| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
to view_storage and write_storage
|
| | |
|
| |
|
|
| |
Currently 'all' permissions are applied to OAuth clients which gives them the same rights as the channel owner and full access to API functions as the channel owner. However, individual permissions can now be created. These mirror the permission names from the normal permission table (although it isn't required that they do so). Lack of an xp_perm entry for the specified permission and lack of an 'all' override indicates permission denied.
|
| |
|
|
| |
nothing that's "only yourself", and let's you add additional permissions at will rather than be forced to accept the defaults or turn on custom permissions just to give a friend delegation rights or the ability to post photos.
|
| |
|
|
|
|
|
| |
Fixed wrong Doxygen syntax and add some of the available FIXME to
Doxygen documentation.
Updated Doxygen configuration to add also all capital letter tags.
Adding some more Doxygen documentation.
|
| |
|
|
| |
easily manually settable from the connections edit page.
|
| | |
|
| |
|
|
| |
individual connections can be revoked instead of this being inherited and un-changeable
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
boot.php
include/dba/dba_driver.php
include/diaspora.php
include/follow.php
include/session.php
include/zot.php
mod/photos.php
mod/ping.php
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
|
| |
|
|
| |
default for the custom role.
|
| |
|
|
| |
permissions items accordingly.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
and adjustment.
social
social_restricted
social_private
forum
forum_restricted
forum_private
feed
feed_restricted
soapbox
|
| |
|
|
| |
couple of small tweaks. Now we just need to define the rest of the roles and create a chooser for them. Adam started on this some time back but I don't know where that has gone.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
bookmark permission), also remove the unused 'unconnected contacts' view for now.
|
| |
|
|
| |
have everything related to allowing or denying something in one place. Currently this check is done separately in a huge number of places. Now we can start to remove all the extra checks. A couple of them are still necessary, but most are now redundant.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this a user can allow some action to any user which connects
to them, even before they've connected back.
Ref.
https://mobiliza.org.br/display/478d9e71eaf55748dc646d3990651d6d34cfb7db5c38360538ec730ca3ccf908@zothub.com
Also some code cleanup and an alternative logic for handling
notifications of permission changes in zot.php.
This assumes that private posts are still restricted to people in
your addressbook. Regardless of your global permissions, a
pending channel won't get private posts, even if the post
only has a deny clause not matching the pending channel.
|
| |
|
|
| |
clutter. Bookmarks can always be saved manually if desired.
|
| |
|
|
| |
non-connected channels.
|
| |
|
|
| |
able to successfully authenticate (but is not necessarily in this network).
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
stored files
|
| |
|
|
| |
permission settings, such as "allow anybody in network to do xyz". If they're blocked they can't do it.
|
