From 97e70d62bf52de9e8879f832cc2d53c74f9c27f3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 1 Dec 2016 15:52:54 -0800 Subject: extensible perms: the really, really hard part - figuring out what to do about people with custom permissions so as to set sane defaults. --- Zotlabs/Access/PermissionRoles.php | 42 ++++++++++++++++++++++++++++++++++++++ Zotlabs/Access/Permissions.php | 9 ++++++++ 2 files changed, 51 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index 8b116adc5..3878777cf 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -160,6 +160,7 @@ class PermissionRoles { $ret['limits'] = PermissionLimits::Std_Limits(); break; + case 'custom': default: break; } @@ -174,7 +175,48 @@ class PermissionRoles { return $ret; } + static public function new_custom_perms($uid,$perm,$abooks) { + // set permissionlimits for this permission here, for example: + + // if($perm === 'mynewperm') + // \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1); + + + // set autoperms here if applicable + // choices are to set to 0, 1, or the value of an existing perm + + if(get_pconfig($uid,'system','autoperms')) { + + $c = channelx_by_n($uid); + $value = 0; + + // if($perm === 'mynewperm') + // $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm')); + + if($c) { + set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value); + } + + + } + + // now set something for all existing connections. + + if($abooks) { + foreach($abooks as $ab) { + switch($perm) { + // case 'mynewperm': + // choices are to set to 1, set to 0, or clone an existing perm + // set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm, + // get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm')); + + default: + break; + } + } + } + } static public function roles() { diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index 61ea51a48..1951f2f0f 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -10,9 +10,18 @@ class Permissions { /** * Extensible permissions. * To add new permissions, add to the list of $perms below, with a simple description. + * * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role * if this permission should be granted to new connections. * + * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom + * permission roles. You will want to set a default PermissionLimit for each channel and also + * provide a sane default for any existing connections. You may or may not wish to provide a + * default auto permission. If in doubt, leave this alone as custom permissions by definition + * are the responsbility of the channel owner to manage. You just don't want to create any + * suprises or break things so you have an opportunity to provide sane settings. + * + * * Permissions with 'view' in the name are considered read permissions. Anything * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else * is given PERMS_SPECIFIC. -- cgit v1.2.3