From 48a33f08e2042b0bb809f43f9bec9d7739af3c28 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Fri, 2 Jun 2023 11:33:44 +0000
Subject: ocap initial checkin

---
 include/security.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'include/security.php')

diff --git a/include/security.php b/include/security.php
index 2fbe1da1a..539e5f5b5 100644
--- a/include/security.php
+++ b/include/security.php
@@ -330,7 +330,7 @@ function change_channel($change_channel) {
  * @return string additional SQL where statement
  */
 
-function permissions_sql($owner_id, $remote_observer = null, $table = '') {
+function permissions_sql($owner_id, $remote_observer = null, $table = '', $token = EMPTY_STR) {
 
 	$local_channel = local_channel();
 
@@ -412,6 +412,16 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') {
 				dbesc($gs)
 			);
 		}
+
+		/*
+		 * OCAP token access
+		 */
+
+		elseif ($token) {
+			$sql = " AND ( {$table}allow_cid like '" . protect_sprintf('%<token:' . $token . '>%') .
+			"' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '' AND {$table}deny_cid = '' AND {$table}deny_gid = '' ) )";
+		}
+
 	}
 
 	return $sql;
-- 
cgit v1.2.3