aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Access/Permissions.php1
-rw-r--r--include/permissions.php420
2 files changed, 6 insertions, 415 deletions
diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
index d51e4d0ea..110e536ce 100644
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -147,6 +147,7 @@ class Permissions {
return true;
}
+
static public function connect_perms($channel_id) {
$my_perms = [];
diff --git a/include/permissions.php b/include/permissions.php
index f719394c5..f97142fab 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -7,61 +7,11 @@ require_once('include/security.php');
*
* This file conntains functions to check and work with permissions.
*
- * Most of this file is obsolete and has been superceded by extensible permissions in v1.12; it is left here
- * for reference and because we haven't yet checked that all functions have been replaced and are available
- * elsewhere (typically Zotlabs/Access/*).
*/
/**
- * @brief Return an array with all available permissions.
- *
- * These are channel specific permissions.
- * The list of available permissions can get manipulated by the <i>hook</i>
- * <b>global_permissions</b>.
- *
- * @return array associative array containing all permissions
- */
-function get_perms() {
-
-// thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections
-// for any given permission. Currently we use the boolean to disallow write access to "everybody", but we also want to be
-// able to handle troublesome settings such as allowing channel_w_stream to anybody in the network. You can allow it, but
-// there's no way to implement sending it.
-
- $global_perms = array(
- // Read only permissions
- 'view_stream' => array('channel_r_stream', intval(PERMS_R_STREAM), true, t('Can view my normal stream and posts'), ''),
- 'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my default channel profile'), ''),
- 'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my connections'), ''),
- 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage and photos'), ''),
- 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''),
-
- // Write permissions
- 'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''),
- 'post_wall' => array('channel_w_wall', intval(PERMS_W_WALL), false, t('Can post on my channel page ("wall")'), ''),
- 'post_comments' => array('channel_w_comment', intval(PERMS_W_COMMENT), false, t('Can comment on or like my posts'), ''),
- 'post_mail' => array('channel_w_mail', intval(PERMS_W_MAIL), false, t('Can send me private mail messages'), ''),
- 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')),
-
- 'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post @mentions'), t('Advanced - useful for creating group forum channels')),
- 'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('')),
- 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage and photos'), ''),
- 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''),
-
- 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')),
-
- 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')),
- );
- $ret = array('global_permissions' => $global_perms);
- call_hooks('global_permissions', $ret);
-
- return $ret['global_permissions'];
-}
-
-
-/**
* get_all_perms($uid,$observer_xchan)
*
* @param int $uid The channel_id associated with the resource owner
@@ -297,7 +247,6 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
*
* Checks if the given observer with the hash $observer_xchan has permission
* $permission on channel_id $uid.
- * $permission is one defined in get_perms();
*
* @param int $uid The channel_id associated with the resource owner
* @param string $observer_xchan The xchan_hash representing the observer
@@ -465,7 +414,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
function get_all_api_perms($uid,$api) {
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
$ret = array();
@@ -568,6 +517,7 @@ function site_default_perms() {
'view_contacts' => PERMS_PUBLIC,
'view_storage' => PERMS_PUBLIC,
'view_pages' => PERMS_PUBLIC,
+ 'view_wiki' => PERMS_PUBLIC,
'send_stream' => PERMS_SPECIFIC,
'post_wall' => PERMS_SPECIFIC,
'post_comments' => PERMS_SPECIFIC,
@@ -576,16 +526,15 @@ function site_default_perms() {
'chat' => PERMS_SPECIFIC,
'write_storage' => PERMS_SPECIFIC,
'write_pages' => PERMS_SPECIFIC,
+ 'write_wiki' => PERMS_SPECIFIC,
'delegate' => PERMS_SPECIFIC,
'post_like' => PERMS_NETWORK
);
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
foreach($global_perms as $perm => $v) {
- $x = get_config('default_perms', $perm);
- if($x === false)
- $x = $typical[$perm];
+ $x = get_config('default_perms', $perm, $typical[$perm]);
$ret[$perm] = $x;
}
@@ -593,362 +542,3 @@ function site_default_perms() {
}
-/**
- * @brief Return an array of all permissions for this role.
- *
- * Given a string for the channel role ('social','forum', etc)
- * return an array of all permission fields pre-filled for this role.
