aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Acl.php53
-rw-r--r--Zotlabs/Module/Connedit.php67
-rw-r--r--Zotlabs/Module/Editpost.php4
-rw-r--r--Zotlabs/Module/Editwebpage.php4
-rw-r--r--Zotlabs/Module/Follow.php5
-rw-r--r--Zotlabs/Module/Mail.php12
-rw-r--r--Zotlabs/Module/Manage.php4
-rw-r--r--Zotlabs/Module/Probe.php2
-rw-r--r--Zotlabs/Module/Settings.php32
9 files changed, 113 insertions, 70 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index 15609c3c8..4e746e218 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -58,7 +58,23 @@ class Acl extends \Zotlabs\Web\Controller {
if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
killme();
-
+
+ $permitted = [];
+
+ if(in_array($type, [ 'm', 'a', 'c' ])) {
+
+ // These queries require permission checking. We'll create a simple array of xchan_hash for those with
+ // the requisite permissions which we can check against.
+
+ $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1",
+ intval(local_channel()),
+ dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver')
+ );
+
+ $permitted = ids_to_array($x,'xchan');
+ }
+
+
if($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
@@ -87,13 +103,13 @@ class Acl extends \Zotlabs\Web\Controller {
if($type == '' || $type == 'g') {
- $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname`
- FROM `groups`,`group_member`
- WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d
- AND `group_member`.`gid`=`groups`.`id`
+ $r = q("SELECT groups.id, groups.hash, groups.gname
+ FROM groups,group_member
+ WHERE groups.deleted = 0 AND groups.uid = %d
+ AND group_member.gid=groups.id
$sql_extra
- GROUP BY `groups`.`id`
- ORDER BY `groups`.`gname`
+ GROUP BY groups.id
+ ORDER BY groups.gname
LIMIT %d OFFSET %d",
intval(local_channel()),
intval($count),
@@ -156,7 +172,7 @@ class Acl extends \Zotlabs\Web\Controller {
}
- $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
+ $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
intval(local_channel())
@@ -221,16 +237,23 @@ class Acl extends \Zotlabs\Web\Controller {
}
}
elseif($type == 'm') {
-
- $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
+ $r = array();
+ $z = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
FROM abook left join xchan on abook_xchan = xchan_hash
- WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
+ WHERE abook_channel = %d
and xchan_deleted = 0
$sql_extra3
- ORDER BY `xchan_name` ASC ",
- intval(local_channel()),
- intval(PERMS_W_MAIL)
+ ORDER BY xchan_name ASC ",
+ intval(local_channel())
);
+ if($z) {
+ foreach($z as $zz) {
+ if(in_array($zz['id'],$permitted)) {
+ $r[] = $zz;
+ }
+ }
+ }
+
}
elseif($type == 'a') {
@@ -274,7 +297,7 @@ class Acl extends \Zotlabs\Web\Controller {
if(strpos($g['hash'],'/') && $type != 'a')
continue;
- if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) {
+ if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
$contacts[] = array(
"type" => "c",
"photo" => "images/twopeople.png",
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 7db4950b1..260952b4e 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -129,12 +129,21 @@ class Connedit extends \Zotlabs\Web\Controller {
$abook_my_perms = 0;
- foreach($_POST as $k => $v) {
- if(strpos($k,'perms_') === 0) {
- $abook_my_perms += $v;
+ $all_perms = \Zotlabs\Access\Permissions::Perms();
+
+ if($all_perms) {
+ foreach($all_perms as $perm => $desc) {
+ if(array_key_exists('perms_' . $perm, $_POST)) {
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,
+ intval($_POST['perms_' . $perm]));
+ $abook_my_perms ++;
+ }
+ else {
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
+ }
}
}
-
+
$new_friend = false;
if(! $is_self) {
@@ -195,18 +204,27 @@ class Connedit extends \Zotlabs\Web\Controller {
$role = get_pconfig(local_channel(),'system','permissions_role');
if($role) {
$x = get_role_perms($role);
- if($x['perms_accept'])
- $abook_my_perms = $x['perms_accept'];
+ if($x['perms_connect']) {
+ $abook_my_perms = $x['perms_connect'];
+ }
+ }
+
+ if($all_perms) {
+ foreach($all_perms as $perm => $desc) {
+ if(array_key_exists($perm, $abook_my_perms))
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,1);
+ else
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
+ }
}
}
-
+
$abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']);
- $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_pending = %d,
+ $r = q("UPDATE abook SET abook_profile = '%s', abook_closeness = %d, abook_pending = %d,
abook_incl = '%s', abook_excl = '%s'
where abook_id = %d AND abook_channel = %d",
dbesc($profile_id),
- intval($abook_my_perms),
intval($closeness),
intval($abook_pending),
dbesc($abook_incl),
@@ -227,7 +245,7 @@ class Connedit extends \Zotlabs\Web\Controller {
