diff options
author | redmatrix <git@macgirvin.com> | 2016-07-31 18:08:41 -0700 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-07-31 18:08:41 -0700 |
commit | 86eb923f296ff911e3f516e9052b3edc55a02c8a (patch) | |
tree | e41c1f1ef922eff414d48f66534fa4fca37d2812 /include | |
parent | 74c68f09e5d7fa28d7345e18e813dc726309ea48 (diff) | |
download | volse-hubzilla-86eb923f296ff911e3f516e9052b3edc55a02c8a.tar.gz volse-hubzilla-86eb923f296ff911e3f516e9052b3edc55a02c8a.tar.bz2 volse-hubzilla-86eb923f296ff911e3f516e9052b3edc55a02c8a.zip |
make guest access tokens work with PERMS_NETWORK, PERMS_SITE, PERMS_PENDING, and PERMS_CONTACTS; or everything but PERMS_SPECIFIC. PERMS_SITE could be contentious, but we're currently denying them as they are a guest and don't actually have a channel on this site. We can't easily make PERMS_SPECIFIC work without providing an abook entry for the guest since we would need to set specific permissions for the guest login, but unfortunately this could be the most desirable setting to use in many cases. There is also an update of hmessages.po in this commit.
Diffstat (limited to 'include')
-rw-r--r-- | include/permissions.php | 9 | ||||
-rw-r--r-- | include/security.php | 28 |
2 files changed, 37 insertions, 0 deletions
diff --git a/include/permissions.php b/include/permissions.php index 638bedb24..a1e05d120 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -1,4 +1,7 @@ <?php + +require_once('include/security.php'); + /** * @file include/permissions.php * @@ -123,6 +126,9 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", dbesc($observer_xchan) ); + // no xchan either, see if they've got a guest access token + if(! $y) + $x = atoken_abook($uid,$observer_xchan); } $abook_checked = true; @@ -332,6 +338,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", dbesc($observer_xchan) ); + // no xchan either, see if they've got a guest access token + if(! $y) + $x = atoken_abook($uid,$observer_xchan); } $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } diff --git a/include/security.php b/include/security.php index c67a1b400..7d2a49bdf 100644 --- a/include/security.php +++ b/include/security.php @@ -119,6 +119,34 @@ function atoken_xchan($atoken) { return null; } +function atoken_abook($uid,$xchan_hash) { + + if(substr($xchan_hash,16,1) != '.') + return false; + + $r = q("select channel_hash from channel where channel_id = %d limit 1", + intval($uid) + ); + + if(! $r) + return false; + + $x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'", + intval($uid), + dbesc(substr($xchan_hash,17)) + ); + + if($x) { + $xchan = atoken_xchan($x[0]); + $xchan['abook_blocked'] = 0; + $xchan['abook_ignored'] = 0; + $xchan['abook_pending'] = 0; + return $xchan; + } + + return false; + +} /** |