From d566ffa678dc9f035a022304a82560b19495a838 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 17:55:13 -0700 Subject: more heavy lifting on extensible perms --- include/permissions.php | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index 19242d29f..b4ecb1014 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -67,7 +67,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { if($api) return get_all_api_perms($uid,$api); - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // Save lots of individual lookups @@ -85,7 +85,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // First find out what the channel owner declared permissions to be. - $channel_perm = $permission[0]; + $channel_perm = \ZotlabAccess\PermissionLimits::Get($uid,$perm_name); if(! $channel_checked) { $r = q("select * from channel where channel_id = %d limit 1", @@ -105,7 +105,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // These take priority over all other settings. if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) { + if($channel_perm & PERMS_AUTHED) { $ret[$perm_name] = true; continue; } @@ -122,7 +122,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { dbesc($observer_xchan) ); } - + $abperms = load_abconfig($uid,$observer_xchan); $abook_checked = true; } @@ -136,7 +136,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Check if this is a write permission and they are being ignored // This flag is only visible internally. - if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && intval($x[0]['abook_ignored'])) { + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + + + if(($x) && ($internal_use) && (in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { $ret[$perm_name] = false; continue; } @@ -154,7 +157,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // if you've moved elsewhere, you will only have read only access if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) { - if($r[0]['channel_moved'] && (! $permission[2])) + if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms))) $ret[$perm_name] = false; else $ret[$perm_name] = true; @@ -163,7 +166,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Anybody at all (that wasn't blocked or ignored). They have permission. - if($r[0][$channel_perm] & PERMS_PUBLIC) { + if($channel_perm & PERMS_PUBLIC) { $ret[$perm_name] = true; continue; } @@ -178,7 +181,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) { $ret[$perm_name] = true; continue; @@ -187,7 +190,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { if(! $onsite_checked) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) @@ -214,7 +217,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { $ret[$perm_name] = true; continue; } @@ -226,15 +229,15 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if($r[0][$channel_perm] & PERMS_SPECIFIC) { - if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { + if($channel_perm & PERMS_SPECIFIC) { + if(array_key_exists('my_perms',$abperms) && array_key_exists($perm_name,$abperms['my_perms']) && $abperms['my_perms'][$perm_name]) { $ret[$perm_name] = true; continue; } -- cgit v1.2.3 From e6224898d29b605da6751b6744f0e544250b600a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Jul 2016 21:33:25 -0700 Subject: more heavy lifting on xtensible perms --- include/permissions.php | 477 +++++++++++++++++++++++++----------------------- 1 file changed, 244 insertions(+), 233 deletions(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index b4ecb1014..dff7d65ff 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -85,7 +85,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // First find out what the channel owner declared permissions to be. - $channel_perm = \ZotlabAccess\PermissionLimits::Get($uid,$perm_name); + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$perm_name); if(! $channel_checked) { $r = q("select * from channel where channel_id = %d limit 1", @@ -139,7 +139,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); - if(($x) && ($internal_use) && (in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { + if(($x) && ($internal_use) && in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) { $ret[$perm_name] = false; continue; } @@ -287,21 +287,20 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if($arr['result']) return true; - $global_perms = get_perms(); + $global_perms = \Zotlabs\Access\Permissions::Perms(); // First find out what the channel owner declared permissions to be. - $channel_perm = $global_perms[$permission][0]; + $channel_perm = \Zotlabs\Access\PermissionLimits($uid,$permission); - $r = q("select %s, channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", - dbesc($channel_perm), + $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", intval($uid) ); if(! $r) return false; if($observer_xchan) { - if($r[0][$channel_perm] & PERMS_AUTHED) + if($channel_perm & PERMS_AUTHED) return true; $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash @@ -324,7 +323,10 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { dbesc($observer_xchan) ); } + $abperms = load_abconfig($uid,$observer_xchan); } + + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); // system is blocked to anybody who is not authenticated @@ -336,13 +338,13 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // in which case you will have read_only access if($r[0]['channel_hash'] === $observer_xchan) { - if($r[0]['channel_moved'] && (! $global_perms[$permission][2])) + if($r[0]['channel_moved'] && (in_array($permission,$blocked_anon_perms))) return false; else return true; } - if($r[0][$channel_perm] & PERMS_PUBLIC) + if($channel_perm & PERMS_PUBLIC) return true; // If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set @@ -353,14 +355,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if($channel_perm & PERMS_NETWORK) { if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) return true; } // If PERMS_SITE is specified, find out if they've got an account on this hub - if($r[0][$channel_perm] & PERMS_SITE) { + if($channel_perm & PERMS_SITE) { $c = q("select channel_hash from channel where channel_hash = '%s' limit 1", dbesc($observer_xchan) ); @@ -379,7 +381,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They are in your address book, but haven't been approved - if($r[0][$channel_perm] & PERMS_PENDING) { + if($channel_perm & PERMS_PENDING) { return true; } @@ -389,15 +391,16 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They're a contact, so they have permission - if($r[0][$channel_perm] & PERMS_CONTACTS) { + if($channel_perm & PERMS_CONTACTS) { return true; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) { - if($x[0]['abook_my_perms'] & $global_perms[$permission][1]) + if(($r) && ($channel_perm & PERMS_SPECIFIC)) { + if(array_key_exists('my_perms',$abperms) && array_key_exists($permission,$abperms['my_perms']) && $abperms['my_perms'][$permission]) { return true; + } } // No permissions allowed. @@ -563,28 +566,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like', 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -593,28 +596,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = true; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'chat', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; @@ -623,28 +627,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -653,28 +657,28 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -683,28 +687,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -713,28 +717,29 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILEPERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_SPECIFIC; - $ret['channel_r_abook'] = PERMS_SPECIFIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_SPECIFIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_SPECIFIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_SPECIFIC; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_SPECIFIC, + 'view_contacts' => PERMS_SPECIFIC, + 'view_storage' => PERMS_SPECIFIC, + 'view_pages' => PERMS_SPECIFIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -743,28 +748,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_NETWORK; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -773,28 +779,28 @@ function get_role_perms($role) { $ret['default_collection'] = true; $ret['directory_publish'] = false; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'post_mail', 'post_like' , 'republish' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -803,26 +809,29 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'post_like' , 'republish' ]; + + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; break; @@ -831,28 +840,30 @@ function get_role_perms($role) { $ret['default_collection'] = false; $ret['directory_publish'] = true; $ret['online'] = false; - $ret['perms_follow'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['perms_accept'] = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_W_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; - $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_SPECIFIC; - $ret['channel_w_wall'] = PERMS_SPECIFIC; - $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_SPECIFIC; - $ret['channel_w_mail'] = PERMS_SPECIFIC; - $ret['channel_w_chat'] = PERMS_SPECIFIC; - $ret['channel_a_delegate'] = PERMS_SPECIFIC; - $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_SPECIFIC; - $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_SPECIFIC; - $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_NETWORK; + + $ret['perms_connect'] = [ + 'view_stream', 'view_profile', 'view_contacts', 'view_storage', + 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat' ]; + $ret['limits'] = [ + 'view_stream' => PERMS_PUBLIC, + 'view_profile' => PERMS_PUBLIC, + 'view_contacts' => PERMS_PUBLIC, + 'view_storage' => PERMS_PUBLIC, + 'view_pages' => PERMS_PUBLIC, + 'send_stream' => PERMS_SPECIFIC, + 'post_wall' => PERMS_SPECIFIC, + 'post_comments' => PERMS_SPECIFIC, + 'post_mail' => PERMS_SPECIFIC, + 'post_like' => PERMS_SPECIFIC, + 'tag_deliver' => PERMS_SPECIFIC, + 'chat' => PERMS_SPECIFIC, + 'write_storage' => PERMS_SPECIFIC, + 'write_pages' => PERMS_SPECIFIC, + 'republish' => PERMS_SPECIFIC, + 'delegate' => PERMS_SPECIFIC + ]; + break; -- cgit v1.2.3 From 917a465ccd7dfa4992241b1e5d4418b3a31f1615 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 19:03:29 -0700 Subject: more work on perms --- include/permissions.php | 8 +++++--- include/zot.php | 8 ++++---- 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index dff7d65ff..5eb602ce0 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -291,7 +291,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // First find out what the channel owner declared permissions to be. - $channel_perm = \Zotlabs\Access\PermissionLimits($uid,$permission); + $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$permission); $r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1", intval($uid) @@ -299,6 +299,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if(! $r) return false; + + $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); + if($observer_xchan) { if($channel_perm & PERMS_AUTHED) return true; @@ -314,7 +317,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { if(($x) && intval($x[0]['abook_blocked'])) return false; - if(($x) && (! $global_perms[$permission][2]) && intval($x[0]['abook_ignored'])) + if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) return false; if(! $x) { @@ -326,7 +329,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { $abperms = load_abconfig($uid,$observer_xchan); } - $blocked_anon_perms = \Zotlabs\Access\Permissions::BlockedAnonPerms(); // system is blocked to anybody who is not authenticated diff --git a/include/zot.php b/include/zot.php index 6dd789181..c30940613 100644 --- a/include/zot.php +++ b/include/zot.php @@ -410,10 +410,10 @@ function zot_refresh($them, $channel = null, $force = false) { if($permissions && is_array($permissions)) { foreach($permissions as $k => $v) { // The connected permission means you are in their address book - if($k === 'connected') { - $connected_set = intval($v); - continue; - } + //if($k === 'connected') { + // $connected_set = intval($v); + // continue; + //} if(($v) && (array_key_exists($k,$global_perms))) { $their_perms = $their_perms | intval($global_perms[$k][1]); } -- cgit v1.2.3 From c9db8c6857d8676b3eb3c19548eb303656dc5fff Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 21:08:02 -0700 Subject: more permissions work --- include/config.php | 2 +- include/permissions.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/config.php b/include/config.php index ece22793f..91e021947 100644 --- a/include/config.php +++ b/include/config.php @@ -99,7 +99,7 @@ function del_aconfig($account_id, $family, $key) { function load_abconfig($chan,$xhash) { - Zlib\AbConfig::Load($chan,$xhash); + return Zlib\AbConfig::Load($chan,$xhash); } function get_abconfig($chan,$xhash,$family,$key) { diff --git a/include/permissions.php b/include/permissions.php index 5eb602ce0..8e2f9598b 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -81,6 +81,8 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : false); + foreach($global_perms as $perm_name => $permission) { // First find out what the channel owner declared permissions to be. @@ -122,7 +124,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { dbesc($observer_xchan) ); } - $abperms = load_abconfig($uid,$observer_xchan); + $abook_checked = true; } -- cgit v1.2.3 From e6638b471553126a65a7b1f43685ea1482d905de Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 9 Jul 2016 21:23:00 -0700 Subject: change default so we don't have to check for array existence later --- include/permissions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index 8e2f9598b..5527d0afc 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -81,7 +81,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); - $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : false); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : array()); foreach($global_perms as $perm_name => $permission) { -- cgit v1.2.3 From cc83983ae5cb4675f631b0fb4bc61b800f183dae Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 10 Jul 2016 17:45:14 -0700 Subject: perms work --- include/zot.php | 50 +++++++++++++------------------------------------- 1 file changed, 13 insertions(+), 37 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index c30940613..339ea7a16 100644 --- a/include/zot.php +++ b/include/zot.php @@ -388,10 +388,7 @@ function zot_refresh($them, $channel = null, $force = false) { if(! $x['success']) return false; - $their_perms = 0; - if($channel) { - $global_perms = get_perms(); if($j['permissions']['data']) { $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], @@ -408,15 +405,10 @@ function zot_refresh($them, $channel = null, $force = false) { $connected_set = false; if($permissions && is_array($permissions)) { + $old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream'); + foreach($permissions as $k => $v) { - // The connected permission means you are in their address book - //if($k === 'connected') { - // $connected_set = intval($v); - // continue; - //} - if(($v) && (array_key_exists($k,$global_perms))) { - $their_perms = $their_perms | intval($global_perms[$k][1]); - } + set_abconfig($channel['channel_id'],$x['hash'],'their_perms',$k,$v); } } @@ -443,36 +435,19 @@ function zot_refresh($them, $channel = null, $force = false) { if(substr($r[0]['abook_dob'],5) == substr($next_birthday,5)) $next_birthday = $r[0]['abook_dob']; - $current_abook_connected = (intval($r[0]['abook_unconnected']) ? 0 : 1); - - $y = q("update abook set abook_their_perms = %d, abook_dob = '%s' + $y = q("update abook set abook_dob = '%s' where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 ", - intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']) ); -// if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) { - - // if they are in your address book but you aren't in theirs, and/or this does not - // match your current connected state setting, toggle it. - /** @FIXME uncoverted to postgres */ - /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */ -// $y1 = q("update abook set abook_unconnected = 1 -// where abook_xchan = '%s' and abook_channel = %d -// and abook_self = 0 limit 1", -// dbesc($x['hash']), -// intval($channel['channel_id']) -// ); -// } - if(! $y) logger('abook update failed'); else { // if we were just granted read stream permission and didn't have it before, try to pull in some posts - if((! ($r[0]['abook_their_perms'] & PERMS_R_STREAM)) && ($their_perms & PERMS_R_STREAM)) + if((! $old_read_stream_perm) && (intval($permissions['view_stream']))) Zotlabs\Daemon\Master::Summon(array('Onepoll',$r[0]['abook_id'])); } } @@ -484,10 +459,10 @@ function zot_refresh($them, $channel = null, $force = false) { if($role) { $xx = get_role_perms($role); if($xx['perms_auto']) - $default_perms = $xx['perms_accept']; + $default_perms = $xx['perms_connect']; } if(! $default_perms) - $default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms')); + $default_perms = get_pconfig($channel['channel_id'],'system','autoperms')); // Keep original perms