aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Access/PermissionLimits.php36
-rw-r--r--Zotlabs/Access/PermissionRoles.php215
-rw-r--r--Zotlabs/Access/Permissions.php74
-rw-r--r--Zotlabs/Daemon/Onepoll.php4
-rw-r--r--Zotlabs/Module/Acl.php53
-rw-r--r--Zotlabs/Module/Connedit.php53
-rw-r--r--Zotlabs/Module/Follow.php3
-rw-r--r--Zotlabs/Module/Mail.php12
-rw-r--r--Zotlabs/Module/Manage.php4
-rw-r--r--Zotlabs/Module/Probe.php2
-rw-r--r--Zotlabs/Module/Settings.php34
-rw-r--r--Zotlabs/Zot/Finger.php2
-rwxr-xr-xboot.php2
-rw-r--r--include/config.php1
-rw-r--r--include/permissions.php513
-rw-r--r--include/security.php41
-rw-r--r--include/widgets.php11
-rw-r--r--include/zot.php114
-rw-r--r--install/perm_upgrade.php63
-rw-r--r--install/schema_mysql.sql1
-rw-r--r--install/schema_postgres.sql1
-rw-r--r--install/update.php28
22 files changed, 849 insertions, 418 deletions
diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php
new file mode 100644
index 000000000..909b654d5
--- /dev/null
+++ b/Zotlabs/Access/PermissionLimits.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Zotlabs\Access;
+
+use \Zotlabs\Lib as ZLib;
+
+class PermissionLimits {
+
+ static public function Std_Limits() {
+ $perms = Permissions::Perms();
+ $limits = array();
+ foreach($perms as $k => $v) {
+ if(strstr($k,'view'))
+ $limits[$k] = PERMS_PUBLIC;
+ else
+ $limits[$k] = PERMS_SPECIFIC;
+ }
+ return $limits;
+ }
+
+ static public function Set($channel_id,$perm,$perm_limit) {
+ ZLib\PConfig::Set($channel_id,'perm_limits',$perm,$perm_limit);
+ }
+
+ static public function Get($channel_id,$perm = '') {
+ if($perm) {
+ return Zlib\PConfig::Get($channel_id,'perm_limits',$perm);
+ }
+ else {
+ Zlib\PConfig::Load($channel_id);
+ if(array_key_exists($channel_id,\App::$config) && array_key_exists('perm_limits',\App::$config[$channel_id]))
+ return \App::$config[$channel_id]['perm_limits'];
+ return false;
+ }
+ }
+} \ No newline at end of file
diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php
new file mode 100644
index 000000000..8b116adc5
--- /dev/null
+++ b/Zotlabs/Access/PermissionRoles.php
@@ -0,0 +1,215 @@
+<?php
+
+
+namespace Zotlabs\Access;
+
+use Zotlabs\Lib as Zlib;
+
+class PermissionRoles {
+
+
+ static function role_perms($role) {
+
+ $ret = array();
+
+ $ret['role'] = $role;
+
+ switch($role) {
+ case 'social':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = true;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like', 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ break;
+
+ case 'social_restricted':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = true;
+ $ret['online'] = true;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'social_private':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = false;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' ];
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ $ret['limits']['view_contacts'] = PERMS_SPECIFIC;
+ $ret['limits']['view_storage'] = PERMS_SPECIFIC;
+
+ break;
+
+ case 'forum':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ break;
+
+ case 'forum_restricted':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'forum_private':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = false;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ $ret['limits']['view_profile'] = PERMS_SPECIFIC;
+ $ret['limits']['view_contacts'] = PERMS_SPECIFIC;
+ $ret['limits']['view_storage'] = PERMS_SPECIFIC;
+ $ret['limits']['view_pages'] = PERMS_SPECIFIC;
+
+ break;
+
+ case 'feed':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'feed_restricted':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = false;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'soapbox':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_like' , 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'repository':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ break;
+
+ default:
+ break;
+ }
+
+ $x = get_config('system','role_perms');
+ // let system settings over-ride any or all
+ if($x && is_array($x) && array_key_exists($role,$x))
+ $ret = array_merge($ret,$x[$role]);
+
+ call_hooks('get_role_perms',$ret);
+
+ return $ret;
+ }
+
+
+
+
+ static public function roles() {
+ $roles = [
+ t('Social Networking') => [
+ 'social' => t('Social - Mostly Public'),
+ 'social_restricted' => t('Social - Restricted'),
+ 'social_private' => t('Social - Private')
+ ],
+
+ t('Community Forum') => [
+ 'forum' => t('Forum - Mostly Public'),
+ 'forum_restricted' => t('Forum - Restricted'),
+ 'forum_private' => t('Forum - Private')
+ ],
+
+ t('Feed Republish') => [
+ 'feed' => t('Feed - Mostly Public'),
+ 'feed_restricted' => t('Feed - Restricted')
+ ],
+
+ t('Special Purpose') => [
+ 'soapbox' => t('Special - Celebrity/Soapbox'),
+ 'repository' => t('Special - Group Repository')
+ ],
+
+ t('Other') => [
+ 'custom' => t('Custom/Expert Mode')
+ ]
+
+ ];
+
+ return $roles;
+ }
+
+
+
+} \ No newline at end of file
diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
new file mode 100644
index 000000000..b389fc229
--- /dev/null
+++ b/Zotlabs/Access/Permissions.php
@@ -0,0 +1,74 @@
+<?php
+
+
+namespace Zotlabs\Access;
+
+use Zotlabs\Lib as Zlib;
+
+class Permissions {
+
+ /**
+ * Extensible permissions.
