aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/channel.php99
-rw-r--r--include/config.php1
-rw-r--r--include/conversation.php6
-rw-r--r--include/follow.php46
-rw-r--r--include/import.php45
-rwxr-xr-xinclude/items.php27
-rw-r--r--include/perm_upgrade.php236
-rw-r--r--include/permissions.php519
-rw-r--r--include/security.php41
-rw-r--r--include/text.php16
-rw-r--r--include/widgets.php11
-rw-r--r--include/zot.php172
12 files changed, 761 insertions, 458 deletions
diff --git a/include/channel.php b/include/channel.php
index 1a6508803..1101e39e9 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -6,6 +6,7 @@
require_once('include/zot.php');
require_once('include/crypto.php');
require_once('include/menu.php');
+require_once('include/perm_upgrade.php');
/**
* @brief Called when creating a new channel.
@@ -225,42 +226,26 @@ function create_identity($arr) {
if(array_key_exists('publish', $arr))
$publish = intval($arr['publish']);
- $primary = true;
-
- if(array_key_exists('primary', $arr))
- $primary = intval($arr['primary']);
-
$role_permissions = null;
- $global_perms = get_perms();
if(array_key_exists('permissions_role',$arr) && $arr['permissions_role']) {
- $role_permissions = get_role_perms($arr['permissions_role']);
-
- if($role_permissions) {
- foreach($role_permissions as $p => $v) {
- if(strpos($p,'channel_') !== false) {
- $perms_keys .= ', ' . $p;
- $perms_vals .= ', ' . intval($v);
- }
- if($p === 'directory_publish')
- $publish = intval($v);
- }
- }
- }
- else {
- $defperms = site_default_perms();
- foreach($defperms as $p => $v) {
- $perms_keys .= ', ' . $global_perms[$p][0];
- $perms_vals .= ', ' . intval($v);
- }
+ $role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($arr['permissions_role']);
}
+ if($role_permissions && array_key_exists('directory_publish',$role_permissions))
+ $publish = intval($role_permissions['directory_publish']);
+
+ $primary = true;
+
+ if(array_key_exists('primary', $arr))
+ $primary = intval($arr['primary']);
+
$expire = 0;
$r = q("insert into channel ( channel_account_id, channel_primary,
channel_name, channel_address, channel_guid, channel_guid_sig,
- channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone $perms_keys )
- values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' $perms_vals ) ",
+ channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone )
+ values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' ) ",
intval($arr['account_id']),
intval($primary),
@@ -288,6 +273,17 @@ function create_identity($arr) {
return $ret;
}
+ if($role_permissions && array_key_exists('limits',$role_permissions))
+ $perm_limits = $role_permissions['limits'];
+ else
+ $perm_limits = site_default_perms();
+
+ foreach($perm_limits as $p => $v)
+ \Zotlabs\Access\PermissionLimits::Set($r[0]['channel_id'],$p,$v);
+
+ if($role_permissions && array_key_exists('perms_auto',$role_permissions))
+ set_pconfig($r[0]['channel_id'],'system','autoperms',intval($role_permissions['perms_auto']));
+
$ret['channel'] = $r[0];
if(intval($arr['account_id']))
@@ -351,25 +347,29 @@ function create_identity($arr) {
);
if($role_permissions) {
- $myperms = ((array_key_exists('perms_accept',$role_permissions)) ? intval($role_permissions['perms_accept']) : 0);
+ $myperms = ((array_key_exists('perms_connect',$role_permissions)) ? $role_permissions['perms_connect'] : array());
+ }
+ else {
+ $x = \Zotlabs\Access\PermissionRoles::role_perms('social');
+ $myperms = $x['perms_connect'];
}
- else
- $myperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_self, abook_my_perms )
- values ( %d, %d, '%s', %d, '%s', '%s', %d, %d ) ",
+ $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_self )
+ values ( %d, %d, '%s', %d, '%s', '%s', %d ) ",
intval($ret['channel']['channel_account_id']),
intval($newuid),
dbesc($hash),
intval(0),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
- intval(1),
- intval($myperms)
+ intval(1)
);
+ $x = \Zotlabs\Access\Permissions::FilledPerms($myperms);
+ foreach($x as $k => $v) {
+ set_abconfig($newuid,$hash,'my_perms',$k,$v);
+ }
+
if(intval($ret['channel']['channel_account_id'])) {
// Save our permissions role so we can perhaps call it up and modify it later.
@@ -378,8 +378,21 @@ function create_identity($arr) {
set_pconfig($newuid,'system','permissions_role',$arr['permissions_role']);
if(array_key_exists('online',$role_permissions))
set_pconfig($newuid,'system','hide_presence',1-intval($role_permissions['online']));
- if(array_key_exists('perms_auto',$role_permissions))
- set_pconfig($newuid,'system','autoperms',(($role_permissions['perms_auto']) ? $role_permissions['perms_accept'] : 0));
+ if(array_key_exists('perms_auto',$role_permissions)) {
+ $autoperms = intval($role_permissions['perms_auto']);
+ set_pconfig($newuid,'system','autoperms',$autoperms);
+ if($autoperms) {
+ $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']);
+ foreach($x as $k => $v) {
+ set_pconfig($newuid,'autoperms',$k,$v);
+ }
+ }
+ else {
+ $r = q("delete from pconfig where uid = %d and cat = 'autoperms'",
+ intval($newuid)
+ );
+ }
+ }
}
// Create a group with yourself as a member. This allows somebody to use it
@@ -497,7 +510,8 @@ function identity_basic_export($channel_id, $items = false) {
intval($channel_id)
);
if($r) {
- $ret['channel'] = $r[0];
+ translate_channel_perms_outbound($r[0]);
+ $ret['channel'] = $r[0];
$ret['relocate'] = [ 'channel_address' => $r[0]['channel_address'], 'url' => z_root()];
}
@@ -519,6 +533,7 @@ function identity_basic_export($channel_id, $items = false) {
$abconfig = load_abconfig($channel_id,$ret['abook'][$x]['abook_xchan']);
if($abconfig)
$ret['abook'][$x]['abconfig'] = $abconfig;
+ translate_abook_perms_outbound($ret['abook'][$x]);
}
stringify_array_elms($xchans);
}
@@ -1625,13 +1640,13 @@ function notifications_on($channel_id,$value) {
function get_channel_default_perms($uid) {
- $r = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1",
+ $r = q("select abook_xchan from abook where abook_channel = %d and abook_self = 1 limit 1",
intval($uid)
);
if($r)
- return $r[0]['abook_my_perms'];
+ return load_abconfig($uid,$r[0]['abook_xchan'],'my_perms');
- return 0;
+ return array();
}
diff --git a/include/config.php b/include/config.php
index 08810e298..8c0469392 100644
--- a/include/config.php
+++ b/include/config.php
@@ -97,7 +97,6 @@ function del_aconfig($account_id, $family, $key) {
return Zlib\AConfig::Delete($account_id, $family, $key);
