aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xboot.php3
-rw-r--r--mod/admin.php5
-rw-r--r--mod/magic.php29
-rw-r--r--mod/manage.php25
-rw-r--r--mod/post.php52
-rw-r--r--mod/settings.php12
-rw-r--r--version.inc2
-rwxr-xr-xview/tpl/channels.tpl12
8 files changed, 117 insertions, 23 deletions
diff --git a/boot.php b/boot.php
index d89b1bd41..74396e832 100755
--- a/boot.php
+++ b/boot.php
@@ -1880,6 +1880,9 @@ function current_theme_url($installing = false) {
function is_site_admin() {
$a = get_app();
+ if($_SESSION['delegate'])
+ return false;
+
if((intval($_SESSION['authenticated']))
&& (is_array($a->account))
&& ($a->account['account_roles'] & ACCOUNT_ROLE_ADMIN))
diff --git a/mod/admin.php b/mod/admin.php
index daab6c9f3..5d8faf424 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -13,7 +13,7 @@
function admin_post(&$a){
logger('admin_post', LOGGER_DEBUG);
- if(!is_site_admin()) {
+ if((!is_site_admin()) || ($_SESSION['delegate'])) {
return;
}
@@ -79,7 +79,8 @@ function admin_post(&$a){
function admin_content(&$a) {
logger('admin_content', LOGGER_DEBUG);
- if(!is_site_admin()) {
+
+ if((!is_site_admin()) || ($_SESSION['delegate'])) {
return login(false);
}
diff --git a/mod/magic.php b/mod/magic.php
index c31fa71ae..df8ac39a8 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -10,11 +10,10 @@ function magic_init(&$a) {
logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
- $hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : '');
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
-
+ $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
$parsed = parse_url($dest);
if(! $parsed) {
@@ -100,6 +99,29 @@ function magic_init(&$a) {
$ret['message'] .= 'Local site - you are already authenticated.' . EOL;
return $ret;
}
+
+ $delegation_success = false;
+ if($delegate) {
+ $r = q("select * from channel left join hubloc on channel_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+ dbesc($delegate)
+ );
+ if($r && intval($r[0]['channel_id'])) {
+ $allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate');
+ if($allowed) {
+ $_SESSION['delegate_channel'] = $r[0]['channel_id'];
+ $_SESSION['delegate'] = get_observer_hash();
+ $_SESSION['account_id'] = intval($r[0]['channel_account_id']);
+ change_channel($r[0]['channel_id']);
+ $delegation_success = true;
+ }
+ }
+ }
+
+
+
+ // FIXME: check and honour local delegation
+
+
goaway($dest);
}
@@ -123,6 +145,9 @@ function magic_init(&$a) {
$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname())
. '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION;
+ if($delegate)
+ $target_url .= '&delegate=' . urlencode($delegate);
+
logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG);
if($test) {
diff --git a/mod/manage.php b/mod/manage.php
index cb46a1b76..54a65dbbf 100644
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -2,7 +2,7 @@
function manage_content(&$a) {
- if(! get_account_id()) {
+ if((! get_account_id()) || ($_SESSION['delegate'])) {
notice( t('Permission denied.') . EOL);
return;
}
@@ -144,6 +144,22 @@ function manage_content(&$a) {
array( 'new_channel', t('Create a new channel'), t('Create a new channel'))
);
+ $delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where
+ abook_channel = %d and (abook_their_perms & %d) > 0",
+ intval(local_channel()),
+ intval(PERMS_A_DELEGATE)
+ );
+ if(! $delegates)
+ $delegates = null;
+
+ if($delegates) {
+ for($x = 0; $x < count($delegates); $x ++) {
+ $delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url']) . '&delegate=' . urlencode($delegates[$x]['xchan_addr']);
+ }
+ }
+
+
+
$o = replace_macros(get_markup_template('channels.tpl'), array(
'$header' => t('Channel Manager'),
'$msg_selected' => t('Current Channel'),
@@ -153,9 +169,12 @@ function manage_content(&$a) {
'$msg_make_default' => t('Make Default'),
'$links' => $links,
'$all_channels' => $channels,
- '$mail_format' => t('%d new messages'),
- '$intros_format' => t('%d new introductions'),
+ '$mail_format' => t('%d new messages'),
+ '$intros_format' => t('%d new introductions'),
'$channel_usage_message' => $channel_usage_message,
+ '$delegate_header' => t('Delegated Channels'),
+ '$delegates' => $delegates,
+
));
diff --git a/mod/post.php b/mod/post.php
index 6e35632da..2fcc74963 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -30,6 +30,7 @@ function post_init(&$a) {
** dest => the desired destination URL (urlencoded)
** sec => a random string which is also stored on $mysite for use during the verification phase.
** version => the zot revision
+ ** delegate => optional urlencoded webbie of a local channel to invoke delegation rights for
*
* When this packet is received, an "auth-check" zot message is sent to $mysite.
