aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Tokens.php
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module/Tokens.php')
-rw-r--r--Zotlabs/Module/Tokens.php263
1 files changed, 185 insertions, 78 deletions
diff --git a/Zotlabs/Module/Tokens.php b/Zotlabs/Module/Tokens.php
index 1ba41dcc5..a41003f6b 100644
--- a/Zotlabs/Module/Tokens.php
+++ b/Zotlabs/Module/Tokens.php
@@ -5,6 +5,11 @@ namespace Zotlabs\Module;
use App;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Apps;
+use Zotlabs\Lib\AccessList;
+use Zotlabs\Lib\Permcat;
+use Zotlabs\Lib\Libsync;
+
+require_once('include/security.php');
class Tokens extends Controller {
@@ -13,15 +18,65 @@ class Tokens extends Controller {
if(! local_channel())
return;
- if(! Apps::system_app_installed(local_channel(), 'Guest Access'))
- return;
-
$channel = App::get_channel();
+ if(! Apps::system_app_installed($channel['channel_id'], 'Guest Access'))
+ return;
+
check_form_security_token_redirectOnErr('tokens', 'tokens');
+
+ if(isset($_POST['delete'])) {
+ $r = q("select * from atoken where atoken_id = %d and atoken_uid = %d",
+ intval($_POST['atoken_id']),
+ intval(local_channel())
+ );
+
+ if (!$r) {
+ return;
+ }
+
+ $atoken = $r[0];
+ $atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'];
+
+ $atoken['deleted'] = true;
+
+ $r = q("SELECT abook.*, xchan.*
+ FROM abook left join xchan on abook_xchan = xchan_hash
+ WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
+ intval($channel['channel_id']),
+ dbesc($atoken_xchan)
+ );
+
+ if (!$r) {
+ return;
+ }
+
+ $clone = $r[0];
+
+ unset($clone['abook_id']);
+ unset($clone['abook_account']);
+ unset($clone['abook_channel']);
+ $clone['deleted'] = true;
+
+ $abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
+ if ($abconfig) {
+ $clone['abconfig'] = $abconfig;
+ }
+
+ atoken_delete($atoken['atoken_id']);
+ Libsync::build_sync_packet($channel['channel_id'], [ 'abook' => [ $clone ], 'atoken' => [ $atoken ] ], true);
+
+ return;
+ }
+
$token_errs = 0;
if(array_key_exists('token',$_POST)) {
$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
+
+ if (! $atoken_id) {
+ $atoken_guid = new_uuid();
+ }
+
$name = trim(escape_tags($_POST['name']));
$token = trim($_POST['token']);
if((! $name) || (! $token))
@@ -30,10 +85,10 @@ class Tokens extends Controller {
$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
else
$expires = NULL_DATE;
- $max_atokens = service_class_fetch(local_channel(),'access_tokens');
+ $max_atokens = service_class_fetch($channel['channel_id'],'access_tokens');
if($max_atokens) {
$r = q("select count(atoken_id) as total where atoken_uid = %d",
- intval(local_channel())
+ intval($channel['channel_id'])
);
if($r && intval($r[0]['total']) >= $max_tokens) {
notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL);
@@ -45,8 +100,19 @@ class Tokens extends Controller {
notice( t('Name and Password are required.') . EOL);
return;
}
+
+ $old_atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+ intval($channel['channel_id']),
+ dbesc($name)
+ );
+
+ if ($old_atok) {
+ $old_atok = $old_atok[0];
+ $old_xchan = atoken_xchan($old_atok);
+ }
+
if($atoken_id) {
- $r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s'
+ $r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s'
where atoken_id = %d and atoken_uid = %d",
dbesc($name),
dbesc($token),
@@ -56,8 +122,9 @@ class Tokens extends Controller {
);
}
else {
- $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
- values ( %d, %d, '%s', '%s', '%s' ) ",
+ $r = q("insert into atoken (atoken_guid, atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
+ values ('%s', %d, %d, '%s', '%s', '%s' ) ",
+ dbesc($atoken_guid),
intval($channel['channel_account_id']),
intval($channel['channel_id']),
dbesc($name),
@@ -66,26 +133,89 @@ class Tokens extends Controller {
);
}
- $atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $name;
+ $atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+ intval($channel['channel_id']),
+ dbesc($name)
+ );
+
+ if ($atok) {
+ $xchan = atoken_xchan($atok[0]);
+ atoken_create_xchan($xchan);
+ $atoken_xchan = $xchan['xchan_hash'];
+ if ($old_atok && $old_xchan) {
+ $r = q("update xchan set xchan_name = '%s' where xchan_hash = '%s'",
+ dbesc($xchan['xchan_name']),
+ dbesc($old_xchan['xchan_hash'])
+ );
+ }
+ }
+
- $all_perms = \Zotlabs\Access\Permissions::Perms();
+ if (! $atoken_id) {
- if($all_perms) {
- foreach($all_perms as $perm => $desc) {
- if(array_key_exists('perms_' . $perm, $_POST)) {
- set_abconfig($channel['channel_id'],$atoken_xchan,'my_perms',$perm,intval($_POST['perms_' . $perm]));
- }
- else {
- set_abconfig($channel['channel_id'],$atoken_xchan,'my_perms',$perm,0);
+ // If this is a new token, create a new abook record
+
+ $closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness',80);
+ $profile_assign = get_pconfig($channel['channel_id'], 'system', 'profile_assign', '');
+
+ $r = abook_store_lowlevel(
+ [
+ 'abook_account' => $channel['channel_account_id'],
+ 'abook_channel' => $channel['channel_id'],
+ 'abook_closeness' => intval($closeness),
+ 'abook_xchan' => $atoken_xchan,
+ 'abook_profile' => $profile_assign,
+ 'abook_feed' => 0,
+ 'abook_created' => datetime_convert(),
+ 'abook_updated' => datetime_convert(),
+ 'abook_instance' => z_root(),
+ ]
+ );
+
+ if (! $r) {
