From b20887995a2b3277659e01d99ae4de238f7175ef Mon Sep 17 00:00:00 2001 From: Alexandre Hannud Abdo Date: Tue, 17 Jun 2014 04:26:18 -0300 Subject: Implements a new permission level PERMS_PENDING With this a user can allow some action to any user which connects to them, even before they've connected back. Ref. https://mobiliza.org.br/display/478d9e71eaf55748dc646d3990651d6d34cfb7db5c38360538ec730ca3ccf908@zothub.com Also some code cleanup and an alternative logic for handling notifications of permission changes in zot.php. This assumes that private posts are still restricted to people in your addressbook. Regardless of your global permissions, a pending channel won't get private posts, even if the post only has a deny clause not matching the pending channel. --- include/permissions.php | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) (limited to 'include/permissions.php') diff --git a/include/permissions.php b/include/permissions.php index 029bc1288..a3ec13925 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -177,32 +177,36 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book - // $x is a valid address book entry + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { $ret[$perm_name] = false; continue; } - + // They are in your address book, but haven't been approved + if($r[0][$channel_perm] & PERMS_PENDING) { + $ret[$perm_name] = true; + continue; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { $ret[$perm_name] = false; continue; } - if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) { - - // They're a contact, so they have permission + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) { + if($r[0][$channel_perm] & PERMS_SPECIFIC) { if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { $ret[$perm_name] = true; continue; @@ -216,7 +220,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { } - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -229,7 +232,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { function perm_is_allowed($uid,$observer_xchan,$permission) { - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -280,7 +282,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { } } - // Check if this $uid is actually the $observer_xchan if($r[0]['channel_hash'] === $observer_xchan) @@ -312,16 +313,27 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if($c) return true; return false; - } + } + + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { return false; } + // They are in your address book, but haven't been approved + + if($r[0][$channel_perm] & PERMS_PENDING) { + return true; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { return false; } + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { return true; } @@ -333,13 +345,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return true; } - - - // No permissions allowed. return false; - } @@ -356,7 +364,6 @@ function check_list_permissions($uid,$arr,$perm) { } - function site_default_perms() { $typical = array( @@ -378,7 +385,6 @@ function site_default_perms() { 'delegate' => 0, ); - $global_perms = get_perms(); $ret = array(); -- cgit v1.2.3