diff options
Diffstat (limited to 'Zotlabs/Module/Acl.php')
| -rw-r--r-- | Zotlabs/Module/Acl.php | 55 |
1 files changed, 15 insertions, 40 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 8c62f4de9..76a001fdd 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -58,24 +58,7 @@ class Acl extends \Zotlabs\Web\Controller { if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) killme(); - - $permitted = []; - - if(in_array($type, [ 'm', 'a', 'c' ])) { - - // These queries require permission checking. We'll create a simple array of xchan_hash for those with - // the requisite permissions which we can check against. - - $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1", - intval(local_channel()), - dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver') - ); - - $permitted = ids_to_array($x,'xchan'); - - } - - + if($search) { $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; @@ -104,13 +87,13 @@ class Acl extends \Zotlabs\Web\Controller { if($type == '' || $type == 'g') { - $r = q("SELECT groups.id, groups.hash, groups.gname - FROM groups,group_member - WHERE groups.deleted = 0 AND groups.uid = %d - AND group_member.gid=groups.id + $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname` + FROM `groups`,`group_member` + WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d + AND `group_member`.`gid`=`groups`.`id` $sql_extra - GROUP BY groups.id - ORDER BY groups.gname + GROUP BY `groups`.`id` + ORDER BY `groups`.`gname` LIMIT %d OFFSET %d", intval(local_channel()), intval($count), @@ -173,7 +156,7 @@ class Acl extends \Zotlabs\Web\Controller { } - $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) @@ -238,24 +221,16 @@ class Acl extends \Zotlabs\Web\Controller { } } elseif($type == 'm') { - - $r = array(); - $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + + $r = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) and xchan_deleted = 0 $sql_extra3 - ORDER BY xchan_name ASC ", - intval(local_channel()) + ORDER BY `xchan_name` ASC ", + intval(local_channel()), + intval(PERMS_W_MAIL) ); - if($z) { - foreach($z as $zz) { - if(in_array($zz['hash'],$permitted)) { - $r[] = $zz; - } - } - } - } elseif($type == 'a') { @@ -299,7 +274,7 @@ class Acl extends \Zotlabs\Web\Controller { if(strpos($g['hash'],'/') && $type != 'a') continue; - if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) { + if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", |