+ * To add new permissions, add to the list of $perms below, with a simple description.
+ * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
+ * if this permission should be granted to new connections.
+ *
+ * Permissions with 'view' in the name are considered read permissions. Anything
+ * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
+ * is given PERMS_SPECIFIC.
+ *
+ * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
+ * MAY alter an individual setting after retrieving the Std_limits if you require
+ * something different for a specific permission within the given role.
+ *
+ */
+
+
+ static public function Perms($filter = '') {
+
+ $perms = [
+ 'view_stream' => t('Can view my channel stream and posts'),
+ 'send_stream' => t('Can send me their channel stream and posts'),
+ 'view_profile' => t('Can view my default channel profile'),
+ 'view_contacts' => t('Can view my connections'),
+ 'view_storage' => t('Can view my file storage and photos'),
+ 'write_storage' => t('Can upload/modify my file storage and photos'),
+ 'view_pages' => t('Can view my channel webpages'),
+ 'write_pages' => t('Can create/edit my channel webpages'),
+ 'post_wall' => t('Can post on my channel (wall) page'),
+ 'post_comments' => t('Can comment on or like my posts'),
+ 'post_mail' => t('Can send me private mail messages'),
+ 'post_like' => t('Can like/dislike profiles and profile things'),
+ 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts'),
+ 'chat' => t('Can chat with me'),
+ 'republish' => t('Can source my public posts in derived channels'),
+ 'delegate' => t('Can administer my channel')
+ ];
+
+ $x = array('permissions' => $perms, 'filter' => $filter);
+ call_hooks('permissions_list',$x);
+ return($x['permissions']);
+
+ }
+
+ static public function BlockedAnonPerms() {
+
+ // Perms from the above list that are blocked from anonymous observers.
+ // e.g. you must be authenticated.
+
+ $res = array();
+ $perms = PermissionLimits::Std_limits();
+ foreach($perms as $perm => $limit) {
+ if($limit != PERMS_PUBLIC) {
+ $res[] = $perm;
+ }
+ }
+
+ $x = array('permissions' => $res);
+ call_hooks('write_perms',$x);
+ return($x['permissions']);
+
+ }
+
+
+} \ No newline at end of file
diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php
index 036a4991b..21c46cec5 100644
--- a/Zotlabs/Daemon/Onepoll.php
+++ b/Zotlabs/Daemon/Onepoll.php
@@ -102,7 +102,9 @@ class Onepoll {
$fetch_feed = true;
$x = null;
- if(! ($contact['abook_their_perms'] & PERMS_R_STREAM ))
+ $can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream'));
+
+ if(! $can_view_stream)
$fetch_feed = false;
if($fetch_feed) {
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index f33e257f4..0e02a2f66 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -58,7 +58,23 @@ class Acl extends \Zotlabs\Web\Controller {
if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
killme();
-
+
+ $permitted = [];
+
+ if(in_array($type, [ 'm', 'a', 'c' ])) {
+
+ // These queries require permission checking. We'll create a simple array of xchan_hash for those with
+ // the requisite permissions which we can check against.
+
+ $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1",
+ intval(local_channel()),
+ dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver')
+ );
+
+ $permitted = ids_to_array($x,'xchan');
+ }
+
+
if($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
@@ -87,13 +103,13 @@ class Acl extends \Zotlabs\Web\Controller {
if($type == '' || $type == 'g') {
- $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname`
- FROM `groups`,`group_member`
- WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d
- AND `group_member`.`gid`=`groups`.`id`
+ $r = q("SELECT groups.id, groups.hash, groups.gname
+ FROM groups,group_member
+ WHERE groups.deleted = 0 AND groups.uid = %d
+ AND group_member.gid=groups.id
$sql_extra
- GROUP BY `groups`.`id`
- ORDER BY `groups`.`gname`
+ GROUP BY groups.id
+ ORDER BY groups.gname
LIMIT %d OFFSET %d",
intval(local_channel()),
intval($count),
@@ -131,7 +147,7 @@ class Acl extends \Zotlabs\Web\Controller {
if($extra_channels_sql != '')
$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
- $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
+ $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
intval(local_channel())
@@ -194,16 +210,23 @@ class Acl extends \Zotlabs\Web\Controller {
}
}
elseif($type == 'm') {
-
- $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
+ $r = array();
+ $z = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
FROM abook left join xchan on abook_xchan = xchan_hash
- WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
+ WHERE abook_channel = %d
and xchan_deleted = 0
$sql_extra3
- ORDER BY `xchan_name` ASC ",
- intval(local_channel()),
