aboutsummaryrefslogtreecommitdiffstats
path: root/include/api.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/api.php')
-rw-r--r--include/api.php31
1 files changed, 22 insertions, 9 deletions
diff --git a/include/api.php b/include/api.php
index 9ed025564..140e75f29 100644
--- a/include/api.php
+++ b/include/api.php
@@ -802,6 +802,14 @@ require_once('include/security.php');
if ($exclude_replies > 0)
$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
+ if (api_user() != $user_info['uid']) {
+ $observer = get_app()->get_observer();
+ require_once('include/permissions.php');
+ if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream'))
+ return '';
+ $sql_extra .= " and item_private = 0 ";
+ }
+
$r = q("SELECT * from item WHERE uid = %d and item_restrict = 0
$sql_extra
AND id > %d
@@ -820,12 +828,14 @@ require_once('include/security.php');
// level which items you've seen and which you haven't. If you're looking
// at the network timeline just mark everything seen.
- $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
- WHERE item_flags & %d and uid = %d",
- intval(ITEM_UNSEEN),
- intval(ITEM_UNSEEN),
- intval($user_info['uid'])
- );
+ if (api_user() == $user_info['uid']) {
+ $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
+ WHERE item_flags & %d and uid = %d",
+ intval(ITEM_UNSEEN),
+ intval(ITEM_UNSEEN),
+ intval($user_info['uid'])
+ );
+ }
$data = array('$statuses' => $ret);
@@ -966,7 +976,7 @@ require_once('include/security.php');
logger('API: api_statuses_repeat: '.$id);
//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
-
+// FIXME
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`,
`contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
@@ -1008,7 +1018,7 @@ require_once('include/security.php');
$user_info = api_get_user($a);
// params
- $id = intval($a->argv[3]);
+ $id = intval(argv(3));
logger('API: api_statuses_destroy: '.$id);
@@ -1029,6 +1039,8 @@ require_once('include/security.php');
* http://developer.twitter.com/doc/get/statuses/mentions
*
*/
+
+// FIXME
function api_statuses_mentions(&$a, $type){
if (api_user()===false) return false;
@@ -1106,6 +1118,7 @@ require_once('include/security.php');
return api_apply_template("timeline", $type, $data);
}
api_register_func('api/statuses/mentions','api_statuses_mentions', true);
+ // FIXME?? I don't think mentions and replies are congruent in this case
api_register_func('api/statuses/replies','api_statuses_mentions', true);
@@ -1113,7 +1126,7 @@ require_once('include/security.php');
if (api_user()===false) return false;
$user_info = api_get_user($a);
- // get last newtork messages
+ // get last network messages
logger("api_statuses_user_timeline: api_user: ". api_user() .