diff options
| -rw-r--r-- | Zotlabs/Access/PermissionRoles.php | 19 | ||||
| -rw-r--r-- | Zotlabs/Module/Articles.php | 20 | ||||
| -rw-r--r-- | Zotlabs/Module/Cards.php | 21 | ||||
| -rw-r--r-- | Zotlabs/Module/Cloud.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Module/Display.php | 34 | ||||
| -rw-r--r-- | Zotlabs/Module/Moderate.php | 14 | ||||
| -rw-r--r-- | Zotlabs/Module/Ochannel.php | 69 | ||||
| -rw-r--r-- | Zotlabs/Storage/Directory.php | 18 | ||||
| -rw-r--r-- | doc/member/member_guide.bb | 14 | ||||
| -rw-r--r-- | include/conversation.php | 6 | ||||
| -rwxr-xr-x | include/items.php | 4 | ||||
| -rw-r--r-- | include/markdown.php | 4 | ||||
| -rwxr-xr-x | include/oembed.php | 1 | ||||
| -rw-r--r-- | include/taxonomy.php | 4 | ||||
| -rw-r--r-- | include/zid.php | 1 | ||||
| -rw-r--r-- | include/zot.php | 26 | ||||
| -rw-r--r-- | tests/unit/Access/PermissionRolesTest.php | 3 |
17 files changed, 236 insertions, 28 deletions
diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index b335bf825..a8a9ae462 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -41,6 +41,24 @@ class PermissionRoles { break; + case 'social_party': + $ret['perms_auto'] = false; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = true; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like', 'republish' + ]; + $ret['limits'] = PermissionLimits::Std_Limits(); + $ret['limits']['post_comments'] = PERMS_AUTHED; + $ret['limits']['post_mail'] = PERMS_AUTHED; + $ret['limits']['post_like'] = PERMS_AUTHED; + $ret['limits']['chat'] = PERMS_AUTHED; + break; + + case 'social_restricted': $ret['perms_auto'] = false; $ret['default_collection'] = true; @@ -263,6 +281,7 @@ class PermissionRoles { static public function roles() { $roles = [ t('Social Networking') => [ + 'social_party' => t('Social - Party'), 'social' => t('Social - Mostly Public'), 'social_restricted' => t('Social - Restricted'), 'social_private' => t('Social - Private') diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index e2e0fed5d..62ce1cb9c 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -127,21 +127,26 @@ class Articles extends \Zotlabs\Web\Controller { $editor = ''; } + $itemspage = get_pconfig(local_channel(),'system','itemspage'); + \App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); + $sql_extra = item_permissions_sql($owner); + $sql_item = ''; if($selected_card) { $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1", dbesc($selected_card) ); if($r) { - $sql_extra .= "and item.id = " . intval($r[0]['iid']) . " "; + $sql_item = "and item.id = " . intval($r[0]['iid']) . " "; } } $r = q("select * from item where item.uid = %d and item_type = %d - $sql_extra order by item.created desc", + $sql_extra $sql_item order by item.created desc $pager_sql", intval($owner), intval(ITEM_TYPE_ARTICLE) ); @@ -152,6 +157,8 @@ class Articles extends \Zotlabs\Web\Controller { if($r) { + $pager_total = count($r); + $parents_str = ids_to_querystr($r,'id'); $items = q("SELECT item.*, item.id AS item_id @@ -173,13 +180,18 @@ class Articles extends \Zotlabs\Web\Controller { $mode = 'articles'; - $content = conversation($items,$mode,false,'traditional'); + if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card)) + $page_mode = 'pager_list'; + else + $page_mode = 'traditional'; + + $content = conversation($items,$mode,false,$page_mode); $o = replace_macros(get_markup_template('cards.tpl'), [ '$title' => t('Articles'), '$editor' => $editor, '$content' => $content, - '$pager' => alt_pager($a,count($items)) + '$pager' => alt_pager($a,$pager_total) ]); return $o; diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index f87988183..d3b16e82e 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -131,20 +131,26 @@ class Cards extends \Zotlabs\Web\Controller { } + $itemspage = get_pconfig(local_channel(),'system','itemspage'); + \App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); + + $sql_extra = item_permissions_sql($owner); + $sql_item = ''; if($selected_card) { $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", dbesc($selected_card) ); if($r) { - $sql_extra .