diff options
-rw-r--r-- | Zotlabs/Access/PermissionLimits.php | 36 | ||||
-rw-r--r-- | Zotlabs/Access/PermissionRoles.php | 215 | ||||
-rw-r--r-- | Zotlabs/Access/Permissions.php | 74 | ||||
-rw-r--r-- | Zotlabs/Daemon/Onepoll.php | 4 | ||||
-rw-r--r-- | Zotlabs/Module/Acl.php | 53 | ||||
-rw-r--r-- | Zotlabs/Module/Connedit.php | 53 | ||||
-rw-r--r-- | Zotlabs/Module/Follow.php | 3 | ||||
-rw-r--r-- | Zotlabs/Module/Mail.php | 12 | ||||
-rw-r--r-- | Zotlabs/Module/Manage.php | 4 | ||||
-rw-r--r-- | Zotlabs/Module/Probe.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Settings.php | 34 | ||||
-rw-r--r-- | Zotlabs/Zot/Finger.php | 2 | ||||
-rwxr-xr-x | boot.php | 2 | ||||
-rw-r--r-- | include/config.php | 1 | ||||
-rw-r--r-- | include/permissions.php | 513 | ||||
-rw-r--r-- | include/security.php | 41 | ||||
-rw-r--r-- | include/widgets.php | 11 | ||||
-rw-r--r-- | include/zot.php | 114 | ||||
-rw-r--r-- | install/perm_upgrade.php | 63 | ||||
-rw-r--r-- | install/schema_mysql.sql | 1 | ||||
-rw-r--r-- | install/schema_postgres.sql | 1 | ||||
-rw-r--r-- | install/update.php | 28 |
22 files changed, 849 insertions, 418 deletions
diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php new file mode 100644 index 000000000..909b654d5 --- /dev/null +++ b/Zotlabs/Access/PermissionLimits.php @@ -0,0 +1,36 @@ +<?php + +namespace Zotlabs\Access; + +use \Zotlabs\Lib as ZLib; + +class PermissionLimits { + + static public function Std_Limits() { + $perms = Permissions::Perms(); + $limits = array(); + foreach($perms as $k => $v) { + if(strstr($k,'view')) + $limits[$k] = PERMS_PUBLIC; + else + $limits[$k] = PERMS_SPECIFIC; + } + return $limits; + } + + static public function Set($channel_id,$perm,$perm_limit) { + ZLib\PConfig::Set($channel_id,'perm_limits',$perm,$perm_limit); + } + + static public function Get($channel_id,$perm = '') { + if($perm) { + return Zlib\PConfig::Get($channel_id,'perm_limits',$perm); + } + else { + Zlib\PConfig::Load($channel_id); + if(array_key_exists($channel_id,\App::$config) && array_key_exists('perm_limits',\App::$config[$channel_id])) + return \App::$config[$channel_id]['perm_limits']; + return false; + } + } +}
\ No newline at end of file diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php new file mode 100644 index 000000000..8b116adc5 --- /dev/null +++ b/Zotlabs/Access/PermissionRoles.php @@ -0,0 +1,215 @@ +<?php + + +namespace Zotlabs\Access; + +use Zotlabs\Lib as Zlib; + +class PermissionRoles { + + + static function role_perms($role) { + + $ret = array(); + + $ret['role'] = $role; + + switch($role) { + case 'social': + $ret['perms_auto'] = false; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = true; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like', 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + break; + + case 'social_restricted': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = true; + $ret['online'] = true; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'social_private': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = false; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' ]; + $ret['limits'] = PermissionLimits::Std_Limits(); + $ret['limits']['view_contacts'] = PERMS_SPECIFIC; + $ret['limits']['view_storage'] = PERMS_SPECIFIC; + + break; + + case 'forum': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + break; + + case 'forum_restricted': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = true; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'forum_private': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = false; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + $ret['limits']['view_profile'] = PERMS_SPECIFIC; + $ret['limits']['view_contacts'] = PERMS_SPECIFIC; + $ret['limits']['view_storage'] = PERMS_SPECIFIC; + $ret['limits']['view_pages'] = PERMS_SPECIFIC; + + break; + + case 'feed': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'feed_restricted': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = false; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'soapbox': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_like' , 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'repository': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + break; + + default: + break; + } + + $x = get_config('system','role_perms'); + // let system settings over-ride any or all + if($x && is_array($x) && array_key_exists($role,$x)) + $ret = array_merge($ret,$x[$role]); + + call_hooks('get_role_perms',$ret); + + return $ret; + } + + + + + static public function roles() { + $roles = [ + t('Social Networking') => [ + 'social' => t('Social - Mostly Public'), + 'social_restricted' => t('Social - Restricted'), + 'social_private' => t('Social - Private') + ], + + t('Community Forum') => [ + 'forum' => t('Forum - Mostly Public'), + 'forum_restricted' => t('Forum - Restricted'), + 'forum_private' => t('Forum - Private') + ], + + t('Feed Republish') => [ + 'feed' => t('Feed - Mostly Public'), + 'feed_restricted' => t('Feed - Restricted') + ], + + t('Special Purpose') => [ + 'soapbox' => t('Special - Celebrity/Soapbox'), + 'repository' => t('Special - Group Repository') + ], + + t('Other') => [ + 'custom' => t('Custom/Expert Mode') + ] + + ]; + + return $roles; + } + + + +}
