aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2015-03-13 14:48:44 -0700
committerfriendica <info@friendica.com>2015-03-13 14:48:44 -0700
commitf458c29a2bd3cadfc17324e35a9367c61d9bb19f (patch)
tree7dce060eb8162a29e4a1cc1f688b593425505804 /include
parentce33eca4b2d394db64bc2e1c6f3113292d5efca8 (diff)
downloadvolse-hubzilla-f458c29a2bd3cadfc17324e35a9367c61d9bb19f.tar.gz
volse-hubzilla-f458c29a2bd3cadfc17324e35a9367c61d9bb19f.tar.bz2
volse-hubzilla-f458c29a2bd3cadfc17324e35a9367c61d9bb19f.zip
invoke tgroup_check() on diaspora posts/comments in case the recipient is a forum with channel_w_stream permissions restricted.
Diffstat (limited to 'include')
-rwxr-xr-xinclude/diaspora.php53
1 files changed, 34 insertions, 19 deletions
diff --git a/include/diaspora.php b/include/diaspora.php
index da55b8fb6..e3bfc2806 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -805,11 +805,6 @@ function diaspora_post($importer,$xml,$msg) {
}
- if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream'))) {
- logger('diaspora_post: Ignoring this author.');
- return 202;
- }
-
$search_guid = ((strlen($guid) == 64) ? $guid . '%' : $guid);
$r = q("SELECT id FROM item WHERE uid = %d AND mid like '%s' LIMIT 1",
@@ -889,6 +884,15 @@ function diaspora_post($importer,$xml,$msg) {
$datarray['item_flags'] = ITEM_THREAD_TOP;
$datarray['item_unseen'] = 1;
+
+ $tgroup = tgroup_check($importer['channel_id'],$datarray);
+
+ if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream')) && (! $tgroup)) {
+ logger('diaspora_post: Ignoring this author.');
+ return 202;
+ }
+
+
$result = item_store($datarray);
return;
@@ -955,11 +959,6 @@ function diaspora_reshare($importer,$xml,$msg) {
if(! $contact)
return;
- if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream'))) {
- logger('diaspora_reshare: Ignoring this author: ' . $diaspora_handle . ' ' . print_r($xml,true));
- return 202;
- }
-
$search_guid = ((strlen($guid) == 64) ? $guid . '%' : $guid);
$r = q("SELECT id FROM item WHERE uid = %d AND mid like '%s' LIMIT 1",
intval($importer['channel_id']),
@@ -1072,6 +1071,15 @@ function diaspora_reshare($importer,$xml,$msg) {
$datarray['app'] = 'Diaspora';
+
+ $tgroup = tgroup_check($importer['channel_id'],$datarray);
+
+ if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream')) && (! $tgroup)) {
+ logger('diaspora_post: Ignoring this author.');
+ return 202;
+ }
+
+
$result = item_store($datarray);
return;
@@ -1229,15 +1237,6 @@ function diaspora_comment($importer,$xml,$msg) {
if(intval($parent_item['item_private']))
$pubcomment = 0;
- // So basically if something arrives at the sys channel it's by definition public and we allow it.
- // If $pubcomment and the parent was public, we allow it.
- // In all other cases, honour the permissions for this Diaspora connection
-
- if((! $importer['system']) && (! $pubcomment) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments'))) {
- logger('diaspora_comment: Ignoring this author.');
- return 202;
- }
-
$search_guid = $guid;
if(strlen($guid) == 64)
$search_guid = $guid . '%';
@@ -1382,6 +1381,22 @@ function diaspora_comment($importer,$xml,$msg) {
$datarray['diaspora_meta'] = json_encode(crypto_encapsulate(json_encode($x),$key));
}
+
+
+ // So basically if something arrives at the sys channel it's by definition public and we allow it.
+ // If $pubcomment and the parent was public, we allow it.
+ // In all other cases, honour the permissions for this Diaspora connection
+
+ $tgroup = tgroup_check($importer['channel_id'],$datarray);
+
+ if((! $importer['system']) && (! $pubcomment) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments')) && (! $tgroup)) {
+ logger('diaspora_comment: Ignoring this author.');
+ return 202;
+ }
+
+
+
+
$result = item_store($datarray);
if($result && $result['success'])