From 1fb37f93ccf4739a6f92f3f36c1ee4ec8ef66a07 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 9 Feb 2017 19:52:13 -0800 Subject: more permissions optimisations --- README.md | 2 +- Zotlabs/Access/Permissions.php | 4 +++ Zotlabs/Lib/Permcat.php | 52 ++++++++++++++++++++++++++++--------- Zotlabs/Module/Connedit.php | 19 +++++--------- Zotlabs/Module/Settings/Channel.php | 20 +++++++------- doc/README.md | 2 +- 6 files changed, 63 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 61a8e5532..54f80bebe 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Hubzilla - Community Server Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online. -Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework. +Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework - and it is all decentralised. Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - even with channels on different servers or other communications services. diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index 52526d020..d51e4d0ea 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -94,6 +94,10 @@ class Permissions { // Undeclared permissions are set to 0 static public function FilledPerms($arr) { + if(is_null($arr)) { + btlogger('FilledPerms: null'); + } + $everything = self::Perms(); $ret = []; foreach($everything as $k => $v) { diff --git a/Zotlabs/Lib/Permcat.php b/Zotlabs/Lib/Permcat.php index 7988aff97..505ee2cfc 100644 --- a/Zotlabs/Lib/Permcat.php +++ b/Zotlabs/Lib/Permcat.php @@ -10,24 +10,52 @@ class Permcat { public function __construct($channel_id) { - $name = 'default'; - $localname = t('default','permcat'); - - $perms = Zaccess\Permissions::FilledAutoPerms($channel_id); - if(! $perms) { - $role = get_pconfig($channel_id,'system','permissions_role'); - if($role) { - $x = Zaccess\PermissionRoles::role_perms($role); + $perms = []; + + // first check role perms for a perms_connect setting + + $role = get_pconfig($channel_id,'system','permissions_role'); + if($role) { + $x = Zaccess\PermissionRoles::role_perms($role); + if($x['perms_connect']) { $perms = Zaccess\Permissions::FilledPerms($x['perms_connect']); } - if(! $perms) { - $perms = Zaccess\Permissions::FilledPerms([]); + } + + // if no role perms it may be a custom role, see if there any autoperms + + if(! $perms) { + $perms = Zaccess\Permissions::FilledAutoPerms($channel_id); + } + + // if no autoperms it may be a custom role with manual perms + + if(! $perms) { + $r = q("select channel_hash from channel where channel_id = %d", + intval($channel_id) + ); + if($r) { + $x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'", + intval($channel_id), + dbesc($r[0]['channel_hash']) + ); + if($x) { + foreach($x as $xv) { + $perms[$xv['k']] = intval($xv['v']); + } + } } } + // nothing was found - create a filled permission array where all permissions are 0 + + if(! $perms) { + $perms = Zaccess\Permissions::FilledPerms([]); + } + $this->permcats[] = [ - 'name' => $name, - 'localname' => $localname, + 'name' => 'default', + 'localname' => t('default','permcat'), 'perms' => Zaccess\Permissions::Operms($perms), 'system' => 1 ]; diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index ccaf5cd5b..d8422266c 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -212,6 +212,7 @@ class Connedit extends \Zotlabs\Web\Controller { } if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) { + $new_friend = true; // @fixme it won't be common, but when you accept a new connection request @@ -221,21 +222,13 @@ class Connedit extends \Zotlabs\Web\Controller { // request. The workaround is to approve the connection, then go back and // adjust permissions as desired. - $abook_my_perms = get_channel_default_perms(local_channel()); - - $role = get_pconfig(local_channel(),'system','permissions_role'); - if($role) { - $x = \Zotlabs\Access\PermissionRoles::role_perms($role); - if($x['perms_connect']) { - $abook_my_perms = $x['perms_connect']; + $p = \Zotlabs\Access\Permissions::connect_perms(local_channel()); + $my_perms = $p['perms']; + if($my_perms) { + foreach($my_perms as $k => $v) { + set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v); } } - - $filled_perms = \Zotlabs\Access\Permissions::FilledPerms($abook_my_perms); - foreach($filled_perms as $k => $v) { - set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v); - } - } $abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']); diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index a89d83544..9ea459dab 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -88,15 +88,17 @@ class Channel { intval(local_channel()) ); } - - $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']); - foreach($x as $k => $v) { - set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k, $v); - if($role_permissions['perms_auto']) { - set_pconfig(local_channel(),'autoperms',$k,$v); - } - else { - del_pconfig(local_channel(),'autoperms',$k); + + if($role_permissions['perms_connect']) { + $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']); + foreach($x as $k => $v) { + set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k, $v); + if($role_permissions['perms_auto']) { + set_pconfig(local_channel(),'autoperms',$k,$v); + } + else { + del_pconfig(local_channel(),'autoperms',$k); + } } } diff --git a/doc/README.md b/doc/README.md index 61a8e5532..54f80bebe 100644 --- a/doc/README.md +++ b/doc/README.md @@ -12,7 +12,7 @@ Hubzilla - Community Server Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online. -Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework. +Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework - and it is all decentralised. Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - even with channels on different servers or other communications services. -- cgit v1.2.3