= "and item.id = " . intval($r[0]['iid']) . " "; + $sql_item = "and item.id = " . intval($r[0]['iid']) . " "; } } $r = q("select * from item where uid = %d and item_type = %d - $sql_extra order by item.created desc", + $sql_extra $sql_item order by item.created desc $pager_sql", intval($owner), intval(ITEM_TYPE_CARD) ); @@ -156,6 +162,8 @@ class Cards extends \Zotlabs\Web\Controller { $items_result = []; if($r) { + $pager_total = count($r); + $parents_str = ids_to_querystr($r, 'id'); $items = q("SELECT item.*, item.id AS item_id @@ -175,13 +183,18 @@ class Cards extends \Zotlabs\Web\Controller { $mode = 'cards'; - $content = conversation($items_result, $mode, false, 'traditional'); + if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card)) + $page_mode = 'pager_list'; + else + $page_mode = 'traditional'; + + $content = conversation($items_result, $mode, false, $page_mode); $o = replace_macros(get_markup_template('cards.tpl'), [ '$title' => t('Cards'), '$editor' => $editor, '$content' => $content, - '$pager' => alt_pager($a, count($items_result)) + '$pager' => alt_pager($a, $pager_total) ]); return $o; diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index 8b5476efc..34397d275 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -60,6 +60,12 @@ class Cloud extends \Zotlabs\Web\Controller { // if we arrived at this path with any query parameters in the url, build a clean url without // them and redirect. + if(! array_key_exists('cloud_sort',$_SESSION)) { + $_SESSION['cloud_sort'] = 'name'; + } + + $_SESSION['cloud_sort'] = (($_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']); + $x = clean_query_string(); if($x !== \App::$query_string) goaway(z_root() . '/' . $x); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 8e8a1ed24..fa29ce66c 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -134,6 +134,40 @@ class Display extends \Zotlabs\Web\Controller { return ''; } } + if($target_item['item_type'] == ITEM_TYPE_ARTICLE) { + $x = q("select * from channel where channel_id = %d limit 1", + intval($target_item['uid']) + ); + $y = q("select * from iconfig left join item on iconfig.iid = item.id + where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1", + intval($target_item['uid']), + intval($target_item['id']) + ); + if($x && $y) { + goaway(z_root() . '/articles/' . $x[0]['channel_address'] . '/' . $y[0]['v']); + } + else { + notice( t('Page not found.') . EOL); + return ''; + } + } + if($target_item['item_type'] == ITEM_TYPE_CARD) { + $x = q("select * from channel where channel_id = %d limit 1", + intval($target_item['uid']) + ); + $y = q("select * from iconfig left join item on iconfig.iid = item.id + where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1", + intval($target_item['uid']), + intval($target_item['id']) + ); + if($x && $y) { + goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']); + } + else { + notice( t('Page not found.') . EOL); + return ''; + } + } $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php index cf1625a6b..b4709f3bd 100644 --- a/Zotlabs/Module/Moderate.php +++ b/Zotlabs/Module/Moderate.php @@ -52,6 +52,20 @@ class Moderate extends \Zotlabs\Web\Controller { intval(local_channel()), intval($post_id) ); + + // update the parent's commented timestamp + + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", + dbesc($r[0]['parent_mid']), + intval(local_channel()) + ); + + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", + dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), + dbesc(datetime_convert()), + intval($r[0]['parent']) + ); + notice( t('Comment approved') . EOL); } elseif($action === 'drop') { diff --git a/Zotlabs/Module/Ochannel.php b/Zotlabs/Module/Ochannel.php new file mode 100644 index 000000000..508be1408 --- /dev/null +++ b/Zotlabs/Module/Ochannel.php @@ -0,0 +1,69 @@ +<?php + +namespace Zotlabs\Module; + +require_once('include/contact_widgets.php'); +require_once('include/items.php'); +require_once("include/bbcode.php"); +require_once('include/security.