From d5d5d78e3aded9a3238ccb7e93b4c6fd4b873331 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 9 Jun 2016 16:16:56 -0700 Subject: initial perms work --- Zotlabs/Access/Permissions.php | 81 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 Zotlabs/Access/Permissions.php (limited to 'Zotlabs') diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php new file mode 100644 index 000000000..eac3cb4b6 --- /dev/null +++ b/Zotlabs/Access/Permissions.php @@ -0,0 +1,81 @@ + t('Can view my normal stream and posts') ], + [ 'send_stream' => t('Can send me their channel stream and posts') ], + [ 'view_profile' => t('Can view my default channel profile') ], + [ 'view_contacts' => t('Can view my connections') ], + [ 'view_storage' => t('Can view my file storage and photos') ], + [ 'write_storage' => t('Can upload/modify my file storage and photos') ], + [ 'view_pages' => t('Can view my channel webpages') ], + [ 'write_pages' => t('Can create/edit my channel webpages') ], + [ 'post_wall' => t('Can post on my channel (wall) page') ], + [ 'post_comments' => t('Can comment on or like my posts') ], + [ 'post_mail' => t('Can send me private mail messages') ], + [ 'post_like' => t('Can like/dislike profiles and profile things') ], + [ 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts') ], + [ 'chat' => t('Can chat with me (when available)') ], + [ 'republish' => t('Can source my public posts in derived channels') ], + [ 'delegate' => t('Can administer my channel') ] + ]; + + $x = array('permissions' => $perms, 'filter' => $filter); + call_hooks('permissions_list',$x); + return($x['permissions']); + + } + + static public function OwnerLimitSet($channel_id,$permission,$limit) { + return Zlib\PConfig::Set($channel_id,'perms',$permission,$limit); + } + + static public function OwnerLimitGet($channel_id,$permission) { + return Zlib\PConfig::Get($channel_id,'perms',$permission); + } + + + static public function Set($channel_id,$xchan_hash,$permission,$value) { + $channel = channelx_by_n($channel_id); + if($channel) { + return Zlib\AbConfig::Set($channel['channel_hash'],$xchan_hash,'perms',$permission,$value); + } + return false; + } + + static public function Get($channel_id,$xchan_hash,$permission) { + $channel = channelx_by_n($channel_id); + if($channel) { + return Zlib\AbConfig::Get($channel['channel_hash'],$xchan_hash,'perms',$permission); + } + return false; + } + + static public function SetHash($channel_hash,$xchan_hash,$permission,$value) { + return Zlib\AbConfig::Set($channel_hash,$xchan_hash,'perms',$permission,$value); + } + + static public function GetHash($channel_hash,$xchan_hash,$permission) { + return Zlib\AbConfig::Get($channel_hash,$xchan_hash,'perms',$permission); + } + + + + + + + + + + + +} \ No newline at end of file -- cgit v1.2.3 From 17e161006a9ddbfbea3e0b6d5f7776ad7b8101e2 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 04:44:10 -0700 Subject: added permissionroles --- Zotlabs/Access/PermissionRoles.php | 70 ++++++++++++++++++++++++++++++++++++++ Zotlabs/Access/Permissions.php | 32 ++--------------- 2 files changed, 72 insertions(+), 30 deletions(-) create mode 100644 Zotlabs/Access/PermissionRoles.php (limited to 'Zotlabs') diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php new file mode 100644 index 000000000..32a72d3ae --- /dev/null +++ b/Zotlabs/Access/PermissionRoles.php @@ -0,0 +1,70 @@ + [ + 'social' => t('Social - Mostly Public'), + 'social_restricted' => t('Social - Restricted'), + 'social_private' => t('Social - Private') + ], + + t('Community Forum') => [ + 'forum' => t('Forum - Mostly Public'), + 'forum_restricted' => t('Forum - Restricted'), + 'forum_private' => t('Forum - Private') + ], + + t('Feed Republish') => [ + 'feed' => t('Feed - Mostly Public'), + 'feed_restricted' => t('Feed - Restricted') + ], + + t('Special Purpose') => [ + 'soapbox' => t('Special - Celebrity/Soapbox'), + 'repository' => t('Special - Group Repository') + ], + + t('Other') => [ + 'custom' => t('Custom/Expert Mode') + ] + + ]; + + return $roles; + } + + + static public function LimitSet($permission,$limit,$roles) { + if(is_array($roles)) { + foreach($roles as $role) { + self::$role_limits[$role][$permission] = $limit; + } + } + else { + self::$role_limits[$role][$permission] = $limit; + } + } + + static public function PermSet($permission,$roles) { + if(is_array($roles)) { + foreach($roles as $role) { + self::$role_perms[$role][] = $permission; + } + } + else { + self::$role_perms[$role][] = $permission; + } + } + + +} \ No newline at end of file diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index eac3cb4b6..4c3c634fd 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -7,7 +7,6 @@ use Zotlabs\Lib as Zlib; class Permissions { - static public function Perms($filter) { $perms = [ @@ -43,39 +42,12 @@ class Permissions { return Zlib\PConfig::Get($channel_id,'perms',$permission); } - static public function Set($channel_id,$xchan_hash,$permission,$value) { - $channel = channelx_by_n($channel_id); - if($channel) { - return Zlib\AbConfig::Set($channel['channel_hash'],$xchan_hash,'perms',$permission,$value); - } - return false; + return Zlib\AbConfig::Set($channel_id,$xchan_hash,'perms',$permission,$value); } static public function Get($channel_id,$xchan_hash,$permission) { - $channel = channelx_by_n($channel_id); - if($channel) { - return Zlib\AbConfig::Get($channel['channel_hash'],$xchan_hash,'perms',$permission); - } - return false; - } - - static public function SetHash($channel_hash,$xchan_hash,$permission,$value) { - return Zlib\AbConfig::Set($channel_hash,$xchan_hash,'perms',$permission,$value); + return Zlib\AbConfig::Get($channel_id,$xchan_hash,'perms',$permission); } - - static public function GetHash($channel_hash,$xchan_hash,$permission) { - return Zlib\AbConfig::Get($channel_hash,$xchan_hash,'perms',$permission); - } - - - - - - - - - - } \ No newline at end of file -- cgit v1.2.3 From 916e088462ec46044ce18b83eb5271968d1c132b Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 3 Jul 2016 18:20:15 -0700 Subject: make permissionlimits into a class --- Zotlabs/Access/PermissionLimits.php | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 Zotlabs/Access/PermissionLimits.php (limited to 'Zotlabs') diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php new file mode 100644 index 000000000..ddea919aa --- /dev/null +++ b/Zotlabs/Access/PermissionLimits.php @@ -0,0 +1,46 @@ + Date: Sun, 3 Jul 2016 22:47:46 -0700 Subject: perms work - settings page --- Zotlabs/Module/Settings.php | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 875004fae..5c9ff1db0 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -30,7 +30,7 @@ class Settings extends \Zotlabs\Web\Controller { } - function post() { + function post() { if(! local_channel()) return; @@ -40,7 +40,7 @@ class Settings extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - logger('mod_settings: ' . print_r($_REQUEST,true)); + // logger('mod_settings: ' . print_r($_REQUEST,true)); if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){ @@ -311,10 +311,10 @@ class Settings extends \Zotlabs\Web\Controller { intval(local_channel()) ); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); foreach($global_perms as $k => $v) { - $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; + \Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,intval($_POST[$k])); } $acl = new \Zotlabs\Access\AccessList($channel); $acl->set_from_array($_POST); @@ -370,10 +370,10 @@ class Settings extends \Zotlabs\Web\Controller { ); } - $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1", - intval((array_key_exists('perms_accept',$role_permissions)) ? $role_permissions['perms_accept'] : 0), - intval(local_channel()) - ); + foreach($global_perms as $k => $v) { + set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k,((array_key_exists($k,$role_permissions['perms_accept'])) ? intval($role_permissions['perms_accept'][$k]))); + } + set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0)); foreach($role_permissions as $p => $v) { @@ -864,11 +864,7 @@ class Settings extends \Zotlabs\Web\Controller { return $o; } - - - - - + if(argv(1) === 'channel') { require_once('include/acl_selectors.php'); @@ -885,9 +881,8 @@ class Settings extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - - $global_perms = get_perms(); - + $global_perms = \Zotlabs\Access\Permissions::Perms(); + $permiss = array(); $perm_opts = array( @@ -905,15 +900,13 @@ class Settings extends \Zotlabs\Web\Controller { foreach($global_perms as $k => $perm) { $options = array(); foreach($perm_opts as $opt) { - if((! $perm[2]) && $opt[1] == PERMS_PUBLIC) - continue; $options[$opt[1]] = $opt[0]; } - $permiss[] = array($k,$perm[3],$channel[$perm[0]],$perm[4],$options); + $permiss[] = array($k,$perm,$channel[$perm[0]],$perm[4],$options); } - // logger('permiss: ' . print_r($permiss,true)); + // logger('permiss: ' . print_r($permiss,true)); -- cgit v1.2.3 From 805ecde6a5ce50856e96ea47cba4a02e7848672f Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 00:12:53 -0700 Subject: minor --- Zotlabs/Access/Permissions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index 4c3c634fd..bbf14d7dc 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -7,7 +7,7 @@ use Zotlabs\Lib as Zlib; class Permissions { - static public function Perms($filter) { + static public function Perms($filter = '') { $perms = [ [ 'view_stream' => t('Can view my normal stream and posts') ], -- cgit v1.2.3 From d566ffa678dc9f035a022304a82560b19495a838 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 17:55:13 -0700 Subject: more heavy lifting on extensible perms --- Zotlabs/Access/Permissions.php | 14 ++++++++++++++ Zotlabs/Module/Connedit.php | 11 ++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index bbf14d7dc..520957638 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -34,6 +34,20 @@ class Permissions { } + static public function BlockedAnonPerms() { + + // Perms from the above list that are blocked from anonymous observers. + // e.g. you must be authenticated. + + $perms = [ 'send_stream', 'write_pages', 'post_wall', 'write_storage', 'post_comments', 'post_mail', 'post_like', 'tag_deliver', 'chat', 'republish', 'delegate' ]; + + $x = array('permissions' => $perms); + call_hooks('write_perms',$x); + return($x['permissions']); + + } + + static public function OwnerLimitSet($channel_id,$permission,$limit) { return Zlib\PConfig::Set($channel_id,'perms',$permission,$limit); } diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 7db4950b1..4469330e8 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -131,6 +131,8 @@ class Connedit extends \Zotlabs\Web\Controller { foreach($_POST as $k => $v) { if(strpos($k,'perms_') === 0) { + $perm = substr($k,6); + set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,(($v) ? 