']; - } + if($record && $record['channel']) { + $channel_login = $record['channel']['channel_id']; } } - if($record) { + if($record['account']) { authenticate_success($record); if($channel_login) diff --git a/include/auth.php b/include/auth.php index 79d04c728..f8120981a 100644 --- a/include/auth.php +++ b/include/auth.php @@ -20,62 +20,85 @@ require_once('include/security.php'); * attempts. * * @param string $email - * The email address to verify. + * The login to verify (channel address, account email or guest login token). * @param string $pass * The provided password to verify. * @return array|null * Returns account record on success, null on failure. */ -function account_verify_password($email, $pass) { +function account_verify_password($login, $pass) { + + $ret = [ 'account' => null, 'channel' => null, 'xchan' => null ]; $email_verify = get_config('system', 'verify_email'); $register_policy = get_config('system', 'register_policy'); + if(! $login) + return null; + + $account = null; + $channel = null; + $xchan = null; + + if(! strpos($login,'@')) { + $channel = channelx_by_nick($login); + if(! $channel) { + $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1", + dbesc($login), + dbesc($pass) + ); + if($x) { + $ret['xchan'] = atoken_xchan($x[0]); + return $ret; + } + } + } + if($channel) { + $where = " where account_id = " . intval($channel['channel_account_id']) . " "; + } + else { + $where = " where account_email = '" . dbesc($login) . "' "; + } + + $a = q("select * from account $where"); + if(! $a) { + return null; + } + + $account = $a[0]; + // Currently we only verify email address if there is an open registration policy. // This isn't because of any policy - it's because the workflow gets too complicated if // you have to verify the email and then go through the account approval workflow before // letting them login. - // @bug there is no record here - //if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED)) - // return null; - - $r = q("select * from account where account_email = '%s'", - dbesc($email) - ); - if($r) { - - foreach($r as $record) { - if(($record['account_flags'] == ACCOUNT_OK) - && (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) { - logger('password verified for ' . $email); - return $record; - } - } + if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($account['account_flags'] & ACCOUNT_UNVERIFIED)) { + logger('email verification required for ' . $login); + return null; } - $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1", - dbesc($email), - dbesc($pass) - ); - if($x) { - atoken_login($x[0]); - return $x[0]; + if(($account['account_flags'] == ACCOUNT_OK) + && (hash('whirlpool',$account['account_salt'] . $pass) === $account['account_password'])) { + logger('password verified for ' . $login); + $ret['account'] = $account; + if($channel) + $ret['channel'] = $channel; + return $ret; } - $error = 'password failed for ' . $email; + $error = 'password failed for ' . $login; logger($error); - if($record['account_flags'] & ACCOUNT_UNVERIFIED) - logger('Account is unverified. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_BLOCKED) - logger('Account is blocked. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_EXPIRED) - logger('Account is expired. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_REMOVED) - logger('Account is removed. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_PENDING) - logger('Account is pending. account_flags = ' . $record['account_flags']); + if($account['account_flags'] & ACCOUNT_UNVERIFIED) + logger('Account is unverified. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_BLOCKED) + logger('Account is blocked. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_EXPIRED) + logger('Account is expired. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_REMOVED) + logger('Account is removed. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_PENDING) + logger('Account is pending. account_flags = ' . $account['account_flags']); log_failed_login($error); @@ -131,7 +154,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && App::$session->new_cookie(60 * 60 * 24); // one day $_SESSION['last_login_date'] = datetime_convert(); unset($_SESSION['visitor_id']); // no longer a visitor - authenticate_success($x[0], true, true); + authenticate_success($x[0], null, true, true); } } if(array_key_exists('atoken',$_SESSION)) { @@ -177,7 +200,8 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && App::$session->extend_cookie(); $login_refresh = true; } - authenticate_success($r[0], false, false, false, $login_refresh); + $ch = (($_SESSION['uid']) ? channelx_by_n($_SESSION['uid']) : null); + authenticate_success($r[0], null, $ch, false, false, $login_refresh); } else { $_SESSION['account_id'] = 0; @@ -218,37 +242,38 @@ else { call_hooks('authenticate', $addon_auth); - $atoken = false; + $atoken = null; + $account = null; if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) { - $record = $addon_auth['user_record']; + $account = $addon_auth['user_record']; } else { - $x = account_verify_password($_POST['username'], $_POST['password']); - if(array_key_exists('atoken',$x)) - $atoken = true; - if(! $atoken) { - $record = App::$account = $x; - - if(App::$account) { - $_SESSION['account_id'] = App::$account['account_id']; - } - else { - notice( t('Failed authentication') . EOL); - } - - logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL); + $verify = account_verify_password($_POST['username'], $_POST['password']); + if($verify) { + $atoken = $verify['xchan']; + $channel = $verify['channel']; + $account = App::$account = $verify['account']; + } + + if(App::$account) { + $_SESSION['account_id'] = App::$account['account_id']; + } + elseif($atoken) { + atoken_login($atoken); + } + else { + notice( t('Failed authentication') . EOL); } } - if((! $record) || (! count($record))) { + if(! ($account || $atoken)) { $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; logger($error); // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention $authlog = get_config('system', 'authlog'); if ($authlog) @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); - notice( t('Login failed.') . EOL ); goaway(z_root() . '/login'); } @@ -279,7 +304,7 @@ else { $_SESSION['last_login_date'] = datetime_convert(); if(! $atoken) - authenticate_success($record, true, true); + authenticate_success($account,$channel,true, true); } } diff --git a/include/channel.php b/include/channel.php index 1a6508803..708e70b1c 100644 --- a/include/channel.php +++ b/include/channel.php @@ -6,6 +6,7 @@ require_once('include/zot.php'); require_once('include/crypto.php'); require_once('include/menu.php'); +require_once('include/perm_upgrade.php'); /** * @brief Called when creating a new channel. @@ -225,42 +226,26 @@ function create_identity($arr) { if(array_key_exists('publish', $arr)) $publish = intval($arr['publish']); - $primary = true; - - if(array_key_exists('primary', $arr)) - $primary = intval($arr['primary']); - $role_permissions = null; - $global_perms = get_perms(); if(array_key_exists('permissions_role',$arr) && $arr['permissions_role']) { - $role_permissions = get_role_perms($arr['permissions_role']); - - if($role_permissions) { - foreach($role_permissions as $p => $v) { - if(strpos($p,'channel_') !== false) { - $perms_keys .= ', ' . $p; - $perms_vals .= ', ' . intval($v); - } - if($p === 'directory_publish') - $publish = intval($v); - } - } - } - else { - $defperms = site_default_perms(); - foreach($defperms as $p => $v) { - $perms_keys .