aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Access/PermissionLimits.php36
-rw-r--r--Zotlabs/Access/PermissionRoles.php215
-rw-r--r--Zotlabs/Access/Permissions.php116
-rw-r--r--Zotlabs/Daemon/Cron.php2
-rw-r--r--Zotlabs/Daemon/Onepoll.php4
-rw-r--r--Zotlabs/Lib/AbConfig.php2
-rw-r--r--Zotlabs/Lib/PermissionDescription.php17
-rw-r--r--Zotlabs/Module/Acl.php54
-rw-r--r--Zotlabs/Module/Connedit.php89
-rw-r--r--Zotlabs/Module/Dav.php85
-rw-r--r--Zotlabs/Module/Editpost.php4
-rw-r--r--Zotlabs/Module/Editwebpage.php4
-rw-r--r--Zotlabs/Module/Follow.php5
-rw-r--r--Zotlabs/Module/Import.php9
-rw-r--r--Zotlabs/Module/Item.php16
-rw-r--r--Zotlabs/Module/Login.php3
-rw-r--r--Zotlabs/Module/Mail.php12
-rw-r--r--Zotlabs/Module/Manage.php4
-rw-r--r--Zotlabs/Module/Openid.php2
-rw-r--r--Zotlabs/Module/Probe.php2
-rw-r--r--Zotlabs/Module/Profiles.php4
-rw-r--r--Zotlabs/Module/Register.php2
-rw-r--r--Zotlabs/Module/Removeaccount.php3
-rw-r--r--Zotlabs/Module/Removeme.php4
-rw-r--r--Zotlabs/Module/Settings.php58
-rw-r--r--Zotlabs/Storage/BasicAuth.php40
26 files changed, 567 insertions, 225 deletions
diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php
new file mode 100644
index 000000000..909b654d5
--- /dev/null
+++ b/Zotlabs/Access/PermissionLimits.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Zotlabs\Access;
+
+use \Zotlabs\Lib as ZLib;
+
+class PermissionLimits {
+
+ static public function Std_Limits() {
+ $perms = Permissions::Perms();
+ $limits = array();
+ foreach($perms as $k => $v) {
+ if(strstr($k,'view'))
+ $limits[$k] = PERMS_PUBLIC;
+ else
+ $limits[$k] = PERMS_SPECIFIC;
+ }
+ return $limits;
+ }
+
+ static public function Set($channel_id,$perm,$perm_limit) {
+ ZLib\PConfig::Set($channel_id,'perm_limits',$perm,$perm_limit);
+ }
+
+ static public function Get($channel_id,$perm = '') {
+ if($perm) {
+ return Zlib\PConfig::Get($channel_id,'perm_limits',$perm);
+ }
+ else {
+ Zlib\PConfig::Load($channel_id);
+ if(array_key_exists($channel_id,\App::$config) && array_key_exists('perm_limits',\App::$config[$channel_id]))
+ return \App::$config[$channel_id]['perm_limits'];
+ return false;
+ }
+ }
+} \ No newline at end of file
diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php
new file mode 100644
index 000000000..8b116adc5
--- /dev/null
+++ b/Zotlabs/Access/PermissionRoles.php
@@ -0,0 +1,215 @@
+<?php
+
+
+namespace Zotlabs\Access;
+
+use Zotlabs\Lib as Zlib;
+
+class PermissionRoles {
+
+
+ static function role_perms($role) {
+
+ $ret = array();
+
+ $ret['role'] = $role;
+
+ switch($role) {
+ case 'social':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = true;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like', 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ break;
+
+ case 'social_restricted':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = true;
+ $ret['online'] = true;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'social_private':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = false;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' ];
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ $ret['limits']['view_contacts'] = PERMS_SPECIFIC;
+ $ret['limits']['view_storage'] = PERMS_SPECIFIC;
+
+ break;
+
+ case 'forum':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ break;
+
+ case 'forum_restricted':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'forum_private':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = false;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ $ret['limits']['view_profile'] = PERMS_SPECIFIC;
+ $ret['limits']['view_contacts'] = PERMS_SPECIFIC;
+ $ret['limits']['view_storage'] = PERMS_SPECIFIC;
+ $ret['limits']['view_pages'] = PERMS_SPECIFIC;
+
+ break;
+
+ case 'feed':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'feed_restricted':
+ $ret['perms_auto'] = false;