1 : 0)); $abook_my_perms += $v; } } @@ -654,7 +656,8 @@ class Connedit extends \Zotlabs\Web\Controller { $perms = array(); $channel = \App::get_channel(); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); + $existing = get_all_perms(local_channel(),$contact['abook_xchan']); $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes'))); @@ -671,8 +674,10 @@ class Connedit extends \Zotlabs\Web\Controller { $affinity = t('Set Affinity & Profile'); foreach($global_perms as $k => $v) { - $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); - $checkinherited = ((($channel[$v[0]]) && ($channel[$v[0]] != PERMS_SPECIFIC)) ? "1" : ''); + $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k); +//fixme + + $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k); // For auto permissions (when $self is true) we don't want to look at existing // permissions because they are enabled for the channel owner -- cgit v1.2.3 From e6224898d29b605da6751b6744f0e544250b600a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 21:33:25 -0700 Subject: more heavy lifting on xtensible perms --- Zotlabs/Access/PermissionLimits.php | 4 ++-- Zotlabs/Access/PermissionRoles.php | 4 ++-- Zotlabs/Module/Connedit.php | 11 +++++++---- Zotlabs/Module/Settings.php | 2 +- 4 files changed, 12 insertions(+), 9 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php index ddea919aa..907adaae2 100644 --- a/Zotlabs/Access/PermissionLimits.php +++ b/Zotlabs/Access/PermissionLimits.php @@ -11,7 +11,7 @@ class PermissionLimits { if($r) { if($r[0]['perm_limit'] != $perm_limit) { $x = q("update perm_limits set perm_limit = %d where id = %d", - dbesc($perm_limit) + dbesc($perm_limit), intval($r[0]['id']) ); } @@ -29,7 +29,7 @@ class PermissionLimits { static public function Get($channel_id,$perm = '') { if($perm) { $r = q("select * from perm_limits where channel_id = %d and perm = '%s' limit 1", - intval($channel_id) + intval($channel_id), dbesc($perm) ); if($r) diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index 32a72d3ae..e3b16a66c 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -7,8 +7,8 @@ use Zotlabs\Lib as Zlib; class PermissionRoles { - static private role_limits = array(); - static private role_perms = array(); + static private $role_limits = array(); + static private $role_perms = array(); static public function roles() { $roles = [ diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 4469330e8..a5c5175dc 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -197,8 +197,11 @@ class Connedit extends \Zotlabs\Web\Controller { $role = get_pconfig(local_channel(),'system','permissions_role'); if($role) { $x = get_role_perms($role); - if($x['perms_accept']) - $abook_my_perms = $x['perms_accept']; + if($x['perms_connect']) { + foreach($x['perms_connect'] as $p) { + set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'my_perms',$p,1); + } + } } } @@ -374,8 +377,8 @@ class Connedit extends \Zotlabs\Web\Controller { $role = get_pconfig(local_channel(),'system','permissions_role'); if($role) { $x = get_role_perms($role); - if($x['perms_accept']) - $my_perms = $x['perms_accept']; + if($x['perms_connect']) + $my_perms = $x['perms_connect']; } $yes_no = array(t('No'),t('Yes')); diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 5c9ff1db0..85da261fc 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -371,7 +371,7 @@ class Settings extends \Zotlabs\Web\Controller { } foreach($global_perms as $k => $v) { - set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k,((array_key_exists($k,$role_permissions['perms_accept'])) ? intval($role_permissions['perms_accept'][$k]))); + set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k,((array_key_exists($k,$role_permissions['perms_connect'])) ? 1 : 0)); } set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0)); -- cgit v1.2.3 From cf051116228875a8dc9e9da193bc7b8bcfe83840 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 22:37:30 -0700 Subject: start to refactor the permission roles --- Zotlabs/Access/PermissionLimits.php | 13 +++ Zotlabs/Access/PermissionRoles.php | 185 +++++++++++++++++++++++++++++++----- 2 files changed, 175 insertions(+), 23 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php index 907adaae2..ef254c3cf 100644 --- a/Zotlabs/Access/PermissionLimits.php +++ b/Zotlabs/Access/PermissionLimits.php @@ -3,6 +3,19 @@ namespace Zotlabs\Access; class PermissionLimits { + + static public function Std_Limits() { + $perms = Permissions::Perms(); + $limits = array(); + foreach($perms as $k => $v) { + if(strstr($k,'view')) + $limits[$k] = PERMS_PUBLIC; + else + $limits[$k] = PERMS_SPECIFIC; + } + return $limits; + } + static public function Set($channel_id,$perm,$perm_limit) { $r = q("select * from perm_limits where channel_id = %d and perm = '%s' limit 1", intval($channel_id), diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index e3b16a66c..d195b0bb9 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -7,9 +7,6 @@ use Zotlabs\Lib as Zlib; class PermissionRoles { - static private $role_limits = array(); - static private $role_perms = array(); - static public function roles() { $roles = [ t('Social Networking') => [ @@ -43,28 +40,170 @@ class PermissionRoles { return $roles; } - - static public function LimitSet($permission,$limit,$roles) { - if(is_array($roles)) { - foreach($roles as $role) { - self::$role_limits[$role][$permission] = $limit; - } + static function role_perms($role) { + + $ret = array(); + + $ret['role'] = $role; + + switch($role) { + case 'social': + $ret['perms_auto'] = false; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = true; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like', 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + break; + + case 'social_restricted': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = true; + $ret['online'] = true; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'social_private': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = false; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' ]; + $ret['limits'] = PermissionLimits::Std_Limits(); + $ret['limits']['view_contacts'] = PERMS_SPECIFIC; + $ret['limits']['view_storage'] = PERMS_SPECIFIC; + + break; + + case 'forum': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + break; + + case 'forum_restricted': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = true; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'forum_private': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = false; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + $ret['limits']['view_profile'] = PERMS_SPECIFIC; + $ret['limits']['view_contacts'] = PERMS_SPECIFIC; + $ret['limits']['view_storage'] = PERMS_SPECIFIC; + $ret['limits']['view_pages'] = PERMS_SPECIFIC; + + break; + + case 'feed': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'feed_restricted': + $ret['perms_auto'] = false; + $ret['default_collection'] = true; + $ret['directory_publish'] = false; + $ret['online'] = false; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'soapbox': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_like' , 'republish' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + + break; + + case 'repository': + $ret['perms_auto'] = true; + $ret['default_collection'] = false; + $ret['directory_publish'] = true; + $ret['online'] = false; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + + $ret['limits'] = PermissionLimits::Std_Limits(); + break; + + default: + break; } - else { - self::$role_limits[$role][$permission] = $limit; - } - } - static public function PermSet($permission,$roles) { - if(is_array($roles)) { - foreach($roles as $role) { - self::$role_perms[$role][] = $permission; - } - } - else { - self::$role_perms[$role][] = $permission; - } - } + $x = get_config('system','role_perms'); + // let system settings over-ride any or all + if($x && is_array($x) && array_key_exists($role,$x)) + $ret = array_merge($ret,$x[$role]); + call_hooks('get_role_perms',$ret); + + return $ret; + } } \ No newline at end of file -- cgit v1.2.3 From 08a4763bfff2becc750185f99a99919e2425ab5f Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 5 Jul 2016 20:21:47 -0700 Subject: more work on permissions --- Zotlabs/Access/PermissionRoles.php | 70 +++++++++++++++++++++----------------- Zotlabs/Access/Permissions.php | 45 +++++++++++++----------- 2 files changed, 64 insertions(+), 51 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index d195b0bb9..8b116adc5 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -7,38 +7,6 @@ use Zotlabs\Lib as Zlib; class PermissionRoles { - static public function roles() { - $roles = [ - t('Social Networking') => [ - 'social' => t('Social - Mostly Public'), - 'social_restricted' => t('Social - Restricted'), - 'social_private' => t('Social - Private') - ], - - t('Community Forum') => [ - 'forum' => t('Forum - Mostly Public'), - 'forum_restricted' => t('Forum - Restricted'), - 'forum_private' => t('Forum - Private') - ], - - t('Feed Republish') => [ - 'feed' => t('Feed - Mostly Public'), - 'feed_restricted' => t('Feed - Restricted') - ], - - t('Special Purpose') => [ - 'soapbox' => t('Special - Celebrity/Soapbox'), - 'repository' => t('Special - Group Repository') - ], - - t('Other') => [ - 'custom' => t('Custom/Expert Mode') - ] - - ]; - - return $roles; - } static function role_perms($role) { @@ -206,4 +174,42 @@ class PermissionRoles { return $ret; } + + + + static public function roles() { + $roles = [ + t('Social Networking') => [ + 'social' => t('Social - Mostly Public'), + 'social_restricted' => t('Social - Restricted'), + 'social_private' => t('Social - Private') + ], + + t('Community Forum') => [ + 'forum' => t('Forum - Mostly Public'), + 'forum_restricted' => t('Forum - Restricted'), + 