info( t('Connection updated.') . EOL);
else
notice( t('Failed to update connection record.') . EOL);
-
+//@fixme perms
if(\App::$poi && \App::$poi['abook_my_perms'] != $abook_my_perms
&& (! intval(\App::$poi['abook_self']))) {
\Zotlabs\Daemon\Master::Summon(array('Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), $contact_id));
@@ -372,8 +390,8 @@ class Connedit extends \Zotlabs\Web\Controller {
$role = get_pconfig(local_channel(),'system','permissions_role');
if($role) {
$x = get_role_perms($role);
- if($x['perms_accept'])
- $my_perms = $x['perms_accept'];
+ if($x['perms_connect'])
+ $my_perms = $x['perms_connect'];
}
$yes_no = array(t('No'),t('Yes'));
@@ -654,7 +672,8 @@ class Connedit extends \Zotlabs\Web\Controller {
$perms = array();
$channel = \App::get_channel();
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes')));
@@ -670,16 +689,32 @@ class Connedit extends \Zotlabs\Web\Controller {
if($slide && $multiprofs)
$affinity = t('Set Affinity & Profile');
+ $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'",
+ intval(local_channel()),
+ dbesc($contact['abook_xchan'])
+ );
+ $their_perms = array();
+ if($theirs) {
+ foreach($theirs as $t) {
+ $their_perms[$t['k']] = $t['v'];
+ }
+ }
+
foreach($global_perms as $k => $v) {
- $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : '');
- $checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : '');
+ $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
+//fixme
+
+ $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
// For auto permissions (when $self is true) we don't want to look at existing
// permissions because they are enabled for the channel owner
if((! $self) && ($existing[$k]))
$thisperm = "1";
+
+
+
- $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4], $checkinherited);
+ $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
}
$locstr = '';
diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php
index da859de3e..838fe9e4f 100644
--- a/Zotlabs/Module/Editpost.php
+++ b/Zotlabs/Module/Editpost.php
@@ -47,9 +47,9 @@ class Editpost extends \Zotlabs\Web\Controller {
if(intval($itm[0]['item_obscured'])) {
$key = get_config('system','prvkey');
if($itm[0]['title'])
- $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
+ $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
if($itm[0]['body'])
- $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
+ $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
}
$category = '';
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php
index be4803a07..a55f81101 100644
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -108,9 +108,9 @@ class Editwebpage extends \Zotlabs\Web\Controller {
if(intval($itm[0]['item_obscured'])) {
$key = get_config('system','prvkey');
if($itm[0]['title'])
- $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
+ $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
if($itm[0]['body'])
- $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
+ $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
}
$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php
index 3641330c9..da9ab3670 100644
--- a/Zotlabs/Module/Follow.php
+++ b/Zotlabs/Module/Follow.php
@@ -47,12 +47,13 @@ class Follow extends \Zotlabs\Web\Controller {
if($abconfig)
$clone['abconfig'] = $abconfig;
- build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)));
+ build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)), true);
+ $can_view_stream = intval(get_abconfig($channel['channel_id'],$clone['abook_xchan'],'their_perms','view_stream'));
// If we can view their stream, pull in some posts
- if(($result['abook']['abook_their_perms'] & PERMS_R_STREAM) || ($result['abook']['xchan_network'] === 'rss'))
+ if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss'))
\Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id']));
goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php
index aae7585c4..043c28078 100644
--- a/Zotlabs/Module/Mail.php
+++ b/Zotlabs/Module/Mail.php
@@ -57,8 +57,6 @@ class Mail extends \Zotlabs\Web\Controller {
$their_perms = 0;
- $global_perms = get_perms();
-
if($j['permissions']['data']) {
$permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']);
if($permissions)
@@ -68,13 +66,7 @@ class Mail extends \Zotlabs\Web\Controller {
else
$permissions = $j['permissions'];
- foreach($permissions as $k => $v) {
- if($v) {
- $their_perms = $their_perms | intval($global_perms[$k][1]);
- }
- }
-
- if(! ($their_perms & PERMS_W_MAIL)) {
+ if(! ($permissions['post_mail'])) {
notice( t('Selected channel has private message restrictions. Send failed.'));
// reported issue: let's still save the message and continue. We'll just tell them
// that nothing useful is likely to happen. They might have spent hours on it.