+ $ret['default_collection'] = true;
+ $ret['directory_publish'] = false;
+ $ret['online'] = false;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'soapbox':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_like' , 'republish' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+
+ break;
+
+ case 'repository':
+ $ret['perms_auto'] = true;
+ $ret['default_collection'] = false;
+ $ret['directory_publish'] = true;
+ $ret['online'] = false;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+
+ $ret['limits'] = PermissionLimits::Std_Limits();
+ break;
+
+ default:
+ break;
+ }
+
+ $x = get_config('system','role_perms');
+ // let system settings over-ride any or all
+ if($x && is_array($x) && array_key_exists($role,$x))
+ $ret = array_merge($ret,$x[$role]);
+
+ call_hooks('get_role_perms',$ret);
+
+ return $ret;
+ }
+
+
+
+
+ static public function roles() {
+ $roles = [
+ t('Social Networking') => [
+ 'social' => t('Social - Mostly Public'),
+ 'social_restricted' => t('Social - Restricted'),
+ 'social_private' => t('Social - Private')
+ ],
+
+ t('Community Forum') => [
+ 'forum' => t('Forum - Mostly Public'),
+ 'forum_restricted' => t('Forum - Restricted'),
+ 'forum_private' => t('Forum - Private')
+ ],
+
+ t('Feed Republish') => [
+ 'feed' => t('Feed - Mostly Public'),
+ 'feed_restricted' => t('Feed - Restricted')
+ ],
+
+ t('Special Purpose') => [
+ 'soapbox' => t('Special - Celebrity/Soapbox'),
+ 'repository' => t('Special - Group Repository')
+ ],
+
+ t('Other') => [
+ 'custom' => t('Custom/Expert Mode')
+ ]
+
+ ];
+
+ return $roles;
+ }
+
+
+
+} \ No newline at end of file
diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
new file mode 100644
index 000000000..61ea51a48
--- /dev/null
+++ b/Zotlabs/Access/Permissions.php
@@ -0,0 +1,116 @@
+<?php
+
+
+namespace Zotlabs\Access;
+
+use Zotlabs\Lib as Zlib;
+
+class Permissions {
+
+ /**
+ * Extensible permissions.
+ * To add new permissions, add to the list of $perms below, with a simple description.
+ * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
+ * if this permission should be granted to new connections.
+ *
+ * Permissions with 'view' in the name are considered read permissions. Anything
+ * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
+ * is given PERMS_SPECIFIC.
+ *
+ * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
+ * MAY alter an individual setting after retrieving the Std_limits if you require
+ * something different for a specific permission within the given role.
+ *
+ */
+
+
+ static public function Perms($filter = '') {
+
+ $perms = [
+ 'view_stream' => t('Can view my channel stream and posts'),
+ 'send_stream' => t('Can send me their channel stream and posts'),
+ 'view_profile' => t('Can view my default channel profile'),
+ 'view_contacts' => t('Can view my connections'),
+ 'view_storage' => t('Can view my file storage and photos'),
+ 'write_storage' => t('Can upload/modify my file storage and photos'),
+ 'view_pages' => t('Can view my channel webpages'),
+ 'write_pages' => t('Can create/edit my channel webpages'),
+ 'post_wall' => t('Can post on my channel (wall) page'),
+ 'post_comments' => t('Can comment on or like my posts'),
+ 'post_mail' => t('Can send me private mail messages'),
+ 'post_like' => t('Can like/dislike profiles and profile things'),
+ 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts'),
+ 'chat' => t('Can chat with me'),
+ 'republish' => t('Can source my public posts in derived channels'),
+ 'delegate' => t('Can administer my channel')
+ ];
+
+ $x = array('permissions' => $perms, 'filter' => $filter);
+ call_hooks('permissions_list',$x);
+ return($x['permissions']);
+
+ }
+
+ static public function BlockedAnonPerms() {
+
+ // Perms from the above list that are blocked from anonymous observers.
+ // e.g. you must be authenticated.