\ No newline at end of file diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php new file mode 100644 index 000000000..b389fc229 --- /dev/null +++ b/Zotlabs/Access/Permissions.php @@ -0,0 +1,74 @@ +<?php + + +namespace Zotlabs\Access; + +use Zotlabs\Lib as Zlib; + +class Permissions { + + /** + * Extensible permissions. + * To add new permissions, add to the list of $perms below, with a simple description. + * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role + * if this permission should be granted to new connections. + * + * Permissions with 'view' in the name are considered read permissions. Anything + * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else + * is given PERMS_SPECIFIC. + * + * PermissionLimits::Std_limits() retrieves the standard limits. A permission role + * MAY alter an individual setting after retrieving the Std_limits if you require + * something different for a specific permission within the given role. + * + */ + + + static public function Perms($filter = '') { + + $perms = [ + 'view_stream' => t('Can view my channel stream and posts'), + 'send_stream' => t('Can send me their channel stream and posts'), + 'view_profile' => t('Can view my default channel profile'), + 'view_contacts' => t('Can view my connections'), + 'view_storage' => t('Can view my file storage and photos'), + 'write_storage' => t('Can upload/modify my file storage and photos'), + 'view_pages' => t('Can view my channel webpages'), + 'write_pages' => t('Can create/edit my channel webpages'), + 'post_wall' => t('Can post on my channel (wall) page'), + 'post_comments' => t('Can comment on or like my posts'), + 'post_mail' => t('Can send me private mail messages'), + 'post_like' => t('Can like/dislike profiles and profile things'), + 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts'), + 'chat' => t('Can chat with me'), + 'republish' => t('Can source my public posts in derived channels'), + 'delegate' => t('Can administer my channel') + ]; + + $x = array('permissions' => $perms, 'filter' => $filter); + call_hooks('permissions_list',$x); + return($x['permissions']); + + } + + static public function BlockedAnonPerms() { + + // Perms from the above list that are blocked from anonymous observers. + // e.g. you must be authenticated. + + $res = array(); + $perms = PermissionLimits::Std_limits(); + foreach($perms as $perm => $limit) { + if($limit != PERMS_PUBLIC) { + $res[] = $perm; + } + } + + $x = array('permissions' => $res); + call_hooks('write_perms',$x); + return($x['permissions']); + + } + + +}
\ No newline at end of file diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php index 036a4991b..21c46cec5 100644 --- a/Zotlabs/Daemon/Onepoll.php +++ b/Zotlabs/Daemon/Onepoll.php @@ -102,7 +102,9 @@ class Onepoll { $fetch_feed = true; $x = null; - if(! ($contact['abook_their_perms'] & PERMS_R_STREAM )) + $can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream')); + + if(! $can_view_stream) $fetch_feed = false; if($fetch_feed) { diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index f33e257f4..0e02a2f66 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -58,7 +58,23 @@ class Acl extends \Zotlabs\Web\Controller { if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) killme(); - + + $permitted = []; + + if(in_array($type, [ 'm', 'a', 'c' ])) { + + // These queries require permission checking. We'll create a simple array of xchan_hash for those with + // the requisite permissions which we can check against. + + $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1", + intval(local_channel()), + dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver') + ); + + $permitted = ids_to_array($x,'xchan'); + } + + if($search) { $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; @@ -87,13 +103,13 @@ class Acl extends \Zotlabs\Web\Controller { if($type == '' || $type == 'g') { - $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname` - FROM `groups`,`group_member` - WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d - AND `group_member`.`gid`=`groups`.`id` + $r = q("SELECT groups.id, groups.hash, groups.gname + FROM groups,group_member + WHERE groups.deleted = 0 AND groups.uid = %d + AND group_member.gid=groups.id $sql_extra - GROUP BY `groups`.`id` - ORDER BY `groups`.`gname` + GROUP BY groups.id + ORDER BY groups.gname LIMIT %d OFFSET %d", intval(local_channel()), intval($count), @@ -131,7 +147,7 @@ class Acl extends \Zotlabs\Web\Controller { if($extra_channels_sql != '') $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; - $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) @@ -194,16 +210,23 @@ class Acl extends \Zotlabs\Web\Controller { } } elseif($type == 'm') { - - $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + $r = array(); + $z = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) + WHERE abook_channel = %d and xchan_deleted = 0 $sql_extra3 - ORDER BY `xchan_name` ASC ", - intval(local_channel()), - intval(PERMS_W_MAIL) + ORDER BY xchan_name ASC ", + intval(local_channel()) ); + if($z) { + foreach($z as $zz) { + if(in_array($zz['id'],$permitted)) { + $r[] = $zz; + } + } + } + } elseif($type == 'a') { @@ -247,7 +270,7 @@ class Acl extends \Zotlabs\Web\Controller { if(strpos($g['hash'],'/') && $type != 'a') continue; - if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) { + if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 7db4950b1..f9b1336a8 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -129,12 +129,21 @@ class Connedit extends \Zotlabs\Web\Controller { $abook_my_perms = 0; - foreach($_POST as $k => $v) { - if(strpos($k,'perms_') === 0) { - $abook_my_perms += $v; + $all_perms = \Zotlabs\Access\Permissions::Perms(); + + if($all_perms) { + foreach($all_perms as $perm => $desc) { + if(array_key_exists('perms_' . $perm, $_POST)) { + set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm, + intval($_POST['perms_' . $perm])); + $abook_my_perms ++; + } + else { + set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0); + } } } - + $new_friend = false; if(! $is_self) { @@ -195,8 +204,11 @@ class Connedit extends \Zotlabs\Web\Controller { $role = get_pconfig(local_channel(),'system','permissions_role'); if($role) { $x = get_role_perms($role); - if($x['perms_accept']) - $abook_my_perms = $x['perms_accept']; + if($x['perms_connect']) { + foreach($x['perms_connect'] as $p) { + set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'my_perms',$p,1); + } + } } } @@ -372,8 +384,8 @@ class Connedit extends \Zotlabs\Web\Controller { $role = get_pconfig(local_channel(),'system','permissions_role'); if($role) { $x = get_role_perms($role); - if($x['perms_accept']) - $my_perms = $x['perms_accept']; + if($x['perms_connect']) + $my_perms = $x['perms_connect']; } $yes_no = array(t('No'),t('Yes')); @@ -654,7 +666,8 @@ class Connedit extends \Zotlabs\Web\Controller { $perms = array(); $channel = \App::get_channel(); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); + $existing = get_all_perms(local_channel(),$contact['abook_xchan']); $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes'))); @@ -670,16 +683,32 @@ class Connedit extends \Zotlabs\Web\Controller { if($slide && $multiprofs) $affinity = t('Set Affinity & Profile'); + $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'", + intval(local_channel()), + dbesc($contact['abook_xchan']) + ); + $their_perms = array(); + if($theirs) { + foreach($theirs as $t) { + $their_perms[$t['k']] = $t['v']; + } + } + foreach($global_perms as $k => $v) { - $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); - $checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : ''); + $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k); +//fixme + + $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k); // For auto permissions (when $self is true) we don't want to look at existing // permissions because they are enabled for the channel owner if((! $self) && ($existing[$k])) $thisperm = "1"; + + + - $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4], $checkinherited); + $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); } $locstr = ''; diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index 3641330c9..5de89ef41 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -49,10 +49,11 @@ class Follow extends \Zotlabs\Web\Controller { build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone))); + $can_view_stream = intval(get_abconfig($channel['channel_id'],$clone['abook_xchan'],'their_perms','view_stream')); // If we can view their stream, pull in some posts - if(($result['abook']['abook_their_perms'] & PERMS_R_STREAM) || ($result['abook']['xchan_network'] === 'rss')) + if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss')) \Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id'])); goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index aae7585c4..043c28078 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -57,8 +57,6 @@ class Mail extends \Zotlabs\Web\Controller { $their_perms = 0; - $global_perms = get_perms(); - if($j['permissions']['data']) { $permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']); if($permissions) @@ -68,13 +66,7 @@ class Mail extends \Zotlabs\Web\Controller { else $permissions = $j['permissions']; - foreach($permissions as $k => $v) { - if($v) { - $their_perms = $their_perms | intval($global_perms[$k][1]); - } - } - - if(! ($their_perms & PERMS_W_MAIL)) { + if(! ($permissions['post_mail'])) { notice( t('Selected channel has private message restrictions. Send failed.')); // reported issue: let's still save the message and continue. We'll just tell them // that nothing useful is likely to happen. They might have spent hours on it. @@ -120,7 +112,7 @@ class Mail extends \Zotlabs\Web\Controller { } - function get() { + function get() { $o = ''; nav_set_selected('messages'); diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php index 4ca044c4a..8f815d6d4 100644 --- a/Zotlabs/Module/Manage.php +++ b/Zotlabs/Module/Manage.php @@ -143,9 +143,9 @@ class Manage extends \Zotlabs\Web\Controller { $create = array( 'new_channel', t('Create a new channel'), t('Create New')); $delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where - abook_channel = %d and (abook_their_perms & %d) > 0", + abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = 1 )", intval(local_channel()), - intval(PERMS_A_DELEGATE) + intval(local_channel()) ); if($delegates) { diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index dda792131..7fc0e8ff5 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -23,8 +23,6 @@ class Probe extends \Zotlabs\Web\Controller { $j = \Zotlabs\Zot\Finger::run($addr,$channel,false); - // $res = zot_finger($addr,$channel,false); - $o .