diff options
-rw-r--r-- | include/api.php | 59 | ||||
-rw-r--r-- | include/event.php | 8 | ||||
-rwxr-xr-x | include/items.php | 5 | ||||
-rw-r--r-- | include/security.php | 35 | ||||
-rw-r--r-- | include/text.php | 16 | ||||
-rw-r--r-- | mod/search.php | 3 | ||||
-rw-r--r-- | version.inc | 2 |
7 files changed, 78 insertions, 50 deletions
diff --git a/include/api.php b/include/api.php index 16acc64f5..9ed025564 100644 --- a/include/api.php +++ b/include/api.php @@ -381,32 +381,20 @@ require_once('include/security.php'); } -// FIXME + function api_item_get_user(&$a, $item) { global $usercache; // The author is our direct contact, in a conversation with us. - if(link_compare($item['url'],$item['author-link'])) { - return api_get_user($a,$item['cid']); - } - else { - // The author may be a contact of ours, but is replying to somebody else. - // Figure out if we know him/her. - $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) - return api_get_user($a,$a->contacts[$normalised]['id']); - } + if($item['author']['abook_id']) { + return api_get_user($a,$item['author']['abook_id']); + } + // We don't know this person directly. - list($nick, $name) = array_map("trim",explode("(",$item['author-name'])); - $name=str_replace(")","",$name); - - if ($name == '') - $name = $nick; - - if ($nick == '') - $nick = $name; + $nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@')); + $name = $item['author']['xchan_name']; // Generating a random ID if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache)) @@ -418,8 +406,8 @@ require_once('include/security.php'); 'screen_name' => $nick, 'location' => '', //$uinfo[0]['default-location'], 'description' => '', - 'profile_image_url' => $item['author-avatar'], - 'url' => $item['author-link'], + 'profile_image_url' => $item['author']['xchan_photo_m'], + 'url' => $item['author']['xchan_url'], 'protected' => false, # 'followers_count' => 0, 'friends_count' => 0, @@ -653,12 +641,11 @@ require_once('include/security.php'); // get last public message $lastwall = q("SELECT * from item where 1 - and not ( item_flags & %d ) and item_restrict = 0 + and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' order by created desc limit 1", - intval(ITEM_PRIVATE), dbesc($user_info['guid']), dbesc(ACTIVITY_POST) ); @@ -723,12 +710,11 @@ require_once('include/security.php'); $user_info = api_get_user($a); $lastwall = q("SELECT * from item where 1 - and not ( item_flags & %d ) and item_restrict = 0 + and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' order by created desc limit 1", - intval(ITEM_PRIVATE), dbesc($user_info['guid']), dbesc(ACTIVITY_POST) ); @@ -826,7 +812,7 @@ require_once('include/security.php'); intval($count) ); - xchan_query($r); + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -882,22 +868,22 @@ require_once('include/security.php'); if ($max_id > 0) $sql_extra = 'AND `item`.`id` <= '.intval($max_id); + require_once('include/security.php'); - $r = q("SELECT * from item where id in (select distinct(uri) from item where item_restrict = 0 + $r = q("select * from item where item_restrict = 0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' - and not ( item_flags & %d ) and ( item_flags & %d ) + and item_private = 0 + and uid in ( " . stream_perms_api_uids() . " ) $sql_extra - AND id > %d) - ORDER BY received DESC LIMIT %d, %d ", - intval(ITEM_PRIVATE), - intval(ITEM_WALL), + AND id > %d group by uri + order by received desc LIMIT %d, %d ", intval($since_id), intval($start), intval($count) ); - xchan_query($r); + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -946,7 +932,7 @@ require_once('include/security.php'); $r = q("select * from item where item_restrict = 0 $sql_extra", intval($id) ); - xchan_query($r); + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -1346,7 +1332,8 @@ require_once('include/security.php'); foreach($r as $item) { localize_item($item); - $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); + + $status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item)); if($item['parent'] != $item['id']) { $r = q("select id from item where parent= %d and id < %d order by id desc limit 1", @@ -1358,7 +1345,7 @@ require_once('include/security.php'); else $in_reply_to_status_id = $item['parent']; - xchan_query($r); + xchan_query($r,true); $in_reply_to_screen_name = $r[0]['author']['xchan_name']; $in_reply_to_user_id = $r[0]['author']['abook_id']; diff --git a/include/event.php b/include/event.php index 685842fc3..73a050cec 100644 --- a/include/event.php +++ b/include/event.php @@ -291,7 +291,7 @@ function