}
-
function load_abconfig($chan, $xhash, $family = '') {
return Zlib\AbConfig::Load($chan,$xhash,$family);
}
diff --git a/include/conversation.php b/include/conversation.php
index 957dbf8e9..1efca37f3 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -99,7 +99,7 @@ function localize_item(&$item){
if(intval($item['item_thread_top']))
return;
- $obj = json_decode_plus($item['obj']);
+ $obj = json_decode($item['obj'],true);
if((! $obj) && ($item['obj'])) {
logger('localize_item: failed to decode object: ' . print_r($item['obj'],true));
}
@@ -186,7 +186,7 @@ function localize_item(&$item){
$Alink = $item['author']['xchan_url'];
- $obj= json_decode_plus($item['obj']);
+ $obj= json_decode($item['obj'],true);
$Blink = $Bphoto = '';
@@ -219,7 +219,7 @@ function localize_item(&$item){
$Aname = $item['author']['xchan_name'];
$Alink = $item['author']['xchan_url'];
- $obj= json_decode_plus($item['obj']);
+ $obj= json_decode($item['obj'],true);
$Blink = $Bphoto = '';
diff --git a/include/follow.php b/include/follow.php
index e5a74f85e..acd734896 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -67,11 +67,10 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$role = get_pconfig($uid,'system','permissions_role');
if($role) {
$x = get_role_perms($role);
- if($x['perms_follow'])
- $my_perms = $x['perms_follow'];
+ if($x['perms_connect'])
+ $my_perms = $x['perms_connect'];
}
-
if($is_red && $j) {
logger('follow: ' . $url . ' ' . print_r($j,true), LOGGER_DEBUG);
@@ -104,10 +103,6 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$xchan_hash = $x['hash'];
- $their_perms = 0;
-
- $global_perms = get_perms();
-
if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) {
$permissions = crypto_unencapsulate(array(
'data' => $j['permissions']['data'],
@@ -121,16 +116,14 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
else
$permissions = $j['permissions'];
-
- foreach($permissions as $k => $v) {
- if($v) {
- $their_perms = $their_perms | intval($global_perms[$k][1]);
+ if(is_array($permissions) && $permissions) {
+ foreach($permissions as $k => $v) {
+ set_abconfig($channel['channel_uid'],$xchan_hash,'their_perms',$k,intval($v));
}
}
}
else {
- $their_perms = 0;
$xchan_hash = '';
$r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1",
@@ -190,6 +183,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$result['message'] = t('Protocol disabled.');
return $result;
}
+
$singleton = intval($x['singleton']);
$aid = $channel['channel_account_id'];
@@ -222,6 +216,15 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
intval($uid)
);
+ if($is_http) {
+
+ // Always set these "remote" permissions for feeds since we cannot interact with them
+ // to negotiate a suitable permission response
+
+ set_abconfig($uid,$xchan_hash,'their_perms','view_stream',1);
+ set_abconfig($uid,$xchan_hash,'their_perms','republish',1);
+ }
+
if($r) {
$abook_instance = $r[0]['abook_instance'];
@@ -231,8 +234,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$abook_instance .= z_root();
}
- $x = q("update abook set abook_their_perms = %d, abook_instance = '%s' where abook_id = %d",
- intval($their_perms),
+ $x = q("update abook set abook_instance = '%s' where abook_id = %d",
dbesc($abook_instance),
intval($r[0]['abook_id'])
);
@@ -242,15 +244,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
if($closeness === false)
$closeness = 80;
- $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_instance )
- values( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s' ) ",
+ $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_created, abook_updated, abook_instance )
+ values( %d, %d, %d, '%s', %d, '%s', '%s', '%s' ) ",
intval($aid),
intval($uid),
intval($closeness),
dbesc($xchan_hash),
intval(($is_http) ? 1 : 0),
- intval(($is_http) ? $their_perms|PERMS_R_STREAM|PERMS_A_REPUBLISH : $their_perms),
- intval($my_perms),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(($singleton) ? z_root() : '')
@@ -260,6 +260,16 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
if(! $r)
logger('mod_follow: abook creation failed');
+ $all_perms = \Zotlabs\Access\Permissions::Perms();
+ if($all_perms) {
+ foreach($all_perms as $k => $v) {
+ if(in_array($k,$my_perms))
+ set_abconfig($uid,$xchan_hash,'my_perms',$k,1);
+ else
+ set_abconfig($uid,$xchan_hash,'my_perms',$k,0);
+ }
+ }
+
$r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash
where abook_xchan = '%s' and abook_channel = %d limit 1",
dbesc($xchan_hash),
diff --git a/include/import.php b/include/import.php
index 00ecef07d..e4f5ba5a7 100644
--- a/include/import.php
+++ b/include/import.php
@@ -1,6 +1,7 @@
<?php
require_once('include/menu.php');
+require_once('include/perm_upgrade.php');
function import_channel($channel, $account_id, $seize) {
@@ -61,15 +62,35 @@ function import_channel($channel, $account_id, $seize) {
if(! is_site_admin())
$channel['channel_pageflags'] = $channel['channel_pageflags'] ^ PAGE_ALLOWCODE;
}
-
- dbesc_array($channel);
- $r = dbq("INSERT INTO channel (`"
- . implode("`, `", array_keys($channel))
- . "`) VALUES ('"
- . implode("', '", array_values($channel))
- . "')"
- );
+ // remove all the permissions related settings, we will import/upgrade them after the channel
+ // is created.
+
+ $disallowed = [
+ 'channel_id', 'channel_r_stream', 'channel_r_profile', 'channel_r_abook',
+ 'channel_r_storage', 'channel_r_pages', 'channel_w_stream', 'channel_w_wall',
+ 'channel_w_comment', 'channel_w_mail', 'channel_w_like', 'channel_w_tagwall',
+ 'channel_w_chat', 'channel_w_storage', 'channel_w_pages', 'channel_a_republish',
+ 'channel_a_delegate', 'perm_limits'
+ ];
+
+ $clean = array();
+ foreach($channel as $k => $v) {
+ if(in_array($k,$disallowed))
+ continue;
+ $clean[$k] = $v;
+ }
+
+ if($clean) {
+ dbesc_array($clean);
+
+ $r = dbq("INSERT INTO channel (`"
+ . implode("`, `", array_keys($clean))
+ . "`) VALUES ('"
+ . implode("', '", array_values($clean))
+ . "')"
+ );
+ }
if(! $r) {
logger('mod_import: channel clone failed. ', print_r($channel,true));
@@ -86,6 +107,14 @@ function import_channel($channel, $account_id, $seize) {
notice( t('Cloned channel not found. Import failed.') . EOL);
return false;
}
+
+ // extract the permissions from the original imported array and use our new channel_id to set them
+ // These could be in the old channel permission stule or the new pconfig. We have a function to
+ // translate and store them no matter which they throw at us.