+
+ $res = array();
+ $perms = PermissionLimits::Std_limits();
+ foreach($perms as $perm => $limit) {
+ if($limit != PERMS_PUBLIC) {
+ $res[] = $perm;
+ }
+ }
+
+ $x = array('permissions' => $res);
+ call_hooks('write_perms',$x);
+ return($x['permissions']);
+
+ }
+
+ // converts [ 0 => 'view_stream', ... ]
+ // to [ 'view_stream' => 1 ]
+ // for any permissions in $arr;
+ // Undeclared permissions are set to 0
+
+ static public function FilledPerms($arr) {
+ $everything = self::Perms();
+ $ret = [];
+ foreach($everything as $k => $v) {
+ if(in_array($k,$arr))
+ $ret[$k] = 1;
+ else
+ $ret[$k] = 0;
+ }
+ return $ret;
+
+ }
+
+ static public function FilledAutoperms($channel_id) {
+ if(! intval(get_pconfig($channel_id,'system','autoperms')))
+ return false;
+
+ $arr = [];
+ $r = q("select * from pconfig where uid = %d and cat = 'autoperms'",
+ intval($channel_id)
+ );
+ if($r) {
+ foreach($r as $rr) {
+ $arr[$rr['k']] = $arr[$rr['v']];
+ }
+ }
+ return $arr;
+ }
+
+ static public function PermsCompare($p1,$p2) {
+ foreach($p1 as $k => $v) {
+ if(! array_key_exists($k,$p2))
+ return false;
+ if($p1[$k] != $p2[$k])
+ return false;
+ }
+ return true;
+ }
+} \ No newline at end of file
diff --git a/Zotlabs/Daemon/Cron.php b/Zotlabs/Daemon/Cron.php
index 5af8174bf..c6e82b13a 100644
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -66,7 +66,7 @@ class Cron {
q("delete from atoken where atoken_expires != '%s' && atoken_expires < %s",
dbesc(NULL_DATE),
- dbutcnow()
+ db_utcnow()
);
diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php
index 036a4991b..21c46cec5 100644
--- a/Zotlabs/Daemon/Onepoll.php
+++ b/Zotlabs/Daemon/Onepoll.php
@@ -102,7 +102,9 @@ class Onepoll {
$fetch_feed = true;
$x = null;
- if(! ($contact['abook_their_perms'] & PERMS_R_STREAM ))
+ $can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream'));
+
+ if(! $can_view_stream)
$fetch_feed = false;
if($fetch_feed) {
diff --git a/Zotlabs/Lib/AbConfig.php b/Zotlabs/Lib/AbConfig.php
index cab59abbd..cb5d96951 100644
--- a/Zotlabs/Lib/AbConfig.php
+++ b/Zotlabs/Lib/AbConfig.php
@@ -7,7 +7,7 @@ class AbConfig {
static public function Load($chan,$xhash,$family = '') {
if($family)
- $where = sprintf(" and family = '%s' ",dbesc($family));
+ $where = sprintf(" and cat = '%s' ",dbesc($family));
$r = q("select * from abconfig where chan = %d and xchan = '%s' $where",
intval($chan),
dbesc($xhash)
diff --git a/Zotlabs/Lib/PermissionDescription.php b/Zotlabs/Lib/PermissionDescription.php
index 55aac2dea..b6c6dd29d 100644
--- a/Zotlabs/Lib/PermissionDescription.php
+++ b/Zotlabs/Lib/PermissionDescription.php
@@ -78,22 +78,13 @@ class PermissionDescription {
$result = null;
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
if (array_key_exists($permname, $global_perms)) {
- $permDetails = $global_perms[$permname];
-
- // It should be OK to always just read the permissions from App::$channel
- //
- // App::$profile is a union of channel and profile fields.
- // The distinction is basically that App::$profile is pointing to the resource
- // being observed. App::$channel is referring to the current logged-in channel
- // member (if this is a local channel) e.g. the observer. We only show the ACL
- // widget to the page owner (observer and observed are the same) so in that case
- // I believe either may be safely used here.
- $channelPerm = \App::$channel[$permDetails[0]];
- $result = new PermissionDescription($permDetails[1], $channelPerm);
+ $channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'],$permname);
+
+ $result = new PermissionDescription('', $channelPerm);
} else {
// The acl dialog can handle null arguments, but it shouldn't happen
logger('null PermissionDescription from unknown global permission: ' . $permname ,LOGGER_DEBUG, LOG_ERROR);
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index 76a001fdd..03dc6c5d3 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -58,7 +58,23 @@ class Acl extends \Zotlabs\Web\Controller {
if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
killme();
-
+
+ $permitted = [];
+
+ if(in_array($type, [ 'm', 'a', 'c' ])) {
+
+ // These queries require permission checking. We'll create a simple array of xchan_hash for those with
+ // the requisite permissions which we can check against.
