channel delegation

5 files changed, 101 insertions, 22 deletions

diff --git a/mod/admin.php b/mod/admin.php
index daab6c9f3..5d8faf424 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -13,7 +13,7 @@
 function admin_post(&$a){
 	logger('admin_post', LOGGER_DEBUG);
 
-	if(!is_site_admin()) {
+	if((!is_site_admin()) || ($_SESSION['delegate'])) {
 		return;
 	}
 
@@ -79,7 +79,8 @@ function admin_post(&$a){
 function admin_content(&$a) {
 
 	logger('admin_content', LOGGER_DEBUG);
-	if(!is_site_admin()) {
+
+	if((!is_site_admin()) || ($_SESSION['delegate'])) {
 		return login(false);
 	}
 
diff --git a/mod/magic.php b/mod/magic.php
index c31fa71ae..df8ac39a8 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -10,11 +10,10 @@ function magic_init(&$a) {
 	logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
 
 	$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
-	$hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : '');
 	$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
 	$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
 	$rev  = ((x($_REQUEST,'rev'))  ? intval($_REQUEST['rev'])  : 0);
-
+	$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate']  : '');
 
 	$parsed = parse_url($dest);
 	if(! $parsed) {
@@ -100,6 +99,29 @@ function magic_init(&$a) {
 			$ret['message'] .= 'Local site - you are already authenticated.' . EOL;
 			return $ret;
 		}
+
+		$delegation_success = false;
+		if($delegate) {
+			$r = q("select * from channel left join hubloc on channel_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+				dbesc($delegate)
+			);
+			if($r && intval($r[0]['channel_id'])) {
+				$allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate');
+				if($allowed) {
+					$_SESSION['delegate_channel'] = $r[0]['channel_id'];
+					$_SESSION['delegate'] = get_observer_hash();
+					$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
+					change_channel($r[0]['channel_id']);
+					$delegation_success = true;
+				}
+			}
+		}
+			
+
+
+		// FIXME: check and honour local delegation
+
+
 		goaway($dest);
 	}
 
@@ -123,6 +145,9 @@ function magic_init(&$a) {
 		$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname())
 			. '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION;
 
+		if($delegate)
+			$target_url .= '&delegate=' . urlencode($delegate);
+
 		logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); 
 
 		if($test) {
diff --git a/mod/manage.php b/mod/manage.php
index cb46a1b76..54a65dbbf 100644
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -2,7 +2,7 @@
 
 function manage_content(&$a) {
 
-	if(! get_account_id()) {
+	if((! get_account_id()) || ($_SESSION['delegate'])) {
 		notice( t('Permission denied.') . EOL);
 		return;
 	}
@@ -144,6 +144,22 @@ function manage_content(&$a) {
 		array( 'new_channel', t('Create a new channel'), t('Create a new channel'))
 	);
 
+	$delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where 
+		abook_channel = %d and (abook_their_perms & %d) > 0",
+		intval(local_channel()),
+		intval(PERMS_A_DELEGATE)
+	);
+	if(! $delegates)
+		$delegates = null;
+
+	if($delegates) {
+		for($x = 0; $x < count($delegates); $x ++) {
+				$delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url']) . '&delegate=' . urlencode($delegates[$x]['xchan_addr']);
+		}
+	}
+
+
+
 	$o = replace_macros(get_markup_template('channels.tpl'), array(
 		'$header'           => t('Channel Manager'),
 		'$msg_selected'     => t('Current Channel'),
@@ -153,9 +169,12 @@ function manage_content(&$a) {
 		'$msg_make_default' => t('Make Default'),
 		'$links'            => $links,
 		'$all_channels'     => $channels,
-		'$mail_format'        => t('%d new messages'),
-		'$intros_format'        => t('%d new introductions'),
+		'$mail_format'      => t('%d new messages'),
+		'$intros_format'    => t('%d new introductions'),
 		'$channel_usage_message' => $channel_usage_message,
+		'$delegate_header'  => t('Delegated Channels'),
+		'$delegates'        => $delegates,
+
 	));
 