* (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post)
@@ -88,10 +89,12 @@ function post_init(&$a) {
$ret = array('success' => false, 'message' => '');
logger('mod_zot: auth request received.');
- $address = $_REQUEST['auth'];
- $desturl = $_REQUEST['dest'];
- $sec = $_REQUEST['sec'];
- $version = $_REQUEST['version'];
+ $address = $_REQUEST['auth'];
+ $desturl = $_REQUEST['dest'];
+ $sec = $_REQUEST['sec'];
+ $version = $_REQUEST['version'];
+ $delegate = $_REQUEST['delegate'];
+
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
// They are authenticating ultimately to the site and not to a particular channel.
@@ -158,6 +161,8 @@ function post_init(&$a) {
// Also check that they are coming from the same site as they authenticated with originally.
$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
+ if($delegate && $delegate !== $_SESSION['delegate_channel'])
+ $already_authed = false;
$j = array();
@@ -235,6 +240,8 @@ function post_init(&$a) {
}
goaway($desturl);
}
+
+
// log them in
if($test) {
@@ -243,16 +250,37 @@ function post_init(&$a) {
json_return_and_die($ret);
}
+ $delegation_success = false;
+ if($delegate) {
+ $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
+ dbesc($delegate)
+ );
+ if($r && intval($r[0]['channel_id'])) {
+ $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate');
+ if($allowed) {
+ $_SESSION['delegate_channel'] = $r[0]['channel_id'];
+ $_SESSION['delegate'] = $x[0]['xchan_hash'];
+ $_SESSION['account_id'] = intval($r[0]['channel_account_id']);
+ change_channel($r[0]['channel_id']);
+ $delegation_success = true;
+ }
+ }
+ }
+
+
+
$_SESSION['authenticated'] = 1;
- $_SESSION['visitor_id'] = $x[0]['xchan_hash'];
- $_SESSION['my_url'] = $x[0]['xchan_url'];
- $_SESSION['my_address'] = $address;
- $_SESSION['remote_service_class'] = $remote_service_class;
- $_SESSION['remote_level'] = $remote_level;
- $_SESSION['remote_hub'] = $remote_hub;
- $_SESSION['DNT'] = $DNT;
-
+ if(! $delegation_success) {
+ $_SESSION['visitor_id'] = $x[0]['xchan_hash'];
+ $_SESSION['my_url'] = $x[0]['xchan_url'];
+ $_SESSION['my_address'] = $address;
+ $_SESSION['remote_service_class'] = $remote_service_class;
+ $_SESSION['remote_level'] = $remote_level;
+ $_SESSION['remote_hub'] = $remote_hub;
+ $_SESSION['DNT'] = $DNT;
+ }
+
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success',$arr);
$a->set_observer($x[0]);
diff --git a/mod/settings.php b/mod/settings.php
index 595878543..afc05f095 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -19,6 +19,9 @@ function settings_init(&$a) {
if(! local_channel())
return;
+ if($_SESSION['delegate'])
+ return;
+
$a->profile_uid = local_channel();
// default is channel settings in the absence of other arguments
@@ -39,6 +42,9 @@ function settings_post(&$a) {
if(! local_channel())
return;
+ if($_SESSION['delegate'])
+ return;
+
$channel = $a->get_channel();
logger('mod_settings: ' . print_r($_REQUEST,true));
@@ -550,14 +556,14 @@ function settings_post(&$a) {
}
-if(! function_exists('settings_content')) {
+
function settings_content(&$a) {
$o = '';
nav_set_selected('settings');
- if(! local_channel()) {
+ if((! local_channel()) || ($_SESSION['delegate'])) {
notice( t('Permission denied.') . EOL );
return login();
}
@@ -1137,5 +1143,5 @@ function settings_content(&$a) {
return $o;
}
-}}
+}
diff --git a/version.inc b/version.inc
index 02cb535df..04354188a 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2015-03-09.966
+2015-03-10.967
diff --git a/view/tpl/channels.tpl b/view/tpl/channels.tpl
index 26d0e14d2..44daa0a3e 100755
--- a/view/tpl/channels.tpl
+++ b/view/tpl/channels.tpl
@@ -23,4 +23,16 @@
<div class="channels-end all"></div>
+{{if $delegates}}
+<hr />
+<h3>{{$delegate_header}}</h3>
+<div id="delegated-channels">
+{{foreach $delegates as $chn}}
+{{include file="channel.tpl" channel=$chn}}
+{{/foreach}}
+</div>
+
+<div class="channels-end all"></div>
+{{/if}}
+
</div>