+
+ $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1",
+ intval(local_channel()),
+ dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver')
+ );
+
+ $permitted = ids_to_array($x,'xchan');
+ }
+
+
if($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
@@ -87,13 +103,13 @@ class Acl extends \Zotlabs\Web\Controller {
if($type == '' || $type == 'g') {
- $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname`
- FROM `groups`,`group_member`
- WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d
- AND `group_member`.`gid`=`groups`.`id`
+ $r = q("SELECT groups.id, groups.hash, groups.gname
+ FROM groups,group_member
+ WHERE groups.deleted = 0 AND groups.uid = %d
+ AND group_member.gid=groups.id
$sql_extra
- GROUP BY `groups`.`id`
- ORDER BY `groups`.`gname`
+ GROUP BY groups.id
+ ORDER BY groups.gname
LIMIT %d OFFSET %d",
intval(local_channel()),
intval($count),
@@ -156,7 +172,7 @@ class Acl extends \Zotlabs\Web\Controller {
}
- $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
+ $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
intval(local_channel())
@@ -221,16 +237,24 @@ class Acl extends \Zotlabs\Web\Controller {
}
}
elseif($type == 'm') {
-
- $r = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
+
+ $r = array();
+ $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
FROM abook left join xchan on abook_xchan = xchan_hash
- WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
+ WHERE abook_channel = %d
and xchan_deleted = 0
$sql_extra3
- ORDER BY `xchan_name` ASC ",
- intval(local_channel()),
- intval(PERMS_W_MAIL)
+ ORDER BY xchan_name ASC ",
+ intval(local_channel())
);
+ if($z) {
+ foreach($z as $zz) {
+ if(in_array($zz['id'],$permitted)) {
+ $r[] = $zz;
+ }
+ }
+ }
+
}
elseif($type == 'a') {
@@ -274,7 +298,7 @@ class Acl extends \Zotlabs\Web\Controller {
if(strpos($g['hash'],'/') && $type != 'a')
continue;
- if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) {
+ if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
$contacts[] = array(
"type" => "c",
"photo" => "images/twopeople.png",
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 7db4950b1..93ee30999 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -126,15 +126,30 @@ class Connedit extends \Zotlabs\Web\Controller {
$rating = 10;
$rating_text = trim(escape_tags($_REQUEST['rating_text']));
-
- $abook_my_perms = 0;
-
- foreach($_POST as $k => $v) {
- if(strpos($k,'perms_') === 0) {
- $abook_my_perms += $v;
+
+ $all_perms = \Zotlabs\Access\Permissions::Perms();
+
+ if($all_perms) {
+ foreach($all_perms as $perm => $desc) {
+ if(array_key_exists('perms_' . $perm, $_POST)) {
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,
+ intval($_POST['perms_' . $perm]));
+ if($autoperms) {
+ set_pconfig($channel['channel_id'],'autoperms',$perm,intval($_POST['perms_' . $perm]));
+ }
+ }
+ else {
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
+ if($autoperms) {
+ set_pconfig($channel['channel_id'],'autoperms',$perm,0);
+ }
+ }
}
}
-
+
+ if(! is_null($autoperms))
+ set_pconfig($channel['channel_id'],'system','autoperms',$autoperms);
+
$new_friend = false;
if(! $is_self) {
@@ -194,19 +209,25 @@ class Connedit extends \Zotlabs\Web\Controller {
$role = get_pconfig(local_channel(),'system','permissions_role');
if($role) {
- $x = get_role_perms($role);
- if($x['perms_accept'])
- $abook_my_perms = $x['perms_accept'];
+ $x = \Zotlabs\Access\PermissionRoles::role_perms($role);
+ if($x['perms_connect']) {
+ $abook_my_perms = $x['perms_connect'];
+ }
+ }
+
+ $filled_perms = \Zotlabs\Access\Permissions::FilledPerms($abook_my_perms);
+ foreach($filled_perms as $k => $v) {
+ set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v);
}
+
}
-
+
$abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']);
- $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_pending = %d,
+ $r = q("UPDATE abook SET abook_profile = '%s', abook_closeness = %d, abook_pending = %d,
abook_incl = '%s', abook_excl = '%s'
where abook_id = %d AND abook_channel = %d",
dbesc($profile_id),
- intval($abook_my_perms),
intval($closeness),
intval($abook_pending),
dbesc($abook_incl),
@@ -227,10 +248,13 @@ class Connedit extends \Zotlabs\Web\Controller {
info( t('Connection updated.') . EOL);
else
notice( t('Failed to update connection record.') . EOL);
-
- if(\App::$poi && \App::$poi['abook_my_perms'] != $abook_my_perms
- && (! intval(\App::$poi['abook_self']))) {
- \Zotlabs\Daemon\Master::Summon(array('Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), $contact_id));
+
+ if(! intval(\App::$poi['abook_self'])) {
+ \Zotlabs\Daemon\Master::Summon( [
+ 'Notifier',
+ (($new_friend) ? 'permission_create' : 'permission_update'),
+ $contact_id
+ ]);
}
if($new_friend) {
@@ -371,9 +395,9 @@ class Connedit extends \Zotlabs\Web\Controller {
$my_perms = get_channel_default_perms(local_channel());
$role = get_pconfig(local_channel(),'system','permissions_role');
if($role) {
- $x = get_role_perms($role);
- if($x['perms_accept'])
- $my_perms = $x['perms_accept'];
+ $x = \Zotlabs\Access\PermissionRoles::role_perms($role);
+ if($x['perms_connect'])
+ $my_perms = $x['perms_connect'];
}
$yes_no = array(t('No'),t('Yes'));
@@ -654,7 +678,8 @@ class Connedit extends \Zotlabs\Web\Controller {
$perms = array();
$channel = \App::get_channel();
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes')));
@@ -670,16 +695,32 @@ class Connedit extends \Zotlabs\Web\Controller {
if($slide && $multiprofs)
$affinity = t('Set Affinity & Profile');
+ $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'",