- * This includes the channel permission scope indicators (anything beginning with 'channel_') as well as
- * * perms_auto: true or false to create auto-permissions for this channel
- * * perms_follow: The permissions to apply when initiating a connection request to another channel
- * * perms_accept: The permissions to apply when accepting a connection request from another channel (not automatic)
- * * default_collection: true or false to make the default ACL include the channel's default collection
- * * directory_publish: true or false to publish this channel in the directory
- * Any attributes may be extended (new roles defined) and modified (specific permissions altered) by plugins
- *
- * @param string $role
- * @return array
- */
-function get_role_perms($role) {
-
- $ret = array();
-
- $ret['role'] = $role;
-
- switch($role) {
- case 'social':
- $ret['perms_auto'] = false;
- $ret['default_collection'] = false;
- $ret['directory_publish'] = true;
- $ret['online'] = true;
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'send_stream', 'post_wall', 'post_comments',
- 'post_mail', 'chat', 'post_like', 'republish' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'social_restricted':
- $ret['perms_auto'] = false;
- $ret['default_collection'] = true;
- $ret['directory_publish'] = true;
- $ret['online'] = true;
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'send_stream', 'post_wall', 'post_comments',
- 'post_mail', 'chat', 'post_like' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
-
- break;
-
- case 'social_private':
- $ret['perms_auto'] = false;
- $ret['default_collection'] = true;
- $ret['directory_publish'] = false;
- $ret['online'] = false;
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'send_stream', 'post_wall', 'post_comments',
- 'post_mail', 'post_like' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_SPECIFIC,
- 'view_storage' => PERMS_SPECIFIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'forum':
- $ret['perms_auto'] = true;
- $ret['default_collection'] = false;
- $ret['directory_publish'] = true;
- $ret['online'] = false;
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
- 'post_mail', 'post_like' , 'republish', 'chat' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'forum_restricted':
- $ret['perms_auto'] = false;
- $ret['default_collection'] = true;
- $ret['directory_publish'] = true;
- $ret['online'] = false;
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
- 'post_mail', 'post_like' , 'chat' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'forum_private':
- $ret['perms_auto'] = false;
- $ret['default_collection'] = true;
- $ret['directory_publish'] = false;
- $ret['online'] = false;
-
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'post_wall', 'post_comments',
- 'post_mail', 'post_like' , 'chat' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_SPECIFIC,
- 'view_contacts' => PERMS_SPECIFIC,
- 'view_storage' => PERMS_SPECIFIC,
- 'view_pages' => PERMS_SPECIFIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'feed':
- $ret['perms_auto'] = true;
- $ret['default_collection'] = false;
- $ret['directory_publish'] = true;
- $ret['online'] = false;
-
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'send_stream', 'post_wall', 'post_comments',
- 'post_mail', 'post_like' , 'republish' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'feed_restricted':
- $ret['perms_auto'] = false;
- $ret['default_collection'] = true;
- $ret['directory_publish'] = false;
- $ret['online'] = false;
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'send_stream', 'post_wall', 'post_comments',
- 'post_mail', 'post_like' , 'republish' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'soapbox':
- $ret['perms_auto'] = true;
- $ret['default_collection'] = false;
- $ret['directory_publish'] = true;
- $ret['online'] = false;
-
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'post_like' , 'republish' ];
-
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
- break;
-
- case 'repository':
- $ret['perms_auto'] = true;
- $ret['default_collection'] = false;
- $ret['directory_publish'] = true;
- $ret['online'] = false;
-
- $ret['perms_connect'] = [
- 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
- 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
- 'post_mail', 'post_like' , 'republish', 'chat' ];
- $ret['limits'] = [
- 'view_stream' => PERMS_PUBLIC,
- 'view_profile' => PERMS_PUBLIC,
- 'view_contacts' => PERMS_PUBLIC,
- 'view_storage' => PERMS_PUBLIC,
- 'view_pages' => PERMS_PUBLIC,
- 'send_stream' => PERMS_SPECIFIC,
- 'post_wall' => PERMS_SPECIFIC,
- 'post_comments' => PERMS_SPECIFIC,
- 'post_mail' => PERMS_SPECIFIC,
- 'post_like' => PERMS_SPECIFIC,
- 'tag_deliver' => PERMS_SPECIFIC,
- 'chat' => PERMS_SPECIFIC,
- 'write_storage' => PERMS_SPECIFIC,
- 'write_pages' => PERMS_SPECIFIC,
- 'republish' => PERMS_SPECIFIC,
- 'delegate' => PERMS_SPECIFIC
- ];
-
-
- break;
-
- default:
- break;
- }
-
- $x = get_config('system','role_perms');
- // let system settings over-ride any or all
- if($x && is_array($x) && array_key_exists($role,$x))
- $ret = array_merge($ret,$x[$role]);
-
- call_hooks('get_role_perms',$ret);
-
- return $ret;
-}
-
-/**
- * @brief Returns a list or roles, grouped by type.
- *
- * @return string Returns an array of roles, grouped by type
- */
-function get_roles() {
- $roles = array(
- t('Social Networking') => array('social' => t('Social - Mostly Public'), 'social_restricted' => t('Social - Restricted'), 'social_private' => t('Social - Private')),
- t('Community Forum') => array('forum' => t('Forum - Mostly Public'), 'forum_restricted' => t('Forum - Restricted'), 'forum_private' => t('Forum - Private')),
- t('Feed Republish') => array('feed' => t('Feed - Mostly Public'), 'feed_restricted' => t('Feed - Restricted')),
- t('Special Purpose') => array('soapbox' => t('Special - Celebrity/Soapbox'), 'repository' => t('Special - Group Repository')),
- t('Other') => array('custom' => t('Custom/Expert Mode'))
- );
-
- return $roles;
-}