- intval(PERMS_W_MAIL)
+ ORDER BY xchan_name ASC ",
+ intval(local_channel())
);
+ if($z) {
+ foreach($z as $zz) {
+ if(in_array($zz['id'],$permitted)) {
+ $r[] = $zz;
+ }
+ }
+ }
+
}
elseif($type == 'a') {
@@ -247,7 +270,7 @@ class Acl extends \Zotlabs\Web\Controller {
if(strpos($g['hash'],'/') && $type != 'a')
continue;
- if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) {
+ if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
$contacts[] = array(
"type" => "c",
"photo" => "images/twopeople.png",
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 7db4950b1..f9b1336a8 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -129,12 +129,21 @@ class Connedit extends \Zotlabs\Web\Controller {
$abook_my_perms = 0;
- foreach($_POST as $k => $v) {
- if(strpos($k,'perms_') === 0) {
- $abook_my_perms += $v;
+ $all_perms = \Zotlabs\Access\Permissions::Perms();
+
+ if($all_perms) {
+ foreach($all_perms as $perm => $desc) {
+ if(array_key_exists('perms_' . $perm, $_POST)) {
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,
+ intval($_POST['perms_' . $perm]));
+ $abook_my_perms ++;
+ }
+ else {
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
+ }
}
}
-
+
$new_friend = false;
if(! $is_self) {
@@ -195,8 +204,11 @@ class Connedit extends \Zotlabs\Web\Controller {
$role = get_pconfig(local_channel(),'system','permissions_role');
if($role) {
$x = get_role_perms($role);
- if($x['perms_accept'])
- $abook_my_perms = $x['perms_accept'];
+ if($x['perms_connect']) {
+ foreach($x['perms_connect'] as $p) {
+ set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'my_perms',$p,1);
+ }
+ }
}
}
@@ -372,8 +384,8 @@ class Connedit extends \Zotlabs\Web\Controller {
$role = get_pconfig(local_channel(),'system','permissions_role');
if($role) {
$x = get_role_perms($role);
- if($x['perms_accept'])
- $my_perms = $x['perms_accept'];
+ if($x['perms_connect'])
+ $my_perms = $x['perms_connect'];
}
$yes_no = array(t('No'),t('Yes'));
@@ -654,7 +666,8 @@ class Connedit extends \Zotlabs\Web\Controller {
$perms = array();
$channel = \App::get_channel();
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes')));
@@ -670,16 +683,32 @@ class Connedit extends \Zotlabs\Web\Controller {
if($slide && $multiprofs)
$affinity = t('Set Affinity & Profile');
+ $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'",
+ intval(local_channel()),
+ dbesc($contact['abook_xchan'])
+ );
+ $their_perms = array();
+ if($theirs) {
+ foreach($theirs as $t) {
+ $their_perms[$t['k']] = $t['v'];
+ }
+ }
+
foreach($global_perms as $k => $v) {
- $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : '');
- $checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : '');
+ $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
+//fixme
+
+ $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
// For auto permissions (when $self is true) we don't want to look at existing
// permissions because they are enabled for the channel owner
if((! $self) && ($existing[$k]))
$thisperm = "1";
+
+
+
- $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4], $checkinherited);
+ $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
}
$locstr = '';
diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php
index 3641330c9..5de89ef41 100644
--- a/Zotlabs/Module/Follow.php
+++ b/Zotlabs/Module/Follow.php
@@ -49,10 +49,11 @@ class Follow extends \Zotlabs\Web\Controller {
build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)));
+ $can_view_stream = intval(get_abconfig($channel['channel_id'],$clone['abook_xchan'],'their_perms','view_stream'));
// If we can view their stream, pull in some posts
- if(($result['abook']['abook_their_perms'] & PERMS_R_STREAM) || ($result['abook']['xchan_network'] === 'rss'))
+ if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss'))
\Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id']));
goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php
index aae7585c4..043c28078 100644
--- a/Zotlabs/Module/Mail.php
+++ b/Zotlabs/Module/Mail.php
@@ -57,8 +57,6 @@ class Mail extends \Zotlabs\Web\Controller {
$their_perms = 0;
- $global_perms = get_perms();
-
if($j['permissions']['data']) {
$permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']);
if($permissions)
@@ -68,13 +66,7 @@ class Mail extends \Zotlabs\Web\Controller {
else
$permissions = $j['permissions'];
- foreach($permissions as $k => $v) {
- if($v) {
- $their_perms = $their_perms | intval($global_perms[$k][1]);
- }
- }
-
- if(! ($their_perms & PERMS_W_MAIL)) {
+ if(! ($permissions['post_mail'])) {
notice( t('Selected channel has private message restrictions. Send failed.'));
// reported issue: let's still save the message and continue. We'll just tell them
// that nothing useful is likely to happen. They might have spent hours on it.