+ intval(local_channel()),
+ dbesc($contact['abook_xchan'])
+ );
+ $their_perms = array();
+ if($theirs) {
+ foreach($theirs as $t) {
+ $their_perms[$t['k']] = $t['v'];
+ }
+ }
+
foreach($global_perms as $k => $v) {
- $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : '');
- $checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : '');
+ $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
+//fixme
+
+ $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
// For auto permissions (when $self is true) we don't want to look at existing
// permissions because they are enabled for the channel owner
if((! $self) && ($existing[$k]))
$thisperm = "1";
+
+
+
- $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4], $checkinherited);
+ $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
}
$locstr = '';
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index ba2394388..aaf69844c 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -48,55 +48,13 @@ class Dav extends \Zotlabs\Web\Controller {
if (! is_dir('store'))
os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
- $which = null;
if (argc() > 1)
- $which = argv(1);
+ profile_load(argv(1),0);
- $profile = 0;
-
- \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
-
- if ($which)
- profile_load( $which, $profile);
-
-
-
$auth = new \Zotlabs\Storage\BasicAuth();
- $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');
-
-// $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function($userName,$password) {
-// if(account_verify_password($userName,$password))
-// return true;
-// return false;
-// });
+ $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
-// $ob_hash = get_observer_hash();
-
-// if ($ob_hash) {
-// if (local_channel()) {
-// $channel = \App::get_channel();
-// $auth->setCurrentUser($channel['channel_address']);
-// $auth->channel_id = $channel['channel_id'];
-// $auth->channel_hash = $channel['channel_hash'];
-// $auth->channel_account_id = $channel['channel_account_id'];
-// if($channel['channel_timezone'])
-// $auth->setTimezone($channel['channel_timezone']);
-// }
-// $auth->observer = $ob_hash;
-// }
-
-// if ($_GET['davguest'])
-// $_SESSION['davguest'] = true;
-
-// $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
-// $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
-// $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
-//
-// $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
-// $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
-// $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
-
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
// A SabreDAV server-object
@@ -113,48 +71,13 @@ class Dav extends \Zotlabs\Web\Controller {
$server->addPlugin($lockPlugin);
- // The next section of code allows us to bypass prompting for http-auth if a
- // FILE is being accessed anonymously and permissions allow this. This way
- // one can create hotlinks to public media files in their cloud and anonymous
- // viewers won't get asked to login.
- // If a DIRECTORY is accessed or there are permission issues accessing the
- // file and we aren't previously authenticated via zot, prompt for HTTP-auth.
- // This will be the default case for mounting a DAV directory.
- // In order to avoid prompting for passwords for viewing a DIRECTORY, add
- // the URL query parameter 'davguest=1'.
-
-// $isapublic_file = false;
-// $davguest = ((x($_SESSION, 'davguest')) ? true : false);
-
-// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
-// try {
-// $x = RedFileData('/' . \App::$cmd, $auth);
-// if($x instanceof \Zotlabs\Storage\File)
-// $isapublic_file = true;
-// }
-// catch (Exception $e) {
-// $isapublic_file = false;
-// }
-// }
-
-// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
-// try {
-// $auth->Authenticate($server, t('$Projectname channel'));
-// }
-// catch (Exception $e) {
-// logger('mod_cloud: auth exception' . $e->getMessage());
-// http_status_exit($e->getHTTPCode(), $e->getMessage());
-// }
-// }
-
- // require_once('Zotlabs/Storage/Browser.php');
// provide a directory view for the cloud in Hubzilla
$browser = new \Zotlabs\Storage\Browser($auth);
$auth->setBrowserPlugin($browser);
// Experimental QuotaPlugin
- // require_once('Zotlabs/Storage/QuotaPlugin.php');
- // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
+ // require_once('Zotlabs/Storage/QuotaPlugin.php');
+ // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
// All we need to do now, is to fire up the server
$server->exec();
diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php
index da859de3e..838fe9e4f 100644
--- a/Zotlabs/Module/Editpost.php
+++ b/Zotlabs/Module/Editpost.php
@@ -47,9 +47,9 @@ class Editpost extends \Zotlabs\Web\Controller {
if(intval($itm[0]['item_obscured'])) {
$key = get_config('system','prvkey');
if($itm[0]['title'])
- $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
+ $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
if($itm[0]['body'])
- $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
+ $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
}
$category = '';
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php
index be4803a07..a55f81101 100644
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -108,9 +108,9 @@ class Editwebpage extends \Zotlabs\Web\Controller {
if(intval($itm[0]['item_obscured'])) {
$key = get_config('system','prvkey');
if($itm[0]['title'])
- $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
+ $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
