diff options
Diffstat (limited to 'include')
-rwxr-xr-x | include/items.php | 14 | ||||
-rw-r--r-- | include/permissions.php | 40 | ||||
-rw-r--r-- | include/security.php | 21 | ||||
-rw-r--r-- | include/zot.php | 26 |
4 files changed, 59 insertions, 42 deletions
diff --git a/include/items.php b/include/items.php index f71ebd503..c35a442b2 100755 --- a/include/items.php +++ b/include/items.php @@ -943,6 +943,8 @@ function map_scope($scope) { return 'network: red'; case PERMS_SITE: return 'site: ' . get_app()->get_hostname(); + case PERMS_PENDING: + return 'any connections'; case PERMS_CONTACTS: default: return 'contacts'; @@ -4085,7 +4087,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } if(! array_key_exists('nouveau',$arr)) { - $sql_extra2 = " AND item.parent = item.id "; + $sql_extra2 = " AND item.parent = item.id "; $sql_extra3 = ''; } @@ -4126,12 +4128,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) { - if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { + if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { - // Not everybody who shows up in the network stream will be in your address book. - // By default those that aren't are assumed to have closeness = 99; but this isn't - // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in - // the stream with a NULL address book entry. + // Not everybody who shows up in the network stream will be in your address book. + // By default those that aren't are assumed to have closeness = 99; but this isn't + // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in + // the stream with a NULL address book entry. $sql_nets .= " AND "; diff --git a/include/permissions.php b/include/permissions.php index 029bc1288..a3ec13925 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -177,32 +177,36 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book - // $x is a valid address book entry + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { $ret[$perm_name] = false; continue; } - + // They are in your address book, but haven't been approved + if($r[0][$channel_perm] & PERMS_PENDING) { + $ret[$perm_name] = true; + continue; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { $ret[$perm_name] = false; continue; } - if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) { - - // They're a contact, so they have permission + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) { + if($r[0][$channel_perm] & PERMS_SPECIFIC) { if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { $ret[$perm_name] = true; continue; @@ -216,7 +220,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { } - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -229,7 +232,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { function perm_is_allowed($uid,$observer_xchan,$permission) { - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -280,7 +282,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { } } - // Check if this $uid is actually the $observer_xchan if($r[0]['channel_hash'] === $observer_xchan) @@ -312,16 +313,27 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if($c) return true; return false; - } + } + + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { return false; } + // They are in your address book, but haven't been approved + + if($r[0][$channel_perm] & PERMS_PENDING) { + return true; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { return false; } + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { return true; } @@ -333,13 +345,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return true; } - - - // No permissions allowed. return false; - } @@ -356,7 +364,6 @@ function check_list_permissions($uid,$arr,$perm) { } - function site_default_perms() { $typical = array( @@ -378,7 +385,6 @@ function site_default_perms() { 'delegate' => 0, ); - $global_perms = get_perms(); $ret = array(); diff --git a/include/security.php b/include/security.php index 285c4a231..aaf4eb050 100644 --- a/include/security.php +++ b/include/security.php @@ -311,7 +311,7 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = '', } function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { - $a = get_app(); + $a = get_app(); logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); header('HTTP/1.1 403 Forbidden'); @@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) { // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the -// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// public_timeline, and we can use this in a community page by making +// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. // Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) // We always include yourself if logged in because you can always see your own posts // resolving granular permissions for the observer against every person and every post on the site // will likely be too expensive. // Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query -function stream_perms_api_uids($perms_min = PERMS_SITE) { +function stream_perms_api_uids($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); if($r) @@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) { return $str; } -function stream_perms_xchans($perms_min = PERMS_SITE) { +function stream_perms_xchans($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) ); if($r) diff --git a/include/zot.php b/include/zot.php index 2137a6b52..4f42ea2b4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -314,11 +314,8 @@ function zot_refresh($them,$channel = null, $force = false) { if(! $x['success']) return false; - $xchan_hash = $x['hash']; - $their_perms = 0; - if($channel) { $global_perms = get_perms(); if($j['permissions']['data']) { @@ -417,6 +414,9 @@ function zot_refresh($them,$channel = null, $force = false) { if($z) $default_perms = intval($z[0]['abook_my_perms']); + // Keep original perms to check if we need to notify them + $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); + $y = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_flags ) values ( %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), @@ -431,8 +431,9 @@ function zot_refresh($them,$channel = null, $force = false) { if($y) { logger("New introduction received for {$channel['channel_name']}"); - if($default_perms) { - // send back a permissions update for auto-friend/auto-permissions + $new_perms = get_all_perms($channel['channel_id'],$x['hash']); + if($new_perms != $previous_perms) { + // Send back a permissions update if permissions have changed $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", dbesc($x['hash']), intval($channel['channel_id']), @@ -455,8 +456,11 @@ function zot_refresh($them,$channel = null, $force = false) { )); } - if($new_connection && (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) && ($their_perms & PERMS_R_STREAM)) + if($new_connection && ($their_perms & PERMS_R_STREAM)) { + if(($channel['channel_w_stream'] & PERMS_PENDING) + || (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) ) proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']); + } } } @@ -1135,7 +1139,7 @@ function zot_import($arr, $sender_url) { if(array_key_exists('iv',$data)) { $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); - } + } $incoming = $data['pickup']; @@ -1147,7 +1151,7 @@ function zot_import($arr, $sender_url) { if(array_key_exists('iv',$i['notify'])) { $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); - } + } logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA); @@ -1329,7 +1333,7 @@ function public_recips($msg) { if(! $r) $r = array(); - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_CONTACTS . " ) ", + $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ", dbesc($msg['notify']['sender']['hash']) ); @@ -2044,12 +2048,12 @@ function build_sync_packet($uid = 0, $packet = null) { if(! $uid) return; - $r = q("select * from channel where channel_id = %d limit 1", + $r = q("select * from channel where channel_id = %d limit 1", intval($uid) ); if(! $r) return; - + $channel = $r[0]; $h = q("select * from hubloc where hubloc_hash = '%s'", |