1 files changed, 36 insertions, 25 deletions

diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
index dda6d5d95..f16f5258a 100644
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -316,14 +316,22 @@ class Libzot {
 
 		$x = self::import_xchan($record['data'], (($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
 
+
 		if(! $x['success'])
 			return false;
 
 		if($channel && $record['data']['permissions']) {
 			$permissions = explode(',',$record['data']['permissions']);
+
 			if($permissions && is_array($permissions)) {
 				$old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream');
 
+				// We need to reset their_perms prior to setting the new ones.
+				// Otherwise withdrawn permissions will not take effect locally.
+				q("DELETE FROM abconfig WHERE chan = %d AND xchan = '%s' AND cat = 'their_perms'",
+					intval($channel['channel_id']),
+					dbesc($x['hash'])
+				);
 				foreach($permissions as $p) {
 					set_abconfig($channel['channel_id'],$x['hash'],'their_perms',$p,'1');
 				}
@@ -1133,6 +1141,7 @@ class Libzot {
 				}
 
 				logger($AS->debug(),LOGGER_DATA);
+
 		}
 
 
@@ -1193,10 +1202,6 @@ class Libzot {
 
 			if(in_array($env['type'],['activity','response'])) {
 
-				$arr = Activity::decode_note($AS);
-
-				//logger($AS->debug());
-
 				$r = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s' ",
 					dbesc($AS->actor['id'])
 				);
@@ -1488,13 +1493,14 @@ class Libzot {
 				// Try again using the delivery channel credentials.
 				// We will also need to re-parse the $item array, 
 				// but preserve any values that were set during anonymous parsing.
-							   
+
 				$o = Activity::fetch($act->obj,$channel);
 				if($o) {
 					$act->obj = $o;
 					$arr = array_merge(Activity::decode_note($act),$arr);
 				}
 				else {
+
 					$DR->update('Incomplete or corrupt activity');
 					$result[] = $DR->get();
 					continue;
@@ -1717,7 +1723,7 @@ class Libzot {
 				$arr['aid'] = $channel['channel_account_id'];
 				$arr['uid'] = $channel['channel_id'];
 
-				$item_id = self::delete_imported_item($sender,$arr,$channel['channel_id'],$relay);
+				$item_id = self::delete_imported_item($sender,$act,$arr,$channel['channel_id'],$relay);
 				$DR->update(($item_id) ? 'deleted' : 'delete_failed');
 				$result[] = $DR->get();
 
@@ -1731,11 +1737,15 @@ class Libzot {
 				continue;
 			}
 
+			// reactions such as like and dislike could	have an	mid with /activity/ in it.
+			// Check for both forms in order to prevent duplicates.
 
-			$r = q("select * from item where mid = '%s' and uid = %d limit 1",
+			$r = q("select * from item where mid in ('%s','%s') and uid = %d limit 1",
 				dbesc($arr['mid']),
+				dbesc(str_replace(z_root() . '/activity/', z_root() . '/item/', $arr['mid'])),
 				intval($channel['channel_id'])
 			);
+
 			if($r) {
 				// We already have this post.
 				$item_id = $r[0]['id'];
@@ -2096,7 +2106,7 @@ class Libzot {
 	 * @return boolean|int post_id
 	 */
 
-	static function delete_imported_item($sender, $item, $uid, $relay) {
+	static function delete_imported_item($sender, $act, $item, $uid, $relay) {
 
 		logger('invoked', LOGGER_DEBUG);
 
@@ -2104,38 +2114,39 @@ class Libzot {
 		$item_found = false;
 		$post_id = 0;
 
+		if ($item['verb'] === 'Tombstone') {
+			// The id of the deleted thing is the item mid (activity id)
+			$mid = $item['mid'];
+		}
+		else {
+			// The id is the object id if the type is Undo or Delete
+			$mid = ((is_array($act->obj)) ? $act->obj['id'] : $act->obj);
+		}
+
+		// we may have stored either the object id or the activity id if it was a response activity (like, dislike, etc.)
+
 		$r = q("select * from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' )
-			and mid = '%s' and uid = %d limit 1",
+			and mid IN ('%s', '%s') and uid = %d limit 1",
 			dbesc($sender),
 			dbesc($sender),
 			dbesc($sender),
-			dbesc($item['mid']),
+			dbesc($mid),
+			dbesc(str_replace('/activity/','/item/',$mid)),
 			intval($uid)
 		);
 
 		if($r) {
 			$stored = $r[0];
 
-			if($stored['author_xchan'] === $sender || $stored['owner_xchan'] === $sender || $stored['source_xchan'] === $sender)
-				$ownership_valid = true;
+			// we proved ownership in the sql query
+			$ownership_valid = true;
 
 			$post_id = $stored['id'];
 			$item_found = true;
 		}
 		else {
-
-			// perhaps the item is still in transit and the delete notification got here before the actual item did. Store it with the deleted flag set.
-			// item_store() won't try to deliver any notifications or start delivery chains if this flag is set.
-			// This means we won't end up with potentially even more delivery threads trying to push this delete notification.
-			// But this will ensure that if the (undeleted) original post comes in at a later date, we'll reject it because it will have an older timestamp.
-
-			logger('delete received for non-existent item - storing item data.');
-
-			if($item['author_xchan'] === $sender || $item['owner_xchan'] === $sender || $item['source_xchan'] === $sender) {
-				$ownership_valid = true;
-				$item_result = item_store($item);
-				$post_id = $item_result['item_id'];
-			}
+			// this will fail with an ownership issue, so explain the real reason
+			logger('delete received for non-existent item or not owned by sender - ignoring.');
 		}
 
 		if($ownership_valid === false) {