if($itm[0]['body'])
- $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
+ $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
}
$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php
index 3641330c9..da9ab3670 100644
--- a/Zotlabs/Module/Follow.php
+++ b/Zotlabs/Module/Follow.php
@@ -47,12 +47,13 @@ class Follow extends \Zotlabs\Web\Controller {
if($abconfig)
$clone['abconfig'] = $abconfig;
- build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)));
+ build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)), true);
+ $can_view_stream = intval(get_abconfig($channel['channel_id'],$clone['abook_xchan'],'their_perms','view_stream'));
// If we can view their stream, pull in some posts
- if(($result['abook']['abook_their_perms'] & PERMS_R_STREAM) || ($result['abook']['xchan_network'] === 'rss'))
+ if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss'))
\Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id']));
goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php
index e34f5e49e..d27f013b9 100644
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -8,6 +8,7 @@ namespace Zotlabs\Module;
require_once('include/zot.php');
require_once('include/channel.php');
require_once('include/import.php');
+require_once('include/perm_upgrade.php');
@@ -339,6 +340,8 @@ class Import extends \Zotlabs\Web\Controller {
$abooks = $data['abook'];
if($abooks) {
foreach($abooks as $abook) {
+
+ $abook_copy = $abook;
$abconfig = null;
if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig']))
@@ -347,6 +350,10 @@ class Import extends \Zotlabs\Web\Controller {
unset($abook['abook_id']);
unset($abook['abook_rating']);
unset($abook['abook_rating_text']);
+ unset($abook['abconfig']);
+ unset($abook['abook_their_perms']);
+ unset($abook['abook_my_perms']);
+
$abook['abook_account'] = $account_id;
$abook['abook_channel'] = $channel['channel_id'];
if(! array_key_exists('abook_blocked',$abook)) {
@@ -385,6 +392,8 @@ class Import extends \Zotlabs\Web\Controller {
$friends ++;
if(intval($abook['abook_feed']))
$feeds ++;
+
+ translate_abook_perms_inbound($channel,$abook_copy);
if($abconfig) {
// @fixme does not handle sync of del_abconfig
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 235c5528e..2d0c1ba02 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -183,7 +183,9 @@ class Item extends \Zotlabs\Web\Controller {
}
// can_comment_on_post() needs info from the following xchan_query
- xchan_query($r);
+ // This may be from the discover tab which means we need to correct the effective uid
+
+ xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel()));
$parent_item = $r[0];
$parent = $r[0]['id'];
@@ -316,9 +318,11 @@ class Item extends \Zotlabs\Web\Controller {
}
$acl = new \Zotlabs\Access\AccessList($channel);
+
+ $view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream');
+ $comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments');
-
- $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
+ $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($view_policy,true));
if($webpage)
$public_policy = '';
if($public_policy)
@@ -526,11 +530,11 @@ class Item extends \Zotlabs\Web\Controller {
if((! $parent) && (get_pconfig($profile_uid,'system','tagifonlyrecip')) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) {
- $x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+ $x = q("select abook_id, abconfig.v from abook left join abconfig on abook_xchan = abconfig.xchan and abook_channel = abconfig.chan and cat= 'their_perms' and abconfig.k = 'tag_deliver' and abconfig.v = 1 and abook_xchan = '%s' and abook_channel = %d limit 1",
dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)),
intval($profile_uid)
);
- if($x && ($x[0]['abook_their_perms'] & PERMS_W_TAGWALL))
+ if($x)
$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
}
@@ -810,7 +814,7 @@ class Item extends \Zotlabs\Web\Controller {
$datarray['layout_mid'] = $layout_mid;
$datarray['public_policy'] = $public_policy;
- $datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
+ $datarray['comment_policy'] = map_scope($comment_policy);
$datarray['term'] = $post_tags;
$datarray['plink'] = $plink;
$datarray['route'] = $route;
diff --git a/Zotlabs/Module/Login.php b/Zotlabs/Module/Login.php
index ff75e5268..ae35b922f 100644
--- a/Zotlabs/Module/Login.php
+++ b/Zotlabs/Module/Login.php
@@ -7,6 +7,9 @@ class Login extends \Zotlabs\Web\Controller {
function get() {
if(local_channel())
goaway(z_root());
+ if(remote_channel() && $_SESSION['atoken'])
+ goaway(z_root());
+
return login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? false : true);
}
diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php
index aae7585c4..043c28078 100644
--- a/Zotlabs/Module/Mail.php
+++ b/Zotlabs/Module/Mail.php
@@ -57,8 +57,6 @@ class Mail extends \Zotlabs\Web\Controller {
$their_perms = 0;
- $global_perms = get_perms();
-
if($j['permissions']['data']) {
$permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']);
if($permissions)
@@ -68,13 +66,7 @@ class Mail extends \Zotlabs\Web\Controller {
else
$permissions = $j['permissions'];
- foreach($permissions as $k => $v) {
- if($v) {
- $their_perms = $their_perms | intval($global_perms[$k][1]);
- }
- }
-
- if(! ($their_perms & PERMS_W_MAIL)) {
+ if(! ($permissions['post_mail'])) {
notice( t('Selected channel has private message restrictions. Send failed.'));
// reported issue: let's still save the message and continue. We'll just tell them
// that nothing useful is likely to happen. They might have spent hours on it.