= ', ' . $global_perms[$p][0]; - $perms_vals .= ', ' . intval($v); - } + $role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($arr['permissions_role']); } + if($role_permissions && array_key_exists('directory_publish',$role_permissions)) + $publish = intval($role_permissions['directory_publish']); + + $primary = true; + + if(array_key_exists('primary', $arr)) + $primary = intval($arr['primary']); + $expire = 0; $r = q("insert into channel ( channel_account_id, channel_primary, channel_name, channel_address, channel_guid, channel_guid_sig, - channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone $perms_keys ) - values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' $perms_vals ) ", + channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone ) + values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' ) ", intval($arr['account_id']), intval($primary), @@ -288,6 +273,17 @@ function create_identity($arr) { return $ret; } + if($role_permissions && array_key_exists('limits',$role_permissions)) + $perm_limits = $role_permissions['limits']; + else + $perm_limits = site_default_perms(); + + foreach($perm_limits as $p => $v) + \Zotlabs\Access\PermissionLimits::Set($r[0]['channel_id'],$p,$v); + + if($role_permissions && array_key_exists('perms_auto',$role_permissions)) + set_pconfig($r[0]['channel_id'],'system','autoperms',intval($role_permissions['perms_auto'])); + $ret['channel'] = $r[0]; if(intval($arr['account_id'])) @@ -351,25 +347,29 @@ function create_identity($arr) { ); if($role_permissions) { - $myperms = ((array_key_exists('perms_accept',$role_permissions)) ? intval($role_permissions['perms_accept']) : 0); + $myperms = ((array_key_exists('perms_connect',$role_permissions)) ? $role_permissions['perms_connect'] : array()); + } + else { + $x = \Zotlabs\Access\PermissionRoles::role_perms('social'); + $myperms = $x['perms_connect']; } - else - $myperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_self, abook_my_perms ) - values ( %d, %d, '%s', %d, '%s', '%s', %d, %d ) ", + $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_self ) + values ( %d, %d, '%s', %d, '%s', '%s', %d ) ", intval($ret['channel']['channel_account_id']), intval($newuid), dbesc($hash), intval(0), dbesc(datetime_convert()), dbesc(datetime_convert()), - intval(1), - intval($myperms) + intval(1) ); + $x = \Zotlabs\Access\Permissions::FilledPerms($myperms); + foreach($x as $k => $v) { + set_abconfig($newuid,$hash,'my_perms',$k,$v); + } + if(intval($ret['channel']['channel_account_id'])) { // Save our permissions role so we can perhaps call it up and modify it later. @@ -378,8 +378,21 @@ function create_identity($arr) { set_pconfig($newuid,'system','permissions_role',$arr['permissions_role']); if(array_key_exists('online',$role_permissions)) set_pconfig($newuid,'system','hide_presence',1-intval($role_permissions['online'])); - if(array_key_exists('perms_auto',$role_permissions)) - set_pconfig($newuid,'system','autoperms',(($role_permissions['perms_auto']) ? $role_permissions['perms_accept'] : 0)); + if(array_key_exists('perms_auto',$role_permissions)) { + $autoperms = intval($role_permissions['perms_auto']); + set_pconfig($newuid,'system','autoperms',$autoperms); + if($autoperms) { + $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']); + foreach($x as $k => $v) { + set_pconfig($newuid,'autoperms',$k,$v); + } + } + else { + $r = q("delete from pconfig where uid = %d and cat = 'autoperms'", + intval($newuid) + ); + } + } } // Create a group with yourself as a member. This allows somebody to use it @@ -497,7 +510,8 @@ function identity_basic_export($channel_id, $items = false) { intval($channel_id) ); if($r) { - $ret['channel'] = $r[0]; + translate_channel_perms_outbound($r[0]); + $ret['channel'] = $r[0]; $ret['relocate'] = [ 'channel_address' => $r[0]['channel_address'], 'url' => z_root()]; } @@ -519,6 +533,7 @@ function identity_basic_export($channel_id, $items = false) { $abconfig = load_abconfig($channel_id,$ret['abook'][$x]['abook_xchan']); if($abconfig) $ret['abook'][$x]['abconfig'] = $abconfig; + translate_abook_perms_outbound($ret['abook'][$x]); } stringify_array_elms($xchans); } @@ -1551,9 +1566,11 @@ function is_public_profile() { if(intval(get_config('system','block_public'))) return false; $channel = App::get_channel(); - if($channel && $channel['channel_r_profile'] == PERMS_PUBLIC) - return true; - + if($channel) { + $perm = \Zotlabs\Access\PermissionLimit::Get($channel['channel_id'],'view_profile'); + if($perm == PERMS_PUBLIC) + return true; + } return false; } @@ -1625,13 +1642,13 @@ function notifications_on($channel_id,$value) { function get_channel_default_perms($uid) { - $r = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1", + $r = q("select abook_xchan from abook where abook_channel = %d and abook_self = 1 limit 1", intval($uid) ); if($r) - return $r[0]['abook_my_perms']; + return load_abconfig($uid,$r[0]['abook_xchan'],'my_perms'); - return 0; + return array(); } diff --git a/include/config.php b/include/config.php index 08810e298..8c0469392 100644 --- a/include/config.php +++ b/include/config.php @@ -97,7 +97,6 @@ function del_aconfig($account_id, $family, $key) { return Zlib\AConfig::Delete($account_id, $family, $key); } - function load_abconfig($chan, $xhash, $family = '') { return Zlib\AbConfig::Load($chan,$xhash,$family); } diff --git a/include/connections.php b/include/connections.php index ed4526a09..9f55820cc 100644 --- a/include/connections.php +++ b/include/connections.php @@ -260,15 +260,15 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { if(! $local) { - $r = q("update channel set channel_deleted = '%s', channel_removed = 1, channel_r_stream = 0, channel_r_profile = 0, - channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0, - channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0, - channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0 - where channel_id = %d", + $r = q("update channel set channel_deleted = '%s', channel_removed = 1 where channel_id = %d", dbesc(datetime_convert()), intval($channel_id) ); + q("delete from pconfig where uid = %d", + intval($channel_id) + ); + logger('deleting hublocs',LOGGER_DEBUG); $r = q("update hubloc set hubloc_deleted = 1 where hubloc_hash = '%s'", diff --git a/include/conversation.php b/include/conversation.php index 957dbf8e9..1efca37f3 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -99,7 +99,7 @@ function localize_item(&$item){ if(intval($item['item_thread_top'])) return; - $obj = json_decode_plus($item['obj']); + $obj = json_decode($item['obj'],true); if((! $obj) && ($item['obj'])) { logger('localize_item: failed to decode object: ' . print_r($item['obj'],true)); } @@ -186,7 +186,7 @@ function localize_item(&$item){ $Alink = $item['author']['xchan_url']; - $obj= json_decode_plus($item['obj']); + $obj= json_decode($item['obj'],true); $Blink = $Bphoto = ''; @@ -219,7 +219,7 @@ function localize_item(&$item){ $Aname = $item['author']['xchan_name']; $Alink = $item['author']['xchan_url']; - $obj= json_decode_plus($item['obj']); + $obj= json_decode($item['obj'],true); $Blink = $Bphoto = ''; diff --git a/include/event.php b/include/event.php index a4118ec78..3d650cd14 100644 --- a/include/event.php +++ b/include/event.php @@ -183,7 +183,9 @@ function format_ical_text($s) { require_once('include/bbcode.php'); require_once('include/html2plain.php'); - return(wordwrap(str_replace(array(',',';','\\'),array('\\,','\\;','\\\\'),html2plain(bbcode($s))),72,"\r\n ",true)); + $s = html2plain(bbcode($s)); + $s = str_replace(["\r\n","\n"],["",""],$s); + return(wordwrap(str_replace(['\\',',',';'],['\\\\','\\,','\\;'],$s),72,"\r\n ",true)); } diff --git a/include/follow.php b/include/follow.php index e5a74f85e..5f63687f8 100644 --- a/include/follow.php +++ b/include/follow.php @@ -66,12 +66,11 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $role = get_pconfig($uid,'system','permissions_role'); if($role) { - $x = get_role_perms($role); - if($x['perms_follow']) - $my_perms = $x['perms_follow']; + $x = \Zotlabs\Access\PermissionRoles::role_perms($role); + if($x['perms_connect']) + $my_perms = $x['perms_connect']; } - if($is_red && $j) { logger('follow: ' . $url . ' ' . print_r($j,true), LOGGER_DEBUG); @@ -104,10 +103,6 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $xchan_hash = $x['hash']; - $their_perms = 0; - - $global_perms = get_perms(); - if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) { $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], @@ -121,16 +116,14 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) else $permissions = $j['permissions']; - - foreach($permissions as $k => $v) { - if($v) { - $their_perms = $their_perms | intval($global_perms[$k][1]); + if(is_array($permissions) && $permissions) { + foreach($permissions as $k => $v) { + set_abconfig($channel['channel_uid'],$xchan_hash,'their_perms',$k,intval($v)); } } } else { - $their_perms = 0; $xchan_hash = ''; $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", @@ -190,6 +183,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $result['message'] = t('Protocol disabled.'); return $result; } + $singleton = intval($x['singleton']); $aid = $channel['channel_account_id']; @@ -222,6 +216,15 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) intval($uid) ); + if($is_http) { + + // Always set these "remote" permissions for feeds since we cannot interact with them + // to negotiate a suitable permission response + + set_abconfig($uid,$xchan_hash,'their_perms','view_stream',1); + set_abconfig($uid,$xchan_hash,'their_perms','republish',1); + } + if($r) { $abook_instance = $r[0]['abook_instance']; @@ -231,8 +234,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $abook_instance .= z_root(); } - $x = q("update abook set abook_their_perms = %d, abook_instance = '%s' where abook_id = %d", - intval($their_perms), + $x = q("update abook set abook_instance = '%s' where abook_id = %d", dbesc($abook_instance), intval($r[0]['abook_id']) ); @@ -242,15 +244,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if($closeness === false) $closeness = 80; - $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_instance ) - values( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s' ) ", + $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_created, abook_updated, abook_instance ) + values( %d, %d, %d, '%s', %d, '%s', '%s', '%s' ) ", intval($aid), intval($uid), intval($closeness), dbesc($xchan_hash), intval(($is_http) ? 1 : 0), - intval(($is_http) ? $their_perms|PERMS_R_STREAM|PERMS_A_REPUBLISH : $their_perms), - intval($my_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(($singleton) ? z_root() : '') @@ -260,6 +260,16 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if(! $r) logger('mod_follow: abook creation failed'); + $all_perms = \Zotlabs\Access\Permissions::Perms(); + if($all_perms) { + foreach($all_perms as $k => $v) { + if(in_array($k,$my_perms)) + set_abconfig($uid,$xchan_hash,'my_perms',$k,1); + else + set_abconfig($uid,$xchan_hash,'my_perms',$k,0); + } + } + $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), diff --git a/include/import.php b/include/import.php index 73a2dfff4..c69f2eadd 100644 --- a/include/import.php +++ b/include/import.php @@ -1,6 +1,7 @@ <?php require_once('include/menu.php'); +require_once('include/perm_upgrade.php'); function import_channel($channel, $account_id, $seize) { @@ -61,15 +62,35 @@ function import_channel($channel, $account_id, $seize) { if(! is_site_admin()) $channel['channel_pageflags'] = $channel['channel_pageflags'] ^ PAGE_ALLOWCODE; } - - dbesc_array($channel); - $r = dbq("INSERT INTO channel (`" - . implode("`, `", array_keys($channel)) - . "`) VALUES ('" - . implode("', '", array_values($channel)) - . "')" - ); + // remove all the permissions related settings, we will import/upgrade them after the channel + // is created. + + $disallowed = [ + 'channel_id', 'channel_r_stream', 'channel_r_profile', 'channel_r_abook', + 'channel_r_storage', 'channel_r_pages', 'channel_w_stream', 'channel_w_wall', + 'channel_w_comment', 'channel_w_mail', 'channel_w_like', 'channel_w_tagwall', + 'channel_w_chat', 'channel_w_storage', 'channel_w_pages', 'channel_a_republish', + 'channel_a_delegate', 'perm_limits' + ]; + + $clean = array(); + foreach($channel as $k => $v) { + if(in_array($k,$disallowed)) + continue; + $clean[$k] = $v; + } + + if($clean) { + dbesc_array($clean); + + $r = dbq("INSERT INTO channel (`" + . implode("`, `", array_keys($clean)) + . "`) VALUES ('" + . implode("', '", array_values($clean)) + . "')" + ); + } if(! $r) { logger('mod_import: channel clone failed. ', print_r($channel,true)); @@ -86,6 +107,14 @@ function import_channel($channel, $account_id, $seize) { notice( t('Cloned channel not found. Import failed.') . EOL); return false; } + + // extract the permissions from the original imported array and use our new channel_id to set them + // These could be in the old channel permission stule or the new pconfig. We have a function to + // translate and store them no matter which they throw at us. + + $channel['channel_id'] = $r[0]['channel_id']; + translate_channel_perms_inbound($channel); + // reset $channel = $r[0]; @@ -1004,7 +1033,7 @@ function sync_files($channel,$files) { $attach_id = $x[0]['id']; } - $newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['data']); + $newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['content']); unset($att['id']); $att['aid'] = $channel['channel_account_id']; diff --git a/include/items.php b/include/items.php index 373090d41..178fb30d6 100755 --- a/include/items.php +++ b/include/items.php @@ -183,7 +183,7 @@ function is_item_normal($item) { * This function examines the comment_policy attached to an item and decides if the current observer has * sufficient privileges to comment. This will normally be called on a remote site where perm_is_allowed() * will not be suitable because the post owner does not have a local channel_id. - * Generally we should look at the item - in particular the author['book_flags'] and see if ABOOK_FLAG_SELF is set. + * Generally we should look at the item - in particular the author['abook_flags'] and see if ABOOK_FLAG_SELF is set. * If it is, you should be able to use perm_is_allowed( ... 