to check if we need to notify them @@ -498,13 +473,11 @@ function zot_refresh($them, $channel = null, $force = false) { if($closeness === false) $closeness = 80; - $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", + $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), - intval($their_perms), - intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), @@ -532,8 +505,8 @@ function zot_refresh($them, $channel = null, $force = false) { 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'], )); - if($their_perms & PERMS_R_STREAM) { - if(($channel['channel_w_stream'] & PERMS_PENDING) + if(intval($permissions['view_stream']))) { + if(intval(get_pconfig($channel['channel_id'],'perms_limit','send_stream')) & PERMS_PENDING) || (! intval($new_connection[0]['abook_pending'])) ) Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id'])); } @@ -1371,6 +1344,7 @@ function public_recips($msg) { if($msg['message']['type'] === 'activity') { if(! get_config('system','disable_discover_tab')) $include_sys = true; + $perm = 'send_stream'; $col = 'channel_w_stream'; $field = PERMS_W_STREAM; if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { @@ -1404,12 +1378,14 @@ function public_recips($msg) { // contains the tag. we'll solve that further below. if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) { + $perm = 'post_comment'; $col = 'channel_w_comment'; $field = PERMS_W_COMMENT; } } } elseif($msg['message']['type'] === 'mail') { + $perm = 'post_mail'; $col = 'channel_w_mail'; $field = PERMS_W_MAIL; } -- cgit v1.2.3 From 71b001fdb7f4c900f6e7ff15a29952d6dc82c1fc Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 11 Jul 2016 17:02:49 -0700 Subject: more perms work - notably the stuff in public_perms --- include/zot.php | 72 ++++++++++++++------------------------------------------- 1 file changed, 17 insertions(+), 55 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 339ea7a16..f0e4d31db 100644 --- a/include/zot.php +++ b/include/zot.php @@ -462,7 +462,7 @@ function zot_refresh($them, $channel = null, $force = false) { $default_perms = $xx['perms_connect']; } if(! $default_perms) - $default_perms = get_pconfig($channel['channel_id'],'system','autoperms')); + $default_perms = get_pconfig($channel['channel_id'],'system','autoperms'); // Keep original perms to check if we need to notify them @@ -505,9 +505,9 @@ function zot_refresh($them, $channel = null, $force = false) { 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'], )); - if(intval($permissions['view_stream']))) { - if(intval(get_pconfig($channel['channel_id'],'perms_limit','send_stream')) & PERMS_PENDING) - || (! intval($new_connection[0]['abook_pending'])) ) + if(intval($permissions['view_stream'])) { + if(intval(get_pconfig($channel['channel_id'],'perms_limit','send_stream') & PERMS_PENDING) + || (! intval($new_connection[0]['abook_pending']))) Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id'])); } @@ -1345,8 +1345,7 @@ function public_recips($msg) { if(! get_config('system','disable_discover_tab')) $include_sys = true; $perm = 'send_stream'; - $col = 'channel_w_stream'; - $field = PERMS_W_STREAM; + if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { // check mention recipient permissions on top level posts only $check_mentions = true; @@ -1378,67 +1377,30 @@ function public_recips($msg) { // contains the tag. we'll solve that further below. if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) { - $perm = 'post_comment'; - $col = 'channel_w_comment'; - $field = PERMS_W_COMMENT; + $perm = 'post_comments'; } } } - elseif($msg['message']['type'] === 'mail') { + elseif($msg['message']['type'] === 'mail') $perm = 'post_mail'; - $col = 'channel_w_mail'; - $field = PERMS_W_MAIL; - } - - if(! $col) - return NULL; - - $col = dbesc($col); - - // First find those channels who are accepting posts from anybody, or at least - // something greater than just their connections. - if($msg['notify']['sender']['url'] === z_root()) { - $sql = " where (( " . $col . " & " . intval(PERMS_NETWORK) . " ) > 0 - or ( " . $col . " & " . intval(PERMS_SITE) . " ) > 0 - or ( " . $col . " & " . intval(PERMS_PUBLIC) . ") > 0 - or ( " . $col . " & " . intval(PERMS_AUTHED) . ") > 0 ) "; - } else { - $sql = " where ( " . $col . " = " . intval(PERMS_NETWORK) . " - or " . $col . " = " . intval(PERMS_PUBLIC) . " - or " . $col . " = " . intval(PERMS_AUTHED) . " ) "; + $r = array(); + + $c = q("select channel_id, channel_hash from channel where channel_removed = 0"); + if($c) { + foreach($c as $cc) { + if(perm_is_allowed($cc['channel_id'],$msg['notify']['sender']['hash'],$perm)) { + $r[] = [ 'hash' => $cc['channel_hash'] ]; + } + } } - $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' - and channel_removed = 0 ", - dbesc($msg['notify']['sender']['hash']) - ); - - if(! $r) - $r = array(); - - // Now we have to get a bit dirty. Find every channel that has the sender in their connections (abook) - // and is allowing this sender at least at a high level. - - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id - where abook_xchan = '%s' and channel_removed = 0 - and (( " . $col . " = " . intval(PERMS_SPECIFIC) . " and ( abook_my_perms & " . intval($field) . " ) > 0 ) - OR " . $col . " = " . intval(PERMS_PENDING) . " - OR ( " . $col . " = " . intval(PERMS_CONTACTS) . " and abook_pending = 0 )) ", - dbesc($msg['notify']['sender']['hash']) - ); - - if(! $x) - $x = array(); - - $r = array_merge($r,$x); - //logger('message: ' . print_r($msg['message'],true)); if($include_sys && array_key_exists('public_scope',$msg['message']) && $msg['message']['public_scope'] === 'public') { $sys = get_sys_channel(); if($sys) - $r[] = array('hash' => $sys['channel_hash']); + $r[] = [ 'hash' => $sys['channel_hash'] ]; } // look for any public mentions on this site -- cgit v1.2.3 From f4e4e734de001de50b2a1a3119997b444bf12134 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 12 Jul 2016 21:47:24 -0700 Subject: more work on perms --- include/security.php | 41 ++++++++++++++++++++++++++--------------- include/widgets.php | 11 ++++++++--- 2 files changed, 34 insertions(+), 18 deletions(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index 212690d91..2ab6bf075 100644 --- a/include/security.php +++ b/include/security.php @@ -89,6 +89,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive * * @return bool|array false or channel record of the new channel */ + function change_channel($change_channel) { $ret = false; @@ -438,14 +439,19 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) { $random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : ''); if(local_channel()) $ret[] = local_channel(); - $r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", - intval($perms), - intval(PAGE_ADULT|PAGE_CENSORED) + $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", + intval($perms) ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_id'], $ret)) - $ret[] = $rr['channel_id']; + if($x) { + $ids = ids_to_querystr($x,'uid'); + $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_id'], $ret)) + $ret[] = $rr['channel_id']; + } } $str = ''; @@ -471,16 +477,21 @@ function stream_perms_xchans($perms = NULL ) { if(local_channel()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0 and channel_system = 0 and channel_removed = 0 ", - intval($perms), - intval(PAGE_ADULT|PAGE_CENSORED) + $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", + intval($perms) ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_hash'], $ret)) - $ret[] = $rr['channel_hash']; - } + if($x) { + $ids = ids_to_querystr($x,'uid'); + $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_hash'], $ret)) + $ret[] = $rr['channel_hash']; + } + } $str = ''; if($ret) { foreach($ret as $rr) { diff --git a/include/widgets.php b/include/widgets.php index 2d4d5b799..dbcaef409 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1347,9 +1347,14 @@ function widget_forums($arr) { $perms_sql = item_permissions_sql(local_channel()) . item_normal(); - $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where ( xchan_pubforum = 1 or ((abook_their_perms & %d ) != 0 and (abook_their_perms & %d ) = 0) ) and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", - intval(PERMS_W_TAGWALL), - intval(PERMS_W_STREAM), + /** + * We used to try and find public forums with custom permissions by checking to see if + * send_stream was false and tag_deliver was true. However with the newer extensible + * permissions infrastructure this makes for a very complicated query. Now we're only + * checking channels that report themselves specifically as pubforums + */ + + $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_pubforum = 1 and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", intval(local_channel()) ); if(! $r1) -- cgit v1.2.3 From 1fd65c934da1efcbc3e44c5ec1c5112859ba50f9 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 13 Jul 2016 19:53:28 -0700 Subject: lots more permission work --- include/permissions.