'forum_private' => t('Forum - Private') + ], + + t('Feed Republish') => [ + 'feed' => t('Feed - Mostly Public'), + 'feed_restricted' => t('Feed - Restricted') + ], + + t('Special Purpose') => [ + 'soapbox' => t('Special - Celebrity/Soapbox'), + 'repository' => t('Special - Group Repository') + ], + + t('Other') => [ + 'custom' => t('Custom/Expert Mode') + ] + + ]; + + return $roles; + } + + + } \ No newline at end of file diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index 520957638..0f1a04b31 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -7,6 +7,23 @@ use Zotlabs\Lib as Zlib; class Permissions { + /** + * Extensible permissions. + * To add new permissions, add to the list of $perms below, with a simple description. + * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role + * if this permission should be granted to new connections. + * + * Permissions with 'view' in the name are considered read permissions. Anything + * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else + * is given PERMS_SPECIFIC. + * + * PermissionLimits::Std_limits() retrieves the standard limits. A permission role + * MAY alter an individual setting after retrieving the Std_limits if you require + * something different for a specific permission within the given role. + * + */ + + static public function Perms($filter = '') { $perms = [ @@ -23,7 +40,7 @@ class Permissions { [ 'post_mail' => t('Can send me private mail messages') ], [ 'post_like' => t('Can like/dislike profiles and profile things') ], [ 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts') ], - [ 'chat' => t('Can chat with me (when available)') ], + [ 'chat' => t('Can chat with me') ], [ 'republish' => t('Can source my public posts in derived channels') ], [ 'delegate' => t('Can administer my channel') ] ]; @@ -39,29 +56,19 @@ class Permissions { // Perms from the above list that are blocked from anonymous observers. // e.g. you must be authenticated. - $perms = [ 'send_stream', 'write_pages', 'post_wall', 'write_storage', 'post_comments', 'post_mail', 'post_like', 'tag_deliver', 'chat', 'republish', 'delegate' ]; + $res = array(); + $perms = PermissionLimits::Std_limits(); + foreach($perms as $perm => $limit) { + if($limit != PERMS_PUBLIC) { + $res[] = $perm; + } + } - $x = array('permissions' => $perms); + $x = array('permissions' => $res); call_hooks('write_perms',$x); return($x['permissions']); } - static public function OwnerLimitSet($channel_id,$permission,$limit) { - return Zlib\PConfig::Set($channel_id,'perms',$permission,$limit); - } - - static public function OwnerLimitGet($channel_id,$permission) { - return Zlib\PConfig::Get($channel_id,'perms',$permission); - } - - static public function Set($channel_id,$xchan_hash,$permission,$value) { - return Zlib\AbConfig::Set($channel_id,$xchan_hash,'perms',$permission,$value); - } - - static public function Get($channel_id,$xchan_hash,$permission) { - return Zlib\AbConfig::Get($channel_id,$xchan_hash,'perms',$permission); - } - } \ No newline at end of file -- cgit v1.2.3 From e11330a5c8e5111d08d6aee1f4dc6dda6f7c7f2a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 7 Jul 2016 16:44:58 -0700 Subject: revise how we store perm_limits --- Zotlabs/Access/PermissionLimits.php | 39 ++++++++----------------------------- 1 file changed, 8 insertions(+), 31 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php index ef254c3cf..909b654d5 100644 --- a/Zotlabs/Access/PermissionLimits.php +++ b/Zotlabs/Access/PermissionLimits.php @@ -2,6 +2,8 @@ namespace Zotlabs\Access; +use \Zotlabs\Lib as ZLib; + class PermissionLimits { static public function Std_Limits() { @@ -17,43 +19,18 @@ class PermissionLimits { } static public function Set($channel_id,$perm,$perm_limit) { - $r = q("select * from perm_limits where channel_id = %d and perm = '%s' limit 1", - intval($channel_id), - dbesc($perm) - ); - if($r) { - if($r[0]['perm_limit'] != $perm_limit) { - $x = q("update perm_limits set perm_limit = %d where id = %d", - dbesc($perm_limit), - intval($r[0]['id']) - ); - } - } - else { - $r = q("insert into perm_limits ( perm, channel_id, perm_limit ) - values ( '%s', %d, %d ) ", - dbesc($perm), - intval($channel_id), - intval($perm_limit) - ); - } + ZLib\PConfig::Set($channel_id,'perm_limits',$perm,$perm_limit); } static public function Get($channel_id,$perm = '') { if($perm) { - $r = q("select * from perm_limits where channel_id = %d and perm = '%s' limit 1", - intval($channel_id), - dbesc($perm) - ); - if($r) - return $r[0]; - return false; + return Zlib\PConfig::Get($channel_id,'perm_limits',$perm); } else { - return q("select * from perm_limits where channel_id = %d", - intval($channel_id) - ); + Zlib\PConfig::Load($channel_id); + if(array_key_exists($channel_id,\App::$config) && array_key_exists('perm_limits',\App::$config[$channel_id])) + return \App::$config[$channel_id]['perm_limits']; + return false; } } - } \ No newline at end of file -- cgit v1.2.3 From 917a465ccd7dfa4992241b1e5d4418b3a31f1615 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 19:03:29 -0700 Subject: more work on perms --- Zotlabs/Daemon/Onepoll.php | 4 +++- Zotlabs/Module/Follow.php | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php index 036a4991b..21c46cec5 100644 --- a/Zotlabs/Daemon/Onepoll.php +++ b/Zotlabs/Daemon/Onepoll.php @@ -102,7 +102,9 @@ class Onepoll { $fetch_feed = true; $x = null; - if(! ($contact['abook_their_perms'] & PERMS_R_STREAM )) + $can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream')); + + if(! $can_view_stream) $fetch_feed = false; if($fetch_feed) { diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index 3641330c9..5de89ef41 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -49,10 +49,11 @@ class Follow extends \Zotlabs\Web\Controller { build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone))); + $can_view_stream = intval(get_abconfig($channel['channel_id'],$clone['abook_xchan'],'their_perms','view_stream')); // If we can view their stream, pull in some posts - if(($result['abook']['abook_their_perms'] & PERMS_R_STREAM) || ($result['abook']['xchan_network'] === 'rss')) + if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss')) \Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id'])); goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); -- cgit v1.2.3 From c9db8c6857d8676b3eb3c19548eb303656dc5fff Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 21:08:02 -0700 Subject: more permissions work --- Zotlabs/Access/Permissions.php | 32 ++++++++++++++++---------------- Zotlabs/Module/Connedit.php | 17 ++++++++++++++++- Zotlabs/Module/Settings.php | 5 +++-- 3 files changed, 35 insertions(+), 19 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index 0f1a04b31..b389fc229 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -27,22 +27,22 @@ class Permissions { static public function Perms($filter = '') { $perms = [ - [ 'view_stream' => t('Can view my normal stream and posts') ], - [ 'send_stream' => t('Can send me their channel stream and posts') ], - [ 'view_profile' => t('Can view my default channel profile') ], - [ 'view_contacts' => t('Can view my connections') ], - [ 'view_storage' => t('Can view my file storage and photos') ], - [ 'write_storage' => t('Can upload/modify my file storage and photos') ], - [ 'view_pages' => t('Can view my channel webpages') ], - [ 'write_pages' => t('Can create/edit my channel webpages') ], - [ 'post_wall' => t('Can post on my channel (wall) page') ], - [ 'post_comments' => t('Can comment on or like my posts') ], - [ 'post_mail' => t('Can send me private mail messages') ], - [ 'post_like' => t('Can like/dislike profiles and profile things') ], - [ 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts') ], - [ 'chat' => t('Can chat with me') ], - [ 'republish' => t('Can source my public posts in derived channels') ], - [ 'delegate' => t('Can administer my channel') ] + 'view_stream' => t('Can view my channel stream and posts'), + 'send_stream' => t('Can send me their channel stream and posts'), + 'view_profile' => t('Can view my default channel profile'), + 'view_contacts' => t('Can view my connections'), + 'view_storage' => t('Can view my file storage and photos'), + 'write_storage' => t('Can upload/modify my file storage and photos'), + 'view_pages' => t('Can view my channel webpages'), + 'write_pages' => t('Can create/edit my channel webpages'), + 'post_wall' => t('Can post on my channel (wall) page'), + 'post_comments' => t('Can comment on or like my posts'), + 'post_mail' => t('Can send me private mail messages'), + 'post_like' => t('Can like/dislike profiles and profile things'), + 'tag_deliver' => t('Can forward to all my channel connections via @+ mentions in posts'), + 'chat' => t('Can chat with me'), + 'republish' => t('Can source my public posts in derived channels'), + 'delegate' => t('Can administer my channel') ]; $x = array('permissions' => $perms, 'filter' => $filter); diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index a5c5175dc..445219894 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -676,6 +676,18 @@ class Connedit extends \Zotlabs\Web\Controller { if($slide && $multiprofs) $affinity = t('Set Affinity & Profile'); + $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'", + intval(local_channel()), + dbesc($contact['abook_xchan']) + ); + $their_perms = array(); + if($theirs) { + foreach($theirs as $t) { + $their_perms[$t['k']] = $t['v']; + } + } +logger('theris: ' . print_r($their_perms,true)); + foreach($global_perms as $k => $v) { $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k); //fixme @@ -686,8 +698,11 @@ class Connedit extends \Zotlabs\Web\Controller { // permissions because they are enabled for the channel owner if((! $self) && ($existing[$k])) $thisperm = "1"; + + + - $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4], $checkinherited); + $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); } $locstr = ''; diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 85da261fc..7f34f52b1 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -896,17 +896,18 @@ class Settings extends \Zotlabs\Web\Controller { array( t('Anybody on the internet'), PERMS_PUBLIC) ); + $limits = \Zotlabs\Access\PermissionLimits::Get(local_channel()); foreach($global_perms as $k => $perm) { $options = array(); foreach($perm_opts as $opt) { $options[$opt[1]] = $opt[0]; } - $permiss[] = array($k,$perm,$channel[$perm[0]],$perm[4],$options); + $permiss[] = array($k,$perm,$limits[$k],'',$options); } - // logger('permiss: ' . print_r($permiss,true)); + //logger('permiss: ' . print_r($permiss,true)); -- cgit v1.2.3 From 71b001fdb7f4c900f6e7ff15a29952d6dc82c1fc Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 11 Jul 2016 17:02:49 -0700 Subject: more perms work - notably the stuff in public_perms --- Zotlabs/Module/Connedit.php | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 445219894..8aecfca4c 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -129,14 +129,21 @@ class Connedit extends \Zotlabs\Web\Controller { $abook_my_perms = 0; - foreach($_POST as $k => $v) { - if(strpos($k,'perms_') === 0) { - $perm = substr($k,6); - set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,(($v) ? 