aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/api.php59
-rw-r--r--include/event.php8
-rwxr-xr-xinclude/items.php5
-rw-r--r--include/security.php35
-rw-r--r--include/text.php16
-rw-r--r--mod/search.php3
-rw-r--r--version.inc2
7 files changed, 78 insertions, 50 deletions
diff --git a/include/api.php b/include/api.php
index 16acc64f5..9ed025564 100644
--- a/include/api.php
+++ b/include/api.php
@@ -381,32 +381,20 @@ require_once('include/security.php');
}
-// FIXME
+
function api_item_get_user(&$a, $item) {
global $usercache;
// The author is our direct contact, in a conversation with us.
- if(link_compare($item['url'],$item['author-link'])) {
- return api_get_user($a,$item['cid']);
- }
- else {
- // The author may be a contact of ours, but is replying to somebody else.
- // Figure out if we know him/her.
- $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
- if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
- return api_get_user($a,$a->contacts[$normalised]['id']);
- }
+ if($item['author']['abook_id']) {
+ return api_get_user($a,$item['author']['abook_id']);
+ }
+
// We don't know this person directly.
- list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
- $name=str_replace(")","",$name);
-
- if ($name == '')
- $name = $nick;
-
- if ($nick == '')
- $nick = $name;
+ $nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@'));
+ $name = $item['author']['xchan_name'];
// Generating a random ID
if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache))
@@ -418,8 +406,8 @@ require_once('include/security.php');
'screen_name' => $nick,
'location' => '', //$uinfo[0]['default-location'],
'description' => '',
- 'profile_image_url' => $item['author-avatar'],
- 'url' => $item['author-link'],
+ 'profile_image_url' => $item['author']['xchan_photo_m'],
+ 'url' => $item['author']['xchan_url'],
'protected' => false, #
'followers_count' => 0,
'friends_count' => 0,
@@ -653,12 +641,11 @@ require_once('include/security.php');
// get last public message
$lastwall = q("SELECT * from item where 1
- and not ( item_flags & %d ) and item_restrict = 0
+ and item_private != 0 and item_restrict = 0
and author_xchan = '%s'
and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
and verb = '%s'
order by created desc limit 1",
- intval(ITEM_PRIVATE),
dbesc($user_info['guid']),
dbesc(ACTIVITY_POST)
);
@@ -723,12 +710,11 @@ require_once('include/security.php');
$user_info = api_get_user($a);
$lastwall = q("SELECT * from item where 1
- and not ( item_flags & %d ) and item_restrict = 0
+ and item_private != 0 and item_restrict = 0
and author_xchan = '%s'
and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
and verb = '%s'
order by created desc limit 1",
- intval(ITEM_PRIVATE),
dbesc($user_info['guid']),
dbesc(ACTIVITY_POST)
);
@@ -826,7 +812,7 @@ require_once('include/security.php');
intval($count)
);
- xchan_query($r);
+ xchan_query($r,true);
$ret = api_format_items($r,$user_info);
@@ -882,22 +868,22 @@ require_once('include/security.php');
if ($max_id > 0)
$sql_extra = 'AND `item`.`id` <= '.intval($max_id);
+ require_once('include/security.php');
- $r = q("SELECT * from item where id in (select distinct(uri) from item where item_restrict = 0
+ $r = q("select * from item where item_restrict = 0
and allow_cid = '' and allow_gid = ''
and deny_cid = '' and deny_gid = ''
- and not ( item_flags & %d ) and ( item_flags & %d )
+ and item_private = 0
+ and uid in ( " . stream_perms_api_uids() . " )
$sql_extra
- AND id > %d)
- ORDER BY received DESC LIMIT %d, %d ",
- intval(ITEM_PRIVATE),
- intval(ITEM_WALL),
+ AND id > %d group by uri
+ order by received desc LIMIT %d, %d ",
intval($since_id),
intval($start),
intval($count)
);
- xchan_query($r);
+ xchan_query($r,true);
$ret = api_format_items($r,$user_info);
@@ -946,7 +932,7 @@ require_once('include/security.php');
$r = q("select * from item where item_restrict = 0 $sql_extra",
intval($id)
);
- xchan_query($r);
+ xchan_query($r,true);
$ret = api_format_items($r,$user_info);
@@ -1346,7 +1332,8 @@ require_once('include/security.php');
foreach($r as $item) {
localize_item($item);
- $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
+
+ $status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item));
if($item['parent'] != $item['id']) {
$r = q("select id from item where parent= %d and id < %d order by id desc limit 1",
@@ -1358,7 +1345,7 @@ require_once('include/security.php');
else
$in_reply_to_status_id = $item['parent'];
- xchan_query($r);
+ xchan_query($r,true);
$in_reply_to_screen_name = $r[0]['author']['xchan_name'];
$in_reply_to_user_id = $r[0]['author']['abook_id'];
diff --git a/include/event.php b/include/event.php
index 685842fc3..73a050cec 100644
--- a/include/event.php
+++ b/include/event.php
@@ -291,7 +291,7 @@ function event_store($arr) {
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
