diff options
author | Mario <mario@mariovavti.com> | 2024-09-18 08:48:25 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2024-09-18 08:48:25 +0000 |
commit | 10acf90d06f6b5162430bc7a8cf51ba0d343f6a0 (patch) | |
tree | e5175b5e413a593a1800cf135934ffd3248d0296 /include | |
parent | b184533115965c69418121da8fa9193e28ce02c0 (diff) | |
download | volse-hubzilla-10acf90d06f6b5162430bc7a8cf51ba0d343f6a0.tar.gz volse-hubzilla-10acf90d06f6b5162430bc7a8cf51ba0d343f6a0.tar.bz2 volse-hubzilla-10acf90d06f6b5162430bc7a8cf51ba0d343f6a0.zip |
refactor get_security_ids() to remove some legacy code from the zot/zot6 transition and re-add scope sql to item_permissions_sql()
Diffstat (limited to 'include')
-rw-r--r-- | include/security.php | 77 |
1 files changed, 41 insertions, 36 deletions
diff --git a/include/security.php b/include/security.php index 545788bcd..93d951687 100644 --- a/include/security.php +++ b/include/security.php @@ -497,7 +497,7 @@ function item_permissions_sql($owner_id, $remote_observer = null) { " AND ( author_xchan = '%s' OR owner_xchan = '%s' OR (( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s') AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) - ))) + )) OR ( item_private = 1 $scope )) ", dbesc($observer), dbesc($observer), @@ -708,56 +708,61 @@ function get_security_ids($channel_id, $ob_hash) { 'allow_gid' => [] ]; - if ($channel_id) { - $ch = q("select channel_hash from channel where channel_id = %d", - intval($channel_id) - ); - if ($ch) { - $ret['channel_id'][] = $ch[0]['channel_hash']; - } - } - - $groups = []; - - $x = q("select * from xchan where xchan_hash = '%s'", + $x = q("select xchan_hash from xchan where xchan_hash = '%s'", dbesc($ob_hash) ); - if ($x) { + if (!$x) { + return $ret; + } - // include xchans for all zot-like networks + $ret['allow_cid'][] = $x[0]['xchan_hash']; - $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", - dbesc($ob_hash), - dbesc($x[0]['xchan_guid']), - dbesc($x[0]['xchan_pubkey']) - ); + if (!$channel_id) { + return $ret; + } - if ($xchans) { - $ret['allow_cid'] = ids_to_array($xchans, 'xchan_hash'); - $hashes = ids_to_querystr($xchans, 'xchan_hash', true); + $ch = q("select channel_hash from channel where channel_id = %d", + intval($channel_id) + ); + if ($ch) { + $ret['channel_id'][] = $ch[0]['channel_hash']; + } - // private profiles are treated as a virtual group + $groups = []; - $r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' "); - if ($r) { - foreach ($r as $rv) { - $groups[] = 'vp.' . $rv['abook_profile']; - } + // private profiles are treated as a virtual group + + $r = q("SELECT abook_profile from abook where abook_channel = %d and abook_xchan = '%s' and abook_profile != ''", + intval($channel_id), + dbesc(protect_sprintf($x[0]['xchan_hash'])) + ); + + if ($r) { + foreach ($r as $rv) { + if (!in_array('vp.' . $rv['abook_profile'], $groups)) { + $groups[] = 'vp.' . $rv['abook_profile']; } + } + } - // physical groups this identity is a member of + // physical groups this identity is a member of - $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) "); - if ($r) { - foreach ($r as $rv) { - $groups[] = $rv['hash']; - } + $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE pgrp.uid = %d and pgrp_member.xchan = '%s'", + intval($channel_id), + dbesc(protect_sprintf($x[0]['xchan_hash'])) + ); + + if ($r) { + foreach ($r as $rv) { + if (!in_array($rv['hash'], $groups)) { + $groups[] = $rv['hash']; } - $ret['allow_gid'] = $groups; } } + $ret['allow_gid'] = $groups; + return $ret; } |