@@ -120,7 +112,7 @@ class Mail extends \Zotlabs\Web\Controller {
}
- function get() {
+ function get() {
$o = '';
nav_set_selected('messages');
diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php
index 4ca044c4a..8f815d6d4 100644
--- a/Zotlabs/Module/Manage.php
+++ b/Zotlabs/Module/Manage.php
@@ -143,9 +143,9 @@ class Manage extends \Zotlabs\Web\Controller {
$create = array( 'new_channel', t('Create a new channel'), t('Create New'));
$delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where
- abook_channel = %d and (abook_their_perms & %d) > 0",
+ abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = 1 )",
intval(local_channel()),
- intval(PERMS_A_DELEGATE)
+ intval(local_channel())
);
if($delegates) {
diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php
index dda792131..7fc0e8ff5 100644
--- a/Zotlabs/Module/Probe.php
+++ b/Zotlabs/Module/Probe.php
@@ -23,8 +23,6 @@ class Probe extends \Zotlabs\Web\Controller {
$j = \Zotlabs\Zot\Finger::run($addr,$channel,false);
- // $res = zot_finger($addr,$channel,false);
-
$o .= '<pre>';
if(! $j['success']) {
$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index af246a4dc..d5b0cd07a 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -28,7 +28,7 @@ class Settings extends \Zotlabs\Web\Controller {
}
- function post() {
+ function post() {
if(! local_channel())
return;
@@ -38,7 +38,7 @@ class Settings extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
- logger('mod_settings: ' . print_r($_REQUEST,true));
+ // logger('mod_settings: ' . print_r($_REQUEST,true));
if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){
@@ -309,10 +309,10 @@ class Settings extends \Zotlabs\Web\Controller {
intval(local_channel())
);
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
foreach($global_perms as $k => $v) {
- $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' ';
+ \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,intval($_POST[$k]));
}
$acl = new \Zotlabs\Access\AccessList($channel);
$acl->set_from_array($_POST);
@@ -368,10 +368,10 @@ class Settings extends \Zotlabs\Web\Controller {
);
}
- $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1",
- intval((array_key_exists('perms_accept',$role_permissions)) ? $role_permissions['perms_accept'] : 0),
- intval(local_channel())
- );
+ foreach($global_perms as $k => $v) {
+ set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k,((array_key_exists($k,$role_permissions['perms_connect'])) ? 1 : 0));
+ }
+
set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0));
foreach($role_permissions as $p => $v) {
@@ -862,11 +862,7 @@ class Settings extends \Zotlabs\Web\Controller {
return $o;
}
-
-
-
-
-
+
if(argv(1) === 'channel') {
require_once('include/acl_selectors.php');
@@ -883,9 +879,8 @@ class Settings extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
-
- $global_perms = get_perms();
-
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
$permiss = array();
$perm_opts = array(
@@ -899,19 +894,18 @@ class Settings extends \Zotlabs\Web\Controller {
array( t('Anybody on the internet'), PERMS_PUBLIC)
);
+ $limits = \Zotlabs\Access\PermissionLimits::Get(local_channel());
foreach($global_perms as $k => $perm) {
$options = array();
foreach($perm_opts as $opt) {
- if((! $perm[2]) && $opt[1] == PERMS_PUBLIC)
- continue;
$options[$opt[1]] = $opt[0];
}
- $permiss[] = array($k,$perm[3],$channel[$perm[0]],$perm[4],$options);
+ $permiss[] = array($k,$perm,$limits[$k],'',$options);
}
- // logger('permiss: ' . print_r($permiss,true));
+ //logger('permiss: ' . print_r($permiss,true));
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index 229fda8bd..9d373b2e6 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -28,7 +28,7 @@ class Finger {
if (strpos($webbie,'@') === false) {
$address = $webbie;
- $host = App::get_hostname();
+ $host = \App::get_hostname();
} else {
$address = substr($webbie,0,strpos($webbie,'@'));
$host = substr($webbie,strpos($webbie,'@')+1);
diff --git a/boot.php b/boot.php
index bad3b2e5d..6abc4137e 100755
--- a/boot.php
+++ b/boot.php
@@ -47,7 +47,7 @@ define ( 'PLATFORM_NAME', 'hubzilla' );
define ( 'STD_VERSION', '1.9' );
define ( 'ZOT_REVISION', '1.1' );
-define ( 'DB_UPDATE_VERSION', 1179 );
+define ( 'DB_UPDATE_VERSION', 1180 );
/**
diff --git a/include/config.php b/include/config.php
index 08810e298..8c0469392 100644
--- a/include/config.php
+++ b/include/config.php
@@ -97,7 +97,6 @@ function del_aconfig($account_id, $family, $key) {
return Zlib\AConfig::Delete($account_id, $family, $key);
}
-
function load_abconfig($chan, $xhash, $family = '') {
return Zlib\AbConfig::Load($chan,$xhash,$family);
}
diff --git a/include/permissions.php b/include/permissions.php
index 19242d29f..bc3cfdd2a 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
if($api)
return get_all_api_perms($uid,$api);
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
// Save lots of individual lookups
@@ -81,11 +81,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
$ret = array();
+ $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : array());
+
foreach($global_perms as $perm_name => $permission) {
// First find out what the channel owner declared permissions to be.
- $channel_perm = $permission[0];
+ $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$perm_name);
if(! $channel_checked) {
$r = q("select * from channel where channel_id = %d limit 1",
@@ -105,7 +107,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// These take priority over all other settings.
if($observer_xchan) {
- if($r[0][$channel_perm] & PERMS_AUTHED) {
+ if($channel_perm & PERMS_AUTHED) {
$ret[$perm_name] = true;
continue;
}
@@ -136,7 +138,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
- if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) {
+ $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms();
+
+
+ if(($x) && ($internal_use) && in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
$ret[$perm_name] = false;
continue;
}
@@ -154,7 +159,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// if you've moved elsewhere, you will only have read only access
if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) {
- if($r[0]['channel_moved'] && (! $permission[2]))
+ if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms)))
$ret[$perm_name] = false;
else
$ret[$perm_name] = true;
@@ -163,7 +168,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// Anybody at all (that wasn't blocked or ignored). They have permission.