@@ -120,7 +112,7 @@ class Mail extends \Zotlabs\Web\Controller {
}
- function get() {
+ function get() {
$o = '';
nav_set_selected('messages');
diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php
index 4ca044c4a..8f815d6d4 100644
--- a/Zotlabs/Module/Manage.php
+++ b/Zotlabs/Module/Manage.php
@@ -143,9 +143,9 @@ class Manage extends \Zotlabs\Web\Controller {
$create = array( 'new_channel', t('Create a new channel'), t('Create New'));
$delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where
- abook_channel = %d and (abook_their_perms & %d) > 0",
+ abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = 1 )",
intval(local_channel()),
- intval(PERMS_A_DELEGATE)
+ intval(local_channel())
);
if($delegates) {
diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php
index 7a6e4a81f..8cbc6d2fd 100644
--- a/Zotlabs/Module/Openid.php
+++ b/Zotlabs/Module/Openid.php
@@ -48,7 +48,7 @@ class Openid extends \Zotlabs\Web\Controller {
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
- authenticate_success($record,true,true,true,true);
+ authenticate_success($record,$r[0],true,true,true,true);
goaway(z_root());
}
}
diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php
index dda792131..7fc0e8ff5 100644
--- a/Zotlabs/Module/Probe.php
+++ b/Zotlabs/Module/Probe.php
@@ -23,8 +23,6 @@ class Probe extends \Zotlabs\Web\Controller {
$j = \Zotlabs\Zot\Finger::run($addr,$channel,false);
- // $res = zot_finger($addr,$channel,false);
-
$o .= '<pre>';
if(! $j['success']) {
$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php
index 899c79b15..4b05182c2 100644
--- a/Zotlabs/Module/Profiles.php
+++ b/Zotlabs/Module/Profiles.php
@@ -708,7 +708,7 @@ class Profiles extends \Zotlabs\Web\Controller {
'$profile_id' => $r[0]['id'],
'$profile_name' => array('profile_name', t('Profile name'), $r[0]['profile_name'], t('Required'), '*'),
'$is_default' => $is_default,
- '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope($channel['channel_r_profile'])),
+ '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))),
'$advanced' => $advanced,
'$name' => array('name', t('Your full name'), $r[0]['fullname'], t('Required'), '*'),
'$pdesc' => array('pdesc', t('Title/Description'), $r[0]['pdesc']),
@@ -767,7 +767,7 @@ class Profiles extends \Zotlabs\Web\Controller {
'$alt' => t('Profile Image'),
'$profile_name' => $rr['profile_name'],
'$visible' => (($rr['is_default'])
- ? '<strong>' . translate_scope(map_scope($channel['channel_r_profile'])) . '</strong>'
+ ? '<strong>' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '</strong>'
: '<a href="' . z_root() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
));
}
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index 6afa4a94c..45123b88d 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -146,7 +146,7 @@ class Register extends \Zotlabs\Web\Controller {
goaway(z_root());
}
- authenticate_success($result['account'],true,false,true);
+ authenticate_success($result['account'],null,true,false,true);
$new_channel = false;
$next_page = 'new_channel';
diff --git a/Zotlabs/Module/Removeaccount.php b/Zotlabs/Module/Removeaccount.php
index 39e06bb7f..9fac7838e 100644
--- a/Zotlabs/Module/Removeaccount.php
+++ b/Zotlabs/Module/Removeaccount.php
@@ -25,7 +25,8 @@ class Removeaccount extends \Zotlabs\Web\Controller {
$account = \App::get_account();
$account_id = get_account_id();
- if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+ $x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+ if(! ($x && $x['account']))
return;
if($account['account_password_changed'] != NULL_DATE) {
diff --git a/Zotlabs/Module/Removeme.php b/Zotlabs/Module/Removeme.php
index e611d8112..bc18fe0f8 100644
--- a/Zotlabs/Module/Removeme.php
+++ b/Zotlabs/Module/Removeme.php
@@ -24,7 +24,9 @@ class Removeme extends \Zotlabs\Web\Controller {
$account = \App::get_account();
- if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+
+ $x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+ if(! ($x && $x['account']))
return;
if($account['account_password_changed'] != NULL_DATE) {
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index b1258e049..af3a25c60 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -21,10 +21,7 @@ class Settings extends \Zotlabs\Web\Controller {
// We are setting these values - don't use the argc(), argv() functions here
\App::$argc = 2;
\App::$argv[] = 'channel';
- }
-
-
-
+ }
}
@@ -38,7 +35,7 @@ class Settings extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
- logger('mod_settings: ' . print_r($_REQUEST,true));
+ // logger('mod_settings: ' . print_r($_REQUEST,true));
if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){
@@ -363,10 +360,10 @@ class Settings extends \Zotlabs\Web\Controller {
intval(local_channel())
);
