From f8c33243bf0440c6ddab63dbf3a755e4d506122b Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 9 Dec 2012 18:07:36 -0800 Subject: start to whip the permissions into shape, also got rid of the mce drop shadow until we can figure out how to do it without the ugly black bars. I tend to prefer "outy" shadows over "inny" shadows anyway, but maybe that's just me. --- include/ConversationObject.php | 7 +++-- include/conversation.php | 14 ++------- include/security.php | 66 --------------------------------------- mod/channel.php | 64 ++++++++++--------------------------- mod/photos.php | 11 ++++--- mod/subthread.php | 6 ++-- view/theme/redbasic/css/style.css | 12 +++++-- view/tpl/head.tpl | 2 +- 8 files changed, 45 insertions(+), 137 deletions(-) diff --git a/include/ConversationObject.php b/include/ConversationObject.php index 6448cd632..033ce7f76 100644 --- a/include/ConversationObject.php +++ b/include/ConversationObject.php @@ -33,6 +33,9 @@ class Conversation extends BaseObject { $a = $this->get_app(); + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + switch($mode) { case 'network': $this->profile_owner = local_user(); @@ -40,11 +43,11 @@ class Conversation extends BaseObject { break; case 'channel': $this->profile_owner = $a->profile['profile_uid']; - $this->writable = can_write_wall($a,$this->profile_owner); + $this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'); break; case 'display': $this->profile_owner = $a->profile['uid']; - $this->writable = can_write_wall($a,$this->profile_owner); + $this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'); break; default: logger('[ERROR] Conversation::set_mode : Unhandled mode ('. $mode .').', LOGGER_DEBUG); diff --git a/include/conversation.php b/include/conversation.php index 2eabbcb0c..ef0781b09 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -406,7 +406,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { elseif($mode === 'channel') { $profile_owner = $a->profile['profile_uid']; - $page_writeable = can_write_wall($a,$profile_owner); + $page_writeable = ($profile_owner == local_user()); if(!$update) { $tab = notags(trim($_GET['tab'])); @@ -427,22 +427,12 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { elseif($mode === 'display') { $profile_owner = $a->profile['uid']; - $page_writeable = can_write_wall($a,$profile_owner); + $page_writeable = ($profile_owner == local_user()); $live_update_div = '
' . "\r\n"; } - elseif($mode === 'community') { - $profile_owner = 0; - $page_writeable = false; - - if(!$update) { - $live_update_div = '
' . "\r\n" - . "\r\n"; - - } - } else if($mode === 'search') { $live_update_div = '' . "\r\n"; } diff --git a/include/security.php b/include/security.php index dfe646b8d..c47ab1524 100644 --- a/include/security.php +++ b/include/security.php @@ -135,72 +135,6 @@ function authenticate_success($user_record, $login_initial = false, $interactive } - -function can_write_wall(&$a,$owner) { - - static $verified = 0; - - if((! (local_user())) && (! (remote_user()))) - return false; - - $uid = local_user(); - - if(($uid) && ($uid == $owner)) { - return true; - } - - if(remote_user()) { - - // use remembered decision and avoid a DB lookup for each and every display item - // DO NOT use this function if there are going to be multiple owners - - // We have a contact-id for an authenticated remote user, this block determines if the contact - // belongs to this page owner, and has the necessary permissions to post content - - if($verified === 2) - return true; - elseif($verified === 1) - return false; - else { - $cid = 0; - - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $visitor) { - if($visitor['uid'] == $owner) { - $cid = $visitor['cid']; - break; - } - } - } - - if(! $cid) - return false; - - - $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` - WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", - intval($owner), - intval($cid), - intval(CONTACT_IS_SHARING), - intval(CONTACT_IS_FRIEND), - intval(PAGE_COMMUNITY) - ); - - if(count($r)) { - $verified = 2; - return true; - } - else { - $verified = 1; - } - } - } - - return false; -} - - function change_channel($change_channel) { $ret = false; diff --git a/mod/channel.php b/mod/channel.php index de5df649e..affef9613 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -53,6 +53,7 @@ function channel_content(&$a, $update = 0) { } } + if(get_config('system','block_public') && (! get_account_id()) && (! remote_user())) { return login(); } @@ -64,9 +65,12 @@ function channel_content(&$a, $update = 0) { require_once('include/conversation.php'); require_once('include/acl_selectors.php'); require_once('include/items.php'); + require_once('include/permissions.php'); + $groups = array(); + $tab = 'posts'; $o = ''; @@ -80,47 +84,17 @@ function channel_content(&$a, $update = 0) { } } + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $contact = null; - $remote_contact = false; - - $contact_id = 0; - - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $a->profile['profile_uid']) { - $contact_id = $v['cid']; - break; - } - } - } - - if($contact_id) { - $groups = init_groups_visitor($contact_id); - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($a->profile['profile_uid']) - ); - if(count($r)) { - $contact = $r[0]; - $remote_contact = true; - } - } - - if(! $remote_contact) { - if(local_user()) { - $contact_id = $_SESSION['cid']; - $contact = $a->contact; - } - } - - $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false); + $perms = get_all_perms($a->profile['profile_uid'],$ob_hash); - if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) { - notice( t('Access to this profile has been restricted.') . EOL); + if(! $perms['view_stream']) { + notice( t('Permission denied.') . EOL); return; } + if(! $update) { @@ -129,22 +103,17 @@ function channel_content(&$a, $update = 0) { $o .