- if($r[0][$channel_perm] & PERMS_PUBLIC) {
+ if($channel_perm & PERMS_PUBLIC) {
$ret[$perm_name] = true;
continue;
}
@@ -178,7 +183,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If we're still here, we have an observer, check the network.
- if($r[0][$channel_perm] & PERMS_NETWORK) {
+ if($channel_perm & PERMS_NETWORK) {
if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) {
$ret[$perm_name] = true;
continue;
@@ -187,7 +192,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If PERMS_SITE is specified, find out if they've got an account on this hub
- if($r[0][$channel_perm] & PERMS_SITE) {
+ if($channel_perm & PERMS_SITE) {
if(! $onsite_checked) {
$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
dbesc($observer_xchan)
@@ -214,7 +219,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They are in your address book, but haven't been approved
- if($r[0][$channel_perm] & PERMS_PENDING) {
+ if($channel_perm & PERMS_PENDING) {
$ret[$perm_name] = true;
continue;
}
@@ -226,16 +231,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They're a contact, so they have permission
- if($r[0][$channel_perm] & PERMS_CONTACTS) {
+ if($channel_perm & PERMS_CONTACTS) {
$ret[$perm_name] = true;
continue;
}
// Permission granted to certain channels. Let's see if the observer is one of them
- if($r[0][$channel_perm] & PERMS_SPECIFIC) {
- if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
- $ret[$perm_name] = true;
+ if($channel_perm & PERMS_SPECIFIC) {
+ if($abperms) {
+ foreach($abperms as $ab) {
+ if(($ab['cat'] == 'my_perms') && ($ab['k'] == $perm_name)) {
+ $ret[$perm_name] = (intval($ab['v']) ? true : false);
+ break;
+ }
+ }
continue;
}
}
@@ -284,21 +294,23 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
if($arr['result'])
return true;
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
// First find out what the channel owner declared permissions to be.
- $channel_perm = $global_perms[$permission][0];
+ $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$permission);
- $r = q("select %s, channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1",
- dbesc($channel_perm),
+ $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1",
intval($uid)
);
if(! $r)
return false;
+
+ $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms();
+
if($observer_xchan) {
- if($r[0][$channel_perm] & PERMS_AUTHED)
+ if($channel_perm & PERMS_AUTHED)
return true;
$x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
@@ -312,7 +324,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
if(($x) && intval($x[0]['abook_blocked']))
return false;
- if(($x) && (! $global_perms[$permission][2]) && intval($x[0]['abook_ignored']))
+ if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored']))
return false;
if(! $x) {
@@ -321,7 +333,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
dbesc($observer_xchan)
);
}
+ $abperms = load_abconfig($uid,$observer_xchan);
}
+
// system is blocked to anybody who is not authenticated
@@ -333,13 +347,13 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// in which case you will have read_only access
if($r[0]['channel_hash'] === $observer_xchan) {
- if($r[0]['channel_moved'] && (! $global_perms[$permission][2]))
+ if($r[0]['channel_moved'] && (in_array($permission,$blocked_anon_perms)))
return false;
else
return true;
}
- if($r[0][$channel_perm] & PERMS_PUBLIC)
+ if($channel_perm & PERMS_PUBLIC)
return true;
// If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set
@@ -350,14 +364,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// If we're still here, we have an observer, check the network.
- if($r[0][$channel_perm] & PERMS_NETWORK) {
+ if($channel_perm & PERMS_NETWORK) {
if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot'))
return true;
}
// If PERMS_SITE is specified, find out if they've got an account on this hub
- if($r[0][$channel_perm] & PERMS_SITE) {
+ if($channel_perm & PERMS_SITE) {
$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
dbesc($observer_xchan)
);
@@ -376,7 +390,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// They are in your address book, but haven't been approved
- if($r[0][$channel_perm] & PERMS_PENDING) {
+ if($channel_perm & PERMS_PENDING) {
return true;
}
@@ -386,15 +400,16 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// They're a contact, so they have permission
- if($r[0][$channel_perm] & PERMS_CONTACTS) {
+ if($channel_perm & PERMS_CONTACTS) {
return true;
}
// Permission granted to certain channels. Let's see if the observer is one of them
- if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) {
- if($x[0]['abook_my_perms'] & $global_perms[$permission][1])
+ if(($r) && ($channel_perm & PERMS_SPECIFIC)) {
+ if(array_key_exists('my_perms',$abperms) && array_key_exists($permission,$abperms['my_perms']) && $abperms['my_perms'][$permission]) {
return true;
+ }
}
// No permissions allowed.