@@ -120,7 +112,7 @@ class Mail extends \Zotlabs\Web\Controller {
}
- function get() {
+ function get() {
$o = '';
nav_set_selected('messages');
diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php
index 4ca044c4a..8f815d6d4 100644
--- a/Zotlabs/Module/Manage.php
+++ b/Zotlabs/Module/Manage.php
@@ -143,9 +143,9 @@ class Manage extends \Zotlabs\Web\Controller {
$create = array( 'new_channel', t('Create a new channel'), t('Create New'));
$delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where
- abook_channel = %d and (abook_their_perms & %d) > 0",
+ abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = 1 )",
intval(local_channel()),
- intval(PERMS_A_DELEGATE)
+ intval(local_channel())
);
if($delegates) {
diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php
index dda792131..7fc0e8ff5 100644
--- a/Zotlabs/Module/Probe.php
+++ b/Zotlabs/Module/Probe.php
@@ -23,8 +23,6 @@ class Probe extends \Zotlabs\Web\Controller {
$j = \Zotlabs\Zot\Finger::run($addr,$channel,false);
- // $res = zot_finger($addr,$channel,false);
-
$o .= '<pre>';
if(! $j['success']) {
$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index b1258e049..81d76a2dd 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -38,7 +38,7 @@ class Settings extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
- logger('mod_settings: ' . print_r($_REQUEST,true));
+ // logger('mod_settings: ' . print_r($_REQUEST,true));
if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){
@@ -363,10 +363,10 @@ class Settings extends \Zotlabs\Web\Controller {
intval(local_channel())
);
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
foreach($global_perms as $k => $v) {
- $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' ';
+ \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,intval($_POST[$k]));
}
$acl = new \Zotlabs\Access\AccessList($channel);
$acl->set_from_array($_POST);
@@ -422,10 +422,10 @@ class Settings extends \Zotlabs\Web\Controller {
);
}
- $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1",
- intval((array_key_exists('perms_accept',$role_permissions)) ? $role_permissions['perms_accept'] : 0),
- intval(local_channel())
- );
+ foreach($global_perms as $k => $v) {
+ set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k,((array_key_exists($k,$role_permissions['perms_connect'])) ? 1 : 0));
+ }
+
set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0));
foreach($role_permissions as $p => $v) {
@@ -963,11 +963,7 @@ class Settings extends \Zotlabs\Web\Controller {
return $o;
}
-
-
-
-
-
+
if(argv(1) === 'channel') {
require_once('include/acl_selectors.php');
@@ -984,9 +980,8 @@ class Settings extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
-
- $global_perms = get_perms();
-
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
$permiss = array();
$perm_opts = array(
@@ -1000,19 +995,18 @@ class Settings extends \Zotlabs\Web\Controller {
array( t('Anybody on the internet'), PERMS_PUBLIC)
);
+ $limits = \Zotlabs\Access\PermissionLimits::Get(local_channel());
foreach($global_perms as $k => $perm) {
$options = array();
foreach($perm_opts as $opt) {
- if((! $perm[2]) && $opt[1] == PERMS_PUBLIC)
- continue;
$options[$opt[1]] = $opt[0];
}
- $permiss[] = array($k,$perm[3],$channel[$perm[0]],$perm[4],$options);
+ $permiss[] = array($k,$perm,$limits[$k],'',$options);
}
- // logger('permiss: ' . print_r($permiss,true));
+ //logger('permiss: ' . print_r($permiss,true));
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 11:13:22 +0000