1 : 0)); - $abook_my_perms += $v; + $all_perms = \Zotlabs\Access\Permissions::Perms(); + + if($all_perms) { + foreach($all_perms as $perm => $desc) { + if(in_array('perms_' . $perm, $_POST)) { + set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm, + intval($_POST['perms_' . $perm])); + $abook_my_perms ++; + } + else { + set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0); + } } } - + $new_friend = false; if(! $is_self) { @@ -686,7 +693,6 @@ class Connedit extends \Zotlabs\Web\Controller { $their_perms[$t['k']] = $t['v']; } } -logger('theris: ' . print_r($their_perms,true)); foreach($global_perms as $k => $v) { $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k); -- cgit v1.2.3 From f4e4e734de001de50b2a1a3119997b444bf12134 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 12 Jul 2016 21:47:24 -0700 Subject: more work on perms --- Zotlabs/Module/Acl.php | 12 ++++++------ Zotlabs/Module/Mail.php | 12 ++---------- Zotlabs/Module/Manage.php | 4 ++-- 3 files changed, 10 insertions(+), 18 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 2bc4ba62d..e404a7e9d 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -97,7 +97,7 @@ class Acl extends \Zotlabs\Web\Controller { if($extra_channels_sql != '') $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; - $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) @@ -105,7 +105,7 @@ class Acl extends \Zotlabs\Web\Controller { } else { // Visitors - $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self + $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, xchan_pubforum, 0 as abook_flags, 0 as abook_self FROM xchan left join xlink on xlink_link = xchan_hash WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , dbesc(get_observer_hash()) @@ -121,7 +121,7 @@ class Acl extends \Zotlabs\Web\Controller { $known_hashes[] = "'".$rr['hash']."'"; $known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')'; - $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self + $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"); if($r2) @@ -150,7 +150,7 @@ class Acl extends \Zotlabs\Web\Controller { } if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) { if((count($r) < 100) && $type == 'c') { - $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self + $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self, xchan_pubforum FROM xchan WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ); @@ -173,7 +173,7 @@ class Acl extends \Zotlabs\Web\Controller { } elseif(($type == 'a') || ($type == 'p')) { - $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash + $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , xchan_pubforum, abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and xchan_deleted = 0 $sql_extra3 @@ -213,7 +213,7 @@ class Acl extends \Zotlabs\Web\Controller { if(strpos($g['hash'],'/') && $type != 'a') continue; - if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) { + if(($g['xchan_pubforum']) && $type == 'c' && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index aae7585c4..043c28078 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -57,8 +57,6 @@ class Mail extends \Zotlabs\Web\Controller { $their_perms = 0; - $global_perms = get_perms(); - if($j['permissions']['data']) { $permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']); if($permissions) @@ -68,13 +66,7 @@ class Mail extends \Zotlabs\Web\Controller { else $permissions = $j['permissions']; - foreach($permissions as $k => $v) { - if($v) { - $their_perms = $their_perms | intval($global_perms[$k][1]); - } - } - - if(! ($their_perms & PERMS_W_MAIL)) { + if(! ($permissions['post_mail'])) { notice( t('Selected channel has private message restrictions. Send failed.')); // reported issue: let's still save the message and continue. We'll just tell them // that nothing useful is likely to happen. They might have spent hours on it. @@ -120,7 +112,7 @@ class Mail extends \Zotlabs\Web\Controller { } - function get() { + function get() { $o = ''; nav_set_selected('messages'); diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php index 4ca044c4a..8f815d6d4 100644 --- a/Zotlabs/Module/Manage.php +++ b/Zotlabs/Module/Manage.php @@ -143,9 +143,9 @@ class Manage extends \Zotlabs\Web\Controller { $create = array( 'new_channel', t('Create a new channel'), t('Create New')); $delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where - abook_channel = %d and (abook_their_perms & %d) > 0", + abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = 1 )", intval(local_channel()), - intval(PERMS_A_DELEGATE) + intval(local_channel()) ); if($delegates) { -- cgit v1.2.3 From 1fd65c934da1efcbc3e44c5ec1c5112859ba50f9 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 13 Jul 2016 19:53:28 -0700 Subject: lots more permission work --- Zotlabs/Module/Acl.php | 59 +++++++++++++++++++++++++++++++-------------- Zotlabs/Module/Connedit.php | 2 +- Zotlabs/Module/Probe.php | 2 -- Zotlabs/Zot/Finger.php | 2 +- 4 files changed, 43 insertions(+), 22 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index d7516af33..0e02a2f66 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -58,7 +58,23 @@ class Acl extends \Zotlabs\Web\Controller { if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) killme(); - + + $permitted = []; + + if(in_array($type, [ 'm', 'a', 'c' ])) { + + // These queries require permission checking. We'll create a simple array of xchan_hash for those with + // the requisite permissions which we can check against. + + $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1", + intval(local_channel()), + dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver') + ); + + $permitted = ids_to_array($x,'xchan'); + } + + if($search) { $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; @@ -87,13 +103,13 @@ class Acl extends \Zotlabs\Web\Controller { if($type == '' || $type == 'g') { - $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname` - FROM `groups`,`group_member` - WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d - AND `group_member`.`gid`=`groups`.`id` + $r = q("SELECT groups.id, groups.hash, groups.gname + FROM groups,group_member + WHERE groups.deleted = 0 AND groups.uid = %d + AND group_member.gid=groups.id $sql_extra - GROUP BY `groups`.`id` - ORDER BY `groups`.`gname` + GROUP BY groups.id + ORDER BY groups.gname LIMIT %d OFFSET %d", intval(local_channel()), intval($count), @@ -139,7 +155,7 @@ class Acl extends \Zotlabs\Web\Controller { } else { // Visitors - $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, xchan_pubforum, 0 as abook_flags, 0 as abook_self + $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self FROM xchan left join xlink on xlink_link = xchan_hash WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , dbesc(get_observer_hash()) @@ -155,7 +171,7 @@ class Acl extends \Zotlabs\Web\Controller { $known_hashes[] = "'".$rr['hash']."'"; $known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')'; - $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self + $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"); if($r2) @@ -184,7 +200,7 @@ class Acl extends \Zotlabs\Web\Controller { } if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) { if((count($r) < 100) && $type == 'c') { - $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self, xchan_pubforum + $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self FROM xchan WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ); @@ -194,20 +210,27 @@ class Acl extends \Zotlabs\Web\Controller { } } elseif($type == 'm') { - - $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + $r = array(); + $z = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) + WHERE abook_channel = %d and xchan_deleted = 0 $sql_extra3 - ORDER BY `xchan_name` ASC ", - intval(local_channel()), - intval(PERMS_W_MAIL) + ORDER BY xchan_name ASC ", + intval(local_channel()) ); + if($z) { + foreach($z as $zz) { + if(in_array($zz['id'],$permitted)) { + $r[] = $zz; + } + } + } + } elseif($type == 'a') { - $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , xchan_pubforum, abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash + $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and xchan_deleted = 0 $sql_extra3 @@ -247,7 +270,7 @@ class Acl extends \Zotlabs\Web\Controller { if(strpos($g['hash'],'/') && $type != 'a') continue; - if(($g['xchan_pubforum']) && $type == 'c' && (! $noforums)) { + if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 8aecfca4c..f9b1336a8 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -133,7 +133,7 @@ class Connedit extends \Zotlabs\Web\Controller { if($all_perms) { foreach($all_perms as $perm => $desc) { - if(in_array('perms_' . $perm, $_POST)) { + if(array_key_exists('perms_' . $perm, $_POST)) { set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm, intval($_POST['perms_' . $perm])); $abook_my_perms ++; diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index dda792131..7fc0e8ff5 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -23,8 +23,6 @@ class Probe extends \Zotlabs\Web\Controller { $j = \Zotlabs\Zot\Finger::run($addr,$channel,false); - // $res = zot_finger($addr,$channel,false); - $o .= '
';
 			if(! $j['success']) {
 				$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index 229fda8bd..9d373b2e6 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -28,7 +28,7 @@ class Finger {
 
