From 401409357238183702c1628a02ccef6cf0394d72 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 17 Sep 2014 17:59:46 -0700
Subject: implement permission roles - the backend should be done except for
 maybe a couple of small tweaks. Now we just need to define the rest of the
 roles and create a chooser for them. Adam started on this some time back but
 I don't know where that has gone.

---
 doc/to_do_code.bb       | 16 +++++++++++++
 include/follow.php      | 13 +++++++++++
 include/identity.php    | 61 ++++++++++++++++++++++++++++++++++++++++++-------
 include/permissions.php | 11 +++++----
 mod/connedit.php        | 22 ++++++++++++++++++
 version.inc             |  2 +-
 view/js/mod_connedit.js | 13 ++++++++---
 7 files changed, 122 insertions(+), 16 deletions(-)

diff --git a/doc/to_do_code.bb b/doc/to_do_code.bb
index 91997a284..0005b4be3 100644
--- a/doc/to_do_code.bb
+++ b/doc/to_do_code.bb
@@ -4,6 +4,8 @@ We need much more than this, but here are areas where developers can help. Pleas
 
 [li]Documentation - see Red Documentation Project To-Do List[/li]
 
+[li]Include TOS link in registration/verification email[/li]
+
 [li]Finish the anti-spam bayesian engine[/li]
 
 [li]If DAV folders exist, add an option to the Settings page to set a default folder for attachment uploads.[/li] 
@@ -38,8 +40,22 @@ We need much more than this, but here are areas where developers can help. Pleas
 
 [li]Uploads - integrate #^[url=https://github.com/blueimp/jQuery-File-Upload]https://github.com/blueimp/jQuery-File-Upload[/url][/li]
 
+[li]Import/export - include items, events, things, etc.[/li]
+
+[li]Import channel from Diaspora/Friendica[/li]
+
+[li]MediaGoblin photo "crosspost" connector[/li]
+
+[li]Create management page/UI for extensible profile fields[/li]
+
+[li]Create interface to include/exclude and re-order standard profile fields[/li]
+
+[li]Provide a mechanism to share page design elements in posts (just like apps)[/li]
+
 [li]App taxonomy[/li]
 
+[li]Customisable App collection pages[/li]
+
 [li]replace the tinymce visual editor and/or make the visual editor pluggable and responsive to different output formats. We probably want library/bbedit for bbcode. This needs a fair bit of work to catch up with our &quot;enhanced bbcode&quot;, but start with images, links, bold and highlight and work from there.[/li]
 
 [li]Photos module - turn photos into normal conversations and fix tagging[/li]
diff --git a/include/follow.php b/include/follow.php
index 18a9e66ea..3c1fcd890 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -63,6 +63,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 
 		$my_perms = PERMS_W_STREAM|PERMS_W_MAIL;
 
+		$role = get_pconfig($uid,'system','permissions_role');
+		if($role) {
+			$x = get_role_perms($role);
+			if($x['perms_follow'])
+				$my_perms = $x['perms_follow'];
+		}
+
 		logger('follow: ' . $url . ' ' . print_r($j,true), LOGGER_DEBUG);
 
 
@@ -153,6 +160,12 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 			$xchan_hash = $r[0]['xchan_hash'];
 			$their_perms = 0;
 			$my_perms = PERMS_W_STREAM|PERMS_W_MAIL;
+			$role = get_pconfig($uid,'system','permissions_role');
+			if($role) {
+				$x = get_role_perms($role);
+				if($x['perms_follow'])
+					$my_perms = $x['perms_follow'];
+			}
 		}
 	}
 
diff --git a/include/identity.php b/include/identity.php
index 2039738e0..38e96ab71 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -215,13 +215,31 @@ function create_identity($arr) {
 	if(array_key_exists('primary', $arr))
 		$primary = intval($arr['primary']);
 
+
 	$perms_sql = '';
 
-	$defperms = site_default_perms();
-	$global_perms = get_perms();
-	foreach($defperms as $p => $v) {
-		$perms_keys .= ', ' . $global_perms[$p][0];
-		$perms_vals .= ', ' . intval($v);
+	$role_permissions = null;
+
+	if(array_key_exists('permissions_role',$arr) && $arr['permissions_role']) {
+		$role_permissions = get_role_perms($arr['permissions_role']);
+		if($role_permissions) {
+			foreach($role_permissions as $p => $v) {
+				if(strpos($p,'channel_') !== false) {
+					$perms_keys .= ', ' . $global_perms[$p][0];
+					$perms_vals .= ', ' . intval($v);
+				}
+				if($p === 'directory_publish')
+					$publish = intval($v);
+			}
+		}
+	}
+	else {
+		$defperms = site_default_perms();
+		$global_perms = get_perms();
+		foreach($defperms as $p => $v) {
+			$perms_keys .= ', ' . $global_perms[$p][0];
+			$perms_vals .= ', ' . intval($v);
+		}
 	}
 
 	$expire = get_config('system', 'default_expire_days');
@@ -322,25 +340,52 @@ function create_identity($arr) {
 		dbesc($a->get_baseurl() . "/photo/profile/m/{$newuid}")
 	);
 
