From d566ffa678dc9f035a022304a82560b19495a838 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 17:55:13 -0700 Subject: more heavy lifting on extensible perms --- include/permissions.php | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index 19242d29f..b4ecb1014 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { if($api) return get_all_api_perms($uid,$api); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // Save lots of individual lookups @@ -85,7 +85,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // First find out what the channel owner declared permissions to be. - $channel_perm = $permission[0]; + $channel_perm = \ZotlabAccess\PermissionLimits::Get($uid,$perm_name); if(! $channel_checked) { $r = q("select * from channel where channel_id = %d limit 1", @@ -105,7 +105,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // These take priority over all other settings. if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) { + if($channel_perm & PERMS_AUTHED) { $ret[$perm_name] = true; continue; } @@ -122,7 +122,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { dbesc($observer_xchan) ); } - + $abperms = load_abconfig($uid,$observer_xchan); $abook_checked = true; } @@ -136,7 +136,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Check if this is a write permission and they are being ignored // This flag is only visible internally. - if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) { + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + + + if(($x) && ($internal_use) && (in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { $ret[$perm_name] = false; continue; } @@ -154,7 +157,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // if you've moved elsewhere, you will only have read only access if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) { - if($r[0]['channel_moved'] && (! $permission[2])) + if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms))) $ret[$perm_name] = false; else $ret[$perm_name] = true; @@ -163,7 +166,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Anybody at all (that wasn't blocked or ignored). They have permission. - if($r[0][$channel_perm] & PERMS_PUBLIC) { + if($channel_perm & PERMS_PUBLIC) { $ret[$perm_name] = true; continue; } @@ -178,7 +181,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) { $ret[$perm_name] = true; continue; @@ -187,7 +190,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { if(! $onsite_checked) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) @@ -214,7 +217,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { $ret[$perm_name] = true; continue; } @@ -226,15 +229,15 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if($r[0][$channel_perm] & PERMS_SPECIFIC) { - if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { + if($channel_perm & PERMS_SPECIFIC) { + if(array_key_exists('my_perms',$abperms) && array_key_exists($perm_name,$abperms['my_perms']) && $abperms['my_perms'][$perm_name]) { $ret[$perm_name] = true; continue; } -- cgit v1.2.3 From e6224898d29b605da6751b6744f0e544250b600a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 21:33:25 -0700 Subject: more heavy lifting on xtensible perms --- include/permissions.php | 477 +++++++++++++++++++++++++----------------------- 1 file changed, 244 insertions(+), 233 deletions(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index b4ecb1014..dff7d65ff 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -85,7 +85,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // First find out what the channel owner declared permissions to be. - $channel_perm = \ZotlabAccess\PermissionLimits::Get($uid,$perm_name); + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$perm_name); if(! $channel_checked) { $r = q("select * from channel where channel_id = %d limit 1", @@ -139,7 +139,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); - if(($x) && ($internal_use) && (in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { + if(($x) && ($internal_use) && in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { $ret[$perm_name] = false; continue; } @@ -287,21 +287,20 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if($arr['result']) return true; - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // First find out what the channel owner declared permissions to be. - $channel_perm = $global_perms[$permission][0]; + $channel_perm = \Zotlabs\Access\PermissionLimits($uid,$permission); - $r = q("select %s, channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", - dbesc($channel_perm), + $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", intval($uid) ); if(! $r) return false; if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) + if($channel_perm & PERMS_AUTHED) return true; $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash @@ -324,7 +323,10 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { dbesc($observer_xchan) ); } + $abperms = load_abconfig($uid,$observer_xchan); } + + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); // system is blocked to anybody who is not authenticated @@ -336,13 +338,13 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // in which case you will have read_only access if($r[0]['channel_hash'] === $observer_xchan) { - if($r[0]['channel_moved'] && (! $global_perms[$permission][2])) + if($r[0]['channel_moved'] && (in_array($permission,$blocked_anon_perms))) return false; else return true; } - if($r[0][$channel_perm] & PERMS_PUBLIC) + if($channel_perm & PERMS_PUBLIC) return true; // If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set @@ -353,14 +355,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) return true; } // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) ); @@ -379,7 +381,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { return true; } @@ -389,15 +391,16 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { return true; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) { - if($x[0]['abook_my_perms'] & $global_perms[$permission][1]) + if(($r) && ($channel_perm & PERMS_SPECIFIC)) { + if(array_key_exists('my_perms',$abperms) && array_key_exists($permission,$abperms['my_perms']) && $abperms['my_perms'][$permission]) { return