@@ -560,28 +575,28 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = true;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like', 'republish' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -590,28 +605,29 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = true;
$ret['online'] = true;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
+
break;
@@ -620,28 +636,28 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = false;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_SPECIFIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_SPECIFIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_SPECIFIC,
+ 'view_storage' => PERMS_SPECIFIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -650,28 +666,28 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -680,28 +696,28 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -710,28 +726,29 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = false;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILEPERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_SPECIFIC;
- $ret['channel_r_abook'] = PERMS_SPECIFIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_SPECIFIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_SPECIFIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_SPECIFIC,
+ 'view_contacts' => PERMS_SPECIFIC,
+ 'view_storage' => PERMS_SPECIFIC,
+ 'view_pages' => PERMS_SPECIFIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -740,28 +757,29 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_NETWORK;
- $ret['channel_w_like'] = PERMS_NETWORK;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -770,28 +788,28 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = false;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -800,26 +818,29 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_like' , 'republish' ];
+
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -828,28 +849,30 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
+
break;
diff --git a/include/security.php b/include/security.php
index 212690d91..2ab6bf075 100644
--- a/include/security.php
+++ b/include/security.php
@@ -89,6 +89,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
*
* @return bool|array false or channel record of the new channel
*/
+
function change_channel($change_channel) {
$ret = false;
@@ -438,14 +439,19 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) {
$random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : '');
if(local_channel())
$ret[] = local_channel();
- $r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
- intval($perms),
- intval(PAGE_ADULT|PAGE_CENSORED)
+ $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+ intval($perms)
);
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_id'], $ret))
- $ret[] = $rr['channel_id'];
+ if($x) {
+ $ids = ids_to_querystr($x,'uid');
+ $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_id'], $ret))
+ $ret[] = $rr['channel_id'];
+ }
}
$str = '';
@@ -471,16 +477,21 @@ function stream_perms_xchans($perms = NULL ) {
if(local_channel())
$ret[] = get_observer_hash();
- $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0 and channel_system = 0 and channel_removed = 0 ",
- intval($perms),
- intval(PAGE_ADULT|PAGE_CENSORED)
+ $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+ intval($perms)
);
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_hash'], $ret))
- $ret[] = $rr['channel_hash'];
- }
+ if($x) {
+ $ids = ids_to_querystr($x,'uid');
+ $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_hash'], $ret))
+ $ret[] = $rr['channel_hash'];
+ }
+ }
$str = '';
if($ret) {
foreach($ret as $rr) {
diff --git a/include/widgets.php b/include/widgets.php
index 2d4d5b799..dbcaef409 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -1347,9 +1347,14 @@ function widget_forums($arr) {
$perms_sql = item_permissions_sql(local_channel()) . item_normal();
- $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where ( xchan_pubforum = 1 or ((abook_their_perms & %d ) != 0 and (abook_their_perms & %d ) = 0) ) and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ",
- intval(PERMS_W_TAGWALL),
- intval(PERMS_W_STREAM),
+ /**
+ * We used to try and find public forums with custom permissions by checking to see if
+ * send_stream was false and tag_deliver was true. However with the newer extensible
+ * permissions infrastructure this makes for a very complicated query. Now we're only
+ * checking channels that report themselves specifically as pubforums
+ */
+
+ $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_pubforum = 1 and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ",
intval(local_channel())
);
if(! $r1)
diff --git a/include/zot.php b/include/zot.php
index 45347ef22..0bf689742 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -388,10 +388,7 @@ function zot_refresh($them, $channel = null, $force = false) {
if(! $x['success'])
return false;
- $their_perms = 0;
-
if($channel) {
- $global_perms = get_perms();
if($j['permissions']['data']) {
$permissions = crypto_unencapsulate(array(
'data' => $j['permissions']['data'],
@@ -408,15 +405,10 @@ function zot_refresh($them, $channel = null, $force = false) {
$connected_set = false;
if($permissions && is_array($permissions)) {
+ $old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream');
+
foreach($permissions as $k => $v) {
- // The connected permission means you are in their address book
- if($k === 'connected') {
- $connected_set = intval($v);
- continue;
- }
- if(($v) && (array_key_exists($k,$global_perms))) {
- $their_perms = $their_perms | intval($global_perms[$k][1]);
- }
+ set_abconfig($channel['channel_id'],$x['hash'],'their_perms',$k,$v);
}
}
@@ -443,36 +435,19 @@ function zot_refresh($them, $channel = null, $force = false) {
if(substr($r[0]['abook_dob'],5) == substr($next_birthday,5))
$next_birthday = $r[0]['abook_dob'];
- $current_abook_connected = (intval($r[0]['abook_unconnected']) ? 0 : 1);
-
- $y = q("update abook set abook_their_perms = %d, abook_dob = '%s'
+ $y = q("update abook set abook_dob = '%s'
where abook_xchan = '%s' and abook_channel = %d
and abook_self = 0 ",
- intval($their_perms),
dbescdate($next_birthday),
dbesc($x['hash']),
intval($channel['channel_id'])
);
-// if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) {
-
- // if they are in your address book but you aren't in theirs, and/or this does not
- // match your current connected state setting, toggle it.