 		if (strpos($webbie,'@') === false) {
 			$address = $webbie;
-			$host = App::get_hostname();
+			$host = \App::get_hostname();
 		} else {
 			$address = substr($webbie,0,strpos($webbie,'@'));
 			$host = substr($webbie,strpos($webbie,'@')+1);
-- 
cgit v1.2.3


From b3a785711cde52a3c03c0a0eb90ce4e9ce8d9059 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 13 Jul 2016 22:11:06 -0700
Subject: deprecate/remove json_decode_plus

---
 Zotlabs/Module/Editpost.php    | 4 ++--
 Zotlabs/Module/Editwebpage.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php
index da859de3e..838fe9e4f 100644
--- a/Zotlabs/Module/Editpost.php
+++ b/Zotlabs/Module/Editpost.php
@@ -47,9 +47,9 @@ class Editpost extends \Zotlabs\Web\Controller {
 		if(intval($itm[0]['item_obscured'])) {
 			$key = get_config('system','prvkey');
 			if($itm[0]['title'])
-				$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
+				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
 			if($itm[0]['body'])
-				$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
+				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
 		}
 
 		$category = '';
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php
index be4803a07..a55f81101 100644
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -108,9 +108,9 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 		if(intval($itm[0]['item_obscured'])) {
 			$key = get_config('system','prvkey');
 			if($itm[0]['title'])
-				$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
+				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
 			if($itm[0]['body'])
-				$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
+				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
 		}
 
 		$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
-- 
cgit v1.2.3


From 191cd21028ab108c2a7f982c654601d780865eff Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 13 Jul 2016 23:05:19 -0700
Subject: more perms work

---
 Zotlabs/Module/Connedit.php | 20 +++++++++++++-------
 Zotlabs/Module/Follow.php   |  2 +-
 2 files changed, 14 insertions(+), 8 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index f9b1336a8..260952b4e 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -205,20 +205,26 @@ class Connedit extends \Zotlabs\Web\Controller {
 			if($role) {
 				$x = get_role_perms($role);
 				if($x['perms_connect']) {
-					foreach($x['perms_connect'] as $p) {
-						set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'my_perms',$p,1);
-					}
+					$abook_my_perms = $x['perms_connect'];
+				}
+			}
+
+			if($all_perms) {
+				foreach($all_perms as $perm => $desc) {
+					if(array_key_exists($perm, $abook_my_perms))
+						set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,1);
+					else
+						set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
 				}
 			}
 		}
-	
+
 		$abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']);
 	
-		$r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_pending = %d,
+		$r = q("UPDATE abook SET abook_profile = '%s', abook_closeness = %d, abook_pending = %d,
 			abook_incl = '%s', abook_excl = '%s'
 			where abook_id = %d AND abook_channel = %d",
 			dbesc($profile_id),
-			intval($abook_my_perms),
 			intval($closeness),
 			intval($abook_pending),
 			dbesc($abook_incl),
@@ -239,7 +245,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 			info( t('Connection updated.') . EOL);
 		else
 			notice( t('Failed to update connection record.') . EOL);
-	
+//@fixme perms	
 		if(\App::$poi && \App::$poi['abook_my_perms'] != $abook_my_perms
 			&& (! intval(\App::$poi['abook_self']))) {
 			\Zotlabs\Daemon\Master::Summon(array('Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), $contact_id));
diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php
index 5de89ef41..da9ab3670 100644
--- a/Zotlabs/Module/Follow.php
+++ b/Zotlabs/Module/Follow.php
@@ -47,7 +47,7 @@ class Follow extends \Zotlabs\Web\Controller {
 		if($abconfig)
 			$clone['abconfig'] = $abconfig;
 	
-		build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)));
+		build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)), true);
 	
 		$can_view_stream = intval(get_abconfig($channel['channel_id'],$clone['abook_xchan'],'their_perms','view_stream'));
 	
-- 
cgit v1.2.3


From b5b57523f14597f13b88a93f8787bb5a4f966c58 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Mon, 18 Jul 2016 16:45:43 -0700
Subject: more perms work

---
 Zotlabs/Module/Import.php | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php
index e34f5e49e..d27f013b9 100644
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -8,6 +8,7 @@ namespace Zotlabs\Module;
 require_once('include/zot.php');
 require_once('include/channel.php');
 require_once('include/import.php');
+require_once('include/perm_upgrade.php');
 
 
 
@@ -339,6 +340,8 @@ class Import extends \Zotlabs\Web\Controller {
 			$abooks = $data['abook'];
 			if($abooks) {
 				foreach($abooks as $abook) {
+
+					$abook_copy = $abook;
 	
 					$abconfig = null;
 					if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig']))
@@ -347,6 +350,10 @@ class Import extends \Zotlabs\Web\Controller {
 					unset($abook['abook_id']);
 					unset($abook['abook_rating']);
 					unset($abook['abook_rating_text']);
+					unset($abook['abconfig']);
+					unset($abook['abook_their_perms']);
+					unset($abook['abook_my_perms']);
+
 					$abook['abook_account'] = $account_id;
 					$abook['abook_channel'] = $channel['channel_id'];
 					if(! array_key_exists('abook_blocked',$abook)) {
@@ -385,6 +392,8 @@ class Import extends \Zotlabs\Web\Controller {
 					$friends ++;
 					if(intval($abook['abook_feed']))
 						$feeds ++;
+
+					translate_abook_perms_inbound($channel,$abook_copy);
 	
 					if($abconfig) {
 						// @fixme does not handle sync of del_abconfig
-- 
cgit v1.2.3


From b63165b6e0d856848b20d184783bfdf358210f9b Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Mon, 18 Jul 2016 21:37:34 -0700
Subject: more perms work (a lot more)

---
 Zotlabs/Access/Permissions.php | 42 ++++++++++++++++++++++++++++++++++++++++++
 Zotlabs/Module/Connedit.php    | 36 +++++++++++++++++++++---------------
 Zotlabs/Module/Settings.php    | 32 +++++++++++++++++---------------
 3 files changed, 80 insertions(+), 30 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
index b389fc229..61ea51a48 100644
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -70,5 +70,47 @@ class Permissions {
 
 	}
 
+	// converts [ 0 => 'view_stream', ... ]
+	// to [ 'view_stream' => 1 ]
+	// for any permissions in $arr;
+	// Undeclared permissions are set to 0
+
+	static public function FilledPerms($arr) {
+		$everything = self::Perms();
+		$ret = [];
+		foreach($everything as $k => $v) {
+			if(in_array($k,$arr))
+				$ret[$k] = 1;
+			else
+				$ret[$k] = 0;
+		}
+		return $ret;
+
+	}
 
+	static public function FilledAutoperms($channel_id) {
+		if(! intval(get_pconfig($channel_id,'system','autoperms')))
+			return false;
+
+		$arr = [];
+		$r = q("select * from pconfig where uid = %d and cat = 'autoperms'",
+			intval($channel_id)
+		);
+		if($r) {
+			foreach($r as $rr) {
+				$arr[$rr['k']] = $arr[$rr['v']];
+			}
+		}
+		return $arr;
+	}
+
+	static public function PermsCompare($p1,$p2) {
+		foreach($p1 as $k => $v) {
+			if(! array_key_exists($k,$p2))
+				return false;
+			if($p1[$k] != $p2[$k])
+				return false;
+		}
+		return true;
+	}
 }
\ No newline at end of file
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 260952b4e..7f34cfc9b 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -126,9 +126,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 			$rating = 10;
 	
 		$rating_text = trim(escape_tags($_REQUEST['rating_text']));
-	
-		$abook_my_perms = 0;
-	
+		
 		$all_perms = \Zotlabs\Access\Permissions::Perms();
 
 		if($all_perms) {
@@ -136,13 +134,21 @@ class Connedit extends \Zotlabs\Web\Controller {
 				if(array_key_exists('perms_' . $perm, $_POST)) {
 					set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,
 						intval($_POST['perms_' . $perm]));
-					$abook_my_perms ++;
+					if($autoperms) {
+						set_pconfig($channel['channel_id'],'autoperms',$perm,intval($_POST['perms_' . $perm]));
+					}
 				}
 				else {
 					set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
+					if($autoperms) {
+						set_pconfig($channel['channel_id'],'autoperms',$perm,0);
+					}
 				}
 			}
 		}
+
+		if(! is_null($autoperms)) 
+			set_pconfig($channel['channel_id'],'system','autoperms',$autoperms);
 				
 		$new_friend = false;
 	
@@ -209,14 +215,11 @@ class Connedit extends \Zotlabs\Web\Controller {
 				}
 			}
 
-			if($all_perms) {
-				foreach($all_perms as $perm => $desc) {
-					if(array_key_exists($perm, $abook_my_perms))
-						set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,1);
-					else
-						set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
-				}
+			$filled_perms = \Zotlabs\Access\Permissions::FilledPerms($abook_my_perms);
+			foreach($filled_perms as $k => $v) {
+				set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v);
 			}
+
 		}
 
 		$abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']);
@@ -245,10 +248,13 @@ class Connedit extends \Zotlabs\Web\Controller {
 			info( t('Connection updated.') . EOL);
 		else
 			notice( t('Failed to update connection record.') . EOL);
-//@fixme perms	
-		if(\App::$poi && \App::$poi['abook_my_perms'] != $abook_my_perms
-			&& (! intval(\App::$poi['abook_self']))) {
-			\Zotlabs\Daemon\Master::Summon(array('Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), $contact_id));
+
+		if(! intval(\App::$poi['abook_self'])) {
+			\Zotlabs\Daemon\Master::Summon( [ 
+				'Notifier', 
+				(($new_friend) ? 'permission_create' : 'permission_update'), 
+				$contact_id 
+			]);
 		}
 	
 		if($new_friend) {
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index 81d76a2dd..514078b2f 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -21,10 +21,7 @@ class Settings extends \Zotlabs\Web\Controller {
 			// We are setting these values - don't use the argc(), argv() functions here
 			\App::$argc = 2;
 			\App::$argv[] = 'channel';
-		}
-	
-	
-	
+		}	
 	}
 	
 	
@@ -422,20 +419,25 @@ class Settings extends \Zotlabs\Web\Controller {
 					);
 				}
 	