+
+ $channel['channel_id'] = $r[0]['channel_id'];
+ translate_channel_perms_inbound($channel);
+
// reset
$channel = $r[0];
diff --git a/include/items.php b/include/items.php
index 373090d41..702d49d40 100755
--- a/include/items.php
+++ b/include/items.php
@@ -183,7 +183,7 @@ function is_item_normal($item) {
* This function examines the comment_policy attached to an item and decides if the current observer has
* sufficient privileges to comment. This will normally be called on a remote site where perm_is_allowed()
* will not be suitable because the post owner does not have a local channel_id.
- * Generally we should look at the item - in particular the author['book_flags'] and see if ABOOK_FLAG_SELF is set.
+ * Generally we should look at the item - in particular the author['abook_flags'] and see if ABOOK_FLAG_SELF is set.
* If it is, you should be able to use perm_is_allowed( ... 'post_comments'), and if it isn't you need to call
* can_comment_on_post()
* We also check the comments_closed date/time on the item if this is set.
@@ -224,8 +224,7 @@ function can_comment_on_post($observer_xchan, $item) {
case 'contacts':
case 'authenticated':
case '':
- if(array_key_exists('owner',$item)) {
- if(($item['owner']['abook_xchan']) && ($item['owner']['abook_their_perms'] & PERMS_W_COMMENT))
+ if(array_key_exists('owner',$item) && get_abconfig($item['uid'],$item['owner']['abook_xchan'],'their_perms','post_comments')) {
return true;
}
break;
@@ -990,9 +989,9 @@ function encode_item($item,$mirror = false) {
if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) {
if($item['title'])
- $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
+ $item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key);
if($item['body'])
- $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
+ $item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key);
}
// If we're trying to backup an item so that it's recoverable or for export/imprt,
@@ -1062,11 +1061,11 @@ function encode_item($item,$mirror = false) {
$x['owner'] = encode_item_xchan($item['owner']);
$x['author'] = encode_item_xchan($item['author']);
if($item['obj'])
- $x['object'] = json_decode_plus($item['obj']);
+ $x['object'] = json_decode($item['obj'],true);
if($item['target'])
- $x['target'] = json_decode_plus($item['target']);
+ $x['target'] = json_decode($item['target'],true);
if($item['attach'])
- $x['attach'] = json_decode_plus($item['attach']);
+ $x['attach'] = json_decode($item['attach'],true);
if($y = encode_item_flags($item))
$x['flags'] = $y;
@@ -1382,7 +1381,7 @@ function encode_mail($item,$extended = false) {
$x['to'] = encode_item_xchan($item['to']);
if($item['attach'])
- $x['attach'] = json_decode_plus($item['attach']);
+ $x['attach'] = json_decode($item['attach'],true);
$x['flags'] = array();
@@ -2390,7 +2389,7 @@ function tag_deliver($uid, $item_id) {
if(($item['obj_type'] == "") || ($item['obj_type'] !== ACTIVITY_OBJ_PERSON) || (! $item['obj']))
$poke_notify = false;
- $obj = json_decode_plus($item['obj']);
+ $obj = json_decode($item['obj'],true);
if($obj) {
if($obj['id'] !== $u[0]['channel_hash'])
$poke_notify = false;
@@ -2427,14 +2426,14 @@ function tag_deliver($uid, $item_id) {
if(($item['owner_xchan'] === $u[0]['channel_hash']) && (! get_pconfig($u[0]['channel_id'],'system','blocktags'))) {
logger('tag_deliver: community tag recipient: ' . $u[0]['channel_name']);
- $j_tgt = json_decode_plus($item['target']);
+ $j_tgt = json_decode($item['target'],true);
if($j_tgt && $j_tgt['id']) {
$p = q("select * from item where mid = '%s' and uid = %d limit 1",
dbesc($j_tgt['id']),
intval($u[0]['channel_id'])
);
if($p) {
- $j_obj = json_decode_plus($item['obj']);
+ $j_obj = json_decode($item['obj'],true);
logger('tag_deliver: tag object: ' . print_r($j_obj,true), LOGGER_DATA);
if($j_obj && $j_obj['id'] && $j_obj['title']) {
if(is_array($j_obj['link']))
@@ -2519,7 +2518,7 @@ function tag_deliver($uid, $item_id) {
if(intval($item['item_obscured'])) {
$key = get_config('system','prvkey');
if($item['body'])
- $body = crypto_unencapsulate(json_decode_plus($item['body']),$key);
+ $body = crypto_unencapsulate(json_decode($item['body'],true),$key);
}
else
$body = $item['body'];
@@ -2856,7 +2855,7 @@ function check_item_source($uid, $item) {
if(! $x)
return false;
- if(! ($x[0]['abook_their_perms'] & PERMS_A_REPUBLISH))
+ if(! get_abconfig($uid,$item['owner_xchan'],'their_perms','republish'))
return false;
if($item['item_private'] && (! intval($x[0]['abook_feed'])))
diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php
new file mode 100644
index 000000000..5be1ffbb2
--- /dev/null
+++ b/include/perm_upgrade.php
@@ -0,0 +1,236 @@
+<?php
+
+function perm_limits_upgrade($channel) {
+ set_pconfig($channel['channel_id'],'perm_limits','view_stream',$channel['channel_r_stream']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_profile',$channel['channel_r_profile']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_contacts',$channel['channel_r_abook']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_storage',$channel['channel_r_storage']);
+ set_pconfig($channel['channel_id'],'perm_limits','view_pages',$channel['channel_r_pages']);
+ set_pconfig($channel['channel_id'],'perm_limits','send_stream',$channel['channel_w_stream']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_wall',$channel['channel_w_wall']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_comments',$channel['channel_w_comment']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_mail',$channel['channel_w_mail']);
+ set_pconfig($channel['channel_id'],'perm_limits','post_like',$channel['channel_w_like']);
+ set_pconfig($channel['channel_id'],'perm_limits','tag_deliver',$channel['channel_w_tagwall']);
+ set_pconfig($channel['channel_id'],'perm_limits','chat',$channel['channel_w_chat']);
+ set_pconfig($channel['channel_id'],'perm_limits','write_storage',$channel['channel_w_storage']);
+ set_pconfig($channel['channel_id'],'perm_limits','write_pages',$channel['channel_w_pages']);
+ set_pconfig($channel['channel_id'],'perm_limits','republish',$channel['channel_a_republish']);
+ set_pconfig($channel['channel_id'],'perm_limits','delegate',$channel['channel_a_delegate']);