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
foreach($global_perms as $k => $v) {
- $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' ';
+ \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,intval($_POST[$k]));
}
$acl = new \Zotlabs\Access\AccessList($channel);
$acl->set_from_array($_POST);
@@ -382,7 +379,7 @@ class Settings extends \Zotlabs\Web\Controller {
);
}
else {
- $role_permissions = get_role_perms($_POST['permissions_role']);
+ $role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($_POST['permissions_role']);
if(! $role_permissions) {
notice('Permissions category could not be found.');
return;
@@ -422,20 +419,25 @@ class Settings extends \Zotlabs\Web\Controller {
);
}
- $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1",
- intval((array_key_exists('perms_accept',$role_permissions)) ? $role_permissions['perms_accept'] : 0),
- intval(local_channel())
- );
- set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0));
-
- foreach($role_permissions as $p => $v) {
- if(strpos($p,'channel_') !== false) {
- $set_perms .= ', ' . $p . ' = ' . intval($v) . ' ';
+ $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']);
+ foreach($x as $k => $v) {
+ set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k, $v);
+ if($role_permissions['perms_auto']) {
+ set_pconfig(local_channel(),'autoperms',$k,$v);
}
- if($p === 'directory_publish') {
- $publish = intval($v);
+ else {
+ del_pconfig(local_channel(),'autoperms',$k);
+ }
+ }
+
+ if($role_permissions['limits']) {
+ foreach($role_permissions['limits'] as $k => $v) {
+ \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,$v);
}
}
+ if(array_key_exists('directory_publish',$role_permissions)) {
+ $publish = intval($role_permissions['directory_publish']);
+ }
}
set_pconfig(local_channel(),'system','hide_online_status',$hide_presence);
@@ -963,11 +965,7 @@ class Settings extends \Zotlabs\Web\Controller {
return $o;
}
-
-
-
-
-
+
if(argv(1) === 'channel') {
require_once('include/acl_selectors.php');
@@ -984,9 +982,8 @@ class Settings extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
-
- $global_perms = get_perms();
-
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
+
$permiss = array();
$perm_opts = array(
@@ -1000,19 +997,18 @@ class Settings extends \Zotlabs\Web\Controller {
array( t('Anybody on the internet'), PERMS_PUBLIC)
);
+ $limits = \Zotlabs\Access\PermissionLimits::Get(local_channel());
foreach($global_perms as $k => $perm) {
$options = array();
foreach($perm_opts as $opt) {
- if((! $perm[2]) && $opt[1] == PERMS_PUBLIC)
- continue;
$options[$opt[1]] = $opt[0];
}
- $permiss[] = array($k,$perm[3],$channel[$perm[0]],$perm[4],$options);
+ $permiss[] = array($k,$perm,$limits[$k],'',$options);
}
- // logger('permiss: ' . print_r($permiss,true));
+ //logger('permiss: ' . print_r($permiss,true));
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 9c73b47b9..995976dcd 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
require_once('include/auth.php');
$record = account_verify_password($username, $password);
- if ($record && $record['account_default_channel']) {
- $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
- intval($record['account_id']),
- intval($record['account_default_channel'])
- );
- if($r && $this->check_module_access($r[0]['channel_id'])) {
- return $this->setAuthenticated($r[0]);
+ if($record && $record['account']) {
+ if($record['channel'])
+ $channel = $record['channel'];
+ else {
+ $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
+ intval($record['account']['account_id']),
+ intval($record['account']['account_default_channel'])
+ );
+ if($r)
+ $channel = $r[0];
}
}
- $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1",
- dbesc($username)
- );
- if ($r) {
- $x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- // @fixme this foreach should not be needed?
- foreach ($x as $record) {
- if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
- && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
- logger('password verified for ' . $username);
- if($this->check_module_access($r[0]['channel_id']))
- return $this->setAuthenticated($r[0]);
- }
- }
- }
+ if($channel && $this->check_module_access($channel['channel_id'])) {
+ return $this->setAuthenticated($channel);
}
if($this->module_disabled)
@@ -178,6 +165,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
function check(RequestInterface $request, ResponseInterface $response) {
if(local_channel()) {
+ $this->setAuthenticated(\App::get_channel());
return [ true, $this->principalPrefix . $this->channel_name ];
}
@@ -275,4 +263,4 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
logger('owner_id ' . $this->owner_id, LOGGER_DATA);
logger('owner_nick ' . $this->owner_nick, LOGGER_DATA);
}
-} \ No newline at end of file
+}