From c29483b88cda69beb51f00ee8f2d262bc6784a24 Mon Sep 17 00:00:00 2001 From: marijus Date: Mon, 2 Feb 2015 15:18:44 +0100 Subject: respect parent dir permissions --- include/attach.php | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 155ddbc96..c38301e01 100644 --- a/include/attach.php +++ b/include/attach.php @@ -966,6 +966,35 @@ function pipe_streams($in, $out) { function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $verb, $no_activity) { + //if we got no object something went wrong + if(!$object) + return; + + $is_dir = (($object['flags'] & ATTACH_FLAG_DIR) ? true : false); + + //do not send activity for folders for now + if($is_dir) + return; + + //check for recursive perms if we are in a folder + if($object['folder']) { + + $folder_hash = $object['folder']; + + $r_perms = check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash); + + $allow_cid = $r_perms['allow_cid']; + $allow_gid = $r_perms['allow_gid']; + $deny_cid = $r_perms['deny_cid']; + $deny_gid = $r_perms['deny_gid']; + + if(!$allow_gid && !$allow_cid) { + notice( t('Allowed permissions for this file are not recursive. None of your allowed contacts will have access to this file.') . EOL); + $verb = 'update'; + } + + } + require_once('include/items.php'); $poster = get_app()->get_observer(); @@ -1124,3 +1153,48 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) { return $object; } + +function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash) { + + $arr_allow_cid = expand_acl($allow_cid); + $arr_allow_gid = expand_acl($allow_gid); + $arr_deny_cid = expand_acl($deny_cid); + $arr_deny_gid = expand_acl($deny_gid); + + while($folder_hash) { + $x = q("SELECT * FROM attach WHERE hash = '%s'", + dbesc($folder_hash) + ); + + $parents_arr_allow_cid[] = expand_acl($x[0]['allow_cid']); + $parents_arr_allow_gid[] = expand_acl($x[0]['allow_gid']); + $parents_arr_deny_cid[] = expand_acl($x[0]['deny_cid']); + $parents_arr_deny_gid[] = expand_acl($x[0]['deny_gid']); + + $folder_hash = $x[0]['folder']; + } + + foreach($parents_arr_allow_gid as $folder_arr_allow_gid) { + $arr_allow_gid = array_intersect($arr_allow_gid, $folder_arr_allow_gid); + } + + foreach($parents_arr_allow_cid as $folder_arr_allow_cid) { + $arr_allow_cid = array_intersect($arr_allow_cid, $folder_arr_allow_cid); + } + + foreach($parents_arr_deny_gid as $folder_arr_deny_gid) { + $arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); + } + + foreach($parents_arr_deny_cid as $folder_arr_deny_cid) { + $arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); + } + + $ret['allow_gid'] = perms2str($arr_allow_gid); + $ret['allow_cid'] = perms2str($arr_allow_cid); + $ret['deny_gid'] = perms2str(array_unique($arr_deny_gid)); + $ret['deny_cid'] = perms2str(array_unique($arr_deny_cid)); + + return $ret; + +} -- cgit v1.2.3 From e0bc01a7f60668c35f677fbc52ba2e8aec70683a Mon Sep 17 00:00:00 2001 From: marijus Date: Mon, 2 Feb 2015 15:25:30 +0100 Subject: just select perms --- include/attach.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index c38301e01..07f31761d 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1162,7 +1162,7 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo $arr_deny_gid = expand_acl($deny_gid); while($folder_hash) { - $x = q("SELECT * FROM attach WHERE hash = '%s'", + $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, FROM attach WHERE hash = '%s'", dbesc($folder_hash) ); -- cgit v1.2.3 From 1b30e43c45100fc8f1a9f558237068ce24130264 Mon Sep 17 00:00:00 2001 From: marijus Date: Mon, 2 Feb 2015 15:26:35 +0100 Subject: typo --- include/attach.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 07f31761d..12144d380 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1162,7 +1162,7 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo $arr_deny_gid = expand_acl($deny_gid); while($folder_hash) { - $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, FROM attach WHERE hash = '%s'", + $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM attach WHERE hash = '%s'", dbesc($folder_hash) ); -- cgit v1.2.3 From 74da8f2e87e863d6cde2598d6929fa035499fddd Mon Sep 17 00:00:00 2001 From: marijus Date: Mon, 2 Feb 2015 15:31:51 +0100 Subject: we also need folder here --- include/attach.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 12144d380..23cfca0d0 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1162,7 +1162,7 @@ function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $fo $arr_deny_gid = expand_acl($deny_gid); while($folder_hash) { - $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM attach WHERE hash = '%s'", + $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s'", dbesc($folder_hash) ); -- cgit v1.2.3 From 2546b0a5255b4e7031a94b3a59deb1687a68e350 Mon Sep 17 00:00:00 2001 From: marijus Date: Mon, 2 Feb 2015 16:48:49 +0100 Subject: one important line missing --- include/attach.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 23cfca0d0..d99d8d89e 100644 --- a/include/attach.php +++ b/include/attach.php @@ -991,6 +991,7 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, if(!$allow_gid && !$allow_cid) { notice( t('Allowed permissions for this file are not recursive. None of your allowed contacts will have access to this file.') . EOL); $verb = 'update'; + $update = true; } } -- cgit v1.2.3 From ed3b5f8251fa1534c967e756529aa397cc78fb3a Mon Sep 17 00:00:00 2001 From: marijus Date: Mon, 2 Feb 2015 17:12:13 +0100 Subject: comment this out for now - it is not always true --- include/attach.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index d99d8d89e..5f9d38115 100644 --- a/include/attach.php +++ b/include/attach.php @@ -987,13 +987,13 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $allow_gid = $r_perms['allow_gid']; $deny_cid = $r_perms['deny_cid']; $deny_gid = $r_perms['deny_gid']; - +/* if(!$allow_gid && !$allow_cid) { notice( t('Allowed permissions for this file are not recursive. None of your allowed contacts will have access to this file.') . EOL); $verb = 'update'; $update = true; } - +*/ } require_once('include/items.php'); -- cgit v1.2.3 From a80057fec7980c54df73626be9af3e08f03f5ce7 Mon Sep 17 00:00:00 2001 From: marijus Date: Mon, 2 Feb 2015 17:45:30 +0100 Subject: comment out latest changes - needs more testing --- include/attach.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 5f9d38115..7ebc4489d 100644 --- a/include/attach.php +++ b/include/attach.php @@ -975,7 +975,7 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, //do not send activity for folders for now if($is_dir) return; - +/* //check for recursive perms if we are in a folder if($object['folder']) { @@ -987,15 +987,15 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $allow_gid = $r_perms['allow_gid']; $deny_cid = $r_perms['deny_cid']; $deny_gid = $r_perms['deny_gid']; -/* + if(!$allow_gid && !$allow_cid) { notice( t('Allowed permissions for this file are not recursive. None of your allowed contacts will have access to this file.') . EOL); $verb = 'update'; $update = true; } -*/ - } + } +*/ require_once('include/items.php'); $poster = get_app()->get_observer(); -- cgit v1.2.3