aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Access
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Access')
-rw-r--r--Zotlabs/Access/AccessList.php8
-rw-r--r--Zotlabs/Access/PermissionLimits.php85
2 files changed, 77 insertions, 16 deletions
diff --git a/Zotlabs/Access/AccessList.php b/Zotlabs/Access/AccessList.php
index 6471b0b1d..7cf7b5587 100644
--- a/Zotlabs/Access/AccessList.php
+++ b/Zotlabs/Access/AccessList.php
@@ -3,10 +3,14 @@
namespace Zotlabs\Access;
/**
- * @brief AccessList class.
+ * @brief AccessList class which represents individual content ACLs.
*
* A class to hold an AccessList object with allowed and denied contacts and
* groups.
+ *
+ * After evaluating @ref ::Zotlabs::Access::PermissionLimits "PermissionLimits"
+ * and @ref ::Zotlabs::Lib::Permcat "Permcat"s individual content ACLs are evaluated.
+ * These answer the question "Can Joe view *this* album/photo?".
*/
class AccessList {
/**
@@ -103,7 +107,7 @@ class AccessList {
* @brief Return an array consisting of the current access list components
* where the elements are directly storable.
*
- * @return Associative array with:
+ * @return array An associative array with:
* * \e string \b allow_cid => string of allowed cids
* * \e string \b allow_gid => string of allowed gids
* * \e string \b deny_cid => string of denied cids
diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php
index 8caeedb91..1d15098fc 100644
--- a/Zotlabs/Access/PermissionLimits.php
+++ b/Zotlabs/Access/PermissionLimits.php
@@ -2,35 +2,92 @@
namespace Zotlabs\Access;
-use \Zotlabs\Lib as ZLib;
+use Zotlabs\Lib\PConfig;
+/**
+ * @brief Permission limits.
+ *
+ * Permission limits are a very high level permission setting. They are hard
+ * limits by design.
+ * "Who can view my photos (at all)?"
+ * "Who can post photos in my albums (at all)?"
+ *
+ * For viewing permissions we generally set these to 'anybody' and for write
+ * permissions we generally set them to 'those I allow', though many people
+ * restrict the viewing permissions further for things like 'Can view my connections'.
+ *
+ * People get confused enough by permissions that we wanted a place to set their
+ * privacy expectations once and be done with it.
+ *
+ * Connection related permissions like "Can Joe view my photos?" are handled by
+ * @ref ::Zotlabs::Lib::Permcat "Permcat" and inherit from the channel's Permission
+ * limits.
+ *
+ * @see Permissions
+ */
class PermissionLimits {
+ /**
+ * @brief Get standard permission limits.
+ *
+ * Viewing permissions and post_comments permission are set to 'anybody',
+ * other permissions are set to 'those I allow'.
+ *
+ * The list of permissions comes from Permissions::Perms().
+ *
+ * @return array
+ */
static public function Std_Limits() {
+ $limits = [];
$perms = Permissions::Perms();
- $limits = array();
+
+ $anon_comments = get_config('system','anonymous_comments',true);
+
foreach($perms as $k => $v) {
- if(strstr($k,'view') || $k === 'post_comments')
+ if(strstr($k, 'view') || ($k === 'post_comments' && $anon_comments))
$limits[$k] = PERMS_PUBLIC;
else
$limits[$k] = PERMS_SPECIFIC;
}
+
return $limits;
}
- static public function Set($channel_id,$perm,$perm_limit) {
- ZLib\PConfig::Set($channel_id,'perm_limits',$perm,$perm_limit);
+ /**
+ * @brief Sets a permission limit for a channel.
+ *
+ * @param int $channel_id
+ * @param string $perm
+ * @param int $perm_limit one of PERMS_* constants
+ */
+ static public function Set($channel_id, $perm, $perm_limit) {
+ PConfig::Set($channel_id, 'perm_limits', $perm, $perm_limit);
}
- static public function Get($channel_id,$perm = '') {
+ /**
+ * @brief Get a channel's permission limits.
+ *
+ * Return a channel's permission limits from PConfig. If $perm is set just
+ * return this permission limit, if not set, return an array with all
+ * permission limits.
+ *
+ * @param int $channel_id
+ * @param string $perm (optional)
+ * @return
+ * * \b boolean false if no perm_limits set for this channel
+ * * \b int if $perm is set, return one of PERMS_* constants for this permission
+ * * \b array with all permission limits, if $perm is not set
+ */
+ static public function Get($channel_id, $perm = '') {
if($perm) {
- return Zlib\PConfig::Get($channel_id,'perm_limits',$perm);
- }
- else {
- Zlib\PConfig::Load($channel_id);
- if(array_key_exists($channel_id,\App::$config) && array_key_exists('perm_limits',\App::$config[$channel_id]))
- return \App::$config[$channel_id]['perm_limits'];
- return false;
+ return PConfig::Get($channel_id, 'perm_limits', $perm);
}
- }
+
+ PConfig::Load($channel_id);
+ if(array_key_exists($channel_id, \App::$config)
+ && array_key_exists('perm_limits', \App::$config[$channel_id]))
+ return \App::$config[$channel_id]['perm_limits'];
+
+ return false;
+ }
} \ No newline at end of file