= common_friends_visitor_widget($a->profile['profile_uid']); - $commpage = (($a->profile['page-flags'] == PAGE_COMMUNITY) ? true : false); - $commvisitor = (($commpage && $remote_contact == true) ? true : false); - - $celeb = ((($a->profile['page-flags'] == PAGE_SOAPBOX) || ($a->profile['page-flags'] == PAGE_COMMUNITY)) ? true : false); - - if(can_write_wall($a,$a->profile['profile_uid'])) { + if($perms['post_wall']) { $x = array( 'is_owner' => $is_owner, - 'allow_location' => ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? true : false), + 'allow_location' => ((($is_owner || $observer) && $a->profile['allow_location']) ? true : false), 'default_location' => (($is_owner) ? $a->user['default-location'] : ''), 'nickname' => $a->profile['channel_address'], 'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel, $celeb) : ''), + 'acl' => (($is_owner) ? populate_acl($channel, false) : ''), 'bang' => '', - 'visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'), + 'visitor' => (($is_owner || $observer) ? 'block' : 'none'), 'profile_uid' => $a->profile['profile_uid'] ); @@ -158,6 +127,7 @@ function channel_content(&$a, $update = 0) { * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ +// fixme $sql_extra = item_permissions_sql($a->profile['profile_uid'],$remote_contact,$groups); @@ -211,7 +181,7 @@ function channel_content(&$a, $update = 0) { } - if($r && count($r)) { + if($r) { $parents_str = ids_to_querystr($r,'item_id'); @@ -233,7 +203,7 @@ function channel_content(&$a, $update = 0) { } - if((! $update) && ($tab === 'posts')) { + if(! $update) { // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. diff --git a/mod/photos.php b/mod/photos.php index c98655df3..ee0a930fd 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -25,6 +25,9 @@ function photos_init(&$a) { $a->data['channel'] = $r[0]; + $observer = $a->get_observer(); + $a->data['perms'] = get_all_perms($r[0]['channel_id'],(($observer) ? $observer['xchan_hash'] : '')); + $o .= '
'; $o .= '
' . $a->data['channel']['channel_name'] . '
'; $o .= '
' . $a->data['channel']['channel_name'] . '
'; @@ -1394,7 +1397,7 @@ function photos_content(&$a) { $likebuttons = ''; - if($can_post || can_write_wall($a,$owner_uid)) { + if($can_post || $a->data['perms']['post_comments']) { $likebuttons = replace_macros($like_tpl,array( '$id' => $link_item['id'], '$likethis' => t("I like this \x28toggle\x29"), @@ -1406,7 +1409,7 @@ function photos_content(&$a) { $comments = ''; if(! count($r)) { - if($can_post || can_write_wall($a,$owner_uid)) { + if($can_post || $a->data['perms']['post_comments']) { $comments .= replace_macros($cmnt_tpl,array( '$return_path' => '', '$jsreload' => $return_url, @@ -1444,7 +1447,7 @@ function photos_content(&$a) { - if($can_post || can_write_wall($a,$owner_uid)) { + if($can_post || $a->data['perms']['post_comments']) { $comments .= replace_macros($cmnt_tpl,array( '$return_path' => '', '$jsreload' => $return_url, @@ -1471,7 +1474,7 @@ function photos_content(&$a) { $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ; - if($can_post || can_write_wall($a,$owner_uid)) { + if($can_post || $a->data['perms']['post_comments']) { $comments .= replace_macros($cmnt_tpl,array( '$return_path' => '', '$jsreload' => $return_url, diff --git a/mod/subthread.php b/mod/subthread.php index 7ad7dfd6b..f8918e25d 100755 --- a/mod/subthread.php +++ b/mod/subthread.php @@ -28,10 +28,12 @@ function subthread_content(&$a) { $item = $r[0]; $owner_uid = $item['uid']; + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - if(! can_write_wall($a,$owner_uid)) { + if(! perm_is_allowed($owner_uid,$ob_hash,'post_comments')) return; - } + $remote_owner = null; diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css index d040565a7..f355471b9 100644 --- a/view/theme/redbasic/css/style.css +++ b/view/theme/redbasic/css/style.css @@ -1719,21 +1719,27 @@ width: 90%; /* TinyMCE */ DIV#profile-jot-text_toolbargroup{ -background: #333; +background: #FFF; border: 1px #111; -box-shadow: 5px 5px 5px #000 inset; +/*box-shadow: 5px 5px 5px #000 inset;*/ } - +/* #profile-jot-text_parent, .mceLayout { border-radius: 5px; -moz-border-radius: 5px; box-shadow: 4px 4px 3px 0 #444444; } +*/ + iframe#profile-jot-text_ifr { width: 100% !important; height: 100% !important; +box-shadow: 5px 5px 5px #000 inset !important;} + +tr.mceLast { + } /* Not MCE */ diff --git a/view/tpl/head.tpl b/view/tpl/head.tpl index c12871924..9c0e6b09a 100644 --- a/view/tpl/head.tpl +++ b/view/tpl/head.tpl @@ -12,7 +12,7 @@ $js_strings $head_js - +