= '<pre>'; if(! $j['success']) { $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n"); diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index af246a4dc..d5b0cd07a 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -28,7 +28,7 @@ class Settings extends \Zotlabs\Web\Controller { } - function post() { + function post() { if(! local_channel()) return; @@ -38,7 +38,7 @@ class Settings extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - logger('mod_settings: ' . print_r($_REQUEST,true)); + // logger('mod_settings: ' . print_r($_REQUEST,true)); if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){ @@ -309,10 +309,10 @@ class Settings extends \Zotlabs\Web\Controller { intval(local_channel()) ); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); foreach($global_perms as $k => $v) { - $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; + \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,intval($_POST[$k])); } $acl = new \Zotlabs\Access\AccessList($channel); $acl->set_from_array($_POST); @@ -368,10 +368,10 @@ class Settings extends \Zotlabs\Web\Controller { ); } - $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1", - intval((array_key_exists('perms_accept',$role_permissions)) ? $role_permissions['perms_accept'] : 0), - intval(local_channel()) - ); + foreach($global_perms as $k => $v) { + set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k,((array_key_exists($k,$role_permissions['perms_connect'])) ? 1 : 0)); + } + set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0)); foreach($role_permissions as $p => $v) { @@ -862,11 +862,7 @@ class Settings extends \Zotlabs\Web\Controller { return $o; } - - - - - + if(argv(1) === 'channel') { require_once('include/acl_selectors.php'); @@ -883,9 +879,8 @@ class Settings extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - - $global_perms = get_perms(); - + $global_perms = \Zotlabs\Access\Permissions::Perms(); + $permiss = array(); $perm_opts = array( @@ -899,19 +894,18 @@ class Settings extends \Zotlabs\Web\Controller { array( t('Anybody on the internet'), PERMS_PUBLIC) ); + $limits = \Zotlabs\Access\PermissionLimits::Get(local_channel()); foreach($global_perms as $k => $perm) { $options = array(); foreach($perm_opts as $opt) { - if((! $perm[2]) && $opt[1] == PERMS_PUBLIC) - continue; $options[$opt[1]] = $opt[0]; } - $permiss[] = array($k,$perm[3],$channel[$perm[0]],$perm[4],$options); + $permiss[] = array($k,$perm,$limits[$k],'',$options); } - // logger('permiss: ' . print_r($permiss,true)); + //logger('permiss: ' . print_r($permiss,true)); diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 229fda8bd..9d373b2e6 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -28,7 +28,7 @@ class Finger { if (strpos($webbie,'@') === false) { $address = $webbie; - $host = App::get_hostname(); + $host = \App::get_hostname(); } else { $address = substr($webbie,0,strpos($webbie,'@')); $host = substr($webbie,strpos($webbie,'@')+1); @@ -47,7 +47,7 @@ define ( 'PLATFORM_NAME', 'hubzilla' ); define ( 'STD_VERSION', '1.9' ); define ( 'ZOT_REVISION', '1.1' ); -define ( 'DB_UPDATE_VERSION', 1179 ); +define ( 'DB_UPDATE_VERSION', 1180 ); /** diff --git a/include/config.php b/include/config.php index 08810e298..8c0469392 100644 --- a/include/config.php +++ b/include/config.php @@ -97,7 +97,6 @@ function del_aconfig($account_id, $family, $key) { return Zlib\AConfig::Delete($account_id, $family, $key); } - function load_abconfig($chan, $xhash, $family = '') { return Zlib\AbConfig::Load($chan,$xhash,$family); } diff --git a/include/permissions.php b/include/permissions.php index 19242d29f..bc3cfdd2a 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { if($api) return get_all_api_perms($uid,$api); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // Save lots of individual lookups @@ -81,11 +81,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : array()); + foreach($global_perms as $perm_name => $permission) { // First find out what the channel owner declared permissions to be. - $channel_perm = $permission[0]; + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$perm_name); if(! $channel_checked) { $r = q("select * from channel where channel_id = %d limit 1", @@ -105,7 +107,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // These take priority over all other settings. if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) { + if($channel_perm & PERMS_AUTHED) { $ret[$perm_name] = true; continue; } @@ -136,7 +138,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Check if this is a write permission and they are being ignored // This flag is only visible internally. - if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) { + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + + + if(($x) && ($internal_use) && in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { $ret[$perm_name] = false; continue; } @@ -154,7 +159,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // if you've moved elsewhere, you will only have read only access