- q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1",
+ q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1",
dbesc($arr['summary']),
dbesc(format_event_bbcode($arr)),
dbesc($object),
@@ -300,7 +300,8 @@ function event_store($arr) {
dbesc($arr['deny_cid']),
dbesc($arr['deny_gid']),
dbesc($arr['edited']),
- intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE),
+ intval($r[0]['item_flags']),
+ intval($private),
intval($r[0]['id']),
intval($arr['uid'])
);
@@ -368,8 +369,6 @@ function event_store($arr) {
$uri = item_message_id();
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
- if($private)
- $item_flags |= ITEM_PRIVATE;
$item_arr = array();
@@ -387,6 +386,7 @@ function event_store($arr) {
$item_arr['allow_gid'] = $arr['allow_gid'];
$item_arr['deny_cid'] = $arr['deny_cid'];
$item_arr['deny_gid'] = $arr['deny_gid'];
+ $item_arr['private'] = (($arr['private'] || $private) ? 1 : 0);
$item_arr['verb'] = ACTIVITY_POST;
$item_arr['resource_type'] = 'event';
diff --git a/include/items.php b/include/items.php
index 0217884fd..fe8aadcbf 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) {
$private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0;
$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
- if($private)
- $flag_bits = $flag_bits | ITEM_PRIVATE;
$r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
- deny_cid = '%s', deny_gid = '%s' where id = %d limit 1",
+ deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1",
intval($flag_bits),
dbesc($u[0]['channel_hash']),
dbesc($u[0]['allow_cid']),
dbesc($u[0]['allow_gid']),
dbesc($u[0]['deny_cid']),
dbesc($u[0]['deny_gid']),
+ intval($private),
intval($item_id)
);
if($r)
diff --git a/include/security.php b/include/security.php
index 0783a3c20..25318b3e8 100644
--- a/include/security.php
+++ b/include/security.php
@@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* default permissions - anonymous user
*/
- $sql = " AND not (item_flags & " . ITEM_PRIVATE . ") ";
+ $sql = " AND not item_private ";
/**
@@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) {
}}
+
+
+
+// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
+// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in.
+// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
+// We always include yourself if logged in because you can always see your own posts
+// resolving granular permissions for the observer against every person and every post on the site
+// will likely be too expensive.
+// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
+
+function stream_perms_api_uids($perms_min = PERMS_SITE) {
+ $ret = array();
+ if(local_user())
+ $ret[] = local_user();
+ $r = q("select channel_id from channel where channel_r_stream <= %d",
+ intval($perms_min)
+ );
+ if($r)
+ foreach($r as $rr)
+ if(! in_array($rr['channel_id'],$ret))
+ $ret[] = $rr['channel_id'];
+
+ $str = '';
+ if($ret)
+ foreach($ret as $rr) {
+ if($str)
+ $str .= ',';
+ $str .= intval($rr);
+ }
+ return $str;
+}
+
diff --git a/include/text.php b/include/text.php
index 1cfc89cae..6f2caa510 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1718,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') {
return(implode(',', $t));
}
-function xchan_query(&$items) {
+// Fetches xchan and hubloc data for an array of items with only an
+// author_xchan and owner_xchan. If $abook is true also include the abook info.
+// This is needed in the API to save extra per item lookups there.
+
+function xchan_query(&$items,$abook = false) {
$arr = array();
if($items && count($items)) {
foreach($items as $item) {
@@ -1729,8 +1733,14 @@ function xchan_query(&$items) {
}
}
if(count($arr)) {
- $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
- where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+ if($abook) {
+ $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash
+ where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+ }
+ else {
+ $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
+ where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+ }
}
if($items && count($items) && $chans && count($chans)) {
for($x = 0; $x < count($items); $x ++) {
diff --git a/mod/search.php b/mod/search.php
index 0a7c404b6..a9f2df069 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -186,11 +186,10 @@ function search_content(&$a) {
if($load) {
$r = q("SELECT distinct(uri), item.* from item
WHERE item_restrict = 0
- AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND not ( item_flags & %d ))
+ AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 )
OR ( `item`.`uid` = %d ))
$sql_extra
group by uri ORDER BY created DESC $pager_sql ",
- intval(ITEM_PRIVATE),
intval(local_user()),
intval(ABOOK_FLAG_BLOCKED)
diff --git a/version.inc b/version.inc
index 290052448..cf9145384 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-18.204
+2013-01-19.205