'post_comments'), and if it isn't you need to call * can_comment_on_post() * We also check the comments_closed date/time on the item if this is set. @@ -224,8 +224,7 @@ function can_comment_on_post($observer_xchan, $item) { case 'contacts': case 'authenticated': case '': - if(array_key_exists('owner',$item)) { - if(($item['owner']['abook_xchan']) && ($item['owner']['abook_their_perms'] & PERMS_W_COMMENT)) + if(array_key_exists('owner',$item) && get_abconfig($item['uid'],$item['owner']['abook_xchan'],'their_perms','post_comments')) { return true; } break; @@ -386,7 +385,7 @@ function post_activity_item($arr) { return $ret; } - $arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true)); + $arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true)); if($arr['public_policy']) $arr['item_private'] = 1; @@ -422,7 +421,7 @@ function post_activity_item($arr) { $arr['deny_cid'] = ((x($arr,'deny_cid')) ? $arr['deny_cid'] : $channel['channel_deny_cid']); $arr['deny_gid'] = ((x($arr,'deny_gid')) ? $arr['deny_gid'] : $channel['channel_deny_gid']); - $arr['comment_policy'] = map_scope($channel['channel_w_comment']); + $arr['comment_policy'] = map_scope(\Zotlabs\Access/PermissionLimits::Get($channel['channel_id'],'post_comments')); if ((! $arr['plink']) && (intval($arr['item_thread_top']))) { $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; @@ -971,12 +970,12 @@ function encode_item($item,$mirror = false) { // logger('encode_item: ' . print_r($item,true)); - $r = q("select channel_r_stream, channel_w_comment from channel where channel_id = %d limit 1", + $r = q("select channel_id from channel where channel_id = %d limit 1", intval($item['uid']) ); if($r) - $comment_scope = $r[0]['channel_w_comment']; + $comment_scope = \Zotlabs\Access\PermissionLimits::Get($item['uid'],'post_comments'); else $comment_scope = 0; @@ -990,9 +989,9 @@ function encode_item($item,$mirror = false) { if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) { if($item['title']) - $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key); if($item['body']) - $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key); } // If we're trying to backup an item so that it's recoverable or for export/imprt, @@ -1062,11 +1061,11 @@ function encode_item($item,$mirror = false) { $x['owner'] = encode_item_xchan($item['owner']); $x['author'] = encode_item_xchan($item['author']); if($item['obj']) - $x['object'] = json_decode_plus($item['obj']); + $x['object'] = json_decode($item['obj'],true); if($item['target']) - $x['target'] = json_decode_plus($item['target']); + $x['target'] = json_decode($item['target'],true); if($item['attach']) - $x['attach'] = json_decode_plus($item['attach']); + $x['attach'] = json_decode($item['attach'],true); if($y = encode_item_flags($item)) $x['flags'] = $y; @@ -1382,7 +1381,7 @@ function encode_mail($item,$extended = false) { $x['to'] = encode_item_xchan($item['to']); if($item['attach']) - $x['attach'] = json_decode_plus($item['attach']); + $x['attach'] = json_decode($item['attach'],true); $x['flags'] = array(); @@ -2390,7 +2389,7 @@ function tag_deliver($uid, $item_id) { if(($item['obj_type'] == "") || ($item['obj_type'] !== ACTIVITY_OBJ_PERSON) || (! $item['obj'])) $poke_notify = false; - $obj = json_decode_plus($item['obj']); + $obj = json_decode($item['obj'],true); if($obj) { if($obj['id'] !== $u[0]['channel_hash']) $poke_notify = false; @@ -2427,14 +2426,14 @@ function tag_deliver($uid, $item_id) { if(($item['owner_xchan'] === $u[0]['channel_hash']) && (! get_pconfig($u[0]['channel_id'],'system','blocktags'))) { logger('tag_deliver: community tag recipient: ' . $u[0]['channel_name']); - $j_tgt = json_decode_plus($item['target']); + $j_tgt = json_decode($item['target'],true); if($j_tgt && $j_tgt['id']) { $p = q("select * from item where mid = '%s' and uid = %d limit 1", dbesc($j_tgt['id']), intval($u[0]['channel_id']) ); if($p) { - $j_obj = json_decode_plus($item['obj']); + $j_obj = json_decode($item['obj'],true); logger('tag_deliver: tag object: ' . print_r($j_obj,true), LOGGER_DATA); if($j_obj && $j_obj['id'] && $j_obj['title']) { if(is_array($j_obj['link'])) @@ -2519,7 +2518,7 @@ function tag_deliver($uid, $item_id) { if(intval($item['item_obscured'])) { $key = get_config('system','prvkey'); if($item['body']) - $body = crypto_unencapsulate(json_decode_plus($item['body']),$key); + $body = crypto_unencapsulate(json_decode($item['body'],true),$key); } else $body = $item['body']; @@ -2762,7 +2761,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent) { $private = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 1 : 0); - $new_public_policy = map_scope($channel['channel_r_stream'],true); + $new_public_policy = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true); if((! $private) && $new_public_policy) $private = 1; @@ -2807,7 +2806,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent) { dbesc($channel['channel_deny_gid']), intval($private), dbesc($new_public_policy), - dbesc(map_scope($channel['channel_w_comment'])), + dbesc(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments'))), dbesc($title), dbesc($body), intval($item_wall), @@ -2856,7 +2855,7 @@ function check_item_source($uid, $item) { if(! $x) return false; - if(! ($x[0]['abook_their_perms'] & PERMS_A_REPUBLISH)) + if(! get_abconfig($uid,$item['owner_xchan'],'their_perms','republish')) return false; if($item['item_private'] && (! intval($x[0]['abook_feed']))) diff --git a/include/oauth.php b/include/oauth.php index 984e0e6c6..a3c52bf27 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -170,7 +170,7 @@ class ZotOAuth1 extends OAuth1Server { ); if($x) { require_once('include/security.php'); - authenticate_success($x[0],true,false,true,true); + authenticate_success($x[0],null,true,false,true,true); $_SESSION['allow_api'] = true; } } diff --git a/include/oembed.php b/include/oembed.php index fe068278e..fe3a3c33c 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -215,6 +215,17 @@ function oembed_fetch_url($embedurl){ if($j->html != $orig) { logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j->html, LOGGER_DEBUG, LOG_INFO); } + + $orig_len = trim(mb_strlen($orig)); + $new_len = trim(mb_strlen($j->html)); + if(! $new_len) + $j->type = 'error'; + elseif($orig_len) { + $ratio = $new_len / $orig_len; + if($ratio < 0.8) + $j->type = 'error'; + } + } } diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php new file mode 100644 index 000000000..5be1ffbb2 --- /dev/null +++ b/include/perm_upgrade.php @@ -0,0 +1,236 @@ +<?php + +function perm_limits_upgrade($channel) { + set_pconfig($channel['channel_id'],'perm_limits','view_stream',$channel['channel_r_stream']); + set_pconfig($channel['channel_id'],'perm_limits','view_profile',$channel['channel_r_profile']); + set_pconfig($channel['channel_id'],'perm_limits','view_contacts',$channel['channel_r_abook']); + set_pconfig($channel['channel_id'],'perm_limits','view_storage',$channel['channel_r_storage']); + set_pconfig($channel['channel_id'],'perm_limits','view_pages',$channel['channel_r_pages']); + set_pconfig($channel['channel_id'],'perm_limits','send_stream',$channel['channel_w_stream']); + set_pconfig($channel['channel_id'],'perm_limits','post_wall',$channel['channel_w_wall']); + set_pconfig($channel['channel_id'],'perm_limits','post_comments',$channel['channel_w_comment']); + set_pconfig($channel['channel_id'],'perm_limits','post_mail',$channel['channel_w_mail']); + set_pconfig($channel['channel_id'],'perm_limits','post_like',$channel['channel_w_like']); + set_pconfig($channel['channel_id'],'perm_limits','tag_deliver',$channel['channel_w_tagwall']); + set_pconfig($channel['channel_id'],'perm_limits','chat',$channel['channel_w_chat']); + set_pconfig($channel['channel_id'],'perm_limits','write_storage',$channel['channel_w_storage']); + set_pconfig($channel['channel_id'],'perm_limits','write_pages',$channel['channel_w_pages']); + set_pconfig($channel['channel_id'],'perm_limits','republish',$channel['channel_a_republish']); + set_pconfig($channel['channel_id'],'perm_limits','delegate',$channel['channel_a_delegate']); +} + +function perms_int_to_array($p) { + + $ret = []; + + $ret['view_stream'] = (($p & PERMS_R_STREAM) ? 1 : 0); + $ret['view_profile'] = (($p & PERMS_R_PROFILE) ? 1 : 0); + $ret['view_contacts'] = (($p & PERMS_R_ABOOK) ? 1 : 0); + $ret['view_storage'] = (($p & PERMS_R_STORAGE) ? 