diff options
Diffstat (limited to 'Zotlabs/Lib')
-rw-r--r-- | Zotlabs/Lib/AccessList.php | 411 | ||||
-rw-r--r-- | Zotlabs/Lib/Connect.php | 315 |
2 files changed, 726 insertions, 0 deletions
diff --git a/Zotlabs/Lib/AccessList.php b/Zotlabs/Lib/AccessList.php new file mode 100644 index 000000000..3c008f8c7 --- /dev/null +++ b/Zotlabs/Lib/AccessList.php @@ -0,0 +1,411 @@ +<?php + +namespace Zotlabs\Lib; + +use Zotlabs\Lib\Libsync; + + +class AccessList { + + static function add($uid,$name,$public = 0) { + + $ret = false; + if ($uid && $name) { + $r = self::byname($uid,$name); // check for dups + if ($r !== false) { + + // This could be a problem. + // Let's assume we've just created a list which we once deleted + // all the old members are gone, but the list remains so we don't break any security + // access lists. What we're doing here is reviving the dead list, but old content which + // was restricted to this list may now be seen by the new list members. + + $z = q("SELECT * FROM pgrp WHERE id = %d LIMIT 1", + intval($r) + ); + if(($z) && $z[0]['deleted']) { + q('UPDATE pgrp SET deleted = 0 WHERE id = %d', intval($z[0]['id'])); + notice( t('A deleted list with this name was revived. Existing item permissions <strong>may</strong> apply to this list and any future members. If this is not what you intended, please create another list with a different name.') . EOL); + } + return true; + } + + $hash = new_uuid(); + + $r = q("INSERT INTO pgrp ( hash, uid, visible, gname ) + VALUES( '%s', %d, %d, '%s' ) ", + dbesc($hash), + intval($uid), + intval($public), + dbesc($name) + ); + $ret = $r; + } + + Libsync::build_sync_packet($uid,null,true); + return $ret; + } + + + static function remove($uid,$name) { + $ret = false; + if ($uid && $name) { + $r = q("SELECT id, hash FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1", + intval($uid), + dbesc($name) + ); + if ($r) { + $group_id = $r[0]['id']; + $group_hash = $r[0]['hash']; + } + else { + return false; + } + + // remove group from default posting lists + $r = q("SELECT channel_default_group, channel_allow_gid, channel_deny_gid FROM channel WHERE channel_id = %d LIMIT 1", + intval($uid) + ); + if ($r) { + $user_info = array_shift($r); + $change = false; + + if ($user_info['channel_default_group'] == $group_hash) { + $user_info['channel_default_group'] = ''; + $change = true; + } + if (strpos($user_info['channel_allow_gid'], '<' . $group_hash . '>') !== false) { + $user_info['channel_allow_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_allow_gid']); + $change = true; + } + if (strpos($user_info['channel_deny_gid'], '<' . $group_hash . '>') !== false) { + $user_info['channel_deny_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_deny_gid']); + $change = true; + } + + if ($change) { + q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' + WHERE channel_id = %d", + intval($user_info['channel_default_group']), + dbesc($user_info['channel_allow_gid']), + dbesc($user_info['channel_deny_gid']), + intval($uid) + ); + } + } + + // remove all members + $r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d ", + intval($uid), + intval($group_id) + ); + + // remove group + $r = q("UPDATE pgrp SET deleted = 1 WHERE uid = %d AND gname = '%s'", + intval($uid), + dbesc($name) + ); + + $ret = $r; + + } + + Libsync::build_sync_packet($uid,null,true); + + return $ret; + } + + // returns the integer id of an access group owned by $uid and named $name + // or false. + + static function byname($uid,$name) { + if (! ($uid && $name)) { + return false; + } + $r = q("SELECT id FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1", + intval($uid), + dbesc($name) + ); + if ($r) { + return $r[0]['id']; + } + return false; + } + + static function by_id($uid,$id) { + if (! ($uid && $id)) { + return false; + } + + $r = q("SELECT * FROM pgrp WHERE uid = %d AND id = %d and deleted = 0", + intval($uid), + intval($id) + ); + if ($r) { + return array_shift($r); + } + return false; + } + + + + static function rec_byhash($uid,$hash) { + if (! ( $uid && $hash)) { + return false; + } + $r = q("SELECT * FROM pgrp WHERE uid = %d AND hash = '%s' LIMIT 1", + intval($uid), + dbesc($hash) + ); + if ($r) { + return array_shift($r); + } + return false; + } + + + static function member_remove($uid,$name,$member) { + $gid = self::byname($uid,$name); + if (! $gid) { + return false; + } + if (! ($uid && $gid && $member)) { + return false; + } + $r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' ", + intval($uid), + intval($gid), + dbesc($member) + ); + + Libsync::build_sync_packet($uid,null,true); + + return $r; + } + + + static function member_add($uid,$name,$member,$gid = 0) { + if (! $gid) { + $gid = self::byname($uid,$name); + } + if (! ($gid && $uid && $member)) { + return false; + } + + $r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1", + intval($uid), + intval($gid), + dbesc($member) + ); + if ($r) { + return true; // You might question this, but + // we indicate success because the group member was in fact created + // -- It was just created at another time + } + else { + $r = q("INSERT INTO pgrp_member (uid, gid, xchan) + VALUES( %d, %d, '%s' ) ", + intval($uid), + intval($gid), + dbesc($member) + ); + } + Libsync::build_sync_packet($uid,null,true); + return $r; + } + + + static function members($uid, $gid) { + $ret = []; + if (intval($gid)) { + $r = q("SELECT * FROM pgrp_member + LEFT JOIN abook ON abook_xchan = pgrp_member.xchan left join xchan on xchan_hash = abook_xchan + WHERE gid = %d AND abook_channel = %d and pgrp_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ", + intval($gid), + intval($uid), + intval($uid) + ); + if ($r) { + $ret = $r; + } + } + return $ret; + } + + static function members_xchan($uid,$gid) { + $ret = []; + if (intval($gid)) { + $r = q("SELECT xchan FROM pgrp_member WHERE gid = %d AND uid = %d", + intval($gid), + intval($uid) + ); + if ($r) { + foreach ($r as $rv) { + $ret[] = $rv['xchan']; + } + } + } + return $ret; + } + + static function members_profile_xchan($uid,$gid) { + $ret = []; + if (intval($gid)) { + $r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d", + intval($gid), + intval($uid) + ); + if ($r) { + foreach($r as $rv) { + $ret[] = $rv['xchan']; + } + } + } + return $ret; + } + + + + + static function select($uid,$group = '') { + + $grps = []; + + $r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC", + intval($uid) + ); + $grps[] = [ 'name' => '', 'hash' => '0', 'selected' => '' ]; + if ($r) { + foreach ($r as $rr) { + $grps[] = [ 'name' => $rr['gname'], 'id' => $rr['hash'], 'selected' => (($group == $rr['hash']) ? 'true' : '') ]; + } + + } + + return replace_macros(get_markup_template('group_selection.tpl'), [ + '$label' => t('Add new connections to this access list'), + '$groups' => $grps + ]); + } + + + static function widget($every="connections",$each="lists",$edit = false, $group_id = 0, $cid = '',$mode = 1) { + + $o = ''; + + $groups = []; + + $r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC", + intval($_SESSION['uid']) + ); + $member_of = []; + if ($cid) { + $member_of = self::containing(local_channel(),$cid); + } + + if ($r) { + foreach ($r as $rr) { + $selected = (($group_id == $rr['id']) ? ' group-selected' : ''); + + if ($edit) { + $groupedit = [ 'href' => "lists/".$rr['id'], 'title' => t('edit') ]; + } + else { + $groupedit = null; + } + + $groups[] = [ + 'id' => $rr['id'], + 'enc_cid' => base64url_encode($cid), + 'cid' => $cid, + 'text' => $rr['gname'], + 'selected' => $selected, + 'href' => (($mode == 0) ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']) . ((x($_GET,'new')) ? '&new=' . $_GET['new'] : '') . ((x($_GET,'order')) ? '&order=' . $_GET['order'] : ''), + 'edit' => $groupedit, + 'ismember' => in_array($rr['id'],$member_of), + ]; + } + } + + return replace_macros(get_markup_template('group_side.tpl'), [ + '$title' => t('Lists'), + '$edittext' => t('Edit list'), + '$createtext' => t('Create new list'), + '$ungrouped' => (($every === 'contacts') ? t('Channels not in any access list') : ''), + '$groups' => $groups, + '$add' => t('add'), + ]); + + } + + + static function expand($g) { + if (! (is_array($g) && count($g))) { + return []; + } + + $ret = []; + $x = []; + + // private profile linked virtual groups + + foreach ($g as $gv) { + if (substr($gv,0,3) === 'vp.') { + $profile_hash = substr($gv,3); + if ($profile_hash) { + $r = q("select abook_xchan from abook where abook_profile = '%s'", + dbesc($profile_hash) + ); + if ($r) { + foreach ($r as $rv) { + $ret[] = $rv['abook_xchan']; + } + } + } + } + else { + $x[] = $gv; + } + } + + if ($x) { + stringify_array_elms($x,true); + $groups = implode(',', $x); + if ($groups) { + $r = q("SELECT xchan FROM pgrp_member WHERE gid IN ( select id from pgrp where hash in ( $groups ))"); + if ($r) { + foreach ($r as $rv) { + $ret[] = $rv['xchan']; + } + } + } + } + return $ret; + } + + + static function member_of($c) { + $r = q("SELECT pgrp.gname, pgrp.id FROM pgrp LEFT JOIN pgrp_member ON pgrp_member.gid = pgrp.id + WHERE pgrp_member.xchan = '%s' AND pgrp.deleted = 0 ORDER BY pgrp.gname ASC ", + dbesc($c) + ); + + return $r; + } + + static function containing($uid,$c) { + + $r = q("SELECT gid FROM pgrp_member WHERE uid = %d AND pgrp_member.xchan = '%s' ", + intval($uid), + dbesc($c) + ); + + $ret = []; + if ($r) { + foreach ($r as $rv) + $ret[] = $rv['gid']; + } + + return $ret; + } +}
\ No newline at end of file diff --git a/Zotlabs/Lib/Connect.php b/Zotlabs/Lib/Connect.php new file mode 100644 index 000000000..978a4ce39 --- /dev/null +++ b/Zotlabs/Lib/Connect.php @@ -0,0 +1,315 @@ +<?php /** @file */ + +namespace Zotlabs\Lib; + +use App; +use Zotlabs\Access\Permissions; +use Zotlabs\Daemon\Master; + + + +class Connect { + + /** + * Takes a $channel and a $url/handle and adds a new connection + * + * Returns array + * $return['success'] boolean true if successful + * $return['abook'] Address book entry joined with xchan if successful + * $return['message'] error text if success is false. + * + * This function does NOT send sync packets to clones. The caller is responsible for doing this + */ + + static function connect($channel, $url, $sub_channel = false) { + + $uid = $channel['channel_id']; + + if (strpos($url,'@') === false && strpos($url,'/') === false) { + $url = $url . '@' . App::get_hostname(); + } + + $result = [ 'success' => false, 'message' => '' ]; + + $my_perms = false; + $protocol = ''; + + if (substr($url,0,1) === '[') { + $x = strpos($url,']'); + if ($x) { + $protocol = substr($url,1,$x-1); + $url = substr($url,$x+1); + } + } + + if (! check_siteallowed($url)) { + $result['message'] = t('Channel is blocked on this site.'); + return $result; + } + + if (! $url) { + $result['message'] = t('Channel location missing.'); + return $result; + } + + // check service class limits + + $r = q("select count(*) as total from abook where abook_channel = %d and abook_self = 0 ", + intval($uid) + ); + if ($r) { + $total_channels = $r[0]['total']; + } + + if (! service_class_allows($uid,'total_channels',$total_channels)) { + $result['message'] = upgrade_message(); + return $result; + } + + $xchan_hash = ''; + $sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : ''); + + $r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ", + dbesc($url), + dbesc($url), + dbesc($url) + ); + + if ($r) { + + // reset results to the best record or the first if we don't have the best + // note: this is a single record and not an array of results + + $r = Libzot::zot_record_preferred($r,'xchan_network'); + + } + + $singleton = false; + $d = false; + + if (! $r) { + + // not in cache - try discovery + + $wf = discover_by_webbie($url,$protocol); + + if (! $wf) { + $feeds = get_config('system','feed_contacts'); + + if (($feeds) && (in_array($protocol, [ '', 'feed', 'rss' ]))) { + $d = discover_feed($url); + } + else { + $result['message'] = t('Remote channel or protocol unavailable.'); + return $result; + } + } + } + + if ($wf || $d) { + + // something was discovered - find the record which was just created. + + $r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s' ) $sql_options", + dbesc(($wf) ? $wf : $url), + dbesc($url), + dbesc($url) + ); + + // convert to a single record (once again preferring a zot solution in the case of multiples) + + if ($r) { + $r = Libzot::zot_record_preferred($r,'xchan_network'); + } + } + + // if discovery was a success or the channel was already cached we should have an xchan record in $r + + if ($r) { + $xchan = $r; + $xchan_hash = $r['xchan_hash']; + $their_perms = EMPTY_STR; + } + + // failure case + + if (! $xchan_hash) { + $result['message'] = t('Channel discovery failed.'); + logger('follow: ' . $result['message']); + return $result; + } + + if (! check_channelallowed($xchan_hash)) { + $result['message'] = t('Channel is blocked on this site.'); + logger('follow: ' . $result['message']); + return $result; + + } + + $allowed = ((in_array($xchan['xchan_network'],['rss','zot','zot6'])) ? 