From d566ffa678dc9f035a022304a82560b19495a838 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Mon, 4 Jul 2016 17:55:13 -0700
Subject: more heavy lifting on extensible perms

---
 Zotlabs/Access/Permissions.php | 14 ++++++++++++++
 Zotlabs/Module/Connedit.php    | 11 ++++++++---
 include/permissions.php        | 29 ++++++++++++++++-------------
 3 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
index bbf14d7dc..520957638 100644
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -34,6 +34,20 @@ class Permissions {
 
 	}
 
+	static public function BlockedAnonPerms() {
+
+		// Perms from the above list that are blocked from anonymous observers.
+		// e.g. you must be authenticated.
+
+		$perms = [ 'send_stream', 'write_pages', 'post_wall', 'write_storage', 'post_comments', 'post_mail', 'post_like', 'tag_deliver', 'chat', 'republish', 'delegate' ];
+
+		$x = array('permissions' => $perms);
+		call_hooks('write_perms',$x);
+		return($x['permissions']);
+
+	}
+
+
 	static public function OwnerLimitSet($channel_id,$permission,$limit) {
 		return Zlib\PConfig::Set($channel_id,'perms',$permission,$limit);
 	}
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 7db4950b1..4469330e8 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -131,6 +131,8 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 		foreach($_POST as $k => $v) {
 			if(strpos($k,'perms_') === 0) {
+				$perm = substr($k,6);
+				set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,(($v) ? 1 : 0));				
 				$abook_my_perms += $v;
 			}
 		}
@@ -654,7 +656,8 @@ class Connedit extends \Zotlabs\Web\Controller {
 			$perms = array();
 			$channel = \App::get_channel();
 	
-			$global_perms = get_perms();
+			$global_perms = \Zotlabs\Access\Permissions::Perms();
+
 			$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
 	
 			$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes')));
@@ -671,8 +674,10 @@ class Connedit extends \Zotlabs\Web\Controller {
 				$affinity = t('Set Affinity & Profile');
 	
 			foreach($global_perms as $k => $v) {
-				$thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : '');
-				$checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : '');
+				$thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
+//fixme
+				
+				$checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
 	
 				// For auto permissions (when $self is true) we don't want to look at existing
 				// permissions because they are enabled for the channel owner
diff --git a/include/permissions.php b/include/permissions.php
index 19242d29f..b4ecb1014 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 	if($api)
 		return get_all_api_perms($uid,$api);	
 
-	$global_perms = get_perms();
+	$global_perms = \Zotlabs\Access\Permissions::Perms();
 
 	// Save lots of individual lookups
 
@@ -85,7 +85,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
 		// First find out what the channel owner declared permissions to be.
 
-		$channel_perm = $permission[0];
+		$channel_perm = \ZotlabAccess\PermissionLimits::Get($uid,$perm_name);
 
 		if(! $channel_checked) {
 			$r = q("select * from channel where channel_id = %d limit 1",
@@ -105,7 +105,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 		// These take priority over all other settings.
 
 		if($observer_xchan) {
-			if($r[0][$channel_perm] & PERMS_AUTHED) {
+			if($channel_perm & PERMS_AUTHED) {
 				$ret[$perm_name] = true;
 				continue;
 			}
@@ -122,7 +122,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 						dbesc($observer_xchan)
 					);
 				}
-
+				$abperms = load_abconfig($uid,$observer_xchan);
 				$abook_checked = true;
 			}
 
@@ -136,7 +136,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 			// Check if this is a write permission and they are being ignored
 			// This flag is only visible internally.
 
-			if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) {
+			$blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms();
+
+
+			if(($x) && ($internal_use) && (in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
 				$ret[$perm_name] = false;
 				continue;
 			}
@@ -154,7 +157,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 		// if you've moved elsewhere, you will only have read only access
 
 		if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) {
-			if($r[0]['channel_moved'] && (! $permission[2]))
+			if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms)))
 				$ret[$perm_name] = false;
 			else
 				$ret[$perm_name] = true;
@@ -163,7 +166,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
 		// Anybody at all (that wasn't blocked or ignored). They have permission.
 
-		if($r[0][$channel_perm] & PERMS_PUBLIC) {
+		if($channel_perm & PERMS_PUBLIC) {
 			$ret[$perm_name] = true;
 			continue;
 		}
@@ -178,7 +181,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
 		// If we're still here, we have an observer, check the network.
 
-		if($r[0][$channel_perm] & PERMS_NETWORK) {
+		if($channel_perm & PERMS_NETWORK) {
 			if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) {
 				$ret[$perm_name] = true;
 				continue;
@@ -187,7 +190,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
 		// If PERMS_SITE is specified, find out if they've got an account on this hub
 
-		if($r[0][$channel_perm] & PERMS_SITE) {
+		if($channel_perm & PERMS_SITE) {
 			if(! $onsite_checked) {
 				$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
 					dbesc($observer_xchan)
@@ -214,7 +217,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
 		// They are in your address book, but haven't been approved
 
-		if($r[0][$channel_perm] & PERMS_PENDING) {
+		if($channel_perm & PERMS_PENDING) {
 			$ret[$perm_name] = true;
 			continue;
 		}
@@ -226,15 +229,15 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
 		// They're a contact, so they have permission
 
-		if($r[0][$channel_perm] & PERMS_CONTACTS) {
+		if($channel_perm & PERMS_CONTACTS) {
 			$ret[$perm_name] = true;
 			continue;
 		}
 
 		// Permission granted to certain channels. Let's see if the observer is one of them
 
-		if($r[0][$channel_perm] & PERMS_SPECIFIC) {
-			if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
+		if($channel_perm & PERMS_SPECIFIC) {
+			if(array_key_exists('my_perms',$abperms) && array_key_exists($perm_name,$abperms['my_perms']) && $abperms['my_perms'][$perm_name]) {
 				$ret[$perm_name] = true;
 				continue;
 			}
-- 
cgit v1.2.3