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +require_once('include/permissions.php'); + +/** + * @brief Channel Controller for broken OStatus implementations + * + */ +class Ochannel extends \Zotlabs\Web\Controller { + + function init() { + + $which = null; + if(argc() > 1) + $which = argv(1); + if(! $which) { + if(local_channel()) { + $channel = \App::get_channel(); + if($channel && $channel['channel_address']) + $which = $channel['channel_address']; + } + } + if(! $which) { + notice( t('You must be logged in to see this page.') . EOL ); + return; + } + + $profile = 0; + $channel = \App::get_channel(); + + if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + } + + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'href' => z_root() . '/ofeed/' . $which + ]); + + + // Run profile_load() here to make sure the theme is set before + // we start loading content + + profile_load($which,$profile); + } + + function get($update = 0, $load = false) { + + if(argc() < 2) + return; + + if($load) + $_SESSION['loadtime'] = datetime_convert(); + + return '<script>window.location.href = "' . z_root() . '/' . str_replace('ochannel/','channel/',\App::$query_string) . '";</script>'; + + } + +} diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php index a2dd1e9b8..a2ae0fee8 100644 --- a/Zotlabs/Storage/Directory.php +++ b/Zotlabs/Storage/Directory.php @@ -691,7 +691,23 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo } $prefix = ''; - $suffix = ' order by is_dir desc, filename asc '; + + if(! array_key_exists('cloud_sort',$_SESSION)) + $_SESSION['cloud_sort'] = 'name'; + + switch($_SESSION['cloud_sort']) { + case 'size': + $suffix = ' order by is_dir desc, filesize asc '; + break; + // The following provides inconsistent results for directories because we re-calculate the date for directories based on the most recent change + case 'date': + $suffix = ' order by is_dir desc, edited asc '; + break; + case 'name': + default: + $suffix = ' order by is_dir desc, filename asc '; + break; + } $r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, created, edited from attach where folder = '%s' and uid = %d $perms $suffix", dbesc($folder), diff --git a/doc/member/member_guide.bb b/doc/member/member_guide.bb index 10ea4db57..591c1dd62 100644 --- a/doc/member/member_guide.bb +++ b/doc/member/member_guide.bb @@ -78,7 +78,11 @@ See Also [b]Mostly Public[/b] -The channel is a typical social networking profile. By default posts and published items are public, but one can over-ride this when creating the item and restrict it. You are listed in the directory. Your online presence and connections are visible to others. +The channel is a typical social networking profile. By default posts and published items are public, but you can over-ride this when creating the item and restrict it. You are listed in the directory. Your online presence and connections are visible to others. Only your immediate connections can comment on your public posts and send you private mail. The permission policies are similar to Facebook. + +[b]Party[/b] + +The channel is a permissive social networking profile. The permission policies are similar to Twitter and several free networks such as Diaspora and Mastodon. Anybody in the network can comment on your public posts and send you private mail. By default posts and published items are public, but you can over-ride this when creating the item and restrict it. You are listed in the directory. Your online presence and connections are visible to others. This mode [i]may[/i] increase your exposure to undesired communications and spam. [b]Restricted[/b] @@ -94,16 +98,16 @@ By default all posts and published items are sent to your 'Friends' privacy grou [b]Mostly Public[/b] -The channel is a typical forum. By default posts and published items are public. Members may post by @mention+ or wall-to-wall post. Posting photos and other published items is blocked. The channel is visible in the directory. Members are added automatically. +The channel is a typical forum. By default posts and published items are public. Members may post by !mention or wall-to-wall post. Posting photos and other published items is blocked. The channel is visible in the directory. Members are added automatically. [b]Restricted[/b] -By default all posts and published items are sent to the channel's 'Friends' privacy group. New friends are added to this privacy group. Members may post by @mention+ or wall-to-wall post, but posts and replies may also be seen by other receipients of the top-level post who are not members. The channel is visible in the directory. Members must be manually