aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/connections.php2
-rw-r--r--include/conversation.php2
-rw-r--r--include/permissions.php43
-rw-r--r--include/security.php2
4 files changed, 3 insertions, 46 deletions
diff --git a/include/connections.php b/include/connections.php
index 98cd4bbb5..a0a9e04a7 100644
--- a/include/connections.php
+++ b/include/connections.php
@@ -114,7 +114,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
// don't provide a connect button for transient or one-way identities
- if(in_array($xchan['xchan_network'],['rss','anon','unknown']) || strpos($xchan['xchan_addr'],'guest:') === 0) {
+ if(in_array($xchan['xchan_network'],['rss', 'anon', 'unknown', 'token'])) {
$connect = false;
}
diff --git a/include/conversation.php b/include/conversation.php
index d12151fcc..bdd27c55f 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1061,7 +1061,7 @@ function thread_author_menu($item, $mode = '') {
}
else {
$url = (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']);
- if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot' ]))) {
+ if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot', 'token']))) {
$follow_url = z_root() . '/follow/?f=&url=' . urlencode($url) . '&interactive=0';
}
}
diff --git a/include/permissions.php b/include/permissions.php
index bbd13ed58..c3a9286c0 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -80,23 +80,6 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_
intval($uid),
dbesc($observer_xchan)
);
- if(! $x) {
- // see if they've got a guest access token; these are treated as connections
- $y = atoken_abook($uid,$observer_xchan);
- if($y)
- $x = array($y);
-
- if(! $x) {
- // not in address book and no guest token, see if they've got an xchan
- // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
- if($y) {
- $x = array(pseudo_abook($y[0]));
- }
- }
- }
$abook_checked = true;
}
@@ -309,32 +292,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored']))
return false;
- if(! $x) {
- // see if they've got a guest access token
- $y = atoken_abook($uid,$observer_xchan);
- if($y)
- $x = array($y);
-
- if(! $x) {
- // not in address book and no guest token, see if they've got an xchan
-
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
- if($y) {
-
- // This requires an explanation and the effects are subtle.
- // The following line creates a fake connection, and this allows
- // access tokens to have specific permissions even though they are
- // not actual connections.
- // The existence of this fake entry must be checked when dealing
- // with connection related permissions.
-
- $x = array(pseudo_abook($y[0]));
- }
- }
-
- }
$abperms = load_abconfig($uid,$observer_xchan,'my_perms');
}
diff --git a/include/security.php b/include/security.php
index f02fb8023..7f5f3193f 100644
--- a/include/security.php
+++ b/include/security.php
@@ -128,7 +128,7 @@ function atoken_xchan($atoken) {
'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_name' => $atoken['atoken_name'],
'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(),
- 'xchan_network' => 'unknown',
+ 'xchan_network' => 'token',
'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_hidden' => 1,
'xchan_photo_mimetype' => 'image/png',