+}
+
+function perms_int_to_array($p) {
+
+ $ret = [];
+
+ $ret['view_stream'] = (($p & PERMS_R_STREAM) ? 1 : 0);
+ $ret['view_profile'] = (($p & PERMS_R_PROFILE) ? 1 : 0);
+ $ret['view_contacts'] = (($p & PERMS_R_ABOOK) ? 1 : 0);
+ $ret['view_storage'] = (($p & PERMS_R_STORAGE) ? 1 : 0);
+ $ret['view_pages'] = (($p & PERMS_R_PAGES) ? 1 : 0);
+ $ret['send_stream'] = (($p & PERMS_W_STREAM) ? 1 : 0);
+ $ret['post_wall'] = (($p & PERMS_W_WALL) ? 1 : 0);
+ $ret['post_comments'] = (($p & PERMS_W_COMMENT) ? 1 : 0);
+ $ret['post_mail'] = (($p & PERMS_W_MAIL) ? 1 : 0);
+ $ret['post_like'] = (($p & PERMS_W_LIKE) ? 1 : 0);
+ $ret['tag_deliver'] = (($p & PERMS_W_TAGWALL) ? 1 : 0);
+ $ret['chat'] = (($p & PERMS_W_CHAT) ? 1 : 0);
+ $ret['write_storage'] = (($p & PERMS_W_STORAGE) ? 1 : 0);
+ $ret['write_pages'] = (($p & PERMS_W_PAGES) ? 1 : 0);
+ $ret['republish'] = (($p & PERMS_A_REPUBLISH) ? 1 : 0);
+ $ret['delegate'] = (($p & PERMS_A_DELEGATE) ? 1 : 0);
+
+ return $ret;
+}
+
+function autoperms_upgrade($channel) {
+ $x = get_pconfig($channel['channel_id'],'system','autoperms');
+ if(intval($x)) {
+ $y = perms_int_to_array($x);
+ if($y) {
+ foreach($y as $k => $v) {
+ set_pconfig($channel['channel_id'],'autoperms',$k,$v);
+ }
+ }
+ }
+}
+
+
+function perm_abook_upgrade($abook) {
+
+ $x = perms_int_to_array($abook['abook_their_perms']);
+ if($x) {
+ foreach($x as $k => $v) {
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms',$k, $v);
+ }
+ }
+
+ $x = perms_int_to_array($abook['abook_my_perms']);
+ if($x) {
+ foreach($x as $k => $v) {
+ set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms',$k, $v);
+ }
+ }
+}
+
+function translate_channel_perms_outbound(&$channel) {
+ $r = q("select * from pconfig where uid = %d and cat = 'perm_limits' ",
+ intval($channel['channel_id'])
+ );
+
+ if($r) {
+ foreach($r as $rr) {
+ if($rr['k'] === 'view_stream')
+ $channel['channel_r_stream'] = $rr['v'];
+ if($rr['k'] === 'view_profile')
+ $channel['channel_r_profile'] = $rr['v'];
+ if($rr['k'] === 'view_contacts')
+ $channel['channel_r_abook'] = $rr['v'];
+ if($rr['k'] === 'view_storage')
+ $channel['channel_r_storage'] = $rr['v'];
+ if($rr['k'] === 'view_pages')
+ $channel['channel_r_pages'] = $rr['v'];
+ if($rr['k'] === 'send_stream')
+ $channel['channel_w_stream'] = $rr['v'];
+ if($rr['k'] === 'post_wall')
+ $channel['channel_w_wall'] = $rr['v'];
+ if($rr['k'] === 'post_comments')
+ $channel['channel_w_comment'] = $rr['v'];
+ if($rr['k'] === 'post_mail')
+ $channel['channel_w_mail'] = $rr['v'];
+ if($rr['k'] === 'post_like')
+ $channel['channel_w_like'] = $rr['v'];
+ if($rr['k'] === 'tag_deliver')
+ $channel['channel_w_tagwall'] = $rr['v'];
+ if($rr['k'] === 'chat')
+ $channel['channel_w_chat'] = $rr['v'];
+ if($rr['k'] === 'write_storage')
+ $channel['channel_w_storage'] = $rr['v'];
+ if($rr['k'] === 'write_pages')
+ $channel['channel_w_pages'] = $rr['v'];
+ if($rr['k'] === 'republish')
+ $channel['channel_a_republish'] = $rr['v'];
+ if($rr['k'] === 'delegate')
+ $channel['channel_a_delegate'] = $rr['v'];
+
+ }
+ $channel['perm_limits'] = $r;
+ }
+}
+
+function translate_channel_perms_inbound($channel) {
+
+ if($channel['perm_limits']) {
+ foreach($channel['perm_limits'] as $p) {
+ set_pconfig($channel['channel_id'],'perm_limits',$p['k'],$p['v']);
+ }
+ }
+ else {
+ perm_limits_upgrade($channel);
+ }
+
+}
+
+function translate_abook_perms_outbound(&$abook) {
+ $my_perms = 0;
+ $their_perms = 0;
+
+ if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) {
+ foreach($abook['abconfig'] as $p) {
+ if($p['cat'] === 'their_perms') {
+ if($p['k'] === 'view_stream' && intval($p['v']))
+ $their_perms += PERMS_R_STREAM;
+ if($p['k'] === 'view_profile' && intval($p['v']))
+ $their_perms += PERMS_R_PROFILE;
+ if($p['k'] === 'view_contacts' && intval($p['v']))
+ $their_perms += PERMS_R_ABOOK;
+ if($p['k'] === 'view_storage' && intval($p['v']))
+ $their_perms += PERMS_R_STORAGE;
+ if($p['k'] === 'view_pages' && intval($p['v']))
+ $their_perms += PERMS_R_PAGES;
+ if($p['k'] === 'send_stream' && intval($p['v']))
+ $their_perms += PERMS_W_STREAM;
+ if($p['k'] === 'post_wall' && intval($p['v']))
+ $their_perms += PERMS_W_WALL;
+ if($p['k'] === 'post_comments' && intval($p['v']))
+ $their_perms += PERMS_W_COMMENT;
+ if($p['k'] === 'post_mail' && intval($p['v']))
+ $their_perms += PERMS_W_MAIL;
+ if($p['k'] === 'post_like' && intval($p['v']))
+ $their_perms += PERMS_W_LIKE;
+ if($p['k'] === 'tag_deliver' && intval($p['v']))
+ $their_perms += PERMS_W_TAGWALL;
+ if($p['k'] === 'chat' && intval($p['v']))
+ $their_perms += PERMS_W_CHAT;
+ if($p['k'] === 'write_storage' && intval($p['v']))
+ $their_perms += PERMS_W_STORAGE;
+ if($p['k'] === 'write_pages' && intval($p['v']))
+ $their_perms += PERMS_W_PAGES;
+ if($p['k'] === 'republish' && intval($p['v']))
+ $their_perms += PERMS_A_REPUBLISH;
+ if($p['k'] === 'delegate' && intval($p['v']))
+ $their_perms += PERMS_A_DELEGATE;
+ }
+ if($p['cat'] === 'my_perms') {
+ if($p['k'] === 'view_stream' && intval($p['v']))
+ $my_perms += PERMS_R_STREAM;
+ if($p['k'] === 'view_profile' && intval($p['v']))
+ $my_perms += PERMS_R_PROFILE;
+ if($p['k'] === 'view_contacts' && intval($p['v']))
+ $my_perms += PERMS_R_ABOOK;
+ if($p['k'] === 'view_storage' && intval($p['v']))
+ $my_perms += PERMS_R_STORAGE;
+ if($p['k'] === 'view_pages' && intval($p['v']))
+ $my_perms += PERMS_R_PAGES;
+ if($p['k'] === 'send_stream' && intval($p['v']))
+ $my_perms += PERMS_W_STREAM;
+ if($p['k'] === 'post_wall' && intval($p['v']))
+ $my_perms += PERMS_W_WALL;
+ if($p['k'] === 'post_comments' && intval($p['v']))
+ $my_perms += PERMS_W_COMMENT;
+ if($p['k'] === 'post_mail' && intval($p['v']))
+ $my_perms += PERMS_W_MAIL;
+ if($p['k'] === 'post_like' && intval($p['v']))
+ $my_perms += PERMS_W_LIKE;
+ if($p['k'] === 'tag_deliver' && intval($p['v']))
+ $my_perms += PERMS_W_TAGWALL;
+ if($p['k'] === 'chat' && intval($p['v']))
+ $my_perms += PERMS_W_CHAT;
+ if($p['k'] === 'write_storage' && intval($p['v']))
+ $my_perms += PERMS_W_STORAGE;
+ if($p['k'] === 'write_pages' && intval($p['v']))
+ $my_perms += PERMS_W_PAGES;
