aboutsummaryrefslogtreecommitdiffstats
path: root/include/permissions.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/permissions.php')
-rw-r--r--include/permissions.php53
1 files changed, 44 insertions, 9 deletions
diff --git a/include/permissions.php b/include/permissions.php
index 638bedb24..637193973 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -1,4 +1,7 @@
<?php
+
+require_once('include/security.php');
+
/**
* @file include/permissions.php
*
@@ -119,10 +122,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
dbesc($observer_xchan)
);
if(! $x) {
- // not in address book, see if they've got an xchan
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
+ // see if they've got a guest access token; these are treated as connections
+ $y = atoken_abook($uid,$observer_xchan);
+ if($y)
+ $x = array($y);
+
+ if(! $x) {
+ // not in address book and no guest token, see if they've got an xchan
+ // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections
+ $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
+ dbesc($observer_xchan)
+ );
+ if($y) {
+ $x = array(pseudo_abook($y[0]));
+ }
+ }
}
$abook_checked = true;
@@ -184,7 +198,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If we're still here, we have an observer, check the network.
if($channel_perm & PERMS_NETWORK) {
- if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) {
+ if($x && $x[0]['xchan_network'] === 'zot') {
$ret[$perm_name] = true;
continue;
}
@@ -232,6 +246,12 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They're a contact, so they have permission
if($channel_perm & PERMS_CONTACTS) {
+ // it was a fake abook entry, not really a connection
+ if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) {
+ $ret[$perm_name] = false;
+ continue;
+ }
+
$ret[$perm_name] = true;
continue;
}
@@ -328,10 +348,21 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
return false;
if(! $x) {
- // not in address book, see if they've got an xchan
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
+ // see if they've got a guest access token
+ $y = atoken_abook($uid,$observer_xchan);
+ if($y)
+ $x = array($y);
+
+ if(! $x) {
+ // not in address book and no guest token, see if they've got an xchan
+ $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
+ dbesc($observer_xchan)
+ );
+ if($y) {
+ $x = array(pseudo_abook($y[0]));
+ }
+ }
+
}
$abperms = load_abconfig($uid,$observer_xchan,'my_perms');
}
@@ -401,6 +432,10 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// They're a contact, so they have permission
if($channel_perm & PERMS_CONTACTS) {
+ // it was a fake abook entry, not really a connection
+ if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) {
+ return false;
+ }
return true;
}