1 : 0); + $ret['view_pages'] = (($p & PERMS_R_PAGES) ? 1 : 0); + $ret['send_stream'] = (($p & PERMS_W_STREAM) ? 1 : 0); + $ret['post_wall'] = (($p & PERMS_W_WALL) ? 1 : 0); + $ret['post_comments'] = (($p & PERMS_W_COMMENT) ? 1 : 0); + $ret['post_mail'] = (($p & PERMS_W_MAIL) ? 1 : 0); + $ret['post_like'] = (($p & PERMS_W_LIKE) ? 1 : 0); + $ret['tag_deliver'] = (($p & PERMS_W_TAGWALL) ? 1 : 0); + $ret['chat'] = (($p & PERMS_W_CHAT) ? 1 : 0); + $ret['write_storage'] = (($p & PERMS_W_STORAGE) ? 1 : 0); + $ret['write_pages'] = (($p & PERMS_W_PAGES) ? 1 : 0); + $ret['republish'] = (($p & PERMS_A_REPUBLISH) ? 1 : 0); + $ret['delegate'] = (($p & PERMS_A_DELEGATE) ? 1 : 0); + + return $ret; +} + +function autoperms_upgrade($channel) { + $x = get_pconfig($channel['channel_id'],'system','autoperms'); + if(intval($x)) { + $y = perms_int_to_array($x); + if($y) { + foreach($y as $k => $v) { + set_pconfig($channel['channel_id'],'autoperms',$k,$v); + } + } + } +} + + +function perm_abook_upgrade($abook) { + + $x = perms_int_to_array($abook['abook_their_perms']); + if($x) { + foreach($x as $k => $v) { + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms',$k, $v); + } + } + + $x = perms_int_to_array($abook['abook_my_perms']); + if($x) { + foreach($x as $k => $v) { + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms',$k, $v); + } + } +} + +function translate_channel_perms_outbound(&$channel) { + $r = q("select * from pconfig where uid = %d and cat = 'perm_limits' ", + intval($channel['channel_id']) + ); + + if($r) { + foreach($r as $rr) { + if($rr['k'] === 'view_stream') + $channel['channel_r_stream'] = $rr['v']; + if($rr['k'] === 'view_profile') + $channel['channel_r_profile'] = $rr['v']; + if($rr['k'] === 'view_contacts') + $channel['channel_r_abook'] = $rr['v']; + if($rr['k'] === 'view_storage') + $channel['channel_r_storage'] = $rr['v']; + if($rr['k'] === 'view_pages') + $channel['channel_r_pages'] = $rr['v']; + if($rr['k'] === 'send_stream') + $channel['channel_w_stream'] = $rr['v']; + if($rr['k'] === 'post_wall') + $channel['channel_w_wall'] = $rr['v']; + if($rr['k'] === 'post_comments') + $channel['channel_w_comment'] = $rr['v']; + if($rr['k'] === 'post_mail') + $channel['channel_w_mail'] = $rr['v']; + if($rr['k'] === 'post_like') + $channel['channel_w_like'] = $rr['v']; + if($rr['k'] === 'tag_deliver') + $channel['channel_w_tagwall'] = $rr['v']; + if($rr['k'] === 'chat') + $channel['channel_w_chat'] = $rr['v']; + if($rr['k'] === 'write_storage') + $channel['channel_w_storage'] = $rr['v']; + if($rr['k'] === 'write_pages') + $channel['channel_w_pages'] = $rr['v']; + if($rr['k'] === 'republish') + $channel['channel_a_republish'] = $rr['v']; + if($rr['k'] === 'delegate') + $channel['channel_a_delegate'] = $rr['v']; + + } + $channel['perm_limits'] = $r; + } +} + +function translate_channel_perms_inbound($channel) { + + if($channel['perm_limits']) { + foreach($channel['perm_limits'] as $p) { + set_pconfig($channel['channel_id'],'perm_limits',$p['k'],$p['v']); + } + } + else { + perm_limits_upgrade($channel); + } + +} + +function translate_abook_perms_outbound(&$abook) { + $my_perms = 0; + $their_perms = 0; + + if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) { + foreach($abook['abconfig'] as $p) { + if($p['cat'] === 'their_perms') { + if($p['k'] === 'view_stream' && intval($p['v'])) + $their_perms += PERMS_R_STREAM; + if($p['k'] === 'view_profile' && intval($p['v'])) + $their_perms += PERMS_R_PROFILE; + if($p['k'] === 'view_contacts' && intval($p['v'])) + $their_perms += PERMS_R_ABOOK; + if($p['k'] === 'view_storage' && intval($p['v'])) + $their_perms += PERMS_R_STORAGE; + if($p['k'] === 'view_pages' && intval($p['v'])) + $their_perms += PERMS_R_PAGES; + if($p['k'] === 'send_stream' && intval($p['v'])) + $their_perms += PERMS_W_STREAM; + if($p['k'] === 'post_wall' && intval($p['v'])) + $their_perms += PERMS_W_WALL; + if($p['k'] === 'post_comments' && intval($p['v'])) + $their_perms += PERMS_W_COMMENT; + if($p['k'] === 'post_mail' && intval($p['v'])) + $their_perms += PERMS_W_MAIL; + if($p['k'] === 'post_like' && intval($p['v'])) + $their_perms += PERMS_W_LIKE; + if($p['k'] === 'tag_deliver' && intval($p['v'])) + $their_perms += PERMS_W_TAGWALL; + if($p['k'] === 'chat' && intval($p['v'])) + $their_perms += PERMS_W_CHAT; + if($p['k'] === 'write_storage' && intval($p['v'])) + $their_perms += PERMS_W_STORAGE; + if($p['k'] === 'write_pages' && intval($p['v'])) + $their_perms += PERMS_W_PAGES; + if($p['k'] === 'republish' && intval($p['v'])) + $their_perms += PERMS_A_REPUBLISH; + if($p['k'] === 'delegate' && intval($p['v'])) + $their_perms += PERMS_A_DELEGATE; + } + if($p['cat'] === 'my_perms') { + if($p['k'] === 'view_stream' && intval($p['v'])) + $my_perms += PERMS_R_STREAM; + if($p['k'] === 'view_profile' && intval($p['v'])) + $my_perms += PERMS_R_PROFILE; + if($p['k'] === 'view_contacts' && intval($p['v'])) + $my_perms += PERMS_R_ABOOK; + if($p['k'] === 'view_storage' && intval($p['v'])) + $my_perms += PERMS_R_STORAGE; + if($p['k'] === 'view_pages' && intval($p['v'])) + $my_perms += PERMS_R_PAGES; + if($p['k'] === 'send_stream' && intval($p['v'])) + $my_perms += PERMS_W_STREAM; + if($p['k'] === 'post_wall' && intval($p['v'])) + $my_perms += PERMS_W_WALL; + if($p['k'] === 'post_comments' && intval($p['v'])) + $my_perms += PERMS_W_COMMENT; + if($p['k'] === 'post_mail' && intval($p['v'])) + $my_perms += PERMS_W_MAIL; + if($p['k'] === 'post_like' && intval($p['v'])) + $my_perms += PERMS_W_LIKE; + if($p['k'] === 'tag_deliver' && intval($p['v'])) + $my_perms += PERMS_W_TAGWALL; + if($p['k'] === 'chat' && intval($p['v'])) + $my_perms += PERMS_W_CHAT; + if($p['k'] === 'write_storage' && intval($p['v'])) + $my_perms += PERMS_W_STORAGE; + if($p['k'] === 'write_pages' && intval($p['v'])) + $my_perms += PERMS_W_PAGES; + if($p['k'] === 'republish' && intval($p['v'])) + $my_perms += PERMS_A_REPUBLISH; + if($p['k'] === 'delegate' && intval($p['v'])) + $my_perms += PERMS_A_DELEGATE; + } + } + + $abook['abook_their_perms'] = $their_perms; + $abook['abook_my_perms'] = $my_perms; + } +} + +function translate_abook_perms_inbound($channel,$abook) { + + $new_perms = false; + $abook['abook_channel'] = $channel['channel_id']; + + if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) { + foreach($abook['abconfig'] as $p) { + if($p['cat'] == 'their_perms' || $p['cat'] == 'my_perms') { + $new_perms = true; + break; + } + } + } + + if($new_perms == false) { + perm_abook_upgrade($abook); + } + +} + + + diff --git a/include/permissions.php b/include/permissions.php index 19242d29f..638bedb24 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { if($api) return get_all_api_perms($uid,$api); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // Save lots of individual lookups @@ -81,11 +81,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan,'my_perms') : array()); + foreach($global_perms as $perm_name => $permission) { // First find out what the channel owner declared permissions to be. - $channel_perm = $permission[0]; + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$perm_name); if(! $channel_checked) { $r = q("select * from channel where channel_id = %d limit 1", @@ -105,7 +107,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // These take priority over all other settings. if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) { + if($channel_perm & PERMS_AUTHED) { $ret[$perm_name] = true; continue; } @@ -136,7 +138,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Check if this is a write permission and they are being ignored // This