if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) { - if($r[0]['channel_moved'] && (! $permission[2])) + if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms))) $ret[$perm_name] = false; else $ret[$perm_name] = true; @@ -163,7 +168,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Anybody at all (that wasn't blocked or ignored). They have permission. - if($r[0][$channel_perm] & PERMS_PUBLIC) { + if($channel_perm & PERMS_PUBLIC) { $ret[$perm_name] = true; continue; } @@ -178,7 +183,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) { $ret[$perm_name] = true; continue; @@ -187,7 +192,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { if(! $onsite_checked) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) @@ -214,7 +219,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { $ret[$perm_name] = true; continue; } @@ -226,16 +231,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if($r[0][$channel_perm] & PERMS_SPECIFIC) { - if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { - $ret[$perm_name] = true; + if($channel_perm & PERMS_SPECIFIC) { + if($abperms) { + foreach($abperms as $ab) { + if(($ab['cat'] == 'my_perms') && ($ab['k'] == $perm_name)) { + $ret[$perm_name] = (intval($ab['v']) ? true : false); + break; + } + } continue; } } @@ -284,21 +294,23 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if($arr['result']) return true; - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // First find out what the channel owner declared permissions to be. - $channel_perm = $global_perms[$permission][0]; + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$permission); - $r = q("select %s, channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", - dbesc($channel_perm), + $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", intval($uid) ); if(! $r) return false; + + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) + if($channel_perm & PERMS_AUTHED) return true; $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash @@ -312,7 +324,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if(($x) && intval($x[0]['abook_blocked'])) return false; - if(($x) && (! $global_perms[$permission][2]) && intval($x[0]['abook_ignored'])) + if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) return false; if(! $x) { @@ -321,7 +333,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { dbesc($observer_xchan) ); } + $abperms = load_abconfig($uid,$observer_xchan); } + // system is blocked to anybody who is not authenticated @@ -333,13 +347,13 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // in which case you will have read_only access if($r[0]['channel_hash'] === $observer_xchan) { - if($r[0]['channel_moved'] && (! $global_perms[$permission][2])) + if($r[0]['channel_moved'] && (in_array($permission,$blocked_anon_perms))) return false; else return true; } - if($r[0][$channel_perm] & PERMS_PUBLIC) + if($channel_perm & PERMS_PUBLIC) return true; // If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set @@ -350,14 +364,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) return true; } // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) ); @@ -376,7 +390,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { return true; } @@ -386,15 +400,16 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { return true; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) { - if($x[0]['abook_my_perms'] & $global_perms[$permission][1]) + if(($r) && ($channel_perm & PERMS_SPECIFIC)) { + if(array_key_exists('my_perms',$abperms) && array_key_exists($permission,$abperms['my_perms']) && $abperms['my_perms'][$permission]) { return true; + } } // No permissions allowed. @@ -560,28 +575,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like', 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -590,28 +605,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; @@ -620,28 +636,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -650,28 +666,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -680,28 +696,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -710,28 +726,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILEPERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_SPECIFIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_SPECIFIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_SPECIFIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_SPECIFIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -740,28 +757,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_NETWORK; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -770,28 +788,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -800,26 +818,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_like' , 'republish' ]; + + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -828,28 +849,30 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; diff --git a/include/security.php b/include/security.php index 212690d91..2ab6bf075 100644 --- a/include/security.php +++ b/include/security.php @@ -89,6 +89,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive * * @return bool|array false or channel record of the new channel */ + function change_channel($change_channel) { $ret = false; @@ -438,14 +439,19 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) { $random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : ''); if(local_channel()) $ret[] = local_channel(); - $r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", - intval($perms), - intval(PAGE_ADULT|PAGE_CENSORED) + $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", + intval($perms) ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_id'], $ret)) - $ret[] = $rr['channel_id']; + if($x) { + $ids = ids_to_querystr($x,'uid'); + $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_id'], $ret)) + $ret[] = $rr['channel_id']; + } } $str = ''; @@ -471,16 +477,21 @@ function stream_perms_xchans($perms = NULL ) { if(local_channel()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0 and channel_system = 0 and channel_removed = 0 ", - intval($perms), - intval(PAGE_ADULT|PAGE_CENSORED) + $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", + intval($perms) ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_hash'], $ret)) - $ret[] = $rr['channel_hash']; - } + if($x) { + $ids = ids_to_querystr($x,'uid'); + $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_hash'], $ret)) + $ret[] = $rr['channel_hash']; + } + } $str = ''; if($ret) { foreach($ret as $rr) { diff --git a/include/widgets.php b/include/widgets.php index 2d4d5b799..dbcaef409 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1347,9 +1347,14 @@ function widget_forums($arr) { $perms_sql = item_permissions_sql(local_channel()) . item_normal(); - $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where ( xchan_pubforum = 1 or ((abook_their_perms & %d ) != 0 and (abook_their_perms & %d ) = 0) ) and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", - intval(PERMS_W_TAGWALL), - intval(PERMS_W_STREAM), + /** + * We used to try and find public forums with custom permissions by checking to see if + * send_stream was false and tag_deliver was true. However with the newer extensible + * permissions infrastructure this makes for a very complicated query. Now we're only + * checking channels that report themselves specifically as pubforums + */ + + $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_pubforum = 1 and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", intval(local_channel()) ); if(! $r1) diff --git a/include/zot.php b/include/zot.php index 45347ef22..0bf689742 100644 --- a/include/zot.php +++ b/include/zot.php @@ -388,10 +388,7 @@ function zot_refresh($them, $channel = null, $force = false) { if(! $x['success']) return false; - $their_perms = 0; - if($channel) { - $global_perms = get_perms(); if($j['permissions']['data']) { $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], @@ -408,15 +405,10 @@ function zot_refresh($them, $channel = null, $force = false) { $connected_set = false; if($permissions && is_array($permissions)) { + $old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream'); + foreach($permissions as $k => $v) { - // The connected permission means you are in their address book - if($k === 'connected') { - $connected_set = intval($v); - continue; - } - if(($v) && (array_key_exists($k,$global_perms))) { - $their_perms = $their_perms | intval($global_perms[$k][1]); - } + set_abconfig($channel['channel_id'],$x['hash'],'their_perms',$k,$v); } } @@ -443,36 +435,19 @@ function zot_refresh($them, $channel = null, $force = false) { if(substr($r[0]['abook_dob'],5) == substr($next_birthday,5)) $next_birthday = $r[0]['abook_dob']; - $current_abook_connected = (intval($r[0]['abook_unconnected']) ? 0 : 1); - - $y = q("update abook set abook_their_perms = %d, abook_dob = '%s' + $y = q("update abook set abook_dob = '%s' where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 ", - intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']) ); -// if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) { - - // if they are in your address book but you aren't in theirs, and/or this does not - // match your current connected state setting, toggle it. - /** @FIXME uncoverted to postgres */ - /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */ -// $y1 = q("update abook set abook_unconnected = 1 -// where abook_xchan = '%s' and abook_channel = %d -// and abook_self = 0 limit 1", -// dbesc($x['hash']), -// intval($channel['channel_id']) -// ); -// } - if(! $y) logger('abook update failed'); else { // if we were just granted read stream permission and didn't have it before, try to pull in some posts - if((! ($r[0]['abook_their_perms'] & PERMS_R_STREAM)) && ($their_perms & PERMS_R_STREAM)) + if((! $old_read_stream_perm) && (intval($permissions['view_stream']))) Zotlabs\Daemon\Master::Summon(array('Onepoll',$r[0]['abook_id'])); } } @@ -484,10 +459,10 @@ function zot_refresh($them, $channel = null, $force = false) { if($role) { $xx = get_role_perms($role); if($xx['perms_auto']) - $default_perms = $xx['perms_accept']; + $default_perms = $xx['perms_connect']; } if(! $default_perms) - $default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms')); + $default_perms = get_pconfig($channel['channel_id'],'system','autoperms'); // Keep original perms to check if we need to notify them @@ -498,13 +473,11 @@ function zot_refresh($them, $channel = null, $force = false) { if($closeness === false) $closeness = 