-				foreach($global_perms as $k => $v) {
-					set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k,((array_key_exists($k,$role_permissions['perms_connect'])) ? 1 : 0));
-				}
-
-				set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0));
-	
-				foreach($role_permissions as $p => $v) {
-					if(strpos($p,'channel_') !== false) {
-						$set_perms .= ', ' . $p . ' = ' . intval($v) . ' ';
+				$x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']);
+				foreach($x as $k => $v) {
+					set_abconfig(local_channel(),$channel['channel_hash'],'my_perms',$k, $v);
+					if($role_permissions['perms_auto']) {
+						set_pconfig(local_channel(),'autoperms',$k,$v);
+					}
+					else {
+						del_pconfig(local_channel(),'autoperms',$k);
 					}
-					if($p === 'directory_publish') {
-						$publish = intval($v);
+				}	
+
+				if($role_permissions['limits']) {
+					foreach($role_permissions['limits'] as $k => $v) {
+						\Zotlabs\Access\PermissionLimits::Set(local_channel(),$k,$v);
 					}
 				}
+				if(array_key_exists('directory_publish',$role_permissions)) {
+					$publish = intval($role_permissions['directory_publish']);
+				}
 			}
 	
 			set_pconfig(local_channel(),'system','hide_online_status',$hide_presence);
-- 
cgit v1.2.3


From ea830328634b084e44f9e16f037a8bef3c98280a Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Tue, 19 Jul 2016 17:52:45 -0700
Subject: translate more old perms calls

---
 Zotlabs/Module/Connedit.php | 4 ++--
 Zotlabs/Module/Settings.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 7f34cfc9b..93ee30999 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -209,7 +209,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 			$role = get_pconfig(local_channel(),'system','permissions_role');
 			if($role) {
-				$x = get_role_perms($role);
+				$x = \Zotlabs\Access\PermissionRoles::role_perms($role);
 				if($x['perms_connect']) {
 					$abook_my_perms = $x['perms_connect'];
 				}
@@ -395,7 +395,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 		$my_perms = get_channel_default_perms(local_channel());
 		$role = get_pconfig(local_channel(),'system','permissions_role');
 		if($role) {
-			$x = get_role_perms($role);
+			$x = \Zotlabs\Access\PermissionRoles::role_perms($role);
 			if($x['perms_connect'])
 				$my_perms = $x['perms_connect'];
 		}
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index 514078b2f..af3a25c60 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -379,7 +379,7 @@ class Settings extends \Zotlabs\Web\Controller {
 				);
 			}
 		    else {
-			   	$role_permissions = get_role_perms($_POST['permissions_role']);
+			   	$role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($_POST['permissions_role']);
 				if(! $role_permissions) {
 					notice('Permissions category could not be found.');
 					return;
-- 
cgit v1.2.3


From 237cca7a0d0a025bdbccef19b8e25a687ec7cfa3 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Tue, 19 Jul 2016 19:33:48 -0700
Subject: fixes to perms

---
 Zotlabs/Lib/AbConfig.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Lib/AbConfig.php b/Zotlabs/Lib/AbConfig.php
index cab59abbd..cb5d96951 100644
--- a/Zotlabs/Lib/AbConfig.php
+++ b/Zotlabs/Lib/AbConfig.php
@@ -7,7 +7,7 @@ class AbConfig {
 
 	static public function Load($chan,$xhash,$family = '') {
 		if($family)
-			$where = sprintf(" and family = '%s' ",dbesc($family));
+			$where = sprintf(" and cat = '%s' ",dbesc($family));
 		$r = q("select * from abconfig where chan = %d and xchan = '%s' $where",
 			intval($chan),
 			dbesc($xhash)
-- 
cgit v1.2.3


From a961d5e6c8cd79b375e13a0b3d887e521392f8aa Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Tue, 19 Jul 2016 20:49:54 -0700
Subject: permission fixes

---
 Zotlabs/Lib/PermissionDescription.php | 17 ++++-------------
 Zotlabs/Module/Item.php               |  8 +++++---
 Zotlabs/Module/Profiles.php           |  4 ++--
 3 files changed, 11 insertions(+), 18 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Lib/PermissionDescription.php b/Zotlabs/Lib/PermissionDescription.php
index 55aac2dea..b6c6dd29d 100644
--- a/Zotlabs/Lib/PermissionDescription.php
+++ b/Zotlabs/Lib/PermissionDescription.php
@@ -78,22 +78,13 @@ class PermissionDescription  {
 
 		$result = null;
 
-		$global_perms = get_perms();
+		$global_perms = \Zotlabs\Access\Permissions::Perms();
 
 		if (array_key_exists($permname, $global_perms)) {
 
-			$permDetails = $global_perms[$permname];
-
-			// It should be OK to always just read the permissions from App::$channel
-			//
-			// App::$profile is a union of channel and profile fields.
-			// The distinction is basically that App::$profile is pointing to the resource
-			// being observed. App::$channel is referring to the current logged-in channel
-			// member (if this is a local channel) e.g. the observer. We only show the ACL
-			// widget to the page owner (observer and observed are the same) so in that case
-			// I believe either may be safely used here.
-			$channelPerm = \App::$channel[$permDetails[0]];
-			$result = new PermissionDescription($permDetails[1], $channelPerm);
+			$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'],$permname);
+
+			$result = new PermissionDescription('', $channelPerm);
 		} else {
 			// The acl dialog can handle null arguments, but it shouldn't happen
 			logger('null PermissionDescription from unknown global permission: ' . $permname ,LOGGER_DEBUG, LOG_ERROR);
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 235c5528e..919ee3c4a 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -316,9 +316,11 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 	
 		$acl = new \Zotlabs\Access\AccessList($channel);
+
+		$view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream');	
+		$comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments');
 	
-			
-		$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
+		$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($view_policy,true));
 		if($webpage)
 			$public_policy = '';
 		if($public_policy)
@@ -810,7 +812,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		$datarray['layout_mid']     = $layout_mid;
 		$datarray['public_policy']  = $public_policy;
-		$datarray['comment_policy'] = map_scope($channel['channel_w_comment']); 
+		$datarray['comment_policy'] = map_scope($comment_policy); 
 		$datarray['term']           = $post_tags;
 		$datarray['plink']          = $plink;
 		$datarray['route']          = $route;
diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php
index 899c79b15..4b05182c2 100644
--- a/Zotlabs/Module/Profiles.php
+++ b/Zotlabs/Module/Profiles.php
@@ -708,7 +708,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 				'$profile_id'   => $r[0]['id'],
 				'$profile_name' => array('profile_name', t('Profile name'), $r[0]['profile_name'], t('Required'), '*'),
 				'$is_default'   => $is_default,
-				'$default'      => t('This is your default profile.') . EOL . translate_scope(map_scope($channel['channel_r_profile'])),
+				'$default'      => t('This is your default profile.') . EOL . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))),
 				'$advanced'     => $advanced,
 				'$name'         => array('name', t('Your full name'), $r[0]['fullname'], t('Required'), '*'),
 				'$pdesc'        => array('pdesc', t('Title/Description'), $r[0]['pdesc']),
@@ -767,7 +767,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 						'$alt' => t('Profile Image'),
 						'$profile_name' => $rr['profile_name'],
 						'$visible' => (($rr['is_default']) 
-							? '' . translate_scope(map_scope($channel['channel_r_profile'])) . '' 
+							? '' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '' 
 							: '' . t('Edit visibility') . '')
 					));
 				}
-- 
cgit v1.2.3


From a3e5307b93ea524781abd885e26a5d6c8f5c4c54 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Tue, 19 Jul 2016 22:57:23 -0700
Subject: fix the forum detection in include/zot

---
 Zotlabs/Module/Item.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 919ee3c4a..f0cb82286 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -528,11 +528,11 @@ class Item extends \Zotlabs\Web\Controller {
 	
 	
 			if((! $parent) && (get_pconfig($profile_uid,'system','tagifonlyrecip')) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) {
-				$x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+				$x = q("select abook_id, abconfig.v from abook left join abconfig on abook_xchan = abconfig.xchan and abook_channel = abconfig.chan and cat= 'their_perms' and abconfig.k = 'tag_deliver' and abconfig.v = 1 and abook_xchan = '%s' and abook_channel = %d limit 1",
 					dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)),
 					intval($profile_uid)
 				);
-				if($x && ($x[0]['abook_their_perms'] & PERMS_W_TAGWALL))
+				if($x)
 					$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
 			}
 	
-- 
cgit v1.2.3


From 3affb2e8172b4cc673aafe9551c21dad6f606d87 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 20 Jul 2016 17:55:40 -0700
Subject: sort out some of the authentication mess - with luck this may fix the
 DAV auth issue which I simply could not duplicate or find a reason for.