flag is only visible internally. - if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) { + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + + + if(($x) && ($internal_use) && in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { $ret[$perm_name] = false; continue; } @@ -154,7 +159,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // if you've moved elsewhere, you will only have read only access if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) { - if($r[0]['channel_moved'] && (! $permission[2])) + if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms))) $ret[$perm_name] = false; else $ret[$perm_name] = true; @@ -163,7 +168,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Anybody at all (that wasn't blocked or ignored). They have permission. - if($r[0][$channel_perm] & PERMS_PUBLIC) { + if($channel_perm & PERMS_PUBLIC) { $ret[$perm_name] = true; continue; } @@ -178,7 +183,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) { $ret[$perm_name] = true; continue; @@ -187,7 +192,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { if(! $onsite_checked) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) @@ -214,7 +219,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { $ret[$perm_name] = true; continue; } @@ -226,16 +231,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if($r[0][$channel_perm] & PERMS_SPECIFIC) { - if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { - $ret[$perm_name] = true; + if($channel_perm & PERMS_SPECIFIC) { + if($abperms) { + foreach($abperms as $ab) { + if(($ab['cat'] == 'my_perms') && ($ab['k'] == $perm_name)) { + $ret[$perm_name] = (intval($ab['v']) ? true : false); + break; + } + } continue; } } @@ -284,21 +294,23 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if($arr['result']) return true; - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // First find out what the channel owner declared permissions to be. - $channel_perm = $global_perms[$permission][0]; + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$permission); - $r = q("select %s, channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", - dbesc($channel_perm), + $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", intval($uid) ); if(! $r) return false; + + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) + if($channel_perm & PERMS_AUTHED) return true; $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash @@ -312,7 +324,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if(($x) && intval($x[0]['abook_blocked'])) return false; - if(($x) && (! $global_perms[$permission][2]) && intval($x[0]['abook_ignored'])) + if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) return false; if(! $x) { @@ -321,7 +333,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { dbesc($observer_xchan) ); } + $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } + // system is blocked to anybody who is not authenticated @@ -333,13 +347,13 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // in which case you will have read_only access if($r[0]['channel_hash'] === $observer_xchan) { - if($r[0]['channel_moved'] && (! $global_perms[$permission][2])) + if($r[0]['channel_moved'] && (in_array($permission,$blocked_anon_perms))) return false; else return true; } - if($r[0][$channel_perm] & PERMS_PUBLIC) + if($channel_perm & PERMS_PUBLIC) return true; // If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set @@ -350,14 +364,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) return true; } // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) ); @@ -376,7 +390,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { return true; } @@ -386,15 +400,20 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { return true; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) { - if($x[0]['abook_my_perms'] & $global_perms[$permission][1]) - return true; + if(($r) && ($channel_perm & PERMS_SPECIFIC)) { + if($abperms) { + foreach($abperms as $ab) { + if($ab['cat'] == 'my_perms' && $ab['k'] == $permission) { + return ((intval($ab['v'])) ? true : false); + } + } + } } // No permissions allowed. @@ -560,28 +579,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like', 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -590,28 +609,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; @@ -620,28 +640,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -650,28 +670,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -680,28 +700,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -710,28 +730,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILEPERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_SPECIFIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_SPECIFIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_SPECIFIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_SPECIFIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -740,28 +761,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_NETWORK; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -770,28 +792,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -800,26 +822,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_like' , 'republish' ]; + + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -828,28 +853,30 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; diff --git a/include/photos.php b/include/photos.php index c70478146..d14c12d84 100644 --- a/include/photos.php +++ b/include/photos.php @@ -412,7 +412,7 @@ function photo_upload($channel, $observer, $args) { // in the photos pages - using the photos permissions instead. We need the public policy to keep the photo // linked item from leaking into the feed when somebody has a channel with read_stream restrictions. - $arr['public_policy'] = map_scope($channel['channel_r_stream'],true); + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true); if($arr['public_policy']) $arr['item_private'] = 1; diff --git a/include/security.php b/include/security.php index e345636e7..c67a1b400 100644 --- a/include/security.php +++ b/include/security.php @@ -12,7 +12,7 @@ * @param bool $return * @param bool $update_lastlog */ -function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) { +function authenticate_success($user_record, $channel = null, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) { $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; @@ -23,11 +23,15 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['account_id'] = $user_record['account_id']; $_SESSION['authenticated'] = 1; + if($channel) + $uid_to_load = $channel['channel_id']; - $uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) - ? intval($_SESSION['uid']) - : intval(App::$account['account_default_channel']) - ); + if(! $uid_to_load) { + $uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) + ? intval($_SESSION['uid']) + : intval(App::$account['account_default_channel']) + ); + } if($uid_to_load) { change_channel($uid_to_load); @@ -85,16 +89,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive function atoken_login($atoken) { if(! $atoken) return false; - - $xchan = atoken_xchan($atoken); - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $xchan['xchan_hash']; + $_SESSION['visitor_id'] = $atoken['xchan_hash']; $_SESSION['atoken'] = $atoken['atoken_id']; - \App::set_observer($xchan); - - return [ 'atoken' => true ]; + \App::set_observer($atoken); + return true; } @@ -102,7 +102,8 @@ function atoken_xchan($atoken) { $c = channelx_by_n($atoken['atoken_uid']); if($c) { - return [ + return [ + 'atoken_id' => $atoken['atoken_id'], 