- /** @FIXME uncoverted to postgres */
- /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */
-// $y1 = q("update abook set abook_unconnected = 1
-// where abook_xchan = '%s' and abook_channel = %d
-// and abook_self = 0 limit 1",
-// dbesc($x['hash']),
-// intval($channel['channel_id'])
-// );
-// }
-
if(! $y)
logger('abook update failed');
else {
// if we were just granted read stream permission and didn't have it before, try to pull in some posts
- if((! ($r[0]['abook_their_perms'] & PERMS_R_STREAM)) && ($their_perms & PERMS_R_STREAM))
+ if((! $old_read_stream_perm) && (intval($permissions['view_stream'])))
Zotlabs\Daemon\Master::Summon(array('Onepoll',$r[0]['abook_id']));
}
}
@@ -484,10 +459,10 @@ function zot_refresh($them, $channel = null, $force = false) {
if($role) {
$xx = get_role_perms($role);
if($xx['perms_auto'])
- $default_perms = $xx['perms_accept'];
+ $default_perms = $xx['perms_connect'];
}
if(! $default_perms)
- $default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms'));
+ $default_perms = get_pconfig($channel['channel_id'],'system','autoperms');
// Keep original perms to check if we need to notify them
@@ -498,13 +473,11 @@ function zot_refresh($them, $channel = null, $force = false) {
if($closeness === false)
$closeness = 80;
- $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )",
+ $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', '%s', '%s', '%s', %d )",
intval($channel['channel_account_id']),
intval($channel['channel_id']),
intval($closeness),
dbesc($x['hash']),
- intval($their_perms),
- intval($default_perms),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($next_birthday),
@@ -532,9 +505,9 @@ function zot_refresh($them, $channel = null, $force = false) {
'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'],
));
- if($their_perms & PERMS_R_STREAM) {
- if(($channel['channel_w_stream'] & PERMS_PENDING)
- || (! intval($new_connection[0]['abook_pending'])) )
+ if(intval($permissions['view_stream'])) {
+ if(intval(get_pconfig($channel['channel_id'],'perms_limit','send_stream') & PERMS_PENDING)
+ || (! intval($new_connection[0]['abook_pending'])))
Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id']));
}
@@ -1371,8 +1344,8 @@ function public_recips($msg) {
if($msg['message']['type'] === 'activity') {
if(! get_config('system','disable_discover_tab'))
$include_sys = true;
- $col = 'channel_w_stream';
- $field = PERMS_W_STREAM;
+ $perm = 'send_stream';
+
if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) {
// check mention recipient permissions on top level posts only
$check_mentions = true;
@@ -1404,65 +1377,30 @@ function public_recips($msg) {
// contains the tag. we'll solve that further below.
if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) {
- $col = 'channel_w_comment';
- $field = PERMS_W_COMMENT;
+ $perm = 'post_comments';
}
}
}
- elseif($msg['message']['type'] === 'mail') {
- $col = 'channel_w_mail';
- $field = PERMS_W_MAIL;
- }
-
- if(! $col)
- return NULL;
-
- $col = dbesc($col);
-
- // First find those channels who are accepting posts from anybody, or at least
- // something greater than just their connections.
+ elseif($msg['message']['type'] === 'mail')
+ $perm = 'post_mail';
- if($msg['notify']['sender']['url'] === z_root()) {
- $sql = " where (( " . $col . " & " . intval(PERMS_NETWORK) . " ) > 0
- or ( " . $col . " & " . intval(PERMS_SITE) . " ) > 0
- or ( " . $col . " & " . intval(PERMS_PUBLIC) . ") > 0
- or ( " . $col . " & " . intval(PERMS_AUTHED) . ") > 0 ) ";
- } else {
- $sql = " where ( " . $col . " = " . intval(PERMS_NETWORK) . "
- or " . $col . " = " . intval(PERMS_PUBLIC) . "
- or " . $col . " = " . intval(PERMS_AUTHED) . " ) ";
+ $r = array();
+
+ $c = q("select channel_id, channel_hash from channel where channel_removed = 0");
+ if($c) {
+ foreach($c as $cc) {
+ if(perm_is_allowed($cc['channel_id'],$msg['notify']['sender']['hash'],$perm)) {
+ $r[] = [ 'hash' => $cc['channel_hash'] ];
+ }
+ }
}
- $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s'
- and channel_removed = 0 ",
- dbesc($msg['notify']['sender']['hash'])
- );
-
- if(! $r)
- $r = array();
-
- // Now we have to get a bit dirty. Find every channel that has the sender in their connections (abook)
- // and is allowing this sender at least at a high level.
-
- $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id
- where abook_xchan = '%s' and channel_removed = 0
- and (( " . $col . " = " . intval(PERMS_SPECIFIC) . " and ( abook_my_perms & " . intval($field) . " ) > 0 )
- OR " . $col . " = " . intval(PERMS_PENDING) . "
- OR ( " . $col . " = " . intval(PERMS_CONTACTS) . " and abook_pending = 0 )) ",
- dbesc($msg['notify']['sender']['hash'])
- );
-
- if(! $x)
- $x = array();
-
- $r = array_merge($r,$x);
-
//logger('message: ' . print_r($msg['message'],true));
if($include_sys && array_key_exists('public_scope',$msg['message']) && $msg['message']['public_scope'] === 'public') {
$sys = get_sys_channel();
if($sys)
- $r[] = array('hash' => $sys['channel_hash']);
+ $r[] = [ 'hash' => $sys['channel_hash'] ];
}
// look for any public mentions on this site
diff --git a/install/perm_upgrade.php b/install/perm_upgrade.php
new file mode 100644
index 000000000..38e951be3
--- /dev/null
+++ b/install/perm_upgrade.php
@@ -0,0 +1,63 @@
+<?php
+
+function perm_limits_upgrade($channel) {
+ set_pconfig($channel['channel_id'],'perm_limits','view_stream',$channel['channel_r_stream']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_profile',$channel['channel_r_profile']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_contacts',$channel['channel_r_abook']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_storage',$channel['channel_r_storage']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_pages',$channel['channel_r_pages']);
+ set_pconfig($channel['channel_id'],'perm_limits','send_stream',$channel['channel_w_stream']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_wall',$channel['channel_w_wall']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_comments',$channel['channel_w_comment']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_mail',$channel['channel_w_mail']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_like',$channel['channel_w_like']);
