aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php49
1 files changed, 38 insertions, 11 deletions
diff --git a/include/security.php b/include/security.php
index 4738e473b..1181e6bf2 100644
--- a/include/security.php
+++ b/include/security.php
@@ -302,16 +302,19 @@ function public_permissions_sql($observer_hash) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
}
- $sql = sprintf(
- " OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
- AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
- ))
- ",
- dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
- dbesc($gs),
- dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
- dbesc($gs)
- );
+ $sql = '';
+ if($observer_hash) {
+ $sql = sprintf(
+ " OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+ AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ ))
+ ",
+ dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
+ dbesc($gs),
+ dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
+ dbesc($gs)
+ );
+ }
return $sql;
}
@@ -409,7 +412,7 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) {
$ret = array();
if(local_user())
$ret[] = local_user();
- $r = q("select channel_id from channel where channel_r_stream <= %d",
+ $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d",
intval($perms_min)
);
if($r)
@@ -424,6 +427,30 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) {
$str .= ',';
$str .= intval($rr);
}
+logger('stream_perms_api_uids: ' . $str);
return $str;
}
+function stream_perms_xchans($perms_min = PERMS_SITE) {
+ $ret = array();
+ if(local_user())
+ $ret[] = get_observer_hash();
+
+ $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d",
+ intval($perms_min)
+ );
+ if($r)
+ foreach($r as $rr)
+ if(! in_array($rr['channel_hash'],$ret))
+ $ret[] = $rr['channel_hash'];
+
+ $str = '';
+ if($ret)
+ foreach($ret as $rr) {
+ if($str)
+ $str .= ',';
+ $str .= "'" . dbesc($rr) . "'";
+ }
+logger('stream_perms_xchans: ' . $str);
+ return $str;
+}