'xchan_hash' => substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'], 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), @@ -115,7 +116,7 @@ function atoken_xchan($atoken) { ]; } - + return null; } @@ -127,6 +128,7 @@ function atoken_xchan($atoken) { * * @return bool|array false or channel record of the new channel */ + function change_channel($change_channel) { $ret = false; @@ -476,14 +478,19 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) { $random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : ''); if(local_channel()) $ret[] = local_channel(); - $r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", - intval($perms), - intval(PAGE_ADULT|PAGE_CENSORED) + $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", + intval($perms) ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_id'], $ret)) - $ret[] = $rr['channel_id']; + if($x) { + $ids = ids_to_querystr($x,'uid'); + $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_id'], $ret)) + $ret[] = $rr['channel_id']; + } } $str = ''; @@ -509,16 +516,21 @@ function stream_perms_xchans($perms = NULL ) { if(local_channel()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0 and channel_system = 0 and channel_removed = 0 ", - intval($perms), - intval(PAGE_ADULT|PAGE_CENSORED) + $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", + intval($perms) ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_hash'], $ret)) - $ret[] = $rr['channel_hash']; - } + if($x) { + $ids = ids_to_querystr($x,'uid'); + $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_hash'], $ret)) + $ret[] = $rr['channel_hash']; + } + } $str = ''; if($ret) { foreach($ret as $rr) { diff --git a/include/text.php b/include/text.php index 324004438..a9bde8374 100644 --- a/include/text.php +++ b/include/text.php @@ -1284,9 +1284,9 @@ function unobscure(&$item) { if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key); if($item['body']) - $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key); if(get_config('system','item_cache')) { q("update item set title = '%s', body = '%s', item_obscured = 0 where id = %d", dbesc($item['title']), @@ -1309,7 +1309,7 @@ function unobscure_mail(&$item) { function theme_attachments(&$item) { - $arr = json_decode_plus($item['attach']); + $arr = json_decode($item['attach'],true); if(is_array($arr) && count($arr)) { $attaches = array(); foreach($arr as $r) { @@ -2212,20 +2212,12 @@ function jindent($json) { return $result; } - -function json_decode_plus($s) { - $x = json_decode($s,true); - if(! $x) - $x = json_decode(str_replace(array('\\"','\\\\'),array('"','\\'),$s),true); - - return $x; -} - /** * @brief Creates navigation menu for webpage, layout, blocks, menu sites. * * @return string */ + function design_tools() { $channel = App::get_channel(); diff --git a/include/widgets.php b/include/widgets.php index 21b83fa9a..5477dc1e4 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1370,9 +1370,14 @@ function widget_forums($arr) { $perms_sql = item_permissions_sql(local_channel()) . item_normal(); - $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where ( xchan_pubforum = 1 or ((abook_their_perms & %d ) != 0 and (abook_their_perms & %d ) = 0) ) and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", - intval(PERMS_W_TAGWALL), - intval(PERMS_W_STREAM), + /** + * We used to try and find public forums with custom permissions by checking to see if + * send_stream was false and tag_deliver was true. However with the newer extensible + * permissions infrastructure this makes for a very complicated query. Now we're only + * checking channels that report themselves specifically as pubforums + */ + + $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_pubforum = 1 and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", intval(local_channel()) ); if(! $r1) diff --git a/include/zot.php b/include/zot.php index 45347ef22..73d9ef950 100644 --- a/include/zot.php +++ b/include/zot.php @@ -12,6 +12,7 @@ require_once('include/crypto.php'); require_once('include/items.php'); require_once('include/hubloc.php'); require_once('include/queue_fn.php'); +require_once('include/perm_upgrade.php'); /** @@ -388,10 +389,7 @@ function zot_refresh($them, $channel = null, $force = false) { if(! $x['success']) return false; - $their_perms = 0; - if($channel) { - $global_perms = get_perms(); if($j['permissions']['data']) { $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], @@ -408,15 +406,10 @@ function zot_refresh($them, $channel = null, $force = false) { $connected_set = false; if($permissions && is_array($permissions)) { + $old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream'); + foreach($permissions as $k => $v) { - // The connected permission means you are in their address book - if($k === 'connected') { - $connected_set = intval($v); - continue; - } - if(($v) && (array_key_exists($k,$global_perms))) { - $their_perms = $their_perms | intval($global_perms[$k][1]); - } + set_abconfig($channel['channel_id'],$x['hash'],'their_perms',$k,$v); } } @@ -443,36 +436,19 @@ function zot_refresh($them, $channel = null, $force = false) { if(substr($r[0]['abook_dob'],5) == substr($next_birthday,5)) $next_birthday = $r[0]['abook_dob']; - $current_abook_connected = (intval($r[0]['abook_unconnected']) ? 0 : 1); - - $y = q("update abook set abook_their_perms = %d, abook_dob = '%s' + $y = q("update abook set abook_dob = '%s' where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 ", - intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']) ); -// if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) { - - // if they are in your address book but you aren't in theirs, and/or this does not - // match your current connected state setting, toggle it. - /** @FIXME uncoverted to postgres */ - /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */ -// $y1 = q("update abook set abook_unconnected = 1 -// where abook_xchan = '%s' and abook_channel = %d -// and abook_self = 0 limit 1", -// dbesc($x['hash']), -// intval($channel['channel_id']) -// ); -// } - if(! $y) logger('abook update failed'); else { // if we were just granted read stream permission and didn't have it before, try to pull in some posts - if((! ($r[0]['abook_their_perms'] & PERMS_R_STREAM)) && ($their_perms & PERMS_R_STREAM)) + if((! $old_read_stream_perm) && (intval($permissions['view_stream']))) Zotlabs\Daemon\Master::Summon(array('Onepoll',$r[0]['abook_id'])); } } @@ -480,15 +456,29 @@ function zot_refresh($them, $channel = null, $force = false) { // new connection + $my_perms = null; + $role = get_pconfig($channel['channel_id'],'system','permissions_role'); if($role) { - $xx = get_role_perms($role); - if($xx['perms_auto']) - $default_perms = $xx['perms_accept']; + $xx = \Zotlabs\Access\PermissionRoles::role_perms($role); + if($xx['perms_auto']) { + $default_perms = $xx['perms_connect']; + $my_perms = \Zotlabs\Access\Permissions::FilledPerms($default_perms); + } + } + + if(! $my_perms) { + $m = \Zotlabs\Access\Permissions::FilledAutoperms($channel['channel_id']); + if($m) { + $my_perms = $m; + } } - if(! $default_perms) - $default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms')); + if($my_perms) { + foreach($my_perms as $k => $v) { + set_abconfig($channel['channel_id'],$x['hash'],'my_perms',$k,$v); + } + } // Keep original perms to check if we need to notify them $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); @@ -498,13 +488,11 @@ function zot_refresh($them, $channel = null, $force = false) { if($closeness === false) $closeness = 