1 : 0); + + $hookdata = ['channel_id' => $uid, 'follow_address' => $url, 'xchan' => $xchan, 'allowed' => $allowed, 'singleton' => 0]; + call_hooks('follow_allow',$hookdata); + + if(! $hookdata['allowed']) { + hz_syslog('zesz'); + $result['message'] = t('Protocol disabled.'); + return $result; + } + + $singleton = intval($hookdata['singleton']); + + // Now start processing the new connection + + $aid = $channel['channel_account_id']; + $default_group = $channel['channel_default_group']; + + if (in_array($xchan_hash, [$channel['channel_hash'], $channel['channel_portable_id']])) { + $result['message'] = t('Cannot connect to yourself.'); + return $result; + } + + if ($xchan['xchan_network'] === 'rss') { + + // check service class feed limits + + $t = q("select count(*) as total from abook where abook_account = %d and abook_feed = 1 ", + intval($aid) + ); + if ($t) { + $total_feeds = $t[0]['total']; + } + + if (! service_class_allows($uid,'total_feeds',$total_feeds)) { + $result['message'] = upgrade_message(); + return $result; + } + + // Always set these "remote" permissions for feeds since we cannot interact with them + // to negotiate a suitable permission response + + $p = get_abconfig($uid,$xchan_hash,'system','their_perms',EMPTY_STR); + if ($p) { + $p .= ','; + } + $p .= 'view_stream,republish'; + set_abconfig($uid,$xchan_hash,'system','their_perms',$p); + + } + + + $p = Permissions::connect_perms($uid); + + // parent channels have unencumbered write permission + + if ($sub_channel) { + $p['perms']['post_wall'] = 1; + $p['perms']['post_comments'] = 1; + $p['perms']['write_storage'] = 1; + $p['perms']['post_like'] = 1; + $p['perms']['delegate'] = 0; + $p['perms']['moderated'] = 0; + } + + $my_perms = Permissions::serialise($p['perms']); + + $profile_assign = get_pconfig($uid,'system','profile_assign',''); + + + // See if we are already connected by virtue of having an abook record + + $r = q("select abook_id, abook_xchan, abook_pending, abook_instance from abook + where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($xchan_hash), + intval($uid) + ); + + if ($r) { + + $abook_instance = $r[0]['abook_instance']; + + // If they are on a non-nomadic network, add them to this location + + if (($singleton) && strpos($abook_instance,z_root()) === false) { + if ($abook_instance) { + $abook_instance .= ','; + } + $abook_instance .= z_root(); + + $x = q("update abook set abook_instance = '%s', abook_not_here = 0 where abook_id = %d", + dbesc($abook_instance), + intval($r[0]['abook_id']) + ); + } + + // if they have a pending connection, we just followed them so approve the connection request + + if (intval($r[0]['abook_pending'])) { + $x = q("update abook set abook_pending = 0 where abook_id = %d", + intval($r[0]['abook_id']) + ); + } + } + else { + + // create a new abook record + + $closeness = get_pconfig($uid,'system','new_abook_closeness',80); + + $r = abook_store_lowlevel( + [ + 'abook_account' => intval($aid), + 'abook_channel' => intval($uid), + 'abook_closeness' => intval($closeness), + 'abook_xchan' => $xchan_hash, + 'abook_profile' => $profile_assign, + 'abook_feed' => intval(($xchan['xchan_network'] === 'rss') ? 1 : 0), + 'abook_created' => datetime_convert(), + 'abook_updated' => datetime_convert(), + 'abook_instance' => (($singleton) ? z_root() : '') + ] + ); + } + + if (! $r) { + logger('abook creation failed'); + $result['message'] = t('error saving data'); + return $result; + } + + // Set suitable permissions to the connection + + if ($my_perms) { + set_abconfig($uid,$xchan_hash,'system','my_perms',$my_perms); + } + + // fetch the entire record + + $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash + where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($xchan_hash), + intval($uid) + ); + + if ($r) { + $result['abook'] = array_shift($r); + Master::Summon([ 'Notifier', 'permission_create', $result['abook']['abook_id'] ]); + } + + $arr = [ 'channel_id' => $uid, 'channel' => $channel, 'abook' => $result['abook'] ]; + + call_hooks('follow', $arr); + + /** If there is a default group for this channel, add this connection to it */ + + if ($default_group) { + $g = AccessList::rec_byhash($uid,$default_group); + if ($g) { + AccessList::member_add($uid,'',$xchan_hash,$g['id']); + } + } + + $result['success'] = true; + return $result; + } +} |