diff options
author | friendica <info@friendica.com> | 2014-08-07 17:14:11 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-08-07 17:14:11 -0700 |
commit | 640dbdf5e9c5b271cdfe578267963a8aa7729d82 (patch) | |
tree | e6a8173f7c4e254c242127bb89da72a668a606c1 /include | |
parent | f475317dbae8642a2ac77212fe700fbd62a98437 (diff) | |
download | volse-hubzilla-640dbdf5e9c5b271cdfe578267963a8aa7729d82.tar.gz volse-hubzilla-640dbdf5e9c5b271cdfe578267963a8aa7729d82.tar.bz2 volse-hubzilla-640dbdf5e9c5b271cdfe578267963a8aa7729d82.zip |
a bit more cleanup and a bug fix or two for the new private post security model
Diffstat (limited to 'include')
-rwxr-xr-x | include/items.php | 23 | ||||
-rw-r--r-- | include/permissions.php | 18 |
2 files changed, 24 insertions, 17 deletions
diff --git a/include/items.php b/include/items.php index 08c814e10..6af92d7e5 100755 --- a/include/items.php +++ b/include/items.php @@ -7,17 +7,13 @@ require_once('include/photo/photo_driver.php'); require_once('include/permissions.php'); -function collect_recipients($item,&$private) { +function collect_recipients($item,&$private_envelope) { require_once('include/group.php'); - $private = ((intval($item['item_private'])) ? true : false); + $private_envelope = ((intval($item['item_private'])) ? true : false); $recipients = array(); - // if the post is marked private but there are no recipients, only add the author and owner - // as recipients. The ACL for the post may live on the hub of a different clone. We need to - // get the post to that hub. - if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) { // it is private @@ -49,10 +45,21 @@ function collect_recipients($item,&$private) { $deny = array_unique(array_merge($deny_people,$deny_groups)); $recipients = array_diff($recipients,$deny); - $private = true; + $private_envelope = true; } else { - if($item['public_policy'] || (! $private)) { + + // if the post is marked private but there are no recipients and public_policy/scope = self, + // only add the author and owner as recipients. The ACL for the post may live on the hub of + // a different clone. We need to get the post to that hub. + + // The post may be private by virtue of not being visible to anybody on the internet, + // but there are no envelope recipients, so set this to false. Delivery is controlled + // by the directives in $item['public_policy']. + + $private_envelope = false; + + if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') { $r = q("select abook_xchan from abook where abook_channel = %d and not (abook_flags & %d) ", intval($item['uid']), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) diff --git a/include/permissions.php b/include/permissions.php index facba037f..0610ca1c1 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -10,12 +10,12 @@ function get_perms() { $global_perms = array( // Read only permissions - 'view_stream' => array('channel_r_stream', intval(PERMS_R_STREAM), true, t('Can view my "public" stream and posts'), ''), - 'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my "public" channel profile'), ''), - 'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my "public" photo albums'), ''), - 'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my "public" address book'), ''), - 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my "public" file storage'), ''), - 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my "public" pages'), ''), + 'view_stream' => array('channel_r_stream', intval(PERMS_R_STREAM), true, t('Can view my normal stream and posts'), ''), + 'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my default channel profile'), ''), + 'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my photo albums'), ''), + 'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my connections'), ''), + 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''), + 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''), // Write permissions 'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''), @@ -27,10 +27,10 @@ function get_perms() { 'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post @mentions'), t('Advanced - useful for creating group forum channels')), 'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('')), - 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my "public" file storage'), ''), - 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my "public" pages'), ''), + 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''), + 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''), - 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my "public" posts in derived channels'), t('Somewhat advanced - very useful in open communities')), + 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')), 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')), ); |