true; + } } // No permissions allowed. @@ -563,28 +566,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like', 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -593,28 +596,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; @@ -623,28 +627,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -653,28 +657,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -683,28 +687,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -713,28 +717,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILEPERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_SPECIFIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_SPECIFIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_SPECIFIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_SPECIFIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -743,28 +748,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_NETWORK; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -773,28 +779,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -803,26 +809,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_like' , 'republish' ]; + + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -831,28 +840,30 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; -- cgit v1.2.3 From 917a465ccd7dfa4992241b1e5d4418b3a31f1615 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 19:03:29 -0700 Subject: more work on perms --- include/permissions.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index dff7d65ff..5eb602ce0 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -291,7 +291,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // First find out what the channel owner declared permissions to be. - $channel_perm = \Zotlabs\Access\PermissionLimits($uid,$permission); + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$permission); $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", intval($uid) @@ -299,6 +299,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if(! $r) return false; + + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + if($observer_xchan) { if($channel_perm & PERMS_AUTHED) return true; @@ -314,7 +317,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if(($x) && intval($x[0]['abook_blocked'])) return false; - if(($x) && (! $global_perms[$permission][2]) && intval($x[0]['abook_ignored'])) + if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) return false; if(! $x) { @@ -326,7 +329,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { $abperms = load_abconfig($uid,$observer_xchan); } - $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); // system is blocked to anybody who is not authenticated -- cgit v1.2.3 From c9db8c6857d8676b3eb3c19548eb303656dc5fff Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 21:08:02 -0700 Subject: more permissions work --- include/permissions.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index 5eb602ce0..8e2f9598b 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -81,6 +81,8 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : false); + foreach($global_perms as $perm_name => $permission) { // First find out what the channel owner declared permissions to be. @@ -122,7 +124,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { dbesc($observer_xchan) ); } - $abperms = load_abconfig($uid,$observer_xchan); + $abook_checked = true; } -- cgit v1.2.3 From e6638b471553126a65a7b1f43685ea1482d905de Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 21:23:00 -0700 Subject: change default so we don't have to check for array existence later --- include/permissions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index 8e2f9598b..5527d0afc 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -81,7 +81,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); - $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : false); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : array()); foreach($global_perms as $perm_name => $permission) { -- cgit v1.2.3 From 1fd65c934da1efcbc3e44c5ec1c5112859ba50f9 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 13 Jul 2016 19:53:28 -0700 Subject: lots more permission work --- include/permissions.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index 5527d0afc..bc3cfdd2a 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -239,8 +239,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Permission granted to certain channels. Let's see if the observer is one of them if($channel_perm & PERMS_SPECIFIC) { - if(array_key_exists('my_perms',$abperms) && array_key_exists($perm_name,$abperms['my_perms']) && $abperms['my_perms'][$perm_name]) { - $ret[$perm_name] = true; + if($abperms) { + foreach($abperms as $ab) { + if(($ab['cat'] == 'my_perms') && ($ab['k'] == $perm_name)) { + $ret[$perm_name] = (intval($ab['v']) ? true : false); + break; + } + } continue; } } -- cgit v1.2.3 From 503b42029212a61ce4aefcf63eb2a865ee334619 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 13 Jul 2016 20:23:20 -0700 Subject: rework perm_is_allowed --- include/permissions.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index bc3cfdd2a..638bedb24 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -81,7 +81,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); - $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : array()); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan,'my_perms') : array()); foreach($global_perms as $perm_name => $permission) { @@ -333,7 +333,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { dbesc($observer_xchan) ); } - $abperms = load_abconfig($uid,$observer_xchan); + $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } @@ -407,8 +407,12 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // Permission granted to certain channels. Let's see if the observer is one of them if(($r) && ($channel_perm & PERMS_SPECIFIC)) { - if(array_key_exists('my_perms',$abperms) && array_key_exists($permission,$abperms['my_perms']) && $abperms['my_perms'][$permission]) { - return true; + if($abperms) { + foreach($abperms as $ab) { + if($ab['cat'] == 'my_perms' && $ab['k'] == $permission) { + return ((intval($ab['v'])) ? true : false); + } + } } } -- cgit v1.2.3