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index 5527d0afc..bc3cfdd2a 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -239,8 +239,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // Permission granted to certain channels. Let's see if the observer is one of them if($channel_perm & PERMS_SPECIFIC) { - if(array_key_exists('my_perms',$abperms) && array_key_exists($perm_name,$abperms['my_perms']) && $abperms['my_perms'][$perm_name]) { - $ret[$perm_name] = true; + if($abperms) { + foreach($abperms as $ab) { + if(($ab['cat'] == 'my_perms') && ($ab['k'] == $perm_name)) { + $ret[$perm_name] = (intval($ab['v']) ? true : false); + break; + } + } continue; } } -- cgit v1.2.3 From 503b42029212a61ce4aefcf63eb2a865ee334619 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 13 Jul 2016 20:23:20 -0700 Subject: rework perm_is_allowed --- include/permissions.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index bc3cfdd2a..638bedb24 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -81,7 +81,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { $ret = array(); - $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan) : array()); + $abperms = (($uid && $observer_xchan) ? load_abconfig($uid,$observer_xchan,'my_perms') : array()); foreach($global_perms as $perm_name => $permission) { @@ -333,7 +333,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { dbesc($observer_xchan) ); } - $abperms = load_abconfig($uid,$observer_xchan); + $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } @@ -407,8 +407,12 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // Permission granted to certain channels. Let's see if the observer is one of them if(($r) && ($channel_perm & PERMS_SPECIFIC)) { - if(array_key_exists('my_perms',$abperms) && array_key_exists($permission,$abperms['my_perms']) && $abperms['my_perms'][$permission]) { - return true; + if($abperms) { + foreach($abperms as $ab) { + if($ab['cat'] == 'my_perms' && $ab['k'] == $permission) { + return ((intval($ab['v'])) ? true : false); + } + } } } -- cgit v1.2.3 From b3a785711cde52a3c03c0a0eb90ce4e9ce8d9059 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 13 Jul 2016 22:11:06 -0700 Subject: deprecate/remove json_decode_plus --- include/conversation.php | 6 +++--- include/items.php | 20 ++++++++++---------- include/text.php | 16 ++++------------ include/zot.php | 8 ++++---- 4 files changed, 21 insertions(+), 29 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 957dbf8e9..1efca37f3 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -99,7 +99,7 @@ function localize_item(&$item){ if(intval($item['item_thread_top'])) return; - $obj = json_decode_plus($item['obj']); + $obj = json_decode($item['obj'],true); if((! $obj) && ($item['obj'])) { logger('localize_item: failed to decode object: ' . print_r($item['obj'],true)); } @@ -186,7 +186,7 @@ function localize_item(&$item){ $Alink = $item['author']['xchan_url']; - $obj= json_decode_plus($item['obj']); + $obj= json_decode($item['obj'],true); $Blink = $Bphoto = ''; @@ -219,7 +219,7 @@ function localize_item(&$item){ $Aname = $item['author']['xchan_name']; $Alink = $item['author']['xchan_url']; - $obj= json_decode_plus($item['obj']); + $obj= json_decode($item['obj'],true); $Blink = $Bphoto = ''; diff --git a/include/items.php b/include/items.php index 373090d41..ad12e4f98 100755 --- a/include/items.php +++ b/include/items.php @@ -990,9 +990,9 @@ function encode_item($item,$mirror = false) { if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) { if($item['title']) - $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key); if($item['body']) - $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key); } // If we're trying to backup an item so that it's recoverable or for export/imprt, @@ -1062,11 +1062,11 @@ function encode_item($item,$mirror = false) { $x['owner'] = encode_item_xchan($item['owner']); $x['author'] = encode_item_xchan($item['author']); if($item['obj']) - $x['object'] = json_decode_plus($item['obj']); + $x['object'] = json_decode($item['obj'],true); if($item['target']) - $x['target'] = json_decode_plus($item['target']); + $x['target'] = json_decode($item['target'],true); if($item['attach']) - $x['attach'] = json_decode_plus($item['attach']); + $x['attach'] = json_decode($item['attach'],true); if($y = encode_item_flags($item)) $x['flags'] = $y; @@ -1382,7 +1382,7 @@ function encode_mail($item,$extended = false) { $x['to'] = encode_item_xchan($item['to']); if($item['attach']) - $x['attach'] = json_decode_plus($item['attach']); + $x['attach'] = json_decode($item['attach'],true); $x['flags'] = array(); @@ -2390,7 +2390,7 @@ function tag_deliver($uid, $item_id) { if(($item['obj_type'] == "") || ($item['obj_type'] !== ACTIVITY_OBJ_PERSON) || (! $item['obj'])) $poke_notify = false; - $obj = json_decode_plus($item['obj']); + $obj = json_decode($item['obj'],true); if($obj) { if($obj['id'] !== $u[0]['channel_hash']) $poke_notify = false; @@ -2427,14 +2427,14 @@ function tag_deliver($uid, $item_id) { if(($item['owner_xchan'] === $u[0]['channel_hash']) && (! get_pconfig($u[0]['channel_id'],'system','blocktags'))) { logger('tag_deliver: community tag recipient: ' . $u[0]['channel_name']); - $j_tgt = json_decode_plus($item['target']); + $j_tgt = json_decode($item['target'],true); if($j_tgt && $j_tgt['id']) { $p = q("select * from item where mid = '%s' and uid = %d limit 1", dbesc($j_tgt['id']), intval($u[0]['channel_id']) ); if($p) { - $j_obj = json_decode_plus($item['obj']); + $j_obj = json_decode($item['obj'],true); logger('tag_deliver: tag object: ' . print_r($j_obj,true), LOGGER_DATA); if($j_obj && $j_obj['id'] && $j_obj['title']) { if(is_array($j_obj['link'])) @@ -2519,7 +2519,7 @@ function tag_deliver($uid, $item_id) { if(intval($item['item_obscured'])) { $key = get_config('system','prvkey'); if($item['body']) - $body = crypto_unencapsulate(json_decode_plus($item['body']),$key); + $body = crypto_unencapsulate(json_decode($item['body'],true),$key); } else $body = $item['body']; diff --git a/include/text.php b/include/text.php index 986e3b56c..ba7d9cc5b 100644 --- a/include/text.php +++ b/include/text.php @@ -1280,9 +1280,9 @@ function unobscure(&$item) { if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key); if($item['body']) - $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key); if(get_config('system','item_cache')) { q("update item set title = '%s', body = '%s', item_obscured = 0 where id = %d", dbesc($item['title']), @@ -1305,7 +1305,7 @@ function unobscure_mail(&$item) { function theme_attachments(&$item) { - $arr = json_decode_plus($item['attach']); + $arr = json_decode($item['attach'],true); if(is_array($arr) && count($arr)) { $attaches = array(); foreach($arr as $r) { @@ -2208,20 +2208,12 @@ function jindent($json) { return $result; } - -function json_decode_plus($s) { - $x = json_decode($s,true); - if(! $x) - $x = json_decode(str_replace(array('\\"','\\\\'),array('"','\\'),$s),true); - - return $x; -} - /** * @brief Creates navigation menu for webpage, layout, blocks, menu sites. * * @return string */ + function design_tools() { $channel = App::get_channel(); diff --git a/include/zot.php b/include/zot.php index 0bf689742..d506e96fe 100644 --- a/include/zot.php +++ b/include/zot.php @@ -506,7 +506,7 @@ function zot_refresh($them, $channel = null, $force = false) { )); if(intval($permissions['view_stream'])) { - if(intval(get_pconfig($channel['channel_id'],'perms_limit','send_stream') & PERMS_PENDING) + if(intval(get_pconfig($channel['channel_id'],'perm_limits','send_stream') & PERMS_PENDING) || (! intval($new_connection[0]['abook_pending']))) Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id'])); } @@ -1395,7 +1395,7 @@ function public_recips($msg) { } } - //logger('message: ' . print_r($msg['message'],true)); + // logger('message: ' . print_r($msg['message'],true)); if($include_sys && array_key_exists('public_scope',$msg['message']) && $msg['message']['public_scope'] === 'public') { $sys = get_sys_channel(); @@ -1881,9 +1881,9 @@ function remove_community_tag($sender, $arr, $uid) { $i = $r[0]; if($i['target']) - $i['target'] = json_decode_plus($i['target']); + $i['target'] = json_decode($i['target'],true); if($i['object']) - $i['object'] = json_decode_plus($i['object']); + $i['object'] = json_decode($i['object'],true); if(! ($i['target'] && $i['object'])) { logger('remove_community_tag: no target/object'); -- cgit v1.2.3 From 191cd21028ab108c2a7f982c654601d780865eff Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 13 Jul 2016 23:05:19 -0700 Subject: more perms work --- include/channel.php | 6 +++--- include/follow.php | 46 ++++++++++++++++++++++++++++------------------ include/items.php | 7 +++---- 3 files changed, 34 insertions(+), 25 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 95506ed78..28eac9d4c 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1604,13 +1604,13 @@ function notifications_on($channel_id,$value) { function get_channel_default_perms($uid) { - $r = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1", + $r = q("select abook_xchan from abook where abook_channel = %d and abook_self = 1 limit 1", intval($uid) ); if($r) - return $r[0]['abook_my_perms']; + return load_abconfig($uid,$r[0]['abook_xchan'],'my_perms'); - return 0; + return array(); } diff --git a/include/follow.php b/include/follow.php index e5a74f85e..acd734896 100644 --- a/include/follow.php +++ b/include/follow.php @@ -67,11 +67,10 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $role = get_pconfig($uid,'system','permissions_role'); if($role) { $x = get_role_perms($role); - if($x['perms_follow']) - $my_perms = $x['perms_follow']; + if($x['perms_connect']) + $my_perms = $x['perms_connect']; } - if($is_red && $j) { logger('follow: ' . $url . ' ' . print_r($j,true), LOGGER_DEBUG); @@ -104,10 +103,6 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $xchan_hash = $x['hash']; - $their_perms = 0; - - $global_perms = get_perms(); - if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) { $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], @@ -121,16 +116,14 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) else $permissions = $j['permissions']; - - foreach($permissions as $k => $v) { - if($v) { - $their_perms = $their_perms | intval($global_perms[$k][1]); + if(is_array($permissions) && $permissions) { + foreach($permissions as $k => $v) { + set_abconfig($channel['channel_uid'],$xchan_hash,'their_perms',$k,intval($v)); } } } else { - $their_perms = 0; $xchan_hash = ''; $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", @@ -190,6 +183,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $result['message'] = t('Protocol disabled.'); return $result; } + $singleton = intval($x['singleton']); $aid = $channel['channel_account_id']; @@ -222,6 +216,15 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) intval($uid) ); + if($is_http) { + + // Always set these "remote" permissions for feeds since we cannot interact with them + // to negotiate a suitable permission response + + set_abconfig($uid,$xchan_hash,'their_perms','view_stream',1); + set_abconfig($uid,$xchan_hash,'their_perms','republish',1); + } + if($r) { $abook_instance = $r[0]['abook_instance']; @@ -231,8 +234,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $abook_instance .= z_root(); } - $x = q("update abook set abook_their_perms = %d, abook_instance = '%s' where abook_id = %d", - intval($their_perms), + $x = q("update abook set abook_instance = '%s' where abook_id = %d", dbesc($abook_instance), intval($r[0]['abook_id']) ); @@ -242,15 +244,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if($closeness === false) $closeness = 80; - $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_instance ) - values( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s' ) ", + $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_created, abook_updated, abook_instance ) + values( %d, %d, %d, '%s', %d, '%s', '%s', '%s' ) ", intval($aid), intval($uid), intval($closeness), dbesc($xchan_hash), intval(($is_http) ? 1 : 0), - intval(($is_http) ? $their_perms|PERMS_R_STREAM|PERMS_A_REPUBLISH : $their_perms), - intval($my_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(($singleton) ? z_root() : '') @@ -260,6 +260,16 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if(! $r) logger('mod_follow: abook creation failed'); + $all_perms = \Zotlabs\Access\Permissions::Perms(); + if($all_perms) { + foreach($all_perms as $k => $v) { + if(in_array($k,$my_perms)) + set_abconfig($uid,$xchan_hash,'my_perms',$k,1); + else + set_abconfig($uid,$xchan_hash,'my_perms',$k,0); + } + } + $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), diff --git a/include/items.php b/include/items.php index ad12e4f98..702d49d40 100755 --- a/include/items.php +++ b/include/items.php @@ -183,7 +183,7 @@ function is_item_normal($item) { * This function examines the comment_policy attached to an item and decides if the current observer has * sufficient privileges to comment. This will normally be called on a remote site where perm_is_allowed() * will not be suitable because the post owner does not have a local channel_id. - * Generally we should look at the item - in particular the author['book_flags'] and see if ABOOK_FLAG_SELF is set. + * Generally we should look at the item - in particular the author['abook_flags'] and see if ABOOK_FLAG_SELF is set. * If it is, you should be able to use perm_is_allowed( ... 'post_comments'), and if it isn't you need to call * can_comment_on_post() * We also check the comments_closed date/time on the item if this is set. @@ -224,8 +224,7 @@ function can_comment_on_post($observer_xchan, $item) { case 'contacts': case 'authenticated': case '': - if(array_key_exists('owner',$item)) { - if(($item['owner']['abook_xchan']) && ($item['owner']['abook_their_perms'] & PERMS_W_COMMENT)) + if(array_key_exists('owner',$item) && get_abconfig($item['uid'],$item['owner']['abook_xchan'],'their_perms','post_comments')) { return true; } break; @@ -2856,7 +2855,7 @@ function check_item_source($uid, $item) { if(! $x) return false; - if(! ($x[0]['abook_their_perms'] & PERMS_A_REPUBLISH)) + if(! get_abconfig($uid,$item['owner_xchan'],'their_perms','republish')) return false; if($item['item_private'] && (! intval($x[0]['abook_feed']))) -- cgit v1.2.3 From f7833411a10d79ce86ec9d47ce05e2c7fcf1968a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 17 Jul 2016 22:18:35 -0700 Subject: clone channel perms --- include/perm_upgrade.php | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ include/zot.php | 15 ++++++++++++- 2 files changed, 71 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php index 1f410f711..e01ef739e 100644 --- a/include/perm_upgrade.php +++ b/include/perm_upgrade.php @@ -62,3 +62,60 @@ function perm_abook_upgrade($abook) { +function translate_channel_perms_outbound(&$channel) { + $r = q("select * from pconfig where uid = %d and cat = 'perm_limits' ", + intval($channel['channel_id']) + ); + + if($r) { + foreach($r as $rr) { + if($rr['k'] === 'view_stream') + $channel['channel_r_stream'] = $rr['v']; + if($rr['k'] === 'view_profile') + $channel['channel_r_profile'] = $rr['v']; + if($rr['k'] === 'view_contacts') + $channel['channel_r_abook'] = $rr['v']; + if($rr['k'] === 'view_storage') + $channel['channel_r_storage'] = $rr['v']; + if($rr['k'] === 'view_pages') + $channel['channel_r_pages'] = $rr['v']; + if($rr['k'] === 'send_stream') + $channel['channel_w_stream'] = $rr['v']; + if($rr['k'] === 'post_wall') + $channel['channel_w_wall'] = $rr['v']; + if($rr['k'] === 'post_comments') + $channel['channel_w_comment'] = $rr['v']; + if($rr['k'] === 'post_mail') + $channel['channel_w_mail'] = $rr['v']; + if($rr['k'] === 'post_like') + $channel['channel_w_like'] = $rr['v']; + if($rr['k'] === 'tag_deliver') + $channel['channel_w_tagwall'] = $rr['v']; + if($rr['k'] === 'chat') + $channel['channel_w_chat'] = $rr['v']; + if($rr['k'] === 'write_storage') + $channel['channel_w_storage'] = $rr['v']; + if($rr['k'] === 'write_pages') + $channel['channel_w_pages'] = $rr['v']; + if($rr['k'] === 'republish') + $channel['channel_a_republish'] = $rr['v']; + if($rr['k'] === 'delegate') + $channel['channel_a_delegate'] = $rr['v']; + + } + $channel['perm_limits'] = $r; + } +} + +function translate_channel_perms_inbound($channel) { + + if($channel['perm_limits']) { + foreach($channel['perm_limits'] as $p) { + set_pconfig($channel['channel_id'],'perm_limits',$p['k'],$p['v']); + } + } + else { + perm_limits_upgrade($channel); + } + +} \ No newline at end of file diff --git a/include/zot.php b/include/zot.php index d506e96fe..9e0a4ffa1 100644 --- a/include/zot.php +++ b/include/zot.php @@ -12,6 +12,7 @@ require_once('include/crypto.php'); require_once('include/items.php'); require_once('include/hubloc.php'); require_once('include/queue_fn.php'); +require_once('include/perm_upgrade.php'); /** @@ -2936,6 +2937,8 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $channel = $r[0]; + translate_channel_perms_outbound($channel); + if(intval($channel['channel_removed'])) return; @@ -3132,6 +3135,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) { + translate_channel_perms_inbound($arr['channel']); + if(array_key_exists('channel_pageflags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) { // These flags cannot be sync'd. // remove the bits from the incoming flags. @@ -3145,7 +3150,15 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { } - $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system'); + $disallowed = [ + 'channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', + 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', + 'channel_system', 'channel_r_stream', 'channel_r_profile', 'channel_r_abook', + 'channel_r_storage', 'channel_r_pages', 'channel_w_stream', 'channel_w_wall', + 'channel_w_comment', 'channel_w_mail', 'channel_w_like', 'channel_w_tagwall', + 'channel_w_chat', 'channel_w_storage', 'channel_w_pages', 'channel_a_republish', + 'channel_a_delegate' + ]; $clean = array(); foreach($arr['channel'] as $k => $v) { -- cgit v1.2.3 From 10fa5c20e76dfd6ab85a7cda03a96b56a4b6870a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 17 Jul 2016 22:40:39 -0700 Subject: export/import channel permissions --- include/channel.php | 4 +++- include/import.php | 44 ++++++++++++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 0defc3863..12b4152ca 100644 --- a/include/channel.php +++ b/include/channel.php @@ -6,6 +6,7 @@ require_once('include/zot.php'); require_once('include/crypto.php'); require_once('include/menu.php'); +require_once('include/perm_upgrade.php'); /** * @brief Called when creating a new channel. @@ -497,7 +498,8 @@ function identity_basic_export($channel_id, $items = false) { intval($channel_id) ); if($r) { - $ret['channel'] = $r[0]; + translate_channel_perms_outbound($r[0]); + $ret['channel'] = $r[0]; $ret['relocate'] = [ 'channel_address' => $r[0]['channel_address'], 'url' => z_root()]; } diff --git a/include/import.php b/include/import.php index 00ecef07d..7a19ab68f 100644 --- a/include/import.php +++ b/include/import.php @@ -61,15 +61,35 @@ function import_channel($channel, $account_id, $seize) { if(! is_site_admin()) $channel['channel_pageflags'] = $channel['channel_pageflags'] ^ PAGE_ALLOWCODE; } - - dbesc_array($channel); - $r = dbq("INSERT INTO channel (`" - . implode("`, `", array_keys($channel)) - . "`) VALUES ('" - . implode("', '", array_values($channel)) - . "')" - ); + // remove all the permissions related settings, we will import/upgrade them after the channel + // is created. + + $disallowed = [ + 'channel_id', 'channel_r_stream', 'channel_r_profile', 'channel_r_abook', + 'channel_r_storage', 'channel_r_pages', 'channel_w_stream', 'channel_w_wall', + 'channel_w_comment', 'channel_w_mail', 'channel_w_like', 'channel_w_tagwall', + 'channel_w_chat', 'channel_w_storage', 'channel_w_pages', 'channel_a_republish', + 'channel_a_delegate', 'perm_limits' + ]; + + $clean = array(); + foreach($channel as $k => $v) { + if(in_array($k,$disallowed)) + continue; + $clean[$k] = $v; + } + + if($clean) { + dbesc_array($clean); + + $r = dbq("INSERT INTO channel (`" + . implode("`, `", array_keys($clean)) + . "`) VALUES ('" + . implode("', '", array_values($clean)) + . "')" + ); + } if(! $r) { logger('mod_import: channel clone failed. ', print_r($channel,true)); @@ -86,6 +106,14 @@ function import_channel($channel, $account_id, $seize) { notice( t('Cloned channel not found. Import failed.') . EOL); return false; } + + // extract the permissions from the original imported array and use our new channel_id to set them + // These could be in the old channel permission stule or the new pconfig. We have a function to + // translate and store them no matter which they throw at us. + + $channel['channel_id'] = $r[0]['channel_id']; + translate_channel_perms_inbound($channel); + // reset $channel = $r[0]; -- cgit v1.2.3 From f9b67d3630785958cf21d2368d63a1aa28b1d783 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 18 Jul 2016 13:44:39 -0700 Subject: more perms work --- include/perm_upgrade.php | 105 +++++++++++++++++++++++++++++++++++++++++++++-- include/zot.php | 3 +- 2 files changed, 103 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php index e01ef739e..4353dc9af 100644 --- a/include/perm_upgrade.php +++ b/include/perm_upgrade.php @@ -39,7 +39,6 @@ function perm_abook_upgrade($abook) { set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','delegate',intval(($abook['abook_their_perms'] & PERMS_A_DELEGATE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_stream',intval(($abook['abook_my_perms'] & PERMS_R_STREAM)? 1 : 0)); set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_profile',intval(($abook['abook_my_perms'] & PERMS_R_PROFILE)? 1 : 0)); set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_contacts',intval(($abook['abook_my_perms'] & PERMS_R_ABOOK)? 1 : 0)); @@ -60,8 +59,6 @@ function perm_abook_upgrade($abook) { } - - function translate_channel_perms_outbound(&$channel) { $r = q("select * from pconfig where uid = %d and cat = 'perm_limits' ", intval($channel['channel_id']) @@ -118,4 +115,104 @@ function translate_channel_perms_inbound($channel) { perm_limits_upgrade($channel); } -} \ No newline at end of file +} + +function translate_abook_perms_outbound(&$abook) { + $my_perms = 0; + $their_perms = 0; + + if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) { + foreach($abook['abconfig'] as $p) { + if($p['cat'] === 'their_perms') { + if($p['k'] === 'view_stream' && intval($p['v'])) + $their_perms += PERMS_R_STREAM; + if($p['k'] === 'view_profile' && intval($p['v'])) + $their_perms += PERMS_R_PROFILE; + if($p['k'] === 'view_contacts' && intval($p['v'])) + $their_perms += PERMS_R_ABOOK; + if($p['k'] === 'view_storage' && intval($p['v'])) + $their_perms += PERMS_R_STORAGE; + if($p['k'] === 'view_pages' && intval($p['v'])) + $their_perms += PERMS_R_PAGES; + if($p['k'] === 'send_stream' && intval($p['v'])) + $their_perms += PERMS_W_STREAM; + if($p['k'] === 'post_wall' && intval($p['v'])) + $their_perms += PERMS_W_WALL; + if($p['k'] === 'post_comments' && intval($p['v'])) + $their_perms += PERMS_W_COMMENT; + if($p['k'] === 'post_mail' && intval($p['v'])) + $their_perms += PERMS_W_MAIL; + if($p['k'] === 'post_like' && intval($p['v'])) + $their_perms += PERMS_W_LIKE; + if($p['k'] === 'tag_deliver' && intval($p['v'])) + $their_perms += PERMS_W_TAGWALL; + if($p['k'] === 'chat' && intval($p['v'])) + $their_perms += PERMS_W_CHAT; + if($p['k'] === 'write_storage' && intval($p['v'])) + $their_perms += PERMS_W_STORAGE; + if($p['k'] === 'write_pages' && intval($p['v'])) + $their_perms += PERMS_W_PAGES; + if($p['k'] === 'republish' && intval($p['v'])) + $their_perms += PERMS_A_REPUBLISH; + if($p['k'] === 'delegate' && intval($p['v'])) + $their_perms += PERMS_A_DELEGATE; + } + if($p['cat'] === 'my_perms') { + if($p['k'] === 'view_stream' && intval($p['v'])) + $my_perms += PERMS_R_STREAM; + if($p['k'] === 'view_profile' && intval($p['v'])) + $my_perms += PERMS_R_PROFILE; + if($p['k'] === 'view_contacts' && intval($p['v'])) + $my_perms += PERMS_R_ABOOK; + if($p['k'] === 'view_storage' && intval($p['v'])) + $my_perms += PERMS_R_STORAGE; + if($p['k'] === 'view_pages' && intval($p['v'])) + $my_perms += PERMS_R_PAGES; + if($p['k'] === 'send_stream' && intval($p['v'])) + $my_perms += PERMS_W_STREAM; + if($p['k'] === 'post_wall' && intval($p['v'])) + $my_perms += PERMS_W_WALL; + if($p['k'] === 'post_comments' && intval($p['v'])) + $my_perms += PERMS_W_COMMENT; + if($p['k'] === 'post_mail' && intval($p['v'])) + $my_perms += PERMS_W_MAIL; + if($p['k'] === 'post_like' && intval($p['v'])) + $my_perms += PERMS_W_LIKE; + if($p['k'] === 'tag_deliver' && intval($p['v'])) + $my_perms += PERMS_W_TAGWALL; + if($p['k'] === 'chat' && intval($p['v'])) + $my_perms += PERMS_W_CHAT; + if($p['k'] === 'write_storage' && intval($p['v'])) + $my_perms += PERMS_W_STORAGE; + if($p['k'] === 'write_pages' && intval($p['v'])) + $my_perms += PERMS_W_PAGES; + if($p['k'] === 'republish' && intval($p['v'])) + $my_perms += PERMS_A_REPUBLISH; + if($p['k'] === 'delegate' && intval($p['v'])) + $my_perms += PERMS_A_DELEGATE; + } + } + } + $abook['abook_their_perms'] = $their_perms; + $abook['abook_my_perms'] = $my_perms; +} + +function translate_abook_perms_inbound($channel,$abook) { + + $new_perms = false; + $abook['abook_channel'] = $channel['channel_id']; + + if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) { + foreach($abook['abconfig'] as $p) { + if($p['cat'] == 'their_perms' || $p['cat'] == 'my_perms') { + $new_perms = true; + break; + } + } + } + + if($new_perms == false) { + perm_abook_upgrade($abook); + } + +} diff --git a/include/zot.php b/include/zot.php index 9e0a4ffa1..2ebcc4bf0 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3062,7 +3062,8 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { require_once('include/import.php'); - /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */ + /** @FIXME this will sync red structures (channel, pconfig and abook). + Eventually we need to make this application agnostic. */ $result = array(); -- cgit v1.2.3 From b5b57523f14597f13b88a93f8787bb5a4f966c58 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 18 Jul 2016 16:45:43 -0700 Subject: more perms work --- include/channel.php | 1 + include/import.php | 1 + include/zot.php | 14 ++++++++++++++ 3 files changed, 16 insertions(+) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 12b4152ca..bec7d11d6 100644 --- a/include/channel.php +++ b/include/channel.php @@ -521,6 +521,7 @@ function identity_basic_export($channel_id, $items = false) { $abconfig = load_abconfig($channel_id,$ret['abook'][$x]['abook_xchan']); if($abconfig) $ret['abook'][$x]['abconfig'] = $abconfig; + translate_abook_perms_outbound($ret['abook'][$x]); } stringify_array_elms($xchans); } diff --git a/include/import.php b/include/import.php index 7a19ab68f..e4f5ba5a7 100644 --- a/include/import.php +++ b/include/import.php @@ -1,6 +1,7 @@ Date: Mon, 18 Jul 2016 19:09:27 -0700 Subject: move legacy code inside the legacy check --- include/perm_upgrade.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php index 4353dc9af..9892adb07 100644 --- a/include/perm_upgrade.php +++ b/include/perm_upgrade.php @@ -192,9 +192,10 @@ function translate_abook_perms_outbound(&$abook) { $my_perms += PERMS_A_DELEGATE; } } + + $abook['abook_their_perms'] = $their_perms; + $abook['abook_my_perms'] = $my_perms; } - $abook['abook_their_perms'] = $their_perms; - $abook['abook_my_perms'] = $my_perms; } function translate_abook_perms_inbound($channel,$abook) { -- cgit v1.2.3 From b63165b6e0d856848b20d184783bfdf358210f9b Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 18 Jul 2016 21:37:34 -0700 Subject: more perms work (a lot more) --- include/channel.php | 17 ++++++++-- include/perm_upgrade.php | 85 +++++++++++++++++++++++++++++------------------- include/zot.php | 21 +++++++++--- 3 files changed, 83 insertions(+), 40 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index bec7d11d6..de0ac70e8 100644 --- a/include/channel.php +++ b/include/channel.php @@ -379,8 +379,21 @@ function create_identity($arr) { set_pconfig($newuid,'system','permissions_role',$arr['permissions_role']); if(array_key_exists('online',$role_permissions)) set_pconfig($newuid,'system','hide_presence',1-intval($role_permissions['online'])); - if(array_key_exists('perms_auto',$role_permissions)) - set_pconfig($newuid,'system','autoperms',(($role_permissions['perms_auto']) ? $role_permissions['perms_accept'] : 0)); + if(array_key_exists('perms_auto',$role_permissions)) { + $autoperms = intval($role_permissions['perms_auto']); + set_pconfig($newuid,'system','autoperms',$autoperms); + if($autoperms) { + $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['connect']); + foreach($x as $k => $v) { + set_pconfig($newuid,'autoperms',$k,$v); + } + } + else { + $r = q("delete from pconfig where uid = %d and cat = 'autoperms'", + intval($newuid) + ); + } + } } // Create a group with yourself as a member. This allows somebody to use it diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php index 9892adb07..5be1ffbb2 100644 --- a/include/perm_upgrade.php +++ b/include/perm_upgrade.php @@ -19,44 +19,58 @@ function perm_limits_upgrade($channel) { set_pconfig($channel['channel_id'],'perm_limits','delegate',$channel['channel_a_delegate']); } +function perms_int_to_array($p) { + + $ret = []; + + $ret['view_stream'] = (($p & PERMS_R_STREAM) ? 1 : 0); + $ret['view_profile'] = (($p & PERMS_R_PROFILE) ? 1 : 0); + $ret['view_contacts'] = (($p & PERMS_R_ABOOK) ? 1 : 0); + $ret['view_storage'] = (($p & PERMS_R_STORAGE) ? 1 : 0); + $ret['view_pages'] = (($p & PERMS_R_PAGES) ? 1 : 0); + $ret['send_stream'] = (($p & PERMS_W_STREAM) ? 1 : 0); + $ret['post_wall'] = (($p & PERMS_W_WALL) ? 1 : 0); + $ret['post_comments'] = (($p & PERMS_W_COMMENT) ? 1 : 0); + $ret['post_mail'] = (($p & PERMS_W_MAIL) ? 1 : 0); + $ret['post_like'] = (($p & PERMS_W_LIKE) ? 1 : 0); + $ret['tag_deliver'] = (($p & PERMS_W_TAGWALL) ? 1 : 0); + $ret['chat'] = (($p & PERMS_W_CHAT) ? 1 : 0); + $ret['write_storage'] = (($p & PERMS_W_STORAGE) ? 1 : 0); + $ret['write_pages'] = (($p & PERMS_W_PAGES) ? 1 : 0); + $ret['republish'] = (($p & PERMS_A_REPUBLISH) ? 1 : 0); + $ret['delegate'] = (($p & PERMS_A_DELEGATE) ? 1 : 0); + + return $ret; +} + +function autoperms_upgrade($channel) { + $x = get_pconfig($channel['channel_id'],'system','autoperms'); + if(intval($x)) { + $y = perms_int_to_array($x); + if($y) { + foreach($y as $k => $v) { + set_pconfig($channel['channel_id'],'autoperms',$k,$v); + } + } + } +} + function perm_abook_upgrade($abook) { - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_stream',intval(($abook['abook_their_perms'] & PERMS_R_STREAM)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_profile',intval(($abook['abook_their_perms'] & PERMS_R_PROFILE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_contacts',intval(($abook['abook_their_perms'] & PERMS_R_ABOOK)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_storage',intval(($abook['abook_their_perms'] & PERMS_R_STORAGE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_pages',intval(($abook['abook_their_perms'] & PERMS_R_PAGES)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','send_stream',intval(($abook['abook_their_perms'] & PERMS_W_STREAM)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_wall',intval(($abook['abook_their_perms'] & PERMS_W_WALL)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_comments',intval(($abook['abook_their_perms'] & PERMS_W_COMMENT)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_mail',intval(($abook['abook_their_perms'] & PERMS_W_MAIL)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_like',intval(($abook['abook_their_perms'] & PERMS_W_LIKE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','tag_deliver',intval(($abook['abook_their_perms'] & PERMS_W_TAGWALL)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','chat',intval(($abook['abook_their_perms'] & PERMS_W_CHAT)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_storage',intval(($abook['abook_their_perms'] & PERMS_W_STORAGE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_pages',intval(($abook['abook_their_perms'] & PERMS_W_PAGES)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','republish',intval(($abook['abook_their_perms'] & PERMS_A_REPUBLISH)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','delegate',intval(($abook['abook_their_perms'] & PERMS_A_DELEGATE)? 1 : 0)); - - - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_stream',intval(($abook['abook_my_perms'] & PERMS_R_STREAM)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_profile',intval(($abook['abook_my_perms'] & PERMS_R_PROFILE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_contacts',intval(($abook['abook_my_perms'] & PERMS_R_ABOOK)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_storage',intval(($abook['abook_my_perms'] & PERMS_R_STORAGE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_pages',intval(($abook['abook_my_perms'] & PERMS_R_PAGES)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','send_stream',intval(($abook['abook_my_perms'] & PERMS_W_STREAM)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_wall',intval(($abook['abook_my_perms'] & PERMS_W_WALL)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_comments',intval(($abook['abook_my_perms'] & PERMS_W_COMMENT)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_mail',intval(($abook['abook_my_perms'] & PERMS_W_MAIL)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_like',intval(($abook['abook_my_perms'] & PERMS_W_LIKE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','tag_deliver',intval(($abook['abook_my_perms'] & PERMS_W_TAGWALL)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','chat',intval(($abook['abook_my_perms'] & PERMS_W_CHAT)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_storage',intval(($abook['abook_my_perms'] & PERMS_W_STORAGE)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_pages',intval(($abook['abook_my_perms'] & PERMS_W_PAGES)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','republish',intval(($abook['abook_my_perms'] & PERMS_A_REPUBLISH)? 