From bfd3da43ac9226e53188a03ff1414a18422e91b4 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Fri, 17 Dec 2021 19:48:09 +0100
Subject: access token refactor

---
 Zotlabs/Module/Tokens.php | 194 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 155 insertions(+), 39 deletions(-)

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Tokens.php b/Zotlabs/Module/Tokens.php
index 31b219019..632e816ce 100644
--- a/Zotlabs/Module/Tokens.php
+++ b/Zotlabs/Module/Tokens.php
@@ -5,6 +5,11 @@ namespace Zotlabs\Module;
 use App;
 use Zotlabs\Web\Controller;
 use Zotlabs\Lib\Apps;
+use Zotlabs\Lib\AccessList;
+use Zotlabs\Lib\Permcat;
+use Zotlabs\Lib\Libsync;
+
+require_once('include/security.php');
 
 class Tokens extends Controller {
 
@@ -13,15 +18,20 @@ class Tokens extends Controller {
 		if(! local_channel())
 			return;
 
-		if(! Apps::system_app_installed(local_channel(), 'Guest Access'))
-			return;
-
 		$channel = App::get_channel();
 
+		if(! Apps::system_app_installed($channel['channel_id'], 'Guest Access'))
+			return;
+
 		check_form_security_token_redirectOnErr('tokens', 'tokens');
 		$token_errs = 0;
 		if(array_key_exists('token',$_POST)) {
 			$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
+
+			if (! $atoken_id) {
+				$atoken_guid = new_uuid();
+			}
+
 			$name = trim(escape_tags($_POST['name']));
 			$token = trim($_POST['token']);
 			if((! $name) || (! $token))
@@ -30,10 +40,10 @@ class Tokens extends Controller {
 				$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
 			else
 				$expires = NULL_DATE;
-			$max_atokens = service_class_fetch(local_channel(),'access_tokens');
+			$max_atokens = service_class_fetch($channel['channel_id'],'access_tokens');
 			if($max_atokens) {
 				$r = q("select count(atoken_id) as total where atoken_uid = %d",
-					intval(local_channel())
+					intval($channel['channel_id'])
 				);
 				if($r && intval($r[0]['total']) >= $max_tokens) {
 					notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL);
@@ -45,6 +55,17 @@ class Tokens extends Controller {
 			notice( t('Name and Password are required.') . EOL);
 			return;
 		}
+
+		$old_atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+			intval($channel['channel_id']),
+			dbesc($name)
+		);
+
+		if ($old_atok) {
+			$old_atok = $old_atok[0];
+			$old_xchan = atoken_xchan($old_atok);
+		}
+
 		if($atoken_id) {
 			$r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s'
 				where atoken_id = %d and atoken_uid = %d",
@@ -56,8 +77,9 @@ class Tokens extends Controller {
 			);
 		}
 		else {
-			$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
-				values ( %d, %d, '%s', '%s', '%s' ) ",
+			$r = q("insert into atoken (atoken_guid, atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
+				values ('%s', %d, %d, '%s', '%s', '%s' ) ",
+				dbesc($atoken_guid),
 				intval($channel['channel_account_id']),
 				intval($channel['channel_id']),
 				dbesc($name),
@@ -66,21 +88,85 @@ class Tokens extends Controller {
 			);
 		}
 
-		$atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $name;
+		$atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+			intval($channel['channel_id']),
+			dbesc($name)
+		);
 
-		$all_perms = \Zotlabs\Access\Permissions::Perms();
+		if ($atok) {
+			$xchan = atoken_xchan($atok[0]);
+			atoken_create_xchan($xchan);
+			$atoken_xchan = $xchan['xchan_hash'];
+			if ($old_atok && $old_xchan) {
+				$r = q("update xchan set xchan_name = '%s' where xchan_hash = '%s'",
+					dbesc($xchan['xchan_name']),
+					dbesc($old_xchan['xchan_hash'])
+				);
+			}
+		}
 
-		if($all_perms) {
-			foreach($all_perms as $perm => $desc) {
-				if(array_key_exists('perms_' . $perm, $_POST)) {
-					set_abconfig($channel['channel_id'],$atoken_xchan,'my_perms',$perm,intval($_POST['perms_' . $perm]));
-				}
-				else {
-					set_abconfig($channel['channel_id'],$atoken_xchan,'my_perms',$perm,0);
+
+		if (! $atoken_id) {
+
+			// If this is a new token, create a new abook record
+
+			$closeness = get_pconfig($uid,'system','new_abook_closeness',80);
+			$profile_assign = get_pconfig($uid,'system','profile_assign','');
+
+			$r = abook_store_lowlevel(
+				[
+					'abook_account'   => $channel['channel_account_id'],
+					'abook_channel'   => $channel['channel_id'],
+					'abook_closeness' => intval($closeness),
+					'abook_xchan'     => $atoken_xchan,
+					'abook_profile'   => $profile_assign,
+					'abook_feed'      => 0,
+					'abook_created'   => datetime_convert(),
+					'abook_updated'   => datetime_convert(),
+					'abook_instance'  => z_root(),
+				]
+			);
+
+			if (! $r) {
+				logger('abook creation failed');
+			}
+
+			/** If there is a default group for this channel, add this connection to it */
+
+			if ($channel['channel_default_group']) {
+				$g = AccessList::by_hash($uid,$channel['channel_default_group']);
+				if ($g) {
+					AccessList::member_add($uid,'',$atoken_xchan,$g['id']);
 				}
 			}
 		}
 
