diff options
Diffstat (limited to 'Zotlabs/Module/Acl.php')
-rw-r--r-- | Zotlabs/Module/Acl.php | 113 |
1 files changed, 87 insertions, 26 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 2bc4ba62d..15609c3c8 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -1,7 +1,18 @@ <?php namespace Zotlabs\Module; -/* ACL selector json backend */ +/* + * ACL selector json backend + * This module provides JSON lists of connections and local/remote channels + * (xchans) to populate various tools such as the ACL (AccessControlList) popup + * and various auto-complete functions (such as email recipients, search, and + * mention targets. + * There are two primary output structural formats. One for the ACL widget and + * the other for auto-completion. + * Many of the behaviour variations are triggered on the use of single character keys + * however this functionality has grown in an ad-hoc manner and has gotten quite messy over time. + */ + require_once("include/acl_selectors.php"); require_once("include/group.php"); @@ -10,40 +21,63 @@ class Acl extends \Zotlabs\Web\Controller { function init(){ - // logger('mod_acl: ' . print_r($_REQUEST,true)); - - $start = (x($_REQUEST,'start')?$_REQUEST['start']:0); - $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); - $search = (x($_REQUEST,'search')?$_REQUEST['search']:""); - $type = (x($_REQUEST,'type')?$_REQUEST['type']:""); - $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false); + // logger('mod_acl: ' . print_r($_REQUEST,true)); - // List of channels whose connections to also suggest, e.g. currently viewed channel or channels mentioned in a post + $start = (x($_REQUEST,'start') ? $_REQUEST['start'] : 0); + $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 500); + $search = (x($_REQUEST,'search') ? $_REQUEST['search'] : ''); + $type = (x($_REQUEST,'type') ? $_REQUEST['type'] : ''); + $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false); + + + // $type = + // '' => standard ACL request + // 'g' => Groups only ACL request + // 'c' => Connections only ACL request or editor (textarea) mention request + // $_REQUEST['search'] contains ACL search text. + + + // $type = + // 'm' => autocomplete private mail recipient (checks post_mail permission) + // 'a' => autocomplete connections (mod_connections, mod_poke, mod_sources, mod_photos) + // 'x' => nav search bar autocomplete (match any xchan) + // $_REQUEST['query'] contains autocomplete search text. + + // List of channels whose connections to also suggest, + // e.g. currently viewed channel or channels mentioned in a post + $extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array()); - // For use with jquery.autocomplete for private mail completion + // The different autocomplete libraries use different names for the search text + // parameter. Internaly we'll use $search to represent the search text no matter + // what request variable it was attached to. - if(x($_REQUEST,'query') && strlen($_REQUEST['query'])) { - if(! $type) - $type = 'm'; + if(array_key_exists('query',$_REQUEST)) { $search = $_REQUEST['query']; } - if(!(local_channel())) - if(!($type == 'x' || $type == 'c')) - killme(); + if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) + killme(); - if ($search != "") { + if($search) { $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; - // This horrible mess is needed because position also returns 0 if nothing is found. W/ould be MUCH easier if it instead returned a very large value - // Otherwise we could just order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)). - $order_extra2 = "CASE WHEN xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) ." then POSITION('".dbesc($search)."' IN xchan_name) else position('".dbesc($search)."' IN xchan_addr) end, "; + // This horrible mess is needed because position also returns 0 if nothing is found. + // Would be MUCH easier if it instead returned a very large value + // Otherwise we could just + // order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)). + + $order_extra2 = "CASE WHEN xchan_name LIKE " + . protect_sprintf( "'%" . dbesc($search) . "%'" ) + . " then POSITION('" . dbesc($search) + . "' IN xchan_name) else position('" . dbesc($search) . "' IN xchan_addr) end, "; + $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; - } else { + } + else { $sql_extra = $sql_extra2 = $sql_extra3 = ""; } @@ -51,7 +85,7 @@ class Acl extends \Zotlabs\Web\Controller { $groups = array(); $contacts = array(); - if ($type=='' || $type=='g'){ + if($type == '' || $type == 'g') { $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname` FROM `groups`,`group_member` @@ -82,7 +116,7 @@ class Acl extends \Zotlabs\Web\Controller { } } - if ($type=='' || $type=='c') { + if($type == '' || $type == 'c') { $extra_channels_sql = ''; // Only include channels who allow the observer to view their permissions foreach($extra_channels as $channel) { @@ -96,13 +130,40 @@ class Acl extends \Zotlabs\Web\Controller { if(local_channel()) { if($extra_channels_sql != '') $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; + + $r2 = null; + + $r1 = q("select * from atoken where atoken_uid = %d", + intval(local_channel()) + ); + if($r1) { + require_once('include/security.php'); + $r2 = array(); + foreach($r1 as $rr) { + $x = atoken_xchan($rr); + $r2[] = [ + 'id' => 'a' . $rr['atoken_id'] , + 'hash' => $x['xchan_hash'], + 'name' => $x['xchan_name'], + 'micro' => $x['xchan_photo_m'], + 'url' => z_root(), + 'nick' => $x['xchan_addr'], + 'abook_their_perms' => 0, + 'abook_flags' => 0, + 'abook_self' => 0 + ]; + } + } + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) ); - + if($r2) + $r = array_merge($r2,$r); + } else { // Visitors $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self @@ -171,7 +232,7 @@ class Acl extends \Zotlabs\Web\Controller { intval(PERMS_W_MAIL) ); } - elseif(($type == 'a') || ($type == 'p')) { + elseif($type == 'a') { $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d @@ -296,7 +357,7 @@ class Acl extends \Zotlabs\Web\Controller { $url = $directory['url'] . '/dirsearch'; } - $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); + $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { $query = $url . '?f=' ; $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : ''); |