aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2024-09-18 08:48:25 +0000
committerMario <mario@mariovavti.com>2024-09-18 08:48:25 +0000
commit10acf90d06f6b5162430bc7a8cf51ba0d343f6a0 (patch)
treee5175b5e413a593a1800cf135934ffd3248d0296 /include
parentb184533115965c69418121da8fa9193e28ce02c0 (diff)
downloadvolse-hubzilla-10acf90d06f6b5162430bc7a8cf51ba0d343f6a0.tar.gz
volse-hubzilla-10acf90d06f6b5162430bc7a8cf51ba0d343f6a0.tar.bz2
volse-hubzilla-10acf90d06f6b5162430bc7a8cf51ba0d343f6a0.zip
refactor get_security_ids() to remove some legacy code from the zot/zot6 transition and re-add scope sql to item_permissions_sql()
Diffstat (limited to 'include')
-rw-r--r--include/security.php77
1 files changed, 41 insertions, 36 deletions
diff --git a/include/security.php b/include/security.php
index 545788bcd..93d951687 100644
--- a/include/security.php
+++ b/include/security.php
@@ -497,7 +497,7 @@ function item_permissions_sql($owner_id, $remote_observer = null) {
" AND ( author_xchan = '%s' OR owner_xchan = '%s' OR
(( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s')
AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ))
- )))
+ )) OR ( item_private = 1 $scope ))
",
dbesc($observer),
dbesc($observer),
@@ -708,56 +708,61 @@ function get_security_ids($channel_id, $ob_hash) {
'allow_gid' => []
];
- if ($channel_id) {
- $ch = q("select channel_hash from channel where channel_id = %d",
- intval($channel_id)
- );
- if ($ch) {
- $ret['channel_id'][] = $ch[0]['channel_hash'];
- }
- }
-
- $groups = [];
-
- $x = q("select * from xchan where xchan_hash = '%s'",
+ $x = q("select xchan_hash from xchan where xchan_hash = '%s'",
dbesc($ob_hash)
);
- if ($x) {
+ if (!$x) {
+ return $ret;
+ }
- // include xchans for all zot-like networks
+ $ret['allow_cid'][] = $x[0]['xchan_hash'];
- $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ",
- dbesc($ob_hash),
- dbesc($x[0]['xchan_guid']),
- dbesc($x[0]['xchan_pubkey'])
- );
+ if (!$channel_id) {
+ return $ret;
+ }
- if ($xchans) {
- $ret['allow_cid'] = ids_to_array($xchans, 'xchan_hash');
- $hashes = ids_to_querystr($xchans, 'xchan_hash', true);
+ $ch = q("select channel_hash from channel where channel_id = %d",
+ intval($channel_id)
+ );
+ if ($ch) {
+ $ret['channel_id'][] = $ch[0]['channel_hash'];
+ }
- // private profiles are treated as a virtual group
+ $groups = [];
- $r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' ");
- if ($r) {
- foreach ($r as $rv) {
- $groups[] = 'vp.' . $rv['abook_profile'];
- }
+ // private profiles are treated as a virtual group
+
+ $r = q("SELECT abook_profile from abook where abook_channel = %d and abook_xchan = '%s' and abook_profile != ''",
+ intval($channel_id),
+ dbesc(protect_sprintf($x[0]['xchan_hash']))
+ );
+
+ if ($r) {
+ foreach ($r as $rv) {
+ if (!in_array('vp.' . $rv['abook_profile'], $groups)) {
+ $groups[] = 'vp.' . $rv['abook_profile'];
}
+ }
+ }
- // physical groups this identity is a member of
+ // physical groups this identity is a member of
- $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) ");
- if ($r) {
- foreach ($r as $rv) {
- $groups[] = $rv['hash'];
- }
+ $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE pgrp.uid = %d and pgrp_member.xchan = '%s'",
+ intval($channel_id),
+ dbesc(protect_sprintf($x[0]['xchan_hash']))
+ );
+
+ if ($r) {
+ foreach ($r as $rv) {
+ if (!in_array($rv['hash'], $groups)) {
+ $groups[] = $rv['hash'];
}
- $ret['allow_gid'] = $groups;
}
}
+ $ret['allow_gid'] = $groups;
+
return $ret;
}