1 : 0)); - set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','delegate',intval(($abook['abook_my_perms'] & PERMS_A_DELEGATE)? 1 : 0)); + $x = perms_int_to_array($abook['abook_their_perms']); + if($x) { + foreach($x as $k => $v) { + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms',$k, $v); + } + } + $x = perms_int_to_array($abook['abook_my_perms']); + if($x) { + foreach($x as $k => $v) { + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms',$k, $v); + } + } } function translate_channel_perms_outbound(&$channel) { @@ -217,3 +231,6 @@ function translate_abook_perms_inbound($channel,$abook) { } } + + + diff --git a/include/zot.php b/include/zot.php index 0a835a909..47bdce568 100644 --- a/include/zot.php +++ b/include/zot.php @@ -456,15 +456,28 @@ function zot_refresh($them, $channel = null, $force = false) { // new connection + $my_perms = null; + $role = get_pconfig($channel['channel_id'],'system','permissions_role'); if($role) { $xx = get_role_perms($role); - if($xx['perms_auto']) + if($xx['perms_auto']) { $default_perms = $xx['perms_connect']; + $my_perms = \Zotlabs\Access\Permissions::FilledPerms($default_perms); + } + + if(! $my_perms) { + $x = \Zotlabs\Access\Permissions::FilledAutoperms($channel['channel_id']); + if($x) { + $my_perms = $x; + } } - if(! $default_perms) - $default_perms = get_pconfig($channel['channel_id'],'system','autoperms'); + if($my_perms) { + foreach($my_perms as $k => $v) { + set_abconfig($channel['channel_id'],$x['hash'],'my_perms',$k,$v); + } + } // Keep original perms to check if we need to notify them $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); @@ -497,7 +510,7 @@ function zot_refresh($them, $channel = null, $force = false) { ); if($new_connection) { - if($new_perms != $previous_perms) + if(! \Zotlabs\Access\Permissions::PermsCompare($new_perms,$previous_perms)) Zotlabs\Daemon\Master::Summon(array('Notifier','permission_create',$new_connection[0]['abook_id'])); Zotlabs\Lib\Enotify::submit(array( 'type' => NOTIFY_INTRO, -- cgit v1.2.3 From 99cf2cbaa93d86d65fe0fefef450cda9ca5fdee8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 18 Jul 2016 21:46:40 -0700 Subject: missing bracket --- include/zot.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 47bdce568..d306ab15f 100644 --- a/include/zot.php +++ b/include/zot.php @@ -463,7 +463,8 @@ function zot_refresh($them, $channel = null, $force = false) { $xx = get_role_perms($role); if($xx['perms_auto']) { $default_perms = $xx['perms_connect']; - $my_perms = \Zotlabs\Access\Permissions::FilledPerms($default_perms); + $my_perms = \Zotlabs\Access\Permissions::FilledPerms($default_perms); + } } if(! $my_perms) { -- cgit v1.2.3 From 7272b97e9a50ff6070a38196aa0b080a993f776d Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 19 Jul 2016 01:26:28 -0700 Subject: yet more grungy perms work. --- include/channel.php | 73 ++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 37 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index de0ac70e8..1101e39e9 100644 --- a/include/channel.php +++ b/include/channel.php @@ -226,42 +226,26 @@ function create_identity($arr) { if(array_key_exists('publish', $arr)) $publish = intval($arr['publish']); - $primary = true; - - if(array_key_exists('primary', $arr)) - $primary = intval($arr['primary']); - $role_permissions = null; - $global_perms = get_perms(); if(array_key_exists('permissions_role',$arr) && $arr['permissions_role']) { - $role_permissions = get_role_perms($arr['permissions_role']); - - if($role_permissions) { - foreach($role_permissions as $p => $v) { - if(strpos($p,'channel_') !== false) { - $perms_keys .= ', ' . $p; - $perms_vals .= ', ' . intval($v); - } - if($p === 'directory_publish') - $publish = intval($v); - } - } - } - else { - $defperms = site_default_perms(); - foreach($defperms as $p => $v) { - $perms_keys .= ', ' . $global_perms[$p][0]; - $perms_vals .= ', ' . intval($v); - } + $role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($arr['permissions_role']); } + if($role_permissions && array_key_exists('directory_publish',$role_permissions)) + $publish = intval($role_permissions['directory_publish']); + + $primary = true; + + if(array_key_exists('primary', $arr)) + $primary = intval($arr['primary']); + $expire = 0; $r = q("insert into channel ( channel_account_id, channel_primary, channel_name, channel_address, channel_guid, channel_guid_sig, - channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone $perms_keys ) - values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' $perms_vals ) ", + channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone ) + values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' ) ", intval($arr['account_id']), intval($primary), @@ -289,6 +273,17 @@ function create_identity($arr) { return $ret; } + if($role_permissions && array_key_exists('limits',$role_permissions)) + $perm_limits = $role_permissions['limits']; + else + $perm_limits = site_default_perms(); + + foreach($perm_limits as $p => $v) + \Zotlabs\Access\PermissionLimits::Set($r[0]['channel_id'],$p,$v); + + if($role_permissions && array_key_exists('perms_auto',$role_permissions)) + set_pconfig($r[0]['channel_id'],'system','autoperms',intval($role_permissions['perms_auto'])); + $ret['channel'] = $r[0]; if(intval($arr['account_id'])) @@ -352,25 +347,29 @@ function create_identity($arr) { ); if($role_permissions) { - $myperms = ((array_key_exists('perms_accept',$role_permissions)) ? intval($role_permissions['perms_accept']) : 0); + $myperms = ((array_key_exists('perms_connect',$role_permissions)) ? $role_permissions['perms_connect'] : array()); + } + else { + $x = \Zotlabs\Access\PermissionRoles::role_perms('social'); + $myperms = $x['perms_connect']; } - else - $myperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK - |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT - |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; - $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_self, abook_my_perms ) - values ( %d, %d, '%s', %d, '%s', '%s', %d, %d ) ", + $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_self ) + values ( %d, %d, '%s', %d, '%s', '%s', %d ) ", intval($ret['channel']['channel_account_id']), intval($newuid), dbesc($hash), intval(0), dbesc(datetime_convert()), dbesc(datetime_convert()), - intval(1), - intval($myperms) + intval(1) ); + $x = \Zotlabs\Access\Permissions::FilledPerms($myperms); + foreach($x as $k => $v) { + set_abconfig($newuid,$hash,'my_perms',$k,$v); + } + if(intval($ret['channel']['channel_account_id'])) { // Save our permissions role so we can perhaps call it up and modify it later. @@ -383,7 +382,7 @@ function create_identity($arr) { $autoperms = intval($role_permissions['perms_auto']); set_pconfig($newuid,'system','autoperms',$autoperms); if($autoperms) { - $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['connect']); + $x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']); foreach($x as $k => $v) { set_pconfig($newuid,'autoperms',$k,$v); } -- cgit v1.2.3 From ea830328634b084e44f9e16f037a8bef3c98280a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 19 Jul 2016 17:52:45 -0700 Subject: translate more old perms calls --- include/follow.php | 2 +- include/zot.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/follow.php b/include/follow.php index acd734896..5f63687f8 100644 --- a/include/follow.php +++ b/include/follow.php @@ -66,7 +66,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $role = get_pconfig($uid,'system','permissions_role'); if($role) { - $x = get_role_perms($role); + $x = \Zotlabs\Access\PermissionRoles::role_perms($role); if($x['perms_connect']) $my_perms = $x['perms_connect']; } diff --git a/include/zot.php b/include/zot.php index d306ab15f..cc892e13b 100644 --- a/include/zot.php +++ b/include/zot.php @@ -460,7 +460,7 @@ function zot_refresh($them, $channel = null, $force = false) { $role = get_pconfig($channel['channel_id'],'system','permissions_role'); if($role) { - $xx = get_role_perms($role); + $xx = \Zotlabs\Access\PermissionRoles::role_perms($role); if($xx['perms_auto']) { $default_perms = $xx['perms_connect']; $my_perms = \Zotlabs\Access\Permissions::FilledPerms($default_perms); -- cgit v1.2.3 From 237cca7a0d0a025bdbccