diff options
| -rw-r--r-- | Zotlabs/Lib/Activity.php | 22 | ||||
| -rw-r--r-- | Zotlabs/Lib/Enotify.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Lib/ThreadItem.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Module/Attach.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Channel.php | 8 | ||||
| -rw-r--r-- | Zotlabs/Module/Hq.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Module/Moderate.php | 24 | ||||
| -rw-r--r-- | Zotlabs/Module/Network.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Settings/Privacy.php | 5 | ||||
| -rw-r--r-- | include/attach.php | 31 | ||||
| -rw-r--r-- | include/items.php | 18 | ||||
| -rw-r--r-- | include/security.php | 1 | ||||
| -rw-r--r-- | view/js/main.js | 12 | ||||
| -rw-r--r-- | view/theme/redbasic/css/style.css | 1 | ||||
| -rw-r--r-- | view/theme/redbasic/schema/Focus-Boxy.css | 1 | ||||
| -rw-r--r-- | view/tpl/conv_item.tpl | 7 | ||||
| -rw-r--r-- | view/tpl/profile_vcard.tpl | 16 | ||||
| -rw-r--r-- | view/tpl/settings_privacy.tpl | 1 |
18 files changed, 110 insertions, 54 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 79821badc..433024cf0 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -2970,13 +2970,23 @@ class Activity { }*/ if (!$allowed) { - logger('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']); - logger('rejected: ' . print_r($item, true), LOGGER_DATA); - // TODO: not implemented - // let the sender know we received their comment but we don't permit spam here. - // self::send_rejection_activity($channel,$item['author_xchan'],$item); - return; + if (get_pconfig($channel['channel_id'], 'system', 'moderate_unsolicited_comments')) { + $item['item_blocked'] = intval(ITEM_MODERATED); + $allowed = true; + } + else { + hz_syslog('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']); + logger('rejected: ' . print_r($item, true), LOGGER_DATA); + + // TODO: not implemented + // let the sender know we received their comment but we don't permit spam here. + // self::send_rejection_activity($channel,$item['author_xchan'],$item); + + return; + } + + } // TODO: not implemented diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index 585761cc4..a8d34b940 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -145,7 +145,7 @@ class Enotify { $itemlink = $params['link']; - $action = t('commented on'); + $action = (($moderated) ? t('requests to comment on') : t('commented on')); if(array_key_exists('item',$params)) { diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index cf877ed92..14c9500ff 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -503,7 +503,10 @@ class ThreadItem { 'thread_level' => $thread_level, 'settings' => $settings, 'thr_parent' => (($item['parent_mid'] != $item['thr_parent']) ? gen_link_id($item['thr_parent']) : ''), - 'contact_id' => (($contact) ? $contact['abook_id'] : '') + 'contact_id' => (($contact) ? $contact['abook_id'] : ''), + 'moderate' => ($item['item_blocked'] == ITEM_MODERATED), + 'moderate_approve' => t('Approve'), + 'moderate_delete' => t('Delete') ); diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 5f5779b51..710f965ef 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -95,7 +95,7 @@ class Attach extends Controller { killme(); } - $r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0)); + $r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0), $token); if (!$r['success']) { notice($r['message'] . EOL); diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 748d990cb..036663681 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -284,13 +284,9 @@ class Channel extends Controller { * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 - and item.item_unpublished = 0 and item.item_pending_remove = 0 - and item.item_blocked = 0 "; - if (!$is_owner) - $item_normal .= "and item.item_delayed = 0 "; + $item_normal = item_normal(); $item_normal_update = item_normal_update(); - $sql_extra = item_permissions_sql(App::$profile['profile_uid']); + $sql_extra = item_permissions_sql(App::$profile['profile_uid']); if (feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (!$mid)) $page_mode = 'list'; diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 77d56e9a2..efa13b832 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -17,8 +17,6 @@ class Hq extends \Zotlabs\Web\Controller { function init() { if(! local_channel()) return; - - App::$profile_uid = local_channel(); } function get($update = 0, $load = false) { @@ -27,6 +25,8 @@ class Hq extends \Zotlabs\Web\Controller { return; } + App::$profile_uid = local_channel(); + $item_hash = ''; if(argc() > 1 && argv(1) !