+ if($p['k'] === 'republish' && intval($p['v']))
+ $my_perms += PERMS_A_REPUBLISH;
+ if($p['k'] === 'delegate' && intval($p['v']))
+ $my_perms += PERMS_A_DELEGATE;
+ }
+ }
+
+ $abook['abook_their_perms'] = $their_perms;
+ $abook['abook_my_perms'] = $my_perms;
+ }
+}
+
+function translate_abook_perms_inbound($channel,$abook) {
+
+ $new_perms = false;
+ $abook['abook_channel'] = $channel['channel_id'];
+
+ if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) {
+ foreach($abook['abconfig'] as $p) {
+ if($p['cat'] == 'their_perms' || $p['cat'] == 'my_perms') {
+ $new_perms = true;
+ break;
+ }
+ }
+ }
+
+ if($new_perms == false) {
+ perm_abook_upgrade($abook);
+ }
+
+}
+
+
+
diff --git a/include/permissions.php b/include/permissions.php
index 19242d29f..638bedb24 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
if($api)
return get_all_api_perms($uid,$api);
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
// Save lots of individual lookups
@@ -81,11 +81,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
$ret = array();
+ $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan,'my_perms') : array());
+
foreach($global_perms as $perm_name => $permission) {
// First find out what the channel owner declared permissions to be.
- $channel_perm = $permission[0];
+ $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$perm_name);
if(! $channel_checked) {
$r = q("select * from channel where channel_id = %d limit 1",
@@ -105,7 +107,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// These take priority over all other settings.
if($observer_xchan) {
- if($r[0][$channel_perm] & PERMS_AUTHED) {
+ if($channel_perm & PERMS_AUTHED) {
$ret[$perm_name] = true;
continue;
}
@@ -136,7 +138,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
- if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) {
+ $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms();
+
+
+ if(($x) && ($internal_use) && in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
$ret[$perm_name] = false;
continue;
}
@@ -154,7 +159,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// if you've moved elsewhere, you will only have read only access
if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) {
- if($r[0]['channel_moved'] && (! $permission[2]))
+ if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms)))
$ret[$perm_name] = false;
else
$ret[$perm_name] = true;
@@ -163,7 +168,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// Anybody at all (that wasn't blocked or ignored). They have permission.
- if($r[0][$channel_perm] & PERMS_PUBLIC) {
+ if($channel_perm & PERMS_PUBLIC) {
$ret[$perm_name] = true;
continue;
}
@@ -178,7 +183,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If we're still here, we have an observer, check the network.
- if($r[0][$channel_perm] & PERMS_NETWORK) {
+ if($channel_perm & PERMS_NETWORK) {
if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) {
$ret[$perm_name] = true;
continue;
@@ -187,7 +192,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If PERMS_SITE is specified, find out if they've got an account on this hub
- if($r[0][$channel_perm] & PERMS_SITE) {
+ if($channel_perm & PERMS_SITE) {
if(! $onsite_checked) {
$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
dbesc($observer_xchan)
@@ -214,7 +219,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They are in your address book, but haven't been approved
- if($r[0][$channel_perm] & PERMS_PENDING) {
+ if($channel_perm & PERMS_PENDING) {
$ret[$perm_name] = true;
continue;
}
@@ -226,16 +231,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They're a contact, so they have permission
- if($r[0][$channel_perm] & PERMS_CONTACTS) {
+ if($channel_perm & PERMS_CONTACTS) {
$ret[$perm_name] = true;
continue;
}
// Permission granted to certain channels. Let's see if the observer is one of them
- if($r[0][$channel_perm] & PERMS_SPECIFIC) {
- if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
- $ret[$perm_name] = true;
+ if($channel_perm & PERMS_SPECIFIC) {
+ if($abperms) {
+ foreach($abperms as $ab) {
+ if(($ab['cat'] == 'my_perms') && ($ab['k'] == $perm_name)) {
+ $ret[$perm_name] = (intval($ab['v']) ? true : false);
+ break;
+ }
+ }
continue;
}
}
@@ -284,21 +294,23 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
if($arr['result'])
return true;
- $global_perms = get_perms();
+ $global_perms = \Zotlabs\Access\Permissions::Perms();
// First find out what the channel owner declared permissions to be.
- $channel_perm = $global_perms[$permission][0];
+ $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$permission);
- $r = q("select %s, channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1",
- dbesc($channel_perm),
+ $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1",
intval($uid)
);
if(! $r)
return false;
+
+ $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms();
+
if($observer_xchan) {
- if($r[0][$channel_perm] & PERMS_AUTHED)
+ if($channel_perm & PERMS_AUTHED)
return true;
$x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
@@ -312,7 +324,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
if(($x) && intval($x[0]['abook_blocked']))
return false;
- if(($x) && (! $global_perms[$permission][2]) && intval($x[0]['abook_ignored']))
+ if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored']))
return false;
if(! $x) {
@@ -321,7 +333,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
dbesc($observer_xchan)
);
}
+ $abperms = load_abconfig($uid,$observer_xchan,'my_perms');
}
+
// system is blocked to anybody who is not authenticated
@@ -333,13 +347,13 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// in which case you will have read_only access
if($r[0]['channel_hash'] === $observer_xchan) {
- if($r[0]['channel_moved'] && (! $global_perms[$permission][2]))
+ if($r[0]['channel_moved'] && (in_array($permission,$blocked_anon_perms)))
return false;
else
return true;
}
- if($r[0][$channel_perm] & PERMS_PUBLIC)
+ if($channel_perm & PERMS_PUBLIC)
return true;
// If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set
@@ -350,14 +364,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// If we're still here, we have an observer, check the network.