---
 Zotlabs/Module/Dav.php           | 85 ++--------------------------------------
 Zotlabs/Module/Login.php         |  3 ++
 Zotlabs/Module/Openid.php        |  2 +-
 Zotlabs/Module/Register.php      |  2 +-
 Zotlabs/Module/Removeaccount.php |  3 +-
 Zotlabs/Module/Removeme.php      |  4 +-
 Zotlabs/Storage/BasicAuth.php    | 37 ++++++-----------
 7 files changed, 26 insertions(+), 110 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index ba2394388..aaf69844c 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -48,55 +48,13 @@ class Dav extends \Zotlabs\Web\Controller {
 		if (! is_dir('store'))
 			os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
 	
-		$which = null;
 		if (argc() > 1)
-			$which = argv(1);
+			profile_load(argv(1),0);
 	
-		$profile = 0;
-	
-		\App::$page['htmlhead'] .= '' . "\r\n";
-	
-		if ($which)
-			profile_load( $which, $profile);
-	
-
-
 
 		$auth = new \Zotlabs\Storage\BasicAuth();
-		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');
-
-//		$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function($userName,$password) {
-//			if(account_verify_password($userName,$password))
-//				return true;
-//			return false;
-//		});
+		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
 
-//		$ob_hash = get_observer_hash();
-	
-//		if ($ob_hash) {
-//			if (local_channel()) {
-//				$channel = \App::get_channel();
-//				$auth->setCurrentUser($channel['channel_address']);
-//				$auth->channel_id = $channel['channel_id'];
-//				$auth->channel_hash = $channel['channel_hash'];
-//				$auth->channel_account_id = $channel['channel_account_id'];
-//				if($channel['channel_timezone'])
-//					$auth->setTimezone($channel['channel_timezone']);
-//			}
-//			$auth->observer = $ob_hash;
-//		}
-	
-//		if ($_GET['davguest'])
-//			$_SESSION['davguest'] = true;
-	
-//		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
-//		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
-//		$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
-//	
-//		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
-//		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
-//		$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
-	
 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
 	
 		// A SabreDAV server-object
@@ -113,48 +71,13 @@ class Dav extends \Zotlabs\Web\Controller {
 	
 		$server->addPlugin($lockPlugin);
 	
-		// The next section of code allows us to bypass prompting for http-auth if a
-		// FILE is being accessed anonymously and permissions allow this. This way
-		// one can create hotlinks to public media files in their cloud and anonymous
-		// viewers won't get asked to login.
-		// If a DIRECTORY is accessed or there are permission issues accessing the
-		// file and we aren't previously authenticated via zot, prompt for HTTP-auth.
-		// This will be the default case for mounting a DAV directory. 
-		// In order to avoid prompting for passwords for viewing a DIRECTORY, add
-		// the URL query parameter 'davguest=1'.
-	
-//		$isapublic_file = false;
-//		$davguest = ((x($_SESSION, 'davguest')) ? true : false);
-	
-//		if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
-//			try { 
-//				$x = RedFileData('/' . \App::$cmd, $auth);
-//				if($x instanceof \Zotlabs\Storage\File)
-//					$isapublic_file = true;
-//			}
-//			catch (Exception $e) {
-//				$isapublic_file = false;
-//			}
-//		}
-	
-//		if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
-//			try {
-//				$auth->Authenticate($server, t('$Projectname channel'));
-//			}
-//			catch (Exception $e) {
-//				logger('mod_cloud: auth exception' . $e->getMessage());
-//				http_status_exit($e->getHTTPCode(), $e->getMessage());
-//			}
-//		}
-	
-	//	require_once('Zotlabs/Storage/Browser.php');
 		// provide a directory view for the cloud in Hubzilla
 		$browser = new \Zotlabs\Storage\Browser($auth);
 		$auth->setBrowserPlugin($browser);
 	
 		// Experimental QuotaPlugin
-	//	require_once('Zotlabs/Storage/QuotaPlugin.php');
-	//	$server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
+		// require_once('Zotlabs/Storage/QuotaPlugin.php');
+		// $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
 	
 		// All we need to do now, is to fire up the server
 		$server->exec();
diff --git a/Zotlabs/Module/Login.php b/Zotlabs/Module/Login.php
index ff75e5268..ae35b922f 100644
--- a/Zotlabs/Module/Login.php
+++ b/Zotlabs/Module/Login.php
@@ -7,6 +7,9 @@ class Login extends \Zotlabs\Web\Controller {
 	function get() {
 		if(local_channel())
 			goaway(z_root());
+		if(remote_channel() && $_SESSION['atoken'])
+			goaway(z_root());
+
 		return login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? false : true);
 	}
 	
diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php
index 7a6e4a81f..8cbc6d2fd 100644
--- a/Zotlabs/Module/Openid.php
+++ b/Zotlabs/Module/Openid.php
@@ -48,7 +48,7 @@ class Openid extends \Zotlabs\Web\Controller {
 									$_SESSION['uid'] = $r[0]['channel_id'];
 									$_SESSION['account_id'] = $r[0]['channel_account_id'];
 									$_SESSION['authenticated'] = true;
-									authenticate_success($record,true,true,true,true);
+									authenticate_success($record,$r[0],true,true,true,true);
 									goaway(z_root());
 								}
 							}
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index 6afa4a94c..45123b88d 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -146,7 +146,7 @@ class Register extends \Zotlabs\Web\Controller {
 			goaway(z_root());
 		}
 	
-		authenticate_success($result['account'],true,false,true);
+		authenticate_success($result['account'],null,true,false,true);
 		
 		$new_channel = false;
 		$next_page = 'new_channel';
diff --git a/Zotlabs/Module/Removeaccount.php b/Zotlabs/Module/Removeaccount.php
index 39e06bb7f..9fac7838e 100644
--- a/Zotlabs/Module/Removeaccount.php
+++ b/Zotlabs/Module/Removeaccount.php
@@ -25,7 +25,8 @@ class Removeaccount extends \Zotlabs\Web\Controller {
 		$account = \App::get_account();
 		$account_id = get_account_id();
 	
-		if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+		$x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+		if(! ($x && $x['account']))
 			return;
 	
 		if($account['account_password_changed'] != NULL_DATE) {
diff --git a/Zotlabs/Module/Removeme.php b/Zotlabs/Module/Removeme.php
index e611d8112..bc18fe0f8 100644
--- a/Zotlabs/Module/Removeme.php
+++ b/Zotlabs/Module/Removeme.php
@@ -24,7 +24,9 @@ class Removeme extends \Zotlabs\Web\Controller {
 	
 		$account = \App::get_account();
 	
-		if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+	
+		$x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+		if(! ($x && $x['account']))
 			return;
 	
 		if($account['account_password_changed'] != NULL_DATE) {
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 9c73b47b9..67617b637 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 
 		require_once('include/auth.php');
 		$record = account_verify_password($username, $password);
-		if ($record && $record['account_default_channel']) {
-			$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
-				intval($record['account_id']),
-				intval($record['account_default_channel'])
-			);
-			if($r && $this->check_module_access($r[0]['channel_id'])) {
-				return $this->setAuthenticated($r[0]);
+		if($record && $record['account']) {
+			if($record['channel'])
+				$channel = $record['channel'];
+			else {
+				$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
+					intval($record['account']['account_id']),
+					intval($record['account']['account_default_channel'])
+				);
+				if($r)
+					$channel = $r[0];
 			}
 		}
-		$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1",
-			dbesc($username)
-		);
-		if ($r) {
-			$x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1",
-				intval($r[0]['channel_account_id'])
-			);
-			if ($x) {
-				// @fixme this foreach should not be needed?
-				foreach ($x as $record) {
-					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
-					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
-						logger('password verified for ' . $username);
-						if($this->check_module_access($r[0]['channel_id']))
-							return $this->setAuthenticated($r[0]);
-					}
-				}
-			}
+		if($channel && $this->check_module_access($channel['channel_id'])) {
+			return $this->setAuthenticated($channel);
 		}
 
 		if($this->module_disabled)
-- 
cgit v1.2.3


From bc8c74eb422387a5537eb923c90a34c1196ce568 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 20 Jul 2016 17:55:40 -0700
Subject: sort out some of the authentication mess - with luck this may fix the
 DAV auth issue which I simply could not duplicate or find a reason for.

---
 Zotlabs/Module/Dav.php           | 85 ++--------------------------------------
 Zotlabs/Module/Login.php         |  3 ++
 Zotlabs/Module/Openid.php        |  2 +-
 Zotlabs/Module/Register.php      |  2 +-
 Zotlabs/Module/Removeaccount.php |  3 +-
 Zotlabs/Module/Removeme.php      |  4 +-
 Zotlabs/Storage/BasicAuth.php    | 37 ++++++-----------
 7 files changed, 26 insertions(+), 110 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index ba2394388..aaf69844c 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -48,55 +48,13 @@ class Dav extends \Zotlabs\Web\Controller {
 		if (! is_dir('store'))
 			os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
 	
-		$which = null;
 		if (argc() > 1)
-			$which = argv(1);
+			profile_load(argv(1),0);
 	
-		$profile = 0;
-	
-		\App::$page['htmlhead'] .= '' . "\r\n";
-	
-		if ($which)
-			profile_load( $which, $profile);
-	
-
-
 
 		$auth = new \Zotlabs\Storage\BasicAuth();
-		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');
-
-//		$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function($userName,$password) {
-//			if(account_verify_password($userName,$password))
-//				return true;
-//			return false;
-//		});
+		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
 
-//		$ob_hash = get_observer_hash();
-	
-//		if ($ob_hash) {
-//			if (local_channel()) {
-//				$channel = \App::get_channel();
-//				$auth->setCurrentUser($channel['channel_address']);
-//				$auth->channel_id = $channel['channel_id'];
-//				$auth->channel_hash = $channel['channel_hash'];
-//				$auth->channel_account_id = $channel['channel_account_id'];
-//				if($channel['channel_timezone'])
-//					$auth->setTimezone($channel['channel_timezone']);
-//			}
-//			$auth->observer = $ob_hash;
-//		}
-	
-//		if ($_GET['davguest'])
-//			$_SESSION['davguest'] = true;
-	
-//		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
-//		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
-//		$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
-//	
-//		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
-//		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
-//		$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
-	
 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
 	
 		// A SabreDAV server-object
@@ -113,48 +71,13 @@ class Dav extends \Zotlabs\Web\Controller {
 	
 		$server->addPlugin($lockPlugin);
 	
