From 45be26dd81a1679853763bc79c387bf0c6fdfe57 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 19 Jan 2013 22:21:00 -0800 Subject: more heavy lifting on API - though need to re-visit events and give them all message_ids from the origination site. --- include/security.php | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) (limited to 'include/security.php') diff --git a/include/security.php b/include/security.php index 0783a3c20..25318b3e8 100644 --- a/include/security.php +++ b/include/security.php @@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND not (item_flags & " . ITEM_PRIVATE . ") "; + $sql = " AND not item_private "; /** @@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) { }} + + + +// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the +// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) +// We always include yourself if logged in because you can always see your own posts +// resolving granular permissions for the observer against every person and every post on the site +// will likely be too expensive. +// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query + +function stream_perms_api_uids($perms_min = PERMS_SITE) { + $ret = array(); + if(local_user()) + $ret[] = local_user(); + $r = q("select channel_id from channel where channel_r_stream <= %d", + intval($perms_min) + ); + if($r) + foreach($r as $rr) + if(! in_array($rr['channel_id'],$ret)) + $ret[] = $rr['channel_id']; + + $str = ''; + if($ret) + foreach($ret as $rr) { + if($str) + $str .= ','; + $str .= intval($rr); + } + return $str; +} + -- cgit v1.2.3