+ set_pconfig($channel['channel_id'],'perm_limits','tag_deliver',$channel['channel_w_tagwall']);
+ set_pconfig($channel['channel_id'],'perm_limits','chat',$channel['channel_w_chat']);
+ set_pconfig($channel['channel_id'],'perm_limits','write_storage',$channel['channel_w_storage']);
+ set_pconfig($channel['channel_id'],'perm_limits','write_pages',$channel['channel_w_pages']);
+ set_pconfig($channel['channel_id'],'perm_limits','republish',$channel['channel_a_republish']);
+ set_pconfig($channel['channel_id'],'perm_limits','delegate',$channel['channel_a_delegate']);
+}
+
+
+
+
+function perm_abook_upgrade($abook) {
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_stream',intval(($abook['abook_their_perms'] & PERMS_R_STREAM)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_profile',intval(($abook['abook_their_perms'] & PERMS_R_PROFILE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_contacts',intval(($abook['abook_their_perms'] & PERMS_R_ABOOK)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_storage',intval(($abook['abook_their_perms'] & PERMS_R_STORAGE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_pages',intval(($abook['abook_their_perms'] & PERMS_R_PAGES)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','send_stream',intval(($abook['abook_their_perms'] & PERMS_W_STREAM)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_wall',intval(($abook['abook_their_perms'] & PERMS_W_WALL)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_comments',intval(($abook['abook_their_perms'] & PERMS_W_COMMENT)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_mail',intval(($abook['abook_their_perms'] & PERMS_W_MAIL)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_like',intval(($abook['abook_their_perms'] & PERMS_W_LIKE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','tag_deliver',intval(($abook['abook_their_perms'] & PERMS_W_TAGWALL)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','chat',intval(($abook['abook_their_perms'] & PERMS_W_CHAT)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_storage',intval(($abook['abook_their_perms'] & PERMS_W_STORAGE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_pages',intval(($abook['abook_their_perms'] & PERMS_W_PAGES)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','republish',intval(($abook['abook_their_perms'] & PERMS_A_REPUBLISH)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','delegate',intval(($abook['abook_their_perms'] & PERMS_A_DELEGATE)? 1 : 0));
+
+
+
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_stream',intval(($abook['abook_my_perms'] & PERMS_R_STREAM)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_profile',intval(($abook['abook_my_perms'] & PERMS_R_PROFILE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_contacts',intval(($abook['abook_my_perms'] & PERMS_R_ABOOK)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_storage',intval(($abook['abook_my_perms'] & PERMS_R_STORAGE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_pages',intval(($abook['abook_my_perms'] & PERMS_R_PAGES)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','send_stream',intval(($abook['abook_my_perms'] & PERMS_W_STREAM)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_wall',intval(($abook['abook_my_perms'] & PERMS_W_WALL)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_comments',intval(($abook['abook_my_perms'] & PERMS_W_COMMENT)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_mail',intval(($abook['abook_my_perms'] & PERMS_W_MAIL)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_like',intval(($abook['abook_my_perms'] & PERMS_W_LIKE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','tag_deliver',intval(($abook['abook_my_perms'] & PERMS_W_TAGWALL)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','chat',intval(($abook['abook_my_perms'] & PERMS_W_CHAT)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_storage',intval(($abook['abook_my_perms'] & PERMS_W_STORAGE)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_pages',intval(($abook['abook_my_perms'] & PERMS_W_PAGES)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','republish',intval(($abook['abook_my_perms'] & PERMS_A_REPUBLISH)? 1 : 0));
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','delegate',intval(($abook['abook_my_perms'] & PERMS_A_DELEGATE)? 1 : 0));
+
+
+} \ No newline at end of file
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index b43ead050..1cb1b2807 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -903,6 +903,7 @@ CREATE TABLE IF NOT EXISTS `pconfig` (
UNIQUE KEY `access` (`uid`,`cat`,`k`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
CREATE TABLE IF NOT EXISTS `photo` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`aid` int(10) unsigned NOT NULL DEFAULT '0',
diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql
index 5080d7608..c48007317 100644
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@@ -888,6 +888,7 @@ CREATE TABLE "pconfig" (
PRIMARY KEY ("id"),
UNIQUE ("uid","cat","k")
);
+
CREATE TABLE "photo" (
"id" serial NOT NULL,
"aid" bigint NOT NULL DEFAULT '0',
diff --git a/install/update.php b/install/update.php
index 3cb5010eb..366764f65 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1179 );
+define( 'UPDATE_VERSION' , 1180 );
/**
*
@@ -2360,4 +2360,30 @@ function update_r1178() {
if($r1)
return UPDATE_SUCCESS;
return UPDATE_FAILED;
+}
+
+function update_r1179() {
+
+ require_once('install/perm_upgrade.php');
+
+ $r1 = q("select * from channel where true");
+ if($r1) {
+ foreach($r1 as $rr) {
+ perm_limits_upgrade($rr);
+ }
+ }
+
+ $r2 = q("select * from abook where true");
+ if($r2) {
+ foreach($r2 as $rr) {
+ perm_abook_upgrade($rr);
+ }
+ }
+
+ $r = $r1 && $r2;
+ if($r)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+
+
} \ No newline at end of file