From a42b23658752709f80da12051b0ee9c11b6a5580 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Fri, 28 Aug 2015 14:21:49 -0700
Subject: more AccessList stuff - this time it's mod-item, which is a biggie

---
 include/photos.php |  2 +-
 mod/item.php       | 91 ++++++++++++------------------------------------------
 2 files changed, 20 insertions(+), 73 deletions(-)

diff --git a/include/photos.php b/include/photos.php
index ac502ed51..b4129fbf1 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -303,7 +303,7 @@ function photo_upload($channel, $observer, $args) {
 		$arr['author_xchan']    = $observer['xchan_hash'];
 		$arr['title']           = $title;
 		$arr['allow_cid']       = $ac['allow_cid'];
-		$arr['allow_gid']       = $ac['allow_gid']
+		$arr['allow_gid']       = $ac['allow_gid'];
 		$arr['deny_cid']        = $ac['deny_cid'];
 		$arr['deny_gid']        = $ac['deny_gid'];
 		$arr['verb']            = ACTIVITY_POST;
diff --git a/mod/item.php b/mod/item.php
index 750512bcf..ec5d1b3a1 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -305,7 +305,7 @@ function item_post(&$a) {
 		}
 	}
 
-	$ACL = new AccessList($channel);
+	$acl = new AccessList($channel);
 
 		
 	$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
@@ -318,28 +318,17 @@ function item_post(&$a) {
 		$private = 0;
 		// webpages are allowed to change ACLs after the fact. Normal conversation items aren't. 
 		if($webpage) {
-			$str_group_allow   = perms2str($_REQUEST['group_allow']); 
-			$str_contact_allow = perms2str($_REQUEST['contact_allow']);
-			$str_group_deny    = perms2str($_REQUEST['group_deny']);
-			$str_contact_deny  = perms2str($_REQUEST['contact_deny']);
+			$acl->set_from_arry($_REQUEST);
 		}
 		else {
-			$str_group_allow   = $orig_post['allow_gid'];
-			$str_contact_allow = $orig_post['allow_cid'];
-			$str_group_deny    = $orig_post['deny_gid'];
-			$str_contact_deny  = $orig_post['deny_cid'];
+			$acl->set($orig_post);
 			$public_policy     = $orig_post['public_policy'];
 			$private           = $orig_post['item_private'];
 		}
 
-		if((strlen($str_group_allow)) 
-			|| strlen($str_contact_allow) 
-			|| strlen($str_group_deny) 
-			|| strlen($str_contact_deny)
-			|| strlen($public_policy)
-			|| $private) {
+		if($private || $public_policy || $acl->is_private())
 			$private = 1;
-		}
+
 
 		$location          = $orig_post['location'];
 		$coord             = $orig_post['coord'];
@@ -383,38 +372,12 @@ function item_post(&$a) {
 
 	}
 	else {
-
-		// if coming from the API and no privacy settings are set, 
-		// use the user default permissions - as they won't have
-		// been supplied via a form.
-
-		if(($api_source) 
-			&& (! array_key_exists('contact_allow',$_REQUEST))
-			&& (! array_key_exists('group_allow',$_REQUEST))
-			&& (! array_key_exists('contact_deny',$_REQUEST))
-			&& (! array_key_exists('group_deny',$_REQUEST))) {
-			$str_group_allow   = $channel['channel_allow_gid'];
-			$str_contact_allow = $channel['channel_allow_cid'];
-			$str_group_deny    = $channel['channel_deny_gid'];
-			$str_contact_deny  = $channel['channel_deny_cid'];
-		}
-		elseif($walltowall) {
-
-			// use the channel owner's default permissions
-
-			$str_group_allow   = $channel['channel_allow_gid'];
-			$str_contact_allow = $channel['channel_allow_cid'];
-			$str_group_deny    = $channel['channel_deny_gid'];
-			$str_contact_deny  = $channel['channel_deny_cid'];
-		}
-		else {
-
-			// use the posted permissions
-
-			$str_group_allow   = perms2str($_REQUEST['group_allow']);
-			$str_contact_allow = perms2str($_REQUEST['contact_allow']);
-			$str_group_deny    = perms2str($_REQUEST['group_deny']);
-			$str_contact_deny  = perms2str($_REQUEST['contact_deny']);
+		if((! $walltowall) && 
+			((array_key_exists('contact_allow',$_REQUEST))
+			|| (array_key_exists('group_allow',$_REQUEST))
+			|| (array_key_exists('contact_deny',$_REQUEST))
+			|| (array_key_exists('group_deny',$_REQUEST)))) {
+			$acl->set_from_array($_REQUEST);
 		}
 
 
@@ -426,33 +389,15 @@ function item_post(&$a) {
 		$body              .= trim($_REQUEST['attachment']);
 		$postopts          = '';
 
-		$private = ( 
-				(  strlen($str_group_allow) 
-				|| strlen($str_contact_allow) 
-				|| strlen($str_group_deny) 
-				|| strlen($str_contact_deny)
-				|| strlen($public_policy)
-		) ? 1 : 0);
+		$private = intval($acl->is_private() || ($public_policy));
 
 		// If this is a comment, set the permissions from the parent.
 
 		if($parent_item) {
 			$private = 0;
-
-			if(($parent_item['item_private']) 
-				|| strlen($parent_item['allow_cid']) 
-				|| strlen($parent_item['allow_gid']) 
-				|| strlen($parent_item['deny_cid']) 
-				|| strlen($parent_item['deny_gid'])
-				|| strlen($parent_item['public_policy'])) {
-				$private = (($parent_item['item_private']) ? $parent_item['item_private'] : 1);
-			}
-
+			$acl->set($parent_item);
+			$private = intval($acl->is_private() || $parent_item['item_private']);
 			$public_policy     = $parent_item['public_policy'];
-			$str_contact_allow = $parent_item['allow_cid'];
-			$str_group_allow   = $parent_item['allow_gid'];
-			$str_contact_deny  = $parent_item['deny_cid'];
-			$str_group_deny    = $parent_item['deny_gid'];
 			$owner_hash        = $parent_item['owner_xchan'];
 		}
 	
@@ -507,6 +452,11 @@ function item_post(&$a) {
 		}
 	}
 
+	$gacl = $acl->get();
+	$str_contact_allow = $gacl['allow_cid'];
+	$str_group_allow   = $gacl['allow_gid'];
+	$str_contact_deny  = $gacl['deny_cid'];
+	$str_group_deny    = $gacl['deny_gid'];
 
 	if($mimetype === 'text/bbcode') {
 
@@ -571,9 +521,6 @@ function item_post(&$a) {
 		$body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','red_zrlify_img_callback',$body);
 
 
-
-
-
 		$body = bb_translate_video($body);
 
 		/**
-- 
cgit v1.2.3