== 'load') { @@ -69,7 +69,7 @@ class Hq extends \Zotlabs\Web\Controller { //if the item is to be moderated redirect to /moderate if($target_item['item_blocked'] == ITEM_MODERATED) { - goaway(z_root() . '/moderate/' . $target_item['id']); + // goaway(z_root() . '/moderate/' . $target_item['id']); } $simple_update = ''; diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php index b66b052a6..b895b4a8c 100644 --- a/Zotlabs/Module/Moderate.php +++ b/Zotlabs/Module/Moderate.php @@ -17,7 +17,7 @@ class Moderate extends \Zotlabs\Web\Controller { } \App::set_pager_itemspage(30); - $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); //show all items if(argc() == 1) { @@ -40,8 +40,13 @@ class Moderate extends \Zotlabs\Web\Controller { if(argc() > 2) { $post_id = intval(argv(1)); - if(! $post_id) + if(! $post_id) { + if (is_ajax()) { + killme(); + } + goaway(z_root() . '/moderate'); + } $action = argv(2); @@ -61,18 +66,20 @@ class Moderate extends \Zotlabs\Web\Controller { ); $item['item_blocked'] = 0; - item_update_parent_commented($item); - notice( t('Comment approved') . EOL); } elseif($action === 'drop') { + // TODO: not implemented + // let the sender know we received their comment but we don't permit spam here. + // Activity::send_rejection_activity(App::get_channel(), $item['author_xchan'], $item); + drop_item($post_id,false); notice( t('Comment deleted') . EOL); - } + } // refetch the item after changes have been made - + $r = q("select * from item where id = %d", intval($post_id) ); @@ -84,6 +91,11 @@ class Moderate extends \Zotlabs\Web\Controller { if($action === 'approve') { \Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment-new', $post_id)); } + + if (is_ajax()) { + killme(); + } + goaway(z_root() . '/moderate'); } } diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 00fed55c2..dcc209d1d 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -43,6 +43,8 @@ class Network extends \Zotlabs\Web\Controller { return login(false); } + App::$profile_uid = local_channel(); + $o = ''; $arr = array('query' => App::$query_string); diff --git a/Zotlabs/Module/Settings/Privacy.php b/Zotlabs/Module/Settings/Privacy.php index 24249a865..588ece1f1 100644 --- a/Zotlabs/Module/Settings/Privacy.php +++ b/Zotlabs/Module/Settings/Privacy.php @@ -25,6 +25,9 @@ class Privacy { $permit_all_mentions = (((x($_POST, 'permit_all_mentions')) && (intval($_POST['permit_all_mentions']) == 1)) ? 1 : 0); set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions); + $moderate_unsolicited_comments = (((x($_POST, 'moderate_unsolicited_comments')) && (intval($_POST['moderate_unsolicited_comments']) == 1)) ? 1 : 0); + set_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments', $moderate_unsolicited_comments); + $ocap_enabled = (((x($_POST, 'ocap_enabled')) && (intval($_POST['ocap_enabled']) == 1)) ? 1 : 0); set_pconfig(local_channel(), 'system', 'ocap_enabled', $ocap_enabled); @@ -106,6 +109,7 @@ class Privacy { $index_opt_out = get_pconfig(local_channel(), 'system', 'index_opt_out'); $group_actor = get_pconfig(local_channel(), 'system', 'group_actor'); $permit_all_mentions = get_pconfig(local_channel(), 'system', 'permit_all_mentions'); + $moderate_unsolicited_comments = get_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments'); $ocap_enabled = get_pconfig(local_channel(), 'system', 'ocap_enabled'); $permissions_role = get_pconfig(local_channel(), 'system', 'permissions_role', 'custom'); @@ -129,6 +133,7 @@ class Privacy { '$index_opt_out' => ['index_opt_out', t('Opt-out of search engine indexing'), $index_opt_out, '', [t('No'), t('Yes')]], '$group_actor' => ['group_actor', t('Group actor'), $group_actor, t('Allow this channel to act as a forum'), [t('No'), t('Yes')]], '$permit_all_mentions' => ['permit_all_mentions', t('Accept all messages which mention you'), $permit_all_mentions, t('This setting bypasses normal permissions'), [t('No'), t('Yes')]], + '$moderate_unsolicited_comments' => ['moderate_unsolicited_comments', t('Moderate unsolicited comments'), $moderate_unsolicited_comments, t('Otherwise they will be silently dropped'), [t('No'), t('Yes')]], '$ocap_enabled' => ['ocap_enabled', t('Enable OCAP access'), $ocap_enabled, t('Grant limited posts the right to access linked private media'), [t('No'), t('Yes')]], ]); diff --git a/include/attach.php b/include/attach.php index 1de5f5a67..ead5a8e06 100644 --- a/include/attach.php +++ b/include/attach.php @@ -254,7 +254,7 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ * @param int $rev (optional) Revision default 0 * @return array */ -function attach_by_hash($hash, $observer_hash, $rev = 0) { +function attach_by_hash($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -274,7 +274,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $hash, $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -311,7 +311,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { * @param string $observer_hash * @return array */ -function attach_by_id($id, $observer_hash) { +function attach_by_id($id, $observer_hash, $token = EMPTY_STR) { $ret = array('success' => false); @@ -325,7 +325,7 @@ function attach_by_id($id, $observer_hash) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'])) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'], $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -340,17 +340,16 @@ function attach_by_id($id, $observer_hash) { function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid, $ob_hash, '', $token); - $hash = $resource; - if (!$token) { if(! perm_is_allowed($uid, $ob_hash, 'view_storage')) { return false; } } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); + $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($resource), intval($uid) ); @@ -373,24 +372,22 @@ function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid, $ob_hash, '', $token); - $hash = $folder_hash; - if(!$folder_hash && !$token) { return perm_is_allowed($uid, $ob_hash, 'view_storage'); } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); do { $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($folder_hash), intval($uid) ); if(! $r) return false; - $hash = $r[0]['folder']; - } while($hash); + $folder_hash = $r[0]['folder']; + } while($folder_hash); return true; } @@ -410,7 +407,7 @@ function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR * * \e string \b message (optional) only when success is false * * \e array \b data array of attach DB entry without data component */ -function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { +function attach_by_hash_nodata($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -435,7 +432,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { return $ret; } - $sql_extra = permissions_sql($r[0]['uid'], $observer_hash); + $sql_extra = permissions_sql($r[0]['uid'], $observer_hash, '', $token); // Now we'll see if we can access the attachment @@ -450,7 +447,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { } if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder']); + $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder'], $token); if(! $x) { $ret['message'] = t('Permission denied.'); return $ret; diff --git a/include/items.php b/include/items.php index a74fe8b50..c6aeaa0ed 100644 --- a/include/items.php +++ b/include/items.php @@ -242,9 +242,21 @@ function comments_are_now_closed($item) { } function item_normal() { - return " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 - and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 - and item.item_blocked = 0 "; + $profile_uid = App::$profile['profile_uid'] ?? App::$profile_uid ?? null; + $uid = local_channel(); + $is_owner = ($uid && intval($profile_uid) === $uid); + + $sql = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_pending_remove = 0"; + + if ($is_owner) { + $sql .= " and item.item_blocked IN (0, " . intval(ITEM_MODERATED) . ") and item.item_delayed IN (0, 1) "; + } + else { + $sql .= " and item.item_blocked = 0 and item.item_delayed = 0 "; + } + + return $sql; } function item_normal_search() { diff --git a/include/security.php b/include/security.php index 539e5f5b5..5ea6f13ef 100644 --- a/include/security.php +++ b/include/security.php @@ -326,6 +326,7 @@ function change_channel($change_channel) { * @param int $owner_id * @param bool $remote_observer (optional) use current observer if unset * @param $table (optional) + * @param $token (optional) * * @return string additional SQL where statement */ diff --git a/view/js/main.js b/view/js/main.js index dcdf58396..9c2480795 100644 --- a/view/js/main.js +++ b/view/js/main.js @@ -1314,6 +1314,18 @@ function dounsubthread(ident) { liking = 1; } +function moderate_approve(ident) { + $('#like-rotator-' + ident.toString()).show(); + $.get('moderate/' + ident.toString() + '/approve', updateInit ); + liking = 1; +} + +function moderate_drop(ident) { + $('#like-rotator-' + ident.toString()).show(); + $.get('moderate/' + ident.toString() + '/drop', $('#thread-wrapper-' + ident.toString()).fadeOut(function() { this.remove(); })); + liking = 1; +} + function dostar(ident) { ident = ident.toString(); $('#like-rotator-' + ident).show(); diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css index 3e34fff95..4ba65c112 100644 --- a/view/theme/redbasic/css/style.css +++ b/view/theme/redbasic/css/style.css @@ -1380,7 +1380,6 @@ blockquote { overflow: auto; } -.dropdown-item.active, .textcomplete-item.active { color: #fff; background-color: var(--bs-tertiary-bg); diff --git a/view/theme/redbasic/schema/Focus-Boxy.css b/view/theme/redbasic/schema/Focus-Boxy.css index e5f3280f6..df5bf2d75 100644 --- a/view/theme/redbasic/schema/Focus-Boxy.css +++ b/view/theme/redbasic/schema/Focus-Boxy.css @@ -25,6 +25,7 @@ } .vcard-card .card { + border: 1px solid var(--bs-border-color); border-top: 0; border-right: 0; border-left: 0; diff --git a/view/tpl/conv_item.tpl b/view/tpl/conv_item.tpl index 3f760998d..cd2130295 100644 --- a/view/tpl/conv_item.tpl +++ b/view/tpl/conv_item.tpl @@ -7,7 +7,7 @@ <div id="thread-wrapper-{{$item.id}}" class="thread-wrapper{{if $item.toplevel}} {{$item.toplevel}} generic-content-wrapper h-entry {{else}} u-comment h-cite{{/if}}" data-b64mids='{{$item.mids}}'> <a name="item_{{$item.id}}" ></a> <div class="wall-item-outside-wrapper{{if $item.is_comment}} comment{{/if}}{{if $item.previewing}} preview{{/if}}" id="wall-item-outside-wrapper-{{$item.id}}" > - <div class="clearfix wall-item-content-wrapper{{if $item.is_comment}} comment{{/if}}" id="wall-item-content-wrapper-{{$item.id}}"> + <div class="rounded clearfix wall-item-content-wrapper{{if $item.is_comment}} comment{{/if}}" id="wall-item-content-wrapper-{{$item.id}}"> {{if $item.photo}} <div class="wall-photo-item" id="wall-photo-item-{{$item.id}}"> {{$item.photo}} @@ -120,6 +120,10 @@ </div> </div> {{/if}} + {{if $item.moderate}} + <a href="#" onclick="moderate_approve({{$item.id}}); return false;" class="btn btn-sm btn-outline-success"><i class="fa fa-check" ></i> {{$item.moderate_approve}}</a> + <a href="#" onclick="moderate_drop({{$item.id}}); return false;" class="btn btn-sm btn-outline-danger"><i class="fa fa-trash-o" ></i> {{$item.moderate_delete}}</a> + {{else}} <div class="btn-group"> {{if $item.like}} <button type="button" title="{{$item.like.0}}" class="btn btn-outline-secondary btn-sm" onclick="dolike({{$item.id}},'like'); return false;"> @@ -230,6 +234,7 @@ </div> </div> </div> + {{/if}} </div> {{if $item.responses || $item.attachments}} diff --git a/view/tpl/profile_vcard.tpl b/view/tpl/profile_vcard.tpl index 6cf40bf79..37339a40a 100644 --- a/view/tpl/profile_vcard.tpl +++ b/view/tpl/profile_vcard.tpl @@ -48,10 +48,10 @@ {{/if}} </div> </div> - {{if $details}} - <div class="vcard ps-2 pe-2"> + {{if $details && ($location || $hometown || $gender || $marital || $homepage)}} + <div class="vcard rounded ps-2 pe-2"> {{if $location}} - <dl class="mb-0 pb-1"> + <dl class="mb-0 pb-1 rounded"> <dt class="location-label">{{$location}}</dt> <dd class="adr h-adr"> {{if $profile.address}} @@ -71,30 +71,30 @@ </dl> {{/if}} {{if $hometown}} - <dl class="mb-0 pb-1"> + <dl class="mb-0 pb-1 rounded"> <dt class="hometown-label">{{$hometown}}</dt> <dd class="p-hometown">{{$profile.hometown}}</dd> </dl> {{/if}} {{if $gender}} - <dl class="mb-0 pb-1"> + <dl class="mb-0 pb-1 rounded"> <dt class="gender-label">{{$gender}}</dt> <dd class="p-gender">{{if $profile.gender_icon}}<i class="fa fa-{{$profile.gender_icon}}"></i> {{/if}}{{$profile.gender}}</dd> </dl> {{/if}} {{if $marital}} - <dl class="mb-0 pb-1"> + <dl class="mb-0 pb-1 rounded"> <dt class="marital-label"><span class="heart"><i class="fa fa-heart"></i> </span>{{$marital}}</dt> <dd class="marital-text">{{$profile.marital}}</dd> </dl> {{/if}} {{if $homepage}} - <dl class="mb-0 pb-1"> + <dl class="mb-0 pb-1 rounded"> <dt class="homepage-label">{{$homepage}}</dt> <dd class="homepage-url u-url">{{$profile.homepage}}</dd> </dl> {{/if}} - <div class="hcard-addon"></div> + <div class="hcard-addon rounded"></div> </div> {{/if}} </div> diff --git a/view/tpl/settings_privacy.tpl b/view/tpl/settings_privacy.tpl index ae81cee78..03224ae65 100644 --- a/view/tpl/settings_privacy.tpl +++ b/view/tpl/settings_privacy.tpl @@ -11,6 +11,7 @@ {{include file="field_checkbox.tpl" field=$index_opt_out}} {{include file="field_checkbox.tpl" field=$autoperms}} {{include file="field_checkbox.tpl" field=$permit_all_mentions}} + {{include file="field_checkbox.tpl" field=$moderate_unsolicited_comments}} {{include file="field_checkbox.tpl" field=$ocap_enabled}} {{if $sec_addon}} |