aboutsummaryrefslogtreecommitdiffstats
path: root/mod/channel.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/channel.php')
-rw-r--r--mod/channel.php64
1 files changed, 17 insertions, 47 deletions
diff --git a/mod/channel.php b/mod/channel.php
index de5df649e..affef9613 100644
--- a/mod/channel.php
+++ b/mod/channel.php
@@ -53,6 +53,7 @@ function channel_content(&$a, $update = 0) {
}
}
+
if(get_config('system','block_public') && (! get_account_id()) && (! remote_user())) {
return login();
}
@@ -64,9 +65,12 @@ function channel_content(&$a, $update = 0) {
require_once('include/conversation.php');
require_once('include/acl_selectors.php');
require_once('include/items.php');
+ require_once('include/permissions.php');
+
$groups = array();
+
$tab = 'posts';
$o = '';
@@ -80,47 +84,17 @@ function channel_content(&$a, $update = 0) {
}
}
+ $observer = $a->get_observer();
+ $ob_hash = (($observer) ? $observer['xchan_hash'] : '');
- $contact = null;
- $remote_contact = false;
-
- $contact_id = 0;
-
- if(is_array($_SESSION['remote'])) {
- foreach($_SESSION['remote'] as $v) {
- if($v['uid'] == $a->profile['profile_uid']) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if($contact_id) {
- $groups = init_groups_visitor($contact_id);
- $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($a->profile['profile_uid'])
- );
- if(count($r)) {
- $contact = $r[0];
- $remote_contact = true;
- }
- }
-
- if(! $remote_contact) {
- if(local_user()) {
- $contact_id = $_SESSION['cid'];
- $contact = $a->contact;
- }
- }
-
- $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
+ $perms = get_all_perms($a->profile['profile_uid'],$ob_hash);
- if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
- notice( t('Access to this profile has been restricted.') . EOL);
+ if(! $perms['view_stream']) {
+ notice( t('Permission denied.') . EOL);
return;
}
+
if(! $update) {
@@ -129,22 +103,17 @@ function channel_content(&$a, $update = 0) {
$o .= common_friends_visitor_widget($a->profile['profile_uid']);
- $commpage = (($a->profile['page-flags'] == PAGE_COMMUNITY) ? true : false);
- $commvisitor = (($commpage && $remote_contact == true) ? true : false);
-
- $celeb = ((($a->profile['page-flags'] == PAGE_SOAPBOX) || ($a->profile['page-flags'] == PAGE_COMMUNITY)) ? true : false);
-
- if(can_write_wall($a,$a->profile['profile_uid'])) {
+ if($perms['post_wall']) {
$x = array(
'is_owner' => $is_owner,
- 'allow_location' => ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? true : false),
+ 'allow_location' => ((($is_owner || $observer) && $a->profile['allow_location']) ? true : false),
'default_location' => (($is_owner) ? $a->user['default-location'] : ''),
'nickname' => $a->profile['channel_address'],
'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
- 'acl' => (($is_owner) ? populate_acl($channel, $celeb) : ''),
+ 'acl' => (($is_owner) ? populate_acl($channel, false) : ''),
'bang' => '',
- 'visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'),
+ 'visitor' => (($is_owner || $observer) ? 'block' : 'none'),
'profile_uid' => $a->profile['profile_uid']
);
@@ -158,6 +127,7 @@ function channel_content(&$a, $update = 0) {
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
+// fixme
$sql_extra = item_permissions_sql($a->profile['profile_uid'],$remote_contact,$groups);
@@ -211,7 +181,7 @@ function channel_content(&$a, $update = 0) {
}
- if($r && count($r)) {
+ if($r) {
$parents_str = ids_to_querystr($r,'item_id');
@@ -233,7 +203,7 @@ function channel_content(&$a, $update = 0) {
}
- if((! $update) && ($tab === 'posts')) {
+ if(! $update) {
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.