80; - $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", + $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), - intval($their_perms), - intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), @@ -523,7 +511,7 @@ function zot_refresh($them, $channel = null, $force = false) { ); if($new_connection) { - if($new_perms != $previous_perms) + if(! \Zotlabs\Access\Permissions::PermsCompare($new_perms,$previous_perms)) Zotlabs\Daemon\Master::Summon(array('Notifier','permission_create',$new_connection[0]['abook_id'])); Zotlabs\Lib\Enotify::submit(array( 'type' => NOTIFY_INTRO, @@ -532,9 +520,9 @@ function zot_refresh($them, $channel = null, $force = false) { 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'], )); - if($their_perms & PERMS_R_STREAM) { - if(($channel['channel_w_stream'] & PERMS_PENDING) - || (! intval($new_connection[0]['abook_pending'])) ) + if(intval($permissions['view_stream'])) { + if(intval(get_pconfig($channel['channel_id'],'perm_limits','send_stream') & PERMS_PENDING) + || (! intval($new_connection[0]['abook_pending']))) Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id'])); } @@ -1371,8 +1359,8 @@ function public_recips($msg) { if($msg['message']['type'] === 'activity') { if(! get_config('system','disable_discover_tab')) $include_sys = true; - $col = 'channel_w_stream'; - $field = PERMS_W_STREAM; + $perm = 'send_stream'; + if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { // check mention recipient permissions on top level posts only $check_mentions = true; @@ -1404,65 +1392,30 @@ function public_recips($msg) { // contains the tag. we'll solve that further below. if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) { - $col = 'channel_w_comment'; - $field = PERMS_W_COMMENT; + $perm = 'post_comments'; } } } - elseif($msg['message']['type'] === 'mail') { - $col = 'channel_w_mail'; - $field = PERMS_W_MAIL; - } + elseif($msg['message']['type'] === 'mail') + $perm = 'post_mail'; - if(! $col) - return NULL; - - $col = dbesc($col); - - // First find those channels who are accepting posts from anybody, or at least - // something greater than just their connections. - - if($msg['notify']['sender']['url'] === z_root()) { - $sql = " where (( " . $col . " & " . intval(PERMS_NETWORK) . " ) > 0 - or ( " . $col . " & " . intval(PERMS_SITE) . " ) > 0 - or ( " . $col . " & " . intval(PERMS_PUBLIC) . ") > 0 - or ( " . $col . " & " . intval(PERMS_AUTHED) . ") > 0 ) "; - } else { - $sql = " where ( " . $col . " = " . intval(PERMS_NETWORK) . " - or " . $col . " = " . intval(PERMS_PUBLIC) . " - or " . $col . " = " . intval(PERMS_AUTHED) . " ) "; + $r = array(); + + $c = q("select channel_id, channel_hash from channel where channel_removed = 0"); + if($c) { + foreach($c as $cc) { + if(perm_is_allowed($cc['channel_id'],$msg['notify']['sender']['hash'],$perm)) { + $r[] = [ 'hash' => $cc['channel_hash'] ]; + } + } } - $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' - and channel_removed = 0 ", - dbesc($msg['notify']['sender']['hash']) - ); - - if(! $r) - $r = array(); - - // Now we have to get a bit dirty. Find every channel that has the sender in their connections (abook) - // and is allowing this sender at least at a high level. - - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id - where abook_xchan = '%s' and channel_removed = 0 - and (( " . $col . " = " . intval(PERMS_SPECIFIC) . " and ( abook_my_perms & " . intval($field) . " ) > 0 ) - OR " . $col . " = " . intval(PERMS_PENDING) . " - OR ( " . $col . " = " . intval(PERMS_CONTACTS) . " and abook_pending = 0 )) ", - dbesc($msg['notify']['sender']['hash']) - ); - - if(! $x) - $x = array(); - - $r = array_merge($r,$x); - - //logger('message: ' . print_r($msg['message'],true)); + // logger('message: ' . print_r($msg['message'],true)); if($include_sys && array_key_exists('public_scope',$msg['message']) && $msg['message']['public_scope'] === 'public') { $sys = get_sys_channel(); if($sys) - $r[] = array('hash' => $sys['channel_hash']); + $r[] = [ 'hash' => $sys['channel_hash'] ]; } // look for any public mentions on this site @@ -1943,9 +1896,9 @@ function remove_community_tag($sender, $arr, $uid) { $i = $r[0]; if($i['target']) - $i['target'] = json_decode_plus($i['target']); + $i['target'] = json_decode($i['target'],true); if($i['object']) - $i['object'] = json_decode_plus($i['object']); + $i['object'] = json_decode($i['object'],true); if(! ($i['target'] && $i['object'])) { logger('remove_community_tag: no target/object'); @@ -2998,6 +2951,14 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $channel = $r[0]; + translate_channel_perms_outbound($channel); + if($packet && array_key_exists('abook',$packet) && $packet['abook']) { + for($x = 0; $x < count($packet['abook']); $x ++) { + translate_abook_perms_outbound($packet['abook'][$x]); + } + } + + if(intval($channel['channel_removed'])) return; @@ -3121,7 +3082,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { require_once('include/import.php'); - /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */ + /** @FIXME this will sync red structures (channel, pconfig and abook). + Eventually we need to make this application agnostic. */ $result = array(); @@ -3194,6 +3156,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) { + translate_channel_perms_inbound($arr['channel']); + if(array_key_exists('channel_pageflags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) { // These flags cannot be sync'd. // remove the bits from the incoming flags. @@ -3207,7 +3171,15 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { } - $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system'); + $disallowed = [ + 'channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', + 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', + 'channel_system', 'channel_r_stream', 'channel_r_profile', 'channel_r_abook', + 'channel_r_storage', 'channel_r_pages', 'channel_w_stream', 'channel_w_wall', + 'channel_w_comment', 'channel_w_mail', 'channel_w_like', 'channel_w_tagwall', + 'channel_w_chat', 'channel_w_storage', 'channel_w_pages', 'channel_a_republish', + 'channel_a_delegate' + ]; $clean = array(); foreach($arr['channel'] as $k => $v) { @@ -3243,6 +3215,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { foreach($arr['abook'] as $abook) { + + $abconfig = null; if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig'])) @@ -3337,6 +3311,12 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { } } + // This will set abconfig vars if the sender is using old-style fixed permissions + // using the raw abook record as passed to us. New-style permissions will fall through + // and be set using abconfig + + translate_abook_perms_inbound($channel,$abook); + if($abconfig) { // @fixme does not handle sync of del_abconfig foreach($abconfig as $abc) { @@ -3802,11 +3782,21 @@ function zotinfo($arr) { } else { // check if it has characteristics of a public forum based on custom permissions. - $t = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1", - intval($e['channel_id']) + $t = q("select * from abconfig where abconfig.cat = 'my_perms' and abconfig.chan = %d and abconfig.xchan = '%s' and abconfig.k in ('tag_deliver', 'send_stream') ", + intval($e['channel_id']), + intval($e['channel_hash']) ); - if(($t) && (($t[0]['abook_my_perms'] & PERMS_W_TAGWALL) && (! ($t[0]['abook_my_perms'] & PERMS_W_STREAM)))) - $public_forum = true; + $ch = 0; + if($t) { + foreach($t as $tt) { + if($tt['k'] == 'tag_deliver' && $tt['v'] == 1) + $ch ++; + if($tt['k'] == 'send_stream' && $tt['v'] == 0) + $ch ++; + } + if($ch == 2) + $public_forum = true; + } } |