+ logger('abook creation failed');
+ }
+
+ /** If there is a default group for this channel, add this connection to it */
+ if ($channel['channel_default_group']) {
+ $g = AccessList::by_hash($channel['channel_id'], $channel['channel_default_group']);
+ if ($g) {
+ AccessList::member_add($channel['channel_id'], '', $atoken_xchan,$g['id']);
}
}
}
-
+
+ $role = ((array_key_exists('permcat', $_POST)) ? escape_tags($_POST['permcat']) : '');
+ \Zotlabs\Lib\Permcat::assign($channel, $role, [$atoken_xchan]);
+
+ $r = q("SELECT abook.*, xchan.*
+ FROM abook left join xchan on abook_xchan = xchan_hash
+ WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
+ intval($channel['chnnel_id']),
+ dbesc($atoken_xchan)
+ );
+
+ if (! $r) {
+ return;
+ }
+
+ $clone = $r[0];
+
+ unset($clone['abook_id']);
+ unset($clone['abook_account']);
+ unset($clone['abook_channel']);
+
+ $abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
+ if ($abconfig) {
+ $clone['abconfig'] = $abconfig;
+ }
+
+ Libsync::build_sync_packet($channel['channel_id'], [ 'abook' => [ $clone ], 'atoken' => $atok ], true);
info( t('Token saved.') . EOL);
return;
}
-
+
function get() {
@@ -95,16 +225,17 @@ class Tokens extends Controller {
if(! Apps::system_app_installed(local_channel(), 'Guest Access')) {
//Do not display any associated widgets at this point
App::$pdl = '';
-
- $o = '<b>' . t('Guest Access App') . ' (' . t('Not Installed') . '):</b><br>';
- $o .= t('Create access tokens so that non-members can access private content');
- return $o;
+ $papp = Apps::get_papp('Guest Access');
+ return Apps::app_render($papp, 'module');
}
+ nav_set_selected('Guest Access');
+
$channel = App::get_channel();
$atoken = null;
$atoken_xchan = '';
+ $atoken_abook = [];
if(argc() > 1) {
$id = argv(1);
@@ -116,78 +247,54 @@ class Tokens extends Controller {
if($atoken) {
$atoken = $atoken[0];
- $atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $atoken['atoken_name'];
- }
-
- if($atoken && argc() > 2 && argv(2) === 'drop') {
- atoken_delete($id);
- $atoken = null;
- $atoken_xchan = '';
- }
- }
-
- $t = q("select * from atoken where atoken_uid = %d",
- intval(local_channel())
- );
-
- $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access private content.');
-
- $desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');
+ $atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $atoken['atoken_guid'];
- $global_perms = \Zotlabs\Access\Permissions::Perms();
- $their_perms = [];
-
- $existing = get_all_perms(local_channel(),(($atoken_xchan) ? $atoken_xchan : ''),false);
+ $atoken_abook = q("select * from abook where abook_channel = %d and abook_xchan = '%s'",
+ intval(local_channel()),
+ dbesc($atoken_xchan)
+ );
- if($atoken_xchan) {
- $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'",
- intval(local_channel()),
- dbesc($atoken_xchan)
- );
- if($theirs) {
- foreach($theirs as $t) {
- $their_perms[$t['k']] = $t['v'];
- }
+ $atoken_abook = $atoken_abook[0];
}
}
- foreach($global_perms as $k => $v) {
- $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
-//fixme
- $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
+ $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in privacy groups and visitors may login using these credentials to access private content.');
- if($existing[$k])
- $thisperm = "1";
+ $pcat = new Permcat(local_channel());
+ $pcatlist = $pcat->listing();
+ $default_role = get_pconfig(local_channel(), 'system', 'default_permcat');
+ $current_permcat = (($atoken_abook) ? $atoken_abook['abook_role'] : $default_role);
- $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
+ $roles_dict = [];
+ foreach ($pcatlist as $role) {
+ $roles_dict[$role['name']] = $role['localname'];
}
+ if (!$current_permcat) {
+ notice(t('Please select a role for this guest!') . EOL);
+ $permcats[] = '';
+ }
+ if ($pcatlist) {
+ foreach ($pcatlist as $pc) {
+ $permcats[$pc['name']] = $pc['localname'];
+ }
+ }
$tpl = get_markup_template("tokens.tpl");
$o .= replace_macros($tpl, array(
- '$form_security_token' => get_form_security_token("tokens"),
- '$title' => t('Guest Access Tokens'),
- '$desc' => $desc,
- '$desc2' => $desc2,
- '$tokens' => $t,
+ '$form_security_token' => get_form_security_token('tokens'),
+ '$permcat' => ['permcat', t('Select a role for this guest'), $current_permcat, '', $permcats],
+ '$title' => t('Guest Access'),
+ '$desc' => $desc,
'$atoken' => $atoken,
- '$url1' => z_root() . '/channel/' . $channel['channel_address'],
- '$url2' => z_root() . '/photos/' . $channel['channel_address'],
'$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''),
- '$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''),
+ '$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : new_token()), ''),
'$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] > NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''),
- '$them' => t('Their Settings'),
- '$me' => t('My Settings'),
- '$perms' => $perms,
- '$inherited' => t('inherited'),
- '$notself' => 1,
- '$self' => 0,
- '$permlbl' => t('Individual Permissions'),
- '$permnote' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'),
- '$submit' => t('Submit')
+ '$submit' => t('Submit'),
+ '$delete' => t('Delete')
));
return $o;
}
-
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 00:50:38 +0000