- if($r[0][$channel_perm] & PERMS_NETWORK) {
+ if($channel_perm & PERMS_NETWORK) {
if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot'))
return true;
}
// If PERMS_SITE is specified, find out if they've got an account on this hub
- if($r[0][$channel_perm] & PERMS_SITE) {
+ if($channel_perm & PERMS_SITE) {
$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
dbesc($observer_xchan)
);
@@ -376,7 +390,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// They are in your address book, but haven't been approved
- if($r[0][$channel_perm] & PERMS_PENDING) {
+ if($channel_perm & PERMS_PENDING) {
return true;
}
@@ -386,15 +400,20 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// They're a contact, so they have permission
- if($r[0][$channel_perm] & PERMS_CONTACTS) {
+ if($channel_perm & PERMS_CONTACTS) {
return true;
}
// Permission granted to certain channels. Let's see if the observer is one of them
- if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) {
- if($x[0]['abook_my_perms'] & $global_perms[$permission][1])
- return true;
+ if(($r) && ($channel_perm & PERMS_SPECIFIC)) {
+ if($abperms) {
+ foreach($abperms as $ab) {
+ if($ab['cat'] == 'my_perms' && $ab['k'] == $permission) {
+ return ((intval($ab['v'])) ? true : false);
+ }
+ }
+ }
}
// No permissions allowed.
@@ -560,28 +579,28 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = true;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like', 'republish' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -590,28 +609,29 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = true;
$ret['online'] = true;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'chat', 'post_like' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
+
break;
@@ -620,28 +640,28 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = false;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_SPECIFIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_SPECIFIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_SPECIFIC,
+ 'view_storage' => PERMS_SPECIFIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -650,28 +670,28 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -680,28 +700,28 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -710,28 +730,29 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = false;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILEPERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_SPECIFIC;
- $ret['channel_r_abook'] = PERMS_SPECIFIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_SPECIFIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_SPECIFIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_SPECIFIC;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_SPECIFIC,
+ 'view_contacts' => PERMS_SPECIFIC,
+ 'view_storage' => PERMS_SPECIFIC,
+ 'view_pages' => PERMS_SPECIFIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -740,28 +761,29 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_NETWORK;
- $ret['channel_w_like'] = PERMS_NETWORK;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -770,28 +792,28 @@ function get_role_perms($role) {
$ret['default_collection'] = true;
$ret['directory_publish'] = false;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'send_stream', 'post_wall', 'post_comments',
+ 'post_mail', 'post_like' , 'republish' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -800,26 +822,29 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'post_like' , 'republish' ];
+
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
break;
@@ -828,28 +853,30 @@ function get_role_perms($role) {
$ret['default_collection'] = false;
$ret['directory_publish'] = true;
$ret['online'] = false;
- $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK
- |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
- |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
- $ret['channel_r_stream'] = PERMS_PUBLIC;
- $ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_abook'] = PERMS_PUBLIC;
- $ret['channel_w_stream'] = PERMS_SPECIFIC;
- $ret['channel_w_wall'] = PERMS_SPECIFIC;
- $ret['channel_w_tagwall'] = PERMS_SPECIFIC;
- $ret['channel_w_comment'] = PERMS_SPECIFIC;
- $ret['channel_w_mail'] = PERMS_SPECIFIC;
- $ret['channel_w_chat'] = PERMS_SPECIFIC;
- $ret['channel_a_delegate'] = PERMS_SPECIFIC;
- $ret['channel_r_storage'] = PERMS_PUBLIC;
- $ret['channel_w_storage'] = PERMS_SPECIFIC;
- $ret['channel_r_pages'] = PERMS_PUBLIC;
- $ret['channel_w_pages'] = PERMS_SPECIFIC;
- $ret['channel_a_republish'] = PERMS_SPECIFIC;
- $ret['channel_w_like'] = PERMS_NETWORK;
+
+ $ret['perms_connect'] = [
+ 'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+ 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
+ 'post_mail', 'post_like' , 'republish', 'chat' ];
+ $ret['limits'] = [
+ 'view_stream' => PERMS_PUBLIC,
+ 'view_profile' => PERMS_PUBLIC,
+ 'view_contacts' => PERMS_PUBLIC,
+ 'view_storage' => PERMS_PUBLIC,
+ 'view_pages' => PERMS_PUBLIC,
+ 'send_stream' => PERMS_SPECIFIC,
+ 'post_wall' => PERMS_SPECIFIC,
+ 'post_comments' => PERMS_SPECIFIC,
+ 'post_mail' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_SPECIFIC,
+ 'tag_deliver' => PERMS_SPECIFIC,
+ 'chat' => PERMS_SPECIFIC,
+ 'write_storage' => PERMS_SPECIFIC,
+ 'write_pages' => PERMS_SPECIFIC,
+ 'republish' => PERMS_SPECIFIC,
+ 'delegate' => PERMS_SPECIFIC
+ ];
+
break;
diff --git a/include/security.php b/include/security.php
index e345636e7..3f31c7d9b 100644
--- a/include/security.php
+++ b/include/security.php
@@ -127,6 +127,7 @@ function atoken_xchan($atoken) {
*
* @return bool|array false or channel record of the new channel
*/
+
function change_channel($change_channel) {
$ret = false;
@@ -476,14 +477,19 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) {
$random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : '');
if(local_channel())
$ret[] = local_channel();
- $r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
- intval($perms),
- intval(PAGE_ADULT|PAGE_CENSORED)
+ $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+ intval($perms)
);
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_id'], $ret))
- $ret[] = $rr['channel_id'];
+ if($x) {
+ $ids = ids_to_querystr($x,'uid');
+ $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_id'], $ret))
+ $ret[] = $rr['channel_id'];
+ }
}
$str = '';
@@ -509,16 +515,21 @@ function stream_perms_xchans($perms = NULL ) {
if(local_channel())
$ret[] = get_observer_hash();
- $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0 and channel_system = 0 and channel_removed = 0 ",
- intval($perms),
- intval(PAGE_ADULT|PAGE_CENSORED)
+ $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+ intval($perms)
);
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_hash'], $ret))
- $ret[] = $rr['channel_hash'];
- }
+ if($x) {
+ $ids = ids_to_querystr($x,'uid');
+ $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_hash'], $ret))
+ $ret[] = $rr['channel_hash'];
+ }
+ }
$str = '';
if($ret) {
foreach($ret as $rr) {
diff --git a/include/text.php b/include/text.php
index d4d151f2e..dd7d9eaa8 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1284,9 +1284,9 @@ function unobscure(&$item) {
if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) {
$key = get_config('system','prvkey');
if($item['title'])
- $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
+ $item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key);
if($item['body'])
- $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
+ $item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key);
if(get_config('system','item_cache')) {
q("update item set title = '%s', body = '%s', item_obscured = 0 where id = %d",
dbesc($item['title']),
@@ -1309,7 +1309,7 @@ function unobscure_mail(&$item) {
function theme_attachments(&$item) {
- $arr = json_decode_plus($item['attach']);
+ $arr = json_decode($item['attach'],true);
if(is_array($arr) && count($arr)) {
$attaches = array();
foreach($arr as $r) {
@@ -2212,20 +2212,12 @@ function jindent($json) {
return $result;
}
-
-function json_decode_plus($s) {
- $x = json_decode($s,true);
- if(! $x)
- $x = json_decode(str_replace(array('\\"','\\\\'),array('"','\\'),$s),true);
-
- return $x;
-}
-
/**
* @brief Creates navigation menu for webpage, layout, blocks, menu sites.