80; - $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", + $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), - intval($their_perms), - intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), @@ -532,9 +505,9 @@ function zot_refresh($them, $channel = null, $force = false) { 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'], )); - if($their_perms & PERMS_R_STREAM) { - if(($channel['channel_w_stream'] & PERMS_PENDING) - || (! intval($new_connection[0]['abook_pending'])) ) + if(intval($permissions['view_stream'])) { + if(intval(get_pconfig($channel['channel_id'],'perms_limit','send_stream') & PERMS_PENDING) + || (! intval($new_connection[0]['abook_pending']))) Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id'])); } @@ -1371,8 +1344,8 @@ function public_recips($msg) { if($msg['message']['type'] === 'activity') { if(! get_config('system','disable_discover_tab')) $include_sys = true; - $col = 'channel_w_stream'; - $field = PERMS_W_STREAM; + $perm = 'send_stream'; + if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { // check mention recipient permissions on top level posts only $check_mentions = true; @@ -1404,65 +1377,30 @@ function public_recips($msg) { // contains the tag. we'll solve that further below. if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) { - $col = 'channel_w_comment'; - $field = PERMS_W_COMMENT; + $perm = 'post_comments'; } } } - elseif($msg['message']['type'] === 'mail') { - $col = 'channel_w_mail'; - $field = PERMS_W_MAIL; - } - - if(! $col) - return NULL; - - $col = dbesc($col); - - // First find those channels who are accepting posts from anybody, or at least - // something greater than just their connections. + elseif($msg['message']['type'] === 'mail') + $perm = 'post_mail'; - if($msg['notify']['sender']['url'] === z_root()) { - $sql = " where (( " . $col . " & " . intval(PERMS_NETWORK) . " ) > 0 - or ( " . $col . " & " . intval(PERMS_SITE) . " ) > 0 - or ( " . $col . " & " . intval(PERMS_PUBLIC) . ") > 0 - or ( " . $col . " & " . intval(PERMS_AUTHED) . ") > 0 ) "; - } else { - $sql = " where ( " . $col . " = " . intval(PERMS_NETWORK) . " - or " . $col . " = " . intval(PERMS_PUBLIC) . " - or " . $col . " = " . intval(PERMS_AUTHED) . " ) "; + $r = array(); + + $c = q("select channel_id, channel_hash from channel where channel_removed = 0"); + if($c) { + foreach($c as $cc) { + if(perm_is_allowed($cc['channel_id'],$msg['notify']['sender']['hash'],$perm)) { + $r[] = [ 'hash' => $cc['channel_hash'] ]; + } + } } - $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' - and channel_removed = 0 ", - dbesc($msg['notify']['sender']['hash']) - ); - - if(! $r) - $r = array(); - - // Now we have to get a bit dirty. Find every channel that has the sender in their connections (abook) - // and is allowing this sender at least at a high level. - - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id - where abook_xchan = '%s' and channel_removed = 0 - and (( " . $col . " = " . intval(PERMS_SPECIFIC) . " and ( abook_my_perms & " . intval($field) . " ) > 0 ) - OR " . $col . " = " . intval(PERMS_PENDING) . " - OR ( " . $col . " = " . intval(PERMS_CONTACTS) . " and abook_pending = 0 )) ", - dbesc($msg['notify']['sender']['hash']) - ); - - if(! $x) - $x = array(); - - $r = array_merge($r,$x); - //logger('message: ' . print_r($msg['message'],true)); if($include_sys && array_key_exists('public_scope',$msg['message']) && $msg['message']['public_scope'] === 'public') { $sys = get_sys_channel(); if($sys) - $r[] = array('hash' => $sys['channel_hash']); + $r[] = [ 'hash' => $sys['channel_hash'] ]; } // look for any public mentions on this site diff --git a/install/perm_upgrade.php b/install/perm_upgrade.php new file mode 100644 index 000000000..38e951be3 --- /dev/null +++ b/install/perm_upgrade.php @@ -0,0 +1,63 @@ +<?php + +function perm_limits_upgrade($channel) { + set_pconfig($channel['channel_id'],'perm_limits','view_stream',$channel['channel_r_stream']); + set_pconfig($channel['channel_id'],'perm_limits','view_profile',$channel['channel_r_profile']); + set_pconfig($channel['channel_id'],'perm_limits','view_contacts',$channel['channel_r_abook']); + set_pconfig($channel['channel_id'],'perm_limits','view_storage',$channel['channel_r_storage']); + set_pconfig($channel['channel_id'],'perm_limits','view_pages',$channel['channel_r_pages']); + set_pconfig($channel['channel_id'],'perm_limits','send_stream',$channel['channel_w_stream']); + set_pconfig($channel['channel_id'],'perm_limits','post_wall',$channel['channel_w_wall']); + set_pconfig($channel['channel_id'],'perm_limits','post_comments',$channel['channel_w_comment']); + set_pconfig($channel['channel_id'],'perm_limits','post_mail',$channel['channel_w_mail']); + set_pconfig($channel['channel_id'],'perm_limits','post_like',$channel['channel_w_like']); + set_pconfig($channel['channel_id'],'perm_limits','tag_deliver',$channel['channel_w_tagwall']); + set_pconfig($channel['channel_id'],'perm_limits','chat',$channel['channel_w_chat']); + set_pconfig($channel['channel_id'],'perm_limits','write_storage',$channel['channel_w_storage']); + set_pconfig($channel['channel_id'],'perm_limits','write_pages',$channel['channel_w_pages']); + set_pconfig($channel['channel_id'],'perm_limits','republish',$channel['channel_a_republish']); + set_pconfig($channel['channel_id'],'perm_limits','delegate',$channel['channel_a_delegate']); +} + + + + +function perm_abook_upgrade($abook) { + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_stream',intval(($abook['abook_their_perms'] & PERMS_R_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_profile',intval(($abook['abook_their_perms'] & PERMS_R_PROFILE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_contacts',intval(($abook['abook_their_perms'] & PERMS_R_ABOOK)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_storage',intval(($abook['abook_their_perms'] & PERMS_R_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_pages',intval(($abook['abook_their_perms'] & PERMS_R_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','send_stream',intval(($abook['abook_their_perms'] & PERMS_W_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_wall',intval(($abook['abook_their_perms'] & PERMS_W_WALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_comments',intval(($abook['abook_their_perms'] & PERMS_W_COMMENT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_mail',intval(($abook['abook_their_perms'] & PERMS_W_MAIL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_like',intval(($abook['abook_their_perms'] & PERMS_W_LIKE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','tag_deliver',intval(($abook['abook_their_perms'] & PERMS_W_TAGWALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','chat',intval(($abook['abook_their_perms'] & PERMS_W_CHAT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_storage',intval(($abook['abook_their_perms'] & PERMS_W_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_pages',intval(($abook['abook_their_perms'] & PERMS_W_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','republish',intval(($abook['abook_their_perms'] & PERMS_A_REPUBLISH)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','delegate',intval(($abook['abook_their_perms'] & PERMS_A_DELEGATE)? 1 : 0)); + + + + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_stream',intval(($abook['abook_my_perms'] & PERMS_R_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_profile',intval(($abook['abook_my_perms'] & PERMS_R_PROFILE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_contacts',intval(($abook['abook_my_perms'] & PERMS_R_ABOOK)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_storage',intval(($abook['abook_my_perms'] & PERMS_R_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_pages',intval(($abook['abook_my_perms'] & PERMS_R_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','send_stream',intval(($abook['abook_my_perms'] & PERMS_W_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_wall',intval(($abook['abook_my_perms'] & PERMS_W_WALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_comments',intval(($abook['abook_my_perms'] & PERMS_W_COMMENT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_mail',intval(($abook['abook_my_perms'] & PERMS_W_MAIL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_like',intval(($abook['abook_my_perms'] & PERMS_W_LIKE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','tag_deliver',intval(($abook['abook_my_perms'] & PERMS_W_TAGWALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','chat',intval(($abook['abook_my_perms'] & PERMS_W_CHAT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_storage',intval(($abook['abook_my_perms'] & PERMS_W_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_pages',intval(($abook['abook_my_perms'] & PERMS_W_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','republish',intval(($abook['abook_my_perms'] & PERMS_A_REPUBLISH)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','delegate',intval(($abook['abook_my_perms'] & PERMS_A_DELEGATE)? 1 : 0)); + + +}
\ No newline at end of file diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql index b43ead050..1cb1b2807 100644 --- a/install/schema_mysql.sql +++ b/install/schema_mysql.sql @@ -903,6 +903,7 @@ CREATE TABLE IF NOT EXISTS `pconfig` ( UNIQUE KEY `access` (`uid`,`cat`,`k`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; + CREATE TABLE IF NOT EXISTS `photo` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `aid` int(10) unsigned NOT NULL DEFAULT '0', diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql index 5080d7608..c48007317 100644 --- a/install/schema_postgres.sql +++ b/install/schema_postgres.sql @@ -888,6 +888,7 @@ CREATE TABLE "pconfig" ( PRIMARY KEY ("id"), UNIQUE ("uid","cat","k") ); + CREATE TABLE "photo" ( "id" serial NOT NULL, "aid" bigint NOT NULL DEFAULT '0', diff --git a/install/update.php b/install/update.php index 3cb5010eb..366764f65 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ <?php -define( 'UPDATE_VERSION' , 1179 ); +define( 'UPDATE_VERSION' , 1180 ); /** * @@ -2360,4 +2360,30 @@ function update_r1178() { if($r1) return UPDATE_SUCCESS; return UPDATE_FAILED; +} + +function update_r1179() { + + require_once('install/perm_upgrade.php'); + + $r1 = q("select * from channel where true"); + if($r1) { + foreach($r1 as $rr) { + perm_limits_upgrade($rr); + } + } + + $r2 = q("select * from abook where true"); + if($r2) { + foreach($r2 as $rr) { + perm_abook_upgrade($rr); + } + } + + $r = $r1 && $r2; + if($r) + return UPDATE_SUCCESS; + return UPDATE_FAILED; + + }
\ No newline at end of file |