aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php35
1 files changed, 34 insertions, 1 deletions
diff --git a/include/security.php b/include/security.php
index 0783a3c20..25318b3e8 100644
--- a/include/security.php
+++ b/include/security.php
@@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* default permissions - anonymous user
*/
- $sql = " AND not (item_flags & " . ITEM_PRIVATE . ") ";
+ $sql = " AND not item_private ";
/**
@@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) {
}}
+
+
+
+// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
+// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in.
+// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
+// We always include yourself if logged in because you can always see your own posts
+// resolving granular permissions for the observer against every person and every post on the site
+// will likely be too expensive.
+// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
+
+function stream_perms_api_uids($perms_min = PERMS_SITE) {
+ $ret = array();
+ if(local_user())
+ $ret[] = local_user();
+ $r = q("select channel_id from channel where channel_r_stream <= %d",
+ intval($perms_min)
+ );
+ if($r)
+ foreach($r as $rr)
+ if(! in_array($rr['channel_id'],$ret))
+ $ret[] = $rr['channel_id'];
+
+ $str = '';
+ if($ret)
+ foreach($ret as $rr) {
+ if($str)
+ $str .= ',';
+ $str .= intval($rr);
+ }
+ return $str;
+}
+