-		// The next section of code allows us to bypass prompting for http-auth if a
-		// FILE is being accessed anonymously and permissions allow this. This way
-		// one can create hotlinks to public media files in their cloud and anonymous
-		// viewers won't get asked to login.
-		// If a DIRECTORY is accessed or there are permission issues accessing the
-		// file and we aren't previously authenticated via zot, prompt for HTTP-auth.
-		// This will be the default case for mounting a DAV directory. 
-		// In order to avoid prompting for passwords for viewing a DIRECTORY, add
-		// the URL query parameter 'davguest=1'.
-	
-//		$isapublic_file = false;
-//		$davguest = ((x($_SESSION, 'davguest')) ? true : false);
-	
-//		if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
-//			try { 
-//				$x = RedFileData('/' . \App::$cmd, $auth);
-//				if($x instanceof \Zotlabs\Storage\File)
-//					$isapublic_file = true;
-//			}
-//			catch (Exception $e) {
-//				$isapublic_file = false;
-//			}
-//		}
-	
-//		if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
-//			try {
-//				$auth->Authenticate($server, t('$Projectname channel'));
-//			}
-//			catch (Exception $e) {
-//				logger('mod_cloud: auth exception' . $e->getMessage());
-//				http_status_exit($e->getHTTPCode(), $e->getMessage());
-//			}
-//		}
-	
-	//	require_once('Zotlabs/Storage/Browser.php');
 		// provide a directory view for the cloud in Hubzilla
 		$browser = new \Zotlabs\Storage\Browser($auth);
 		$auth->setBrowserPlugin($browser);
 	
 		// Experimental QuotaPlugin
-	//	require_once('Zotlabs/Storage/QuotaPlugin.php');
-	//	$server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
+		// require_once('Zotlabs/Storage/QuotaPlugin.php');
+		// $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
 	
 		// All we need to do now, is to fire up the server
 		$server->exec();
diff --git a/Zotlabs/Module/Login.php b/Zotlabs/Module/Login.php
index ff75e5268..ae35b922f 100644
--- a/Zotlabs/Module/Login.php
+++ b/Zotlabs/Module/Login.php
@@ -7,6 +7,9 @@ class Login extends \Zotlabs\Web\Controller {
 	function get() {
 		if(local_channel())
 			goaway(z_root());
+		if(remote_channel() && $_SESSION['atoken'])
+			goaway(z_root());
+
 		return login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? false : true);
 	}
 	
diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php
index 7a6e4a81f..8cbc6d2fd 100644
--- a/Zotlabs/Module/Openid.php
+++ b/Zotlabs/Module/Openid.php
@@ -48,7 +48,7 @@ class Openid extends \Zotlabs\Web\Controller {
 									$_SESSION['uid'] = $r[0]['channel_id'];
 									$_SESSION['account_id'] = $r[0]['channel_account_id'];
 									$_SESSION['authenticated'] = true;
-									authenticate_success($record,true,true,true,true);
+									authenticate_success($record,$r[0],true,true,true,true);
 									goaway(z_root());
 								}
 							}
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index 6afa4a94c..45123b88d 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -146,7 +146,7 @@ class Register extends \Zotlabs\Web\Controller {
 			goaway(z_root());
 		}
 	
-		authenticate_success($result['account'],true,false,true);
+		authenticate_success($result['account'],null,true,false,true);
 		
 		$new_channel = false;
 		$next_page = 'new_channel';
diff --git a/Zotlabs/Module/Removeaccount.php b/Zotlabs/Module/Removeaccount.php
index 39e06bb7f..9fac7838e 100644
--- a/Zotlabs/Module/Removeaccount.php
+++ b/Zotlabs/Module/Removeaccount.php
@@ -25,7 +25,8 @@ class Removeaccount extends \Zotlabs\Web\Controller {
 		$account = \App::get_account();
 		$account_id = get_account_id();
 	
-		if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+		$x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+		if(! ($x && $x['account']))
 			return;
 	
 		if($account['account_password_changed'] != NULL_DATE) {
diff --git a/Zotlabs/Module/Removeme.php b/Zotlabs/Module/Removeme.php
index e611d8112..bc18fe0f8 100644
--- a/Zotlabs/Module/Removeme.php
+++ b/Zotlabs/Module/Removeme.php
@@ -24,7 +24,9 @@ class Removeme extends \Zotlabs\Web\Controller {
 	
 		$account = \App::get_account();
 	
-		if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+	
+		$x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+		if(! ($x && $x['account']))
 			return;
 	
 		if($account['account_password_changed'] != NULL_DATE) {
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 60fc2c988..e94a5c1dc 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 
 		require_once('include/auth.php');
 		$record = account_verify_password($username, $password);
-		if ($record && $record['account_default_channel']) {
-			$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
-				intval($record['account_id']),
-				intval($record['account_default_channel'])
-			);
-			if($r && $this->check_module_access($r[0]['channel_id'])) {
-				return $this->setAuthenticated($r[0]);
+		if($record && $record['account']) {
+			if($record['channel'])
+				$channel = $record['channel'];
+			else {
+				$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
+					intval($record['account']['account_id']),
+					intval($record['account']['account_default_channel'])
+				);
+				if($r)
+					$channel = $r[0];
 			}
 		}
-		$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1",
-			dbesc($username)
-		);
-		if ($r) {
-			$x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1",
-				intval($r[0]['channel_account_id'])
-			);
-			if ($x) {
-				// @fixme this foreach should not be needed?
-				foreach ($x as $record) {
-					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
-					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
-						logger('password verified for ' . $username);
-						if($this->check_module_access($r[0]['channel_id']))
-							return $this->setAuthenticated($r[0]);
-					}
-				}
-			}
+		if($channel && $this->check_module_access($channel['channel_id'])) {
+			return $this->setAuthenticated($channel);
 		}
 
 		if($this->module_disabled)
-- 
cgit v1.2.3


From 0c3543ac43d552dbaee597df41c8b7ea2d650e04 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 20 Jul 2016 21:55:23 -0700
Subject: undefined function

---
 Zotlabs/Daemon/Cron.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Daemon/Cron.php b/Zotlabs/Daemon/Cron.php
index 5af8174bf..c6e82b13a 100644
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -66,7 +66,7 @@ class Cron {
 
 		q("delete from atoken where atoken_expires != '%s' && atoken_expires < %s",
 			dbesc(NULL_DATE),
-			dbutcnow()
+			db_utcnow()
 		);
 
 
-- 
cgit v1.2.3


From 8f57bb95fe78f70c40f45ad3c7df92ab1e8cb305 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 20 Jul 2016 21:55:23 -0700
Subject: undefined function

---
 Zotlabs/Daemon/Cron.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Daemon/Cron.php b/Zotlabs/Daemon/Cron.php
index 5af8174bf..c6e82b13a 100644
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -66,7 +66,7 @@ class Cron {
 
 		q("delete from atoken where atoken_expires != '%s' && atoken_expires < %s",
 			dbesc(NULL_DATE),
-			dbutcnow()
+			db_utcnow()
 		);
 
 
-- 
cgit v1.2.3


From da707736a075e8f050458316edfcf0177aef0bfc Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 20 Jul 2016 23:04:07 -0700
Subject: issue #453 and a bug noted from the logfiles related to the schema
 change last month

---
 Zotlabs/Module/Item.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index f0cb82286..2d0c1ba02 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -183,7 +183,9 @@ class Item extends \Zotlabs\Web\Controller {
 			}
 	
 			// can_comment_on_post() needs info from the following xchan_query 
-			xchan_query($r);
+			// This may be from the discover tab which means we need to correct the effective uid
+
+			xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel()));
 	
 			$parent_item = $r[0];
 			$parent = $r[0]['id'];
-- 
cgit v1.2.3


From 824dedbe9d349c5b6d92d1d950267299bc134cc3 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Wed, 20 Jul 2016 23:04:07 -0700
Subject: issue #453 and a bug noted from the logfiles related to the schema
 change last month

---
 Zotlabs/Module/Item.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 235c5528e..b54099d74 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -183,7 +183,9 @@ class Item extends \Zotlabs\Web\Controller {
 			}
 	
 			// can_comment_on_post() needs info from the following xchan_query 
-			xchan_query($r);
+			// This may be from the discover tab which means we need to correct the effective uid
+
+			xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel()));
 	
 			$parent_item = $r[0];
 			$parent = $r[0]['id'];
-- 
cgit v1.2.3


From 63123759ed5d226cb97063746d35da01475670a6 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Thu, 21 Jul 2016 15:50:07 -0700
Subject: DAV auth issue

---
 Zotlabs/Storage/BasicAuth.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 67617b637..38d984d19 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -165,6 +165,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
     function check(RequestInterface $request, ResponseInterface $response) {
 
 		if(local_channel()) {
+			this->setAuthenticated(\App::get_channel());
 			return [ true, $this->principalPrefix . $this->channel_name ];
 		}
 
-- 
cgit v1.2.3


From 77a021025ff4c8dac6fb416031257e952de89914 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Thu, 21 Jul 2016 15:50:07 -0700
Subject: DAV auth issue

---
 Zotlabs/Storage/BasicAuth.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index e94a5c1dc..69eaed705 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -165,6 +165,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
     function check(RequestInterface $request, ResponseInterface $response) {
 
 		if(local_channel()) {
+			this->setAuthenticated(\App::get_channel());
 			return [ true, $this->principalPrefix . $this->channel_name ];
 		}
 
-- 
cgit v1.2.3


From 5a1eb65ed6897376c12d859b56c3cf6b5cc4f5e4 Mon Sep 17 00:00:00 2001
From: Mario Vavti 
Date: Fri, 22 Jul 2016 01:07:53 +0200
Subject: missing $

---
 Zotlabs/Storage/BasicAuth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 69eaed705..2325a614b 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -165,7 +165,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
     function check(RequestInterface $request, ResponseInterface $response) {
 
 		if(local_channel()) {
-			this->setAuthenticated(\App::get_channel());
+			$this->setAuthenticated(\App::get_channel());
 			return [ true, $this->principalPrefix . $this->channel_name ];
 		}
 
@@ -263,4 +263,4 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 		logger('owner_id ' . $this->owner_id, LOGGER_DATA);
 		logger('owner_nick ' . $this->owner_nick, LOGGER_DATA);
 	}
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3