*
* @return string
*/
+
function design_tools() {
$channel = App::get_channel();
diff --git a/include/widgets.php b/include/widgets.php
index da73657f5..3516e82da 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -1356,9 +1356,14 @@ function widget_forums($arr) {
$perms_sql = item_permissions_sql(local_channel()) . item_normal();
- $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where ( xchan_pubforum = 1 or ((abook_their_perms & %d ) != 0 and (abook_their_perms & %d ) = 0) ) and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ",
- intval(PERMS_W_TAGWALL),
- intval(PERMS_W_STREAM),
+ /**
+ * We used to try and find public forums with custom permissions by checking to see if
+ * send_stream was false and tag_deliver was true. However with the newer extensible
+ * permissions infrastructure this makes for a very complicated query. Now we're only
+ * checking channels that report themselves specifically as pubforums
+ */
+
+ $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_pubforum = 1 and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ",
intval(local_channel())
);
if(! $r1)
diff --git a/include/zot.php b/include/zot.php
index 45347ef22..d306ab15f 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -12,6 +12,7 @@ require_once('include/crypto.php');
require_once('include/items.php');
require_once('include/hubloc.php');
require_once('include/queue_fn.php');
+require_once('include/perm_upgrade.php');
/**
@@ -388,10 +389,7 @@ function zot_refresh($them, $channel = null, $force = false) {
if(! $x['success'])
return false;
- $their_perms = 0;
-
if($channel) {
- $global_perms = get_perms();
if($j['permissions']['data']) {
$permissions = crypto_unencapsulate(array(
'data' => $j['permissions']['data'],
@@ -408,15 +406,10 @@ function zot_refresh($them, $channel = null, $force = false) {
$connected_set = false;
if($permissions && is_array($permissions)) {
+ $old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream');
+
foreach($permissions as $k => $v) {
- // The connected permission means you are in their address book
- if($k === 'connected') {
- $connected_set = intval($v);
- continue;
- }
- if(($v) && (array_key_exists($k,$global_perms))) {
- $their_perms = $their_perms | intval($global_perms[$k][1]);
- }
+ set_abconfig($channel['channel_id'],$x['hash'],'their_perms',$k,$v);
}
}
@@ -443,36 +436,19 @@ function zot_refresh($them, $channel = null, $force = false) {
if(substr($r[0]['abook_dob'],5) == substr($next_birthday,5))
$next_birthday = $r[0]['abook_dob'];
- $current_abook_connected = (intval($r[0]['abook_unconnected']) ? 0 : 1);
-
- $y = q("update abook set abook_their_perms = %d, abook_dob = '%s'
+ $y = q("update abook set abook_dob = '%s'
where abook_xchan = '%s' and abook_channel = %d
and abook_self = 0 ",
- intval($their_perms),
dbescdate($next_birthday),
dbesc($x['hash']),
intval($channel['channel_id'])
);
-// if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) {
-
- // if they are in your address book but you aren't in theirs, and/or this does not
- // match your current connected state setting, toggle it.
- /** @FIXME uncoverted to postgres */
- /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */
-// $y1 = q("update abook set abook_unconnected = 1
-// where abook_xchan = '%s' and abook_channel = %d
-// and abook_self = 0 limit 1",
-// dbesc($x['hash']),
-// intval($channel['channel_id'])
-// );
-// }
-
if(! $y)
logger('abook update failed');
else {
// if we were just granted read stream permission and didn't have it before, try to pull in some posts
- if((! ($r[0]['abook_their_perms'] & PERMS_R_STREAM)) && ($their_perms & PERMS_R_STREAM))
+ if((! $old_read_stream_perm) && (intval($permissions['view_stream'])))
Zotlabs\Daemon\Master::Summon(array('Onepoll',$r[0]['abook_id']));
}
}
@@ -480,15 +456,29 @@ function zot_refresh($them, $channel = null, $force = false) {
// new connection
+ $my_perms = null;
+
$role = get_pconfig($channel['channel_id'],'system','permissions_role');
if($role) {
$xx = get_role_perms($role);
- if($xx['perms_auto'])
- $default_perms = $xx['perms_accept'];
+ if($xx['perms_auto']) {
+ $default_perms = $xx['perms_connect'];
+ $my_perms = \Zotlabs\Access\Permissions::FilledPerms($default_perms);
+ }
+ }
+
+ if(! $my_perms) {
+ $x = \Zotlabs\Access\Permissions::FilledAutoperms($channel['channel_id']);
+ if($x) {
+ $my_perms = $x;
+ }
}
- if(! $default_perms)
- $default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms'));
+ if($my_perms) {
+ foreach($my_perms as $k => $v) {
+ set_abconfig($channel['channel_id'],$x['hash'],'my_perms',$k,$v);
+ }
+ }
// Keep original perms to check if we need to notify them
$previous_perms = get_all_perms($channel['channel_id'],$x['hash']);
@@ -498,13 +488,11 @@ function zot_refresh($them, $channel = null, $force = false) {
if($closeness === false)
$closeness = 80;
- $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )",
+ $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', '%s', '%s', '%s', %d )",
intval($channel['channel_account_id']),
intval($channel['channel_id']),
intval($closeness),
dbesc($x['hash']),
- intval($their_perms),
- intval($default_perms),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($next_birthday),
@@ -523,7 +511,7 @@ function zot_refresh($them, $channel = null, $force = false) {
);
if($new_connection) {
- if($new_perms != $previous_perms)
+ if(! \Zotlabs\Access\Permissions::PermsCompare($new_perms,$previous_perms))
Zotlabs\Daemon\Master::Summon(array('Notifier','permission_create',$new_connection[0]['abook_id']));
Zotlabs\Lib\Enotify::submit(array(
'type' => NOTIFY_INTRO,
@@ -532,9 +520,9 @@ function zot_refresh($them, $channel = null, $force = false) {
'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'],
));
- if($their_perms & PERMS_R_STREAM) {
- if(($channel['channel_w_stream'] & PERMS_PENDING)
- || (! intval($new_connection[0]['abook_pending'])) )
+ if(intval($permissions['view_stream'])) {
+ if(intval(get_pconfig($channel['channel_id'],'perm_limits','send_stream') & PERMS_PENDING)
+ || (! intval($new_connection[0]['abook_pending'])))
Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id']));
}
@@ -1371,8 +1359,8 @@ function public_recips($msg) {
if($msg['message']['type'] === 'activity') {
if(! get_config('system','disable_discover_tab'))
$include_sys = true;
- $col = 'channel_w_stream';
- $field = PERMS_W_STREAM;
+ $perm = 'send_stream';
+
if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) {
// check mention recipient permissions on top level posts only
$check_mentions = true;
@@ -1404,65 +1392,30 @@ function public_recips($msg) {
// contains the tag. we'll solve that further below.