-	$r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_flags )
-		values ( %d, %d, '%s', %d, '%s', '%s', %d ) ",
+	$myperms = 0;
+	if($role_permissions) {
+		$myperms = ((array_key_exists('perms_auto',$role_permissions) && $role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0);
+	}
+
+	$r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_flags, abook_my_perms )
+		values ( %d, %d, '%s', %d, '%s', '%s', %d, %d ) ",
 		intval($ret['channel']['channel_account_id']),
 		intval($newuid),
 		dbesc($hash),
 		intval(0),
 		dbesc(datetime_convert()),
 		dbesc(datetime_convert()),
-		intval(ABOOK_FLAG_SELF)
+		intval(ABOOK_FLAG_SELF),
+		intval($myperms)
 	);
 
 	if(intval($ret['channel']['channel_account_id'])) {
 
+		// Save our permissions role so we can perhaps call it up and modify it later.
+
+		if($role_permissions)
+			set_pconfig($newuid,'system','permissions_role',$arr['permissions_role']);
+
 		// Create a group with no members. This allows somebody to use it 
 		// right away as a default group for new contacts. 
 
 		require_once('include/group.php');
 		group_add($newuid, t('Friends'));
 
+		// if our role_permissions indicate that we're using a default collection ACL, add it.
+
+		if(is_array($role_permissions) && $role_permissions['default_collection']) {
+			$r = q("select hash from groups where uid = %d and name = '%s' limit 1",
+				intval($newuid),
+				dbesc( t('Friends') )
+			);
+			if($r) {
+				q("update channel set channel_allow_gid = '%s' where channel_id = %d limit 1",
+					dbesc('<' . $r[0]['hash'] . '>'),
+					intval($newuid)
+				);
+			}
+		}
+
+
 		call_hooks('register_account', $newuid);
 	
 		proc_run('php','include/directory.php', $ret['channel']['channel_id']);
diff --git a/include/permissions.php b/include/permissions.php
index 8e4676f51..70c682cfc 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -419,11 +419,12 @@ function site_default_perms() {
  * 
  *   Given a string for the channel role ('social','forum', etc)
  * return an array of all permission fields pre-filled for this role.
- * This includes the channel permission scope indicators as well as
- *    perms_auto:   The permissions to apply automatically on receipt of a connection request
+ * This includes the channel permission scope indicators (anything beginning with 'channel_') as well as
+ *    perms_auto:   true or false to create auto-permissions for this channel
  *    perms_follow: The permissions to apply when initiating a connection request to another channel
  *    perms_accept: The permissions to apply when accepting a connection request from another channel (not automatic)
- *
+ *    default_collection: true or false to make the default ACL include the channel's default collection 
+ *    directory_publish: true or false to publish this channel in the directory
  * Any attributes may be extended (new roles defined) and modified (specific permissions altered) by plugins
  *
  */
@@ -436,7 +437,9 @@ function get_role_perms($role) {
 
 	switch($role) {
 		case 'social':
-			$ret['perms_auto'] = 0;
+			$ret['perms_auto'] = false;
+			$ret['default_collection'] = false;
+			$ret['directory_publish'] = true;
 			$ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK
 				|PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT
 				|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
diff --git a/mod/connedit.php b/mod/connedit.php
index b2de42343..7ad719738 100644
--- a/mod/connedit.php
+++ b/mod/connedit.php
@@ -255,6 +255,28 @@ function connedit_content(&$a) {
 		return login();
 	}
 
+	$my_perms = 0;
+	$role = get_pconfig(local_user(),'system','permissions_role');
+	if($role) {
+		$x = get_role_perms($role);
+		if($x['perms_accept'])
+			$my_perms = $x['perms_accept'];
+	}
+	if($my_perms) {
+		$o .= "<script>function connectDefaultShare() {
+		\$('.abook-edit-me').each(function() {
+			if(! $(this).is(':disabled'))
+				$(this).removeAttr('checked');
+		});\n\n";
+		$perms = get_perms();
+		foreach($perms as $p => $v) {
+			if($my_perms & $v[1]) {
+				$o .= "\$('#me_id_perms_" . $p . "').attr('checked','checked'); \n";
+			}
+		}
+		$o .= "abook_perms_msg(); }\n</script>\n";
+	}
+
 	if(argc() == 3) {
 
 		$contact_id = intval(argv(1));
diff --git a/version.inc b/version.inc
index 973190772..1213afd33 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-09-16.800
+2014-09-17.801
diff --git a/view/js/mod_connedit.js b/view/js/mod_connedit.js
index 6231dbd0c..fabf24e95 100644
--- a/view/js/mod_connedit.js
+++ b/view/js/mod_connedit.js
@@ -6,11 +6,18 @@ function abook_perms_msg() {
 }
 
 $(document).ready(function() {
-	if(typeof(after_following) !== 'undefined' && after_following)
-		connectFullShare();
+	if(typeof(after_following) !== 'undefined' && after_following) {
+		if(typeof(connectDefaultShare) !== 'undefined')
+			connectDefaultShare();
+		else
+			connectFullShare();
+	}
 
 	$('#id_pending').click(function() {
-		connectFullShare();
+		if(typeof(connectDefaultShare) !== 'undefined')
+			connectDefaultShare();
+		else
+			connectFullShare();
 	});
 
 	$('.abook-edit-me').click(function() {
-- 
cgit v1.2.3