diff options
Diffstat (limited to 'Zotlabs/Module/Acl.php')
| -rw-r--r-- | Zotlabs/Module/Acl.php | 91 |
1 files changed, 58 insertions, 33 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 6f5b0ddf9..9c5f6653b 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -19,9 +19,9 @@ require_once("include/group.php"); class Acl extends \Zotlabs\Web\Controller { - function init(){ + function init() { - // logger('mod_acl: ' . print_r($_REQUEST,true)); + logger('mod_acl: ' . print_r($_REQUEST,true)); $start = (x($_REQUEST,'start') ? $_REQUEST['start'] : 0); $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 500); @@ -33,6 +33,7 @@ class Acl extends \Zotlabs\Web\Controller { // $type = // '' => standard ACL request // 'g' => Groups only ACL request + // 'f' => forums only ACL request // 'c' => Connections only ACL request or editor (textarea) mention request // $_REQUEST['search'] contains ACL search text. @@ -49,19 +50,19 @@ class Acl extends \Zotlabs\Web\Controller { $extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array()); // The different autocomplete libraries use different names for the search text - // parameter. Internaly we'll use $search to represent the search text no matter + // parameter. Internally we'll use $search to represent the search text no matter // what request variable it was attached to. if(array_key_exists('query',$_REQUEST)) { $search = $_REQUEST['query']; } - if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) + if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ]))) killme(); $permitted = []; - if(in_array($type, [ 'm', 'a', 'c' ])) { + if(in_array($type, [ 'm', 'a', 'c', 'f' ])) { // These queries require permission checking. We'll create a simple array of xchan_hash for those with // the requisite permissions which we can check against. @@ -104,6 +105,8 @@ class Acl extends \Zotlabs\Web\Controller { if($type == '' || $type == 'g') { + // virtual groups based on private profile viewing ability + $r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d", intval(local_channel()) ); @@ -121,6 +124,8 @@ class Acl extends \Zotlabs\Web\Controller { } } + // Normal privacy groups + $r = q("SELECT groups.id, groups.hash, groups.gname FROM groups, group_member WHERE groups.deleted = 0 AND groups.uid = %d @@ -150,26 +155,35 @@ class Acl extends \Zotlabs\Web\Controller { } } - if($type == '' || $type == 'c') { + if($type == '' || $type == 'c' || $type === 'f') { + $extra_channels_sql = ''; - // Only include channels who allow the observer to view their permissions - foreach($extra_channels as $channel) { - if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) - $extra_channels_sql .= "," . intval($channel); + + // Only include channels who allow the observer to view their connections + if($extra_channels) { + foreach($extra_channels as $channel) { + if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) { + if($extra_channel_sql) + $extra_channels_sql .= ','; + $extra_channels_sql .= intval($channel); + } + } } - $extra_channels_sql = substr($extra_channels_sql,1); // Remove initial comma - // Getting info from the abook is better for local users because it contains info about permissions if(local_channel()) { if($extra_channels_sql != '') $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; + + // Add atokens belonging to the local channel @TODO restrict by search + $r2 = null; $r1 = q("select * from atoken where atoken_uid = %d", intval(local_channel()) ); + if($r1) { require_once('include/security.php'); $r2 = array(); @@ -189,6 +203,7 @@ class Acl extends \Zotlabs\Web\Controller { } } + // add connections $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash @@ -293,7 +308,7 @@ class Acl extends \Zotlabs\Web\Controller { $contacts[] = array( "photo" => $g['photo'], "name" => $g['name'], - "nick" => $g['address'], + "nick" => $g['address'] ); } } @@ -310,18 +325,24 @@ class Acl extends \Zotlabs\Web\Controller { $r = array(); if($r) { - foreach($r as $g){ + foreach($r as $g) { - // remove RSS feeds from ACLs - they are inaccessible - if(strpos($g['hash'],'/') && $type != 'a') + if(($g['network'] === 'rss') && ($type != 'a')) continue; - - if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) { + + $g['hash'] = urlencode($g['hash']); + + if(! $g['nick']) { + $t = explode(' ',strtolower($g['name'])); + $g['nick'] = $t[0] . '@'; + } + + if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", - "name" => $g['name'] . '+', - "id" => $g['id'] . '+', + "name" => $g['name'] . (($type === 'f') ? '' : '+'), + "id" => $g['id'] . (($type === 'f') ? '' : '+'), "xid" => $g['hash'], "link" => $g['nick'], "nick" => substr($g['nick'],0,strpos($g['nick'],'@')), @@ -330,18 +351,20 @@ class Acl extends \Zotlabs\Web\Controller { "label" => t('network') ); } - $contacts[] = array( - "type" => "c", - "photo" => $g['micro'], - "name" => $g['name'], - "id" => $g['id'], - "xid" => $g['hash'], - "link" => $g['nick'], - "nick" => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : t('RSS')), - "self" => (intval($g['abook_self']) ? 'abook-self' : ''), - "taggable" => '', - "label" => '', - ); + if($type !== 'f') { + $contacts[] = array( + "type" => "c", + "photo" => $g['micro'], + "name" => $g['name'], + "id" => $g['id'], + "xid" => $g['hash'], + "link" => $g['nick'], + "nick" => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']), + "self" => (intval($g['abook_self']) ? 'abook-self' : ''), + "taggable" => '', + "label" => '', + ); + } } } @@ -398,10 +421,12 @@ class Acl extends \Zotlabs\Web\Controller { $directory = find_upstream_directory($dirmode); $url = $directory['url'] . '/dirsearch'; } + + $token = get_config('system','realm_token'); $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { - $query = $url . '?f=' ; + $query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : ''); $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : ''); $x = z_fetch_url($query); |