diff options
| author | Alexandre Hannud Abdo <abdo@member.fsf.org> | 2014-06-17 04:26:18 -0300 |
|---|---|---|
| committer | Alexandre Hannud Abdo <abdo@member.fsf.org> | 2014-06-19 15:13:32 -0300 |
| commit | b20887995a2b3277659e01d99ae4de238f7175ef (patch) | |
| tree | b0513171eccb338c55b7d1a50da0f67e6e8b6f65 /include | |
| parent | c012c648e0691868370a5a8c1eb468020fef6330 (diff) | |
| download | volse-hubzilla-b20887995a2b3277659e01d99ae4de238f7175ef.tar.gz volse-hubzilla-b20887995a2b3277659e01d99ae4de238f7175ef.tar.bz2 volse-hubzilla-b20887995a2b3277659e01d99ae4de238f7175ef.zip | |
Implements a new permission level PERMS_PENDING
With this a user can allow some action to any user which connects
to them, even before they've connected back.
Ref.
https://mobiliza.org.br/display/478d9e71eaf55748dc646d3990651d6d34cfb7db5c38360538ec730ca3ccf908@zothub.com
Also some code cleanup and an alternative logic for handling
notifications of permission changes in zot.php.
This assumes that private posts are still restricted to people in
your addressbook. Regardless of your global permissions, a
pending channel won't get private posts, even if the post
only has a deny clause not matching the pending channel.
Diffstat (limited to 'include')
| -rwxr-xr-x | include/items.php | 14 | ||||
| -rw-r--r-- | include/permissions.php | 40 | ||||
| -rw-r--r-- | include/security.php | 21 | ||||
| -rw-r--r-- | include/zot.php | 26 |
4 files changed, 59 insertions, 42 deletions
diff --git a/include/items.php b/include/items.php index f71ebd503..c35a442b2 100755 --- a/include/items.php +++ b/include/items.php @@ -943,6 +943,8 @@ function map_scope($scope) { return 'network: red'; case PERMS_SITE: return 'site: ' . get_app()->get_hostname(); + case PERMS_PENDING: + return 'any connections'; case PERMS_CONTACTS: default: return 'contacts'; @@ -4085,7 +4087,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } if(! array_key_exists('nouveau',$arr)) { - $sql_extra2 = " AND item.parent = item.id "; + $sql_extra2 = " AND item.parent = item.id "; $sql_extra3 = ''; } @@ -4126,12 +4128,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) { - if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { + if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { - // Not everybody who shows up in the network stream will be in your address book. - // By default those that aren't are assumed to have closeness = 99; but this isn't - // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in - // the stream with a NULL address book entry. + // Not everybody who shows up in the network stream will be in your address book. + // By default those that aren't are assumed to have closeness = 99; but this isn't + // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in + // the stream with a NULL address book entry. $sql_nets .= " AND "; diff --git a/include/permissions.php b/include/permissions.php index 029bc1288..a3ec13925 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -177,32 +177,36 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book - // $x is a valid address book entry + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { $ret[$perm_name] = false; continue; } - + // They are in your address book, but haven't been approved + if($r[0][$channel_perm] & PERMS_PENDING) { + $ret[$perm_name] = true; + continue; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { $ret[$perm_name] = false; continue; } - if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) { - - // They're a contact, so they have permission + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) { + if($r[0][$channel_perm] & PERMS_SPECIFIC) { if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { $ret[$perm_name] = true; continue; @@ -216,7 +220,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { } - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -229,7 +232,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { function perm_is_allowed($uid,$observer_xchan,$permission) { - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -280,7 +282,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { } } - // Check if this $uid is actually the $observer_xchan if($r[0]['channel_hash'] === $observer_xchan) @@ -312,16 +313,27 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if($c) return true; return false; - } + } + + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { return false; } + // They are in your address book, but haven't been approved + + if($r[0][$channel_perm] & PERMS_PENDING) { + return true; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { return false; } + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { return true; } @@ -333,13 +345,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return true; } - - - // No permissions allowed. return false; - } @@ -356,7 +364,6 @@ function check_list_permissions($uid,$arr,$perm) { } - function site_default_perms() { $typical = array( @@ -378,7 +385,6 @@ function site_default_perms() { 'delegate' => 0, ); - $global_perms = get_perms(); $ret = array(); diff --git a/include/security.php b/include/security.php index 285c4a231..aaf4eb050 100644 --- a/include/security.php +++ b/include/security.php @@ -311,7 +311,7 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = '', } function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { - $a = get_app(); + $a = get_app(); logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); header('HTTP/1.1 403 Forbidden'); @@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) { // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the -// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// public_timeline, and we can use this in a community page by making +// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. // Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) // We always include yourself if logged in because you can always see your own posts // resolving granular permissions for the observer against every person and every post on the site // will likely be too expensive. // Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query -function stream_perms_api_uids($perms_min = PERMS_SITE) { +function stream_perms_api_uids($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); if($r) @@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) { return $str; } -function stream_perms_xchans($perms_min = PERMS_SITE) { +function stream_perms_xchans($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) ); if($r) diff --git a/include/zot.php b/include/zot.php index 2137a6b52..4f42ea2b4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -314,11 +314,8 @@ function zot_refresh($them,$channel = null, $force = false) { if(! $x['success']) return false; - $xchan_hash = $x['hash']; - $their_perms = 0; - if($channel) { $global_perms = get_perms(); if($j['permissions']['data']) { @@ -417,6 +414,9 @@ function zot_refresh($them,$channel = null, $force = false) { if($z) $default_perms = intval($z[0]['abook_my_perms']); + // Keep original perms to check if we need to notify them + $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); + $y = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_flags ) values ( %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), @@ -431,8 +431,9 @@ function zot_refresh($them,$channel = null, $force = false) { if($y) { logger("New introduction received for {$channel['channel_name']}"); - if($default_perms) { - // send back a permissions update for auto-friend/auto-permissions + $new_perms = get_all_perms($channel['channel_id'],$x['hash']); + if($new_perms != $previous_perms) { + // Send back a permissions update if permissions have changed $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", dbesc($x['hash']), intval($channel['channel_id']), @@ -455,8 +456,11 @@ function zot_refresh($them,$channel = null, $force = false) { )); } - if($new_connection && (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) && ($their_perms & PERMS_R_STREAM)) + if($new_connection && ($their_perms & PERMS_R_STREAM)) { + if(($channel['channel_w_stream'] & PERMS_PENDING) + || (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) ) proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']); + } } } @@ -1135,7 +1139,7 @@ function zot_import($arr, $sender_url) { if(array_key_exists('iv',$data)) { $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); - } + } $incoming = $data['pickup']; @@ -1147,7 +1151,7 @@ function zot_import($arr, $sender_url) { if(array_key_exists('iv',$i['notify'])) { $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); - } + } logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA); @@ -1329,7 +1333,7 @@ function public_recips($msg) { if(! $r) $r = array(); - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_CONTACTS . " ) ", + $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ", dbesc($msg['notify']['sender']['hash']) ); @@ -2044,12 +2048,12 @@ function build_sync_packet($uid = 0, $packet = null) { if(! $uid) return; - $r = q("select * from channel where channel_id = %d limit 1", + $r = q("select * from channel where channel_id = %d limit 1", intval($uid) ); if(! $r) return; - + $channel = $r[0]; $h = q("select * from hubloc where hubloc_hash = '%s'", |