if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) {
- $col = 'channel_w_comment';
- $field = PERMS_W_COMMENT;
+ $perm = 'post_comments';
}
}
}
- elseif($msg['message']['type'] === 'mail') {
- $col = 'channel_w_mail';
- $field = PERMS_W_MAIL;
- }
-
- if(! $col)
- return NULL;
-
- $col = dbesc($col);
+ elseif($msg['message']['type'] === 'mail')
+ $perm = 'post_mail';
- // First find those channels who are accepting posts from anybody, or at least
- // something greater than just their connections.
-
- if($msg['notify']['sender']['url'] === z_root()) {
- $sql = " where (( " . $col . " & " . intval(PERMS_NETWORK) . " ) > 0
- or ( " . $col . " & " . intval(PERMS_SITE) . " ) > 0
- or ( " . $col . " & " . intval(PERMS_PUBLIC) . ") > 0
- or ( " . $col . " & " . intval(PERMS_AUTHED) . ") > 0 ) ";
- } else {
- $sql = " where ( " . $col . " = " . intval(PERMS_NETWORK) . "
- or " . $col . " = " . intval(PERMS_PUBLIC) . "
- or " . $col . " = " . intval(PERMS_AUTHED) . " ) ";
+ $r = array();
+
+ $c = q("select channel_id, channel_hash from channel where channel_removed = 0");
+ if($c) {
+ foreach($c as $cc) {
+ if(perm_is_allowed($cc['channel_id'],$msg['notify']['sender']['hash'],$perm)) {
+ $r[] = [ 'hash' => $cc['channel_hash'] ];
+ }
+ }
}
- $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s'
- and channel_removed = 0 ",
- dbesc($msg['notify']['sender']['hash'])
- );
-
- if(! $r)
- $r = array();
-
- // Now we have to get a bit dirty. Find every channel that has the sender in their connections (abook)
- // and is allowing this sender at least at a high level.
-
- $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id
- where abook_xchan = '%s' and channel_removed = 0
- and (( " . $col . " = " . intval(PERMS_SPECIFIC) . " and ( abook_my_perms & " . intval($field) . " ) > 0 )
- OR " . $col . " = " . intval(PERMS_PENDING) . "
- OR ( " . $col . " = " . intval(PERMS_CONTACTS) . " and abook_pending = 0 )) ",
- dbesc($msg['notify']['sender']['hash'])
- );
-
- if(! $x)
- $x = array();
-
- $r = array_merge($r,$x);
-
- //logger('message: ' . print_r($msg['message'],true));
+ // logger('message: ' . print_r($msg['message'],true));
if($include_sys && array_key_exists('public_scope',$msg['message']) && $msg['message']['public_scope'] === 'public') {
$sys = get_sys_channel();
if($sys)
- $r[] = array('hash' => $sys['channel_hash']);
+ $r[] = [ 'hash' => $sys['channel_hash'] ];
}
// look for any public mentions on this site
@@ -1943,9 +1896,9 @@ function remove_community_tag($sender, $arr, $uid) {
$i = $r[0];
if($i['target'])
- $i['target'] = json_decode_plus($i['target']);
+ $i['target'] = json_decode($i['target'],true);
if($i['object'])
- $i['object'] = json_decode_plus($i['object']);
+ $i['object'] = json_decode($i['object'],true);
if(! ($i['target'] && $i['object'])) {
logger('remove_community_tag: no target/object');
@@ -2998,6 +2951,14 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) {
$channel = $r[0];
+ translate_channel_perms_outbound($channel);
+ if($packet && array_key_exists('abook',$packet) && $packet['abook']) {
+ for($x = 0; $x < count($packet['abook']); $x ++) {
+ translate_abook_perms_outbound($packet['abook'][$x]);
+ }
+ }
+
+
if(intval($channel['channel_removed']))
return;
@@ -3121,7 +3082,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
require_once('include/import.php');
- /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */
+ /** @FIXME this will sync red structures (channel, pconfig and abook).
+ Eventually we need to make this application agnostic. */
$result = array();
@@ -3194,6 +3156,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) {
+ translate_channel_perms_inbound($arr['channel']);
+
if(array_key_exists('channel_pageflags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
// These flags cannot be sync'd.
// remove the bits from the incoming flags.
@@ -3207,7 +3171,15 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
}
- $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system');
+ $disallowed = [
+ 'channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey',
+ 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted',
+ 'channel_system', 'channel_r_stream', 'channel_r_profile', 'channel_r_abook',
+ 'channel_r_storage', 'channel_r_pages', 'channel_w_stream', 'channel_w_wall',
+ 'channel_w_comment', 'channel_w_mail', 'channel_w_like', 'channel_w_tagwall',
+ 'channel_w_chat', 'channel_w_storage', 'channel_w_pages', 'channel_a_republish',
+ 'channel_a_delegate'
+ ];
$clean = array();
foreach($arr['channel'] as $k => $v) {
@@ -3243,6 +3215,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
foreach($arr['abook'] as $abook) {
+
+
$abconfig = null;
if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig']))
@@ -3337,6 +3311,12 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
}
}
+ // This will set abconfig vars if the sender is using old-style fixed permissions
+ // using the raw abook record as passed to us. New-style permissions will fall through
+ // and be set using abconfig
+
+ translate_abook_perms_inbound($channel,$abook);
+
if($abconfig) {
// @fixme does not handle sync of del_abconfig
foreach($abconfig as $abc) {