aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Acl.php
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module/Acl.php')
-rw-r--r--Zotlabs/Module/Acl.php113
1 files changed, 87 insertions, 26 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index 2bc4ba62d..15609c3c8 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -1,7 +1,18 @@
<?php
namespace Zotlabs\Module;
-/* ACL selector json backend */
+/*
+ * ACL selector json backend
+ * This module provides JSON lists of connections and local/remote channels
+ * (xchans) to populate various tools such as the ACL (AccessControlList) popup
+ * and various auto-complete functions (such as email recipients, search, and
+ * mention targets.
+ * There are two primary output structural formats. One for the ACL widget and
+ * the other for auto-completion.
+ * Many of the behaviour variations are triggered on the use of single character keys
+ * however this functionality has grown in an ad-hoc manner and has gotten quite messy over time.
+ */
+
require_once("include/acl_selectors.php");
require_once("include/group.php");
@@ -10,40 +21,63 @@ class Acl extends \Zotlabs\Web\Controller {
function init(){
- // logger('mod_acl: ' . print_r($_REQUEST,true));
-
- $start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
- $count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
- $search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
- $type = (x($_REQUEST,'type')?$_REQUEST['type']:"");
- $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false);
+ // logger('mod_acl: ' . print_r($_REQUEST,true));
- // List of channels whose connections to also suggest, e.g. currently viewed channel or channels mentioned in a post
+ $start = (x($_REQUEST,'start') ? $_REQUEST['start'] : 0);
+ $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 500);
+ $search = (x($_REQUEST,'search') ? $_REQUEST['search'] : '');
+ $type = (x($_REQUEST,'type') ? $_REQUEST['type'] : '');
+ $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false);
+
+
+ // $type =
+ // '' => standard ACL request
+ // 'g' => Groups only ACL request
+ // 'c' => Connections only ACL request or editor (textarea) mention request
+ // $_REQUEST['search'] contains ACL search text.
+
+
+ // $type =
+ // 'm' => autocomplete private mail recipient (checks post_mail permission)
+ // 'a' => autocomplete connections (mod_connections, mod_poke, mod_sources, mod_photos)
+ // 'x' => nav search bar autocomplete (match any xchan)
+ // $_REQUEST['query'] contains autocomplete search text.
+
+ // List of channels whose connections to also suggest,
+ // e.g. currently viewed channel or channels mentioned in a post
+
$extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array());
- // For use with jquery.autocomplete for private mail completion
+ // The different autocomplete libraries use different names for the search text
+ // parameter. Internaly we'll use $search to represent the search text no matter
+ // what request variable it was attached to.
- if(x($_REQUEST,'query') && strlen($_REQUEST['query'])) {
- if(! $type)
- $type = 'm';
+ if(array_key_exists('query',$_REQUEST)) {
$search = $_REQUEST['query'];
}
- if(!(local_channel()))
- if(!($type == 'x' || $type == 'c'))
- killme();
+ if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
+ killme();
- if ($search != "") {
+ if($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
- // This horrible mess is needed because position also returns 0 if nothing is found. W/ould be MUCH easier if it instead returned a very large value
- // Otherwise we could just order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)).
- $order_extra2 = "CASE WHEN xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) ." then POSITION('".dbesc($search)."' IN xchan_name) else position('".dbesc($search)."' IN xchan_addr) end, ";
+ // This horrible mess is needed because position also returns 0 if nothing is found.
+ // Would be MUCH easier if it instead returned a very large value
+ // Otherwise we could just
+ // order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)).
+
+ $order_extra2 = "CASE WHEN xchan_name LIKE "
+ . protect_sprintf( "'%" . dbesc($search) . "%'" )
+ . " then POSITION('" . dbesc($search)
+ . "' IN xchan_name) else position('" . dbesc($search) . "' IN xchan_addr) end, ";
+
$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
- } else {
+ }
+ else {
$sql_extra = $sql_extra2 = $sql_extra3 = "";
}
@@ -51,7 +85,7 @@ class Acl extends \Zotlabs\Web\Controller {
$groups = array();
$contacts = array();
- if ($type=='' || $type=='g'){
+ if($type == '' || $type == 'g') {
$r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname`
FROM `groups`,`group_member`
@@ -82,7 +116,7 @@ class Acl extends \Zotlabs\Web\Controller {
}
}
- if ($type=='' || $type=='c') {
+ if($type == '' || $type == 'c') {
$extra_channels_sql = '';
// Only include channels who allow the observer to view their permissions
foreach($extra_channels as $channel) {
@@ -96,13 +130,40 @@ class Acl extends \Zotlabs\Web\Controller {
if(local_channel()) {
if($extra_channels_sql != '')
$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
+
+ $r2 = null;
+
+ $r1 = q("select * from atoken where atoken_uid = %d",
+ intval(local_channel())
+ );
+ if($r1) {
+ require_once('include/security.php');
+ $r2 = array();
+ foreach($r1 as $rr) {
+ $x = atoken_xchan($rr);
+ $r2[] = [
+ 'id' => 'a' . $rr['atoken_id'] ,
+ 'hash' => $x['xchan_hash'],
+ 'name' => $x['xchan_name'],
+ 'micro' => $x['xchan_photo_m'],
+ 'url' => z_root(),
+ 'nick' => $x['xchan_addr'],
+ 'abook_their_perms' => 0,
+ 'abook_flags' => 0,
+ 'abook_self' => 0
+ ];
+ }
+ }
+
$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
intval(local_channel())
);
-
+ if($r2)
+ $r = array_merge($r2,$r);
+
}
else { // Visitors
$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
@@ -171,7 +232,7 @@ class Acl extends \Zotlabs\Web\Controller {
intval(PERMS_W_MAIL)
);
}
- elseif(($type == 'a') || ($type == 'p')) {
+ elseif($type == 'a') {
$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d
@@ -296,7 +357,7 @@ class Acl extends \Zotlabs\Web\Controller {
$url = $directory['url'] . '/dirsearch';
}
- $count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
+ $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100);
if($url) {
$query = $url . '?f=' ;
$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');