event_store($arr) { $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1", + q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1", dbesc($arr['summary']), dbesc(format_event_bbcode($arr)), dbesc($object), @@ -300,7 +300,8 @@ function event_store($arr) { dbesc($arr['deny_cid']), dbesc($arr['deny_gid']), dbesc($arr['edited']), - intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE), + intval($r[0]['item_flags']), + intval($private), intval($r[0]['id']), intval($arr['uid']) ); @@ -368,8 +369,6 @@ function event_store($arr) { $uri = item_message_id(); $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - if($private) - $item_flags |= ITEM_PRIVATE; $item_arr = array(); @@ -387,6 +386,7 @@ function event_store($arr) { $item_arr['allow_gid'] = $arr['allow_gid']; $item_arr['deny_cid'] = $arr['deny_cid']; $item_arr['deny_gid'] = $arr['deny_gid']; + $item_arr['private'] = (($arr['private'] || $private) ? 1 : 0); $item_arr['verb'] = ACTIVITY_POST; $item_arr['resource_type'] = 'event'; diff --git a/include/items.php b/include/items.php index 0217884fd..fe8aadcbf 100755 --- a/include/items.php +++ b/include/items.php @@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) { $private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0; $flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK; - if($private) - $flag_bits = $flag_bits | ITEM_PRIVATE; $r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', - deny_cid = '%s', deny_gid = '%s' where id = %d limit 1", + deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1", intval($flag_bits), dbesc($u[0]['channel_hash']), dbesc($u[0]['allow_cid']), dbesc($u[0]['allow_gid']), dbesc($u[0]['deny_cid']), dbesc($u[0]['deny_gid']), + intval($private), intval($item_id) ); if($r) diff --git a/include/security.php b/include/security.php index 0783a3c20..25318b3e8 100644 --- a/include/security.php +++ b/include/security.php @@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND not (item_flags & " . ITEM_PRIVATE . ") "; + $sql = " AND not item_private "; /** @@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) { }} + + + +// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the +// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) +// We always include yourself if logged in because you can always see your own posts +// resolving granular permissions for the observer against every person and every post on the site +// will likely be too expensive. +// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query + +function stream_perms_api_uids($perms_min = PERMS_SITE) { + $ret = array(); + if(local_user()) + $ret[] = local_user(); + $r = q("select channel_id from channel where channel_r_stream <= %d", + intval($perms_min) + ); + if($r) + foreach($r as $rr) + if(! in_array($rr['channel_id'],$ret)) + $ret[] = $rr['channel_id']; + + $str = ''; + if($ret) + foreach($ret as $rr) { + if($str) + $str .= ','; + $str .= intval($rr); + } + return $str; +} + diff --git a/include/text.php b/include/text.php index 1cfc89cae..6f2caa510 100644 --- a/include/text.php +++ b/include/text.php @@ -1718,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') { return(implode(',', $t)); } -function xchan_query(&$items) { +// Fetches xchan and hubloc data for an array of items with only an +// author_xchan and owner_xchan. If $abook is true also include the abook info. +// This is needed in the API to save extra per item lookups there. + +function xchan_query(&$items,$abook = false) { $arr = array(); if($items && count($items)) { foreach($items as $item) { @@ -1729,8 +1733,14 @@ function xchan_query(&$items) { } } if(count($arr)) { - $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + if($abook) { + $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + } + else { + $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + } } if($items && count($items) && $chans && count($chans)) { for($x = 0; $x < count($items); $x ++) { diff --git a/mod/search.php b/mod/search.php index 0a7c404b6..a9f2df069 100644 --- a/mod/search.php +++ b/mod/search.php @@ -186,11 +186,10 @@ function search_content(&$a) { if($load) { $r = q("SELECT distinct(uri), item.* from item WHERE item_restrict = 0 - AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND not ( item_flags & %d )) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) OR ( `item`.`uid` = %d )) $sql_extra group by uri ORDER BY created DESC $pager_sql ", - intval(ITEM_PRIVATE), intval(local_user()), intval(ABOOK_FLAG_BLOCKED) diff --git a/version.inc b/version.inc index 290052448..cf9145384 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-01-18.204 +2013-01-19.205 |