added by the forum owner. +By default all posts and published items are sent to the channel's 'Friends' privacy group. New friends are added to this privacy group. Members may post by !mention or wall-to-wall post, but posts and replies may also be seen by other receipients of the top-level post who are not members. The channel is visible in the directory. Members must be manually added by the forum owner. [b]Private[/b] -By default all posts and published items are sent to your 'Friends' privacy group. New friends are added to this privacy group. The owner can over-ride this and create a public post or public item if desired. Members cannot. You are NOT listed in the directory. Only your connections can see your other connections. Your online presence is hidden. Members must be manually added by the forum owner. Posting by @mention+ is disabled. Posts can only be made via wall-to-wall posts, and sent to members of the 'Friends' privacy group. They are not publicly visible. +By default all posts and published items are sent to your 'Friends' privacy group. New friends are added to this privacy group. The owner can over-ride this and create a public post or public item if desired. Members cannot. You are NOT listed in the directory. Only your connections can see your other connections. Your online presence is hidden. Members must be manually added by the forum owner. Posting by !mention is disabled. Posts can only be made via wall-to-wall posts, and sent to members of the 'Friends' privacy group. They are not publicly visible. [h4]Feed[/h4] @@ -195,7 +199,7 @@ The process for connecting to channels on other networks (such as GNU-Social, Ma Some communications offer more than one protocol. If you wish to connect with somebody on Mastodon (for instance) they can use either the 'ostatus' or the 'activitypub' protocol for communication. Generally the 'activitypub' protocol will provide a better experience than 'ostatus', but $Projectname will often choose the first protocol it discovers and this may not be the one you want. You may connect with somebody over a specific protocol by prepending the protocol name in square brackets to their "webbie". For example [code] -[activitypub]foobar@foo.bar +[activitypub]https://foo.bar/foobar [ostatus]foobar@foo.bar [diaspora]foobar@foo.bar [zot]foobar@foo.bar diff --git a/include/conversation.php b/include/conversation.php index 6374267eb..64beb1b0e 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -838,11 +838,11 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $item_object = new Zotlabs\Lib\ThreadItem($item); $conv->add_thread($item_object); - if($page_mode === 'list') { + if(($page_mode === 'list') || ($page_mode === 'pager_list')) { $item_object->set_template('conv_list.tpl'); $item_object->set_display_mode('list'); } - if($page_mode === 'cards') { + if($mode === 'cards' || $mode === 'articles') { $item_object->set_reload($jsreload); } @@ -857,7 +857,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa } } - if($page_mode === 'traditional' || $page_mode === 'preview') { + if(in_array($page_mode, [ 'traditional', 'preview', 'pager_list'] )) { $page_template = get_markup_template("threaded_conversation.tpl"); } elseif($update) { diff --git a/include/items.php b/include/items.php index 7faa1b9ec..53d1a3c02 100755 --- a/include/items.php +++ b/include/items.php @@ -1977,11 +1977,11 @@ function item_store($arr, $allow_exec = false, $deliver = true) { */ call_hooks('post_remote_end', $arr); - // update the commented timestamp on the parent - unless this is potentially a clone of an older item + // update the commented timestamp on the parent - unless this is a moderated comment or a potential clone of an older item // which we don't wish to bring to the surface. As the queue only holds deliveries for 3 days, it's // suspected of being an older cloned item if the creation time is older than that. - if($arr['created'] > datetime_convert('','','now - 4 days')) { + if((intval($arr['item_blocked']) != ITEM_MODERATED) || ($arr['created'] > datetime_convert('','','now - 4 days'))) { $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", dbesc($arr['parent_mid']), intval($arr['uid']) diff --git a/include/markdown.php b/include/markdown.php index e4a35e3c3..431ba84a4 100644 --- a/include/markdown.php +++ b/include/markdown.php @@ -207,7 +207,7 @@ function bb_to_markdown($Text, $options = []) { $Text = bbcode($Text, [ 'tryoembed' => false ]); // Markdownify does not preserve previously escaped html entities such as <> and &. - $Text = str_replace(array('<','>','&'),array('&_lt_;','&_gt_;','&_amp_;'),$Text); + //$Text = str_replace(array('<','>','&'),array('&_lt_;','&_gt_;','&_amp_;'),$Text); // Now convert HTML to Markdown @@ -215,7 +215,7 @@ function bb_to_markdown($Text, $options = []) { // It also adds backslashes to our attempt at getting around the html entity preservation for some weird reason. - $Text = str_replace(array('&\\_lt\\_;','&\\_gt\\_;','&\\_amp\\_;'),array('<','>','&'),$Text); + //$Text = str_replace(array('&\\_lt\\_;','&\\_gt\\_;','&\\_amp\\_;'),array('<','>','&'),$Text); // If the text going into bbcode() has a plain URL in it, i.e. // with no [url] tags around it, it will come out of parseString() diff --git a/include/oembed.php b/include/oembed.php index c2bf0a0ed..eee53b6c1 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -32,6 +32,7 @@ function oembed_action($embedurl) { $action = 'block'; } } + if(strpos($embedurl,'.well-known') !== false) $action = 'block'; diff --git a/include/taxonomy.php b/include/taxonomy.php index 393b8718e..4a3818096 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -182,11 +182,10 @@ function tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $re $sql_options .= " and owner_xchan = '" . dbesc($owner) . "' "; } - // Fetch tags $r = q("select term, count(term) as total from term left join item on term.oid = item.id where term.uid = %d and term.ttype = %d - and otype = %d and item_type = %d and item_private = 0 + and otype = %d and item_type = %d $sql_options $item_normal group by term order by total desc %s", intval($uid), @@ -196,6 +195,7 @@ function tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $re ((intval($count)) ? "limit $count" : '') ); + if(! $r) return array(); diff --git a/include/zid.php b/include/zid.php index 5b5601191..5275c6d5a 100644 --- a/include/zid.php +++ b/include/zid.php @@ -109,6 +109,7 @@ function clean_query_string($s = '') { $x = strip_zids(($s) ? $s : \App::$query_string); $x = strip_owt($x); $x = strip_zats($x); + $x = strip_query_param($x,'sort'); return strip_query_param($x,'f'); } diff --git a/include/zot.php b/include/zot.php index c11cace2a..25ea9b8fb 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2285,13 +2285,31 @@ function process_mail_delivery($sender, $arr, $deliveries) { continue; } + if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) { - logger("permission denied for mail delivery {$channel['channel_id']}"); - $DR->update('permission denied'); - $result[] = $DR->get(); - continue; + + /* + * Always allow somebody to reply if you initiated the conversation. It's anti-social + * and a bit rude to send a private message to somebody and block their ability to respond. + * If you are being harrassed and want to put an end to it, delete the conversation. + */ + + $return = false; + if($arr['parent_mid']) { + $return = q("select * from mail where mid = '%s' and channel_id = %d limit 1", + dbesc($arr['parent_mid']), + intval($channel['channel_id']) + ); + } + if(! $return) { + logger("permission denied for mail delivery {$channel['channel_id']}"); + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } } + $r = q("select id from mail where mid = '%s' and channel_id = %d limit 1", dbesc($arr['mid']), intval($channel['channel_id']) diff --git a/tests/unit/Access/PermissionRolesTest.php b/tests/unit/Access/PermissionRolesTest.php index 5e64e773a..f2636da62 100644 --- a/tests/unit/Access/PermissionRolesTest.php +++ b/tests/unit/Access/PermissionRolesTest.php @@ -62,6 +62,7 @@ class PermissionRolesTest extends UnitTestCase { $this->assertEquals($roles, $r->roles()); $socialNetworking = [ + 'social_party' => 'Social - Party', 'social' => 'Social - Mostly Public', 'social_restricted' => 'Social - Restricted', 'social_private' => 'Social - Private' @@ -97,4 +98,4 @@ class PermissionRolesTest extends UnitTestCase { $this->assertEquals(['role' => 'nonexistent'], $rp_nonexistent); } -}
\ No newline at end of file +} |