 
diff --git a/mod/post.php b/mod/post.php
index 6e35632da..2fcc74963 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -30,6 +30,7 @@ function post_init(&$a) {
  ** dest => the desired destination URL (urlencoded)
  ** sec  => a random string which is also stored on $mysite for use during the verification phase. 
  ** version => the zot revision
+ ** delegate => optional urlencoded webbie of a local channel to invoke delegation rights for
  *
  * When this packet is received, an "auth-check" zot message is sent to $mysite.
  * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post)
@@ -88,10 +89,12 @@ function post_init(&$a) {
 		$ret = array('success' => false, 'message' => '');
 
 		logger('mod_zot: auth request received.');
-		$address = $_REQUEST['auth'];
-		$desturl = $_REQUEST['dest'];
-		$sec     = $_REQUEST['sec'];
-		$version = $_REQUEST['version'];
+		$address  = $_REQUEST['auth'];
+		$desturl  = $_REQUEST['dest'];
+		$sec      = $_REQUEST['sec'];
+		$version  = $_REQUEST['version'];
+		$delegate = $_REQUEST['delegate'];
+
 		$test    = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
 
 		// They are authenticating ultimately to the site and not to a particular channel.
@@ -158,6 +161,8 @@ function post_init(&$a) {
 		// Also check that they are coming from the same site as they authenticated with originally.
 
 		$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); 
+		if($delegate && $delegate !== $_SESSION['delegate_channel'])
+			$already_authed = false;
 
 		$j = array();
 
@@ -235,6 +240,8 @@ function post_init(&$a) {
 				}
 				goaway($desturl);
 			}
+			
+
 			// log them in
 
 			if($test) {
@@ -243,16 +250,37 @@ function post_init(&$a) {
 				json_return_and_die($ret);
 			}
 
+			$delegation_success = false;
+			if($delegate) {
+				$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
+					dbesc($delegate)
+				);
+				if($r && intval($r[0]['channel_id'])) {
+					$allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate');
+					if($allowed) {
+						$_SESSION['delegate_channel'] = $r[0]['channel_id'];
+						$_SESSION['delegate'] = $x[0]['xchan_hash'];
+						$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
+						change_channel($r[0]['channel_id']);
+						$delegation_success = true;
+					}
+				}
+			}
+			
+
+
 
 			$_SESSION['authenticated'] = 1;
-			$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
-			$_SESSION['my_url'] = $x[0]['xchan_url'];
-			$_SESSION['my_address'] = $address;
-			$_SESSION['remote_service_class'] = $remote_service_class;
-			$_SESSION['remote_level'] = $remote_level;
-			$_SESSION['remote_hub'] = $remote_hub;
-			$_SESSION['DNT'] = $DNT;
-			
+			if(! $delegation_success) {
+				$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
+				$_SESSION['my_url'] = $x[0]['xchan_url'];
+				$_SESSION['my_address'] = $address;
+				$_SESSION['remote_service_class'] = $remote_service_class;
+				$_SESSION['remote_level'] = $remote_level;
+				$_SESSION['remote_hub'] = $remote_hub;
+				$_SESSION['DNT'] = $DNT;
+			}
+
 			$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
 			call_hooks('magic_auth_success',$arr);
 			$a->set_observer($x[0]);
diff --git a/mod/settings.php b/mod/settings.php
index 595878543..afc05f095 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -19,6 +19,9 @@ function settings_init(&$a) {
 	if(! local_channel())
 		return;
 
+	if($_SESSION['delegate'])
+		return;
+
 	$a->profile_uid = local_channel();
 
 	// default is channel settings in the absence of other arguments
@@ -39,6 +42,9 @@ function settings_post(&$a) {
 	if(! local_channel())
 		return;
 
+	if($_SESSION['delegate'])
+		return;
+
 	$channel = $a->get_channel();
 
 	 logger('mod_settings: ' . print_r($_REQUEST,true));
@@ -550,14 +556,14 @@ function settings_post(&$a) {
 }
 		
 
-if(! function_exists('settings_content')) {
+
 function settings_content(&$a) {
 
 	$o = '';
 	nav_set_selected('settings');
 
 
-	if(! local_channel()) {
+	if((! local_channel()) || ($_SESSION['delegate'])) {
 		notice( t('Permission denied.') . EOL );
 		return login();
 	}
@@ -1137,5 +1143,5 @@ function settings_content(&$a) {
 
 		return $o;
 	}
-}}
+}