+		$role = ((array_key_exists('permcat', $_POST)) ? escape_tags($_POST['permcat']) : '');
+		\Zotlabs\Lib\Permcat::assign($channel, $role, [$atoken_xchan]);
+
+		$r = q("SELECT abook.*, xchan.*
+			FROM abook left join xchan on abook_xchan = xchan_hash
+			WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
+			intval($channel['chnnel_id']),
+			dbesc($atoken_xchan)
+		);
+
+		if (! $r) {
+			return;
+		}
+
+		$clone = $r[0];
+
+		unset($clone['abook_id']);
+		unset($clone['abook_account']);
+		unset($clone['abook_channel']);
+
+		$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
+		if ($abconfig) {
+			$clone['abconfig'] = $abconfig;
+		}
+
+		Libsync::build_sync_packet($channel['channel_id'], [ 'abook' => [ $clone ], 'atoken' => $atok ], true);
 
 		info( t('Token saved.') . EOL);
 		return;
@@ -103,6 +189,7 @@ class Tokens extends Controller {
 
 		$atoken = null;
 		$atoken_xchan = '';
+		$atoken_abook = [];
 
 		if(argc() > 1) {
 			$id = argv(1);
@@ -114,13 +201,47 @@ class Tokens extends Controller {
 
 			if($atoken) {
 				$atoken = $atoken[0];
-				$atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $atoken['atoken_name'];
+				$atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $atoken['atoken_guid'];
+
+				$atoken_abook = q("select * from abook where abook_channel = %d and abook_xchan = '%s'",
+					intval(local_channel()),
+					dbesc($atoken_xchan)
+				);
+
+				$atoken_abook = $atoken_abook[0];
 			}
 
 			if($atoken && argc() > 2 && argv(2) === 'drop') {
+				$atoken['deleted'] = true;
+
+				$r = q("SELECT abook.*, xchan.*
+					FROM abook left join xchan on abook_xchan = xchan_hash
+					WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
+					intval($channel['chnnel_id']),
+					dbesc($atoken_xchan)
+				);
+				if (! $r) {
+					return;
+				}
+
+				$clone = $r[0];
+
+				unset($clone['abook_id']);
+				unset($clone['abook_account']);
+				unset($clone['abook_channel']);
+				$clone['deleted'] = true;
+
+				$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
+				if ($abconfig) {
+					$clone['abconfig'] = $abconfig;
+				}
+
 				atoken_delete($id);
+				Libsync::build_sync_packet($channel['channel_id'], [ 'abook' => [ $clone ], 'atoken' => [ $atoken ] ], true);
+
 				$atoken = null;
 				$atoken_xchan = '';
+				$atoken_abook = null;
 			}
 		}
 
@@ -132,39 +253,34 @@ class Tokens extends Controller {
 
 		$desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');
 
-		$global_perms = \Zotlabs\Access\Permissions::Perms();
-		$their_perms = [];
 
-		$existing = get_all_perms(local_channel(),(($atoken_xchan) ? $atoken_xchan : ''),false);
+		//TODO: assign role
+		$pcat            = new Permcat(local_channel());
+		$pcatlist        = $pcat->listing();
+		$default_role    = get_pconfig(local_channel(), 'system', 'default_permcat');
+		$current_permcat = (($atoken_abook) ? $atoken_abook['abook_role'] : $default_role);
 
-		if($atoken_xchan) {
-			$theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'",
-				intval(local_channel()),
-				dbesc($atoken_xchan)
-			);
-			if($theirs) {
-				foreach($theirs as $t) {
-					$their_perms[$t['k']] = $t['v'];
-				}
-			}
+		$roles_dict = [];
+		foreach ($pcatlist as $role) {
+			$roles_dict[$role['name']] = $role['localname'];
 		}
-		foreach($global_perms as $k => $v) {
-			$thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
-//fixme
-
-			$checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
 
-			if($existing[$k])
-				$thisperm = "1";
 
-			$perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
+		if (!$current_permcat) {
+			notice(t('Please select a role for this contact!') . EOL);
+			$permcats[] = '';
 		}
 
-
+		if ($pcatlist) {
+			foreach ($pcatlist as $pc) {
+				$permcats[$pc['name']] = $pc['localname'];
+			}
+		}
 
 		$tpl = get_markup_template("tokens.tpl");
 		$o .= replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("tokens"),
+			'$permcat' => ['permcat', t('Select a role for this token'), $current_permcat, '', $permcats],
 			'$title'	=> t('Guest Access Tokens'),
 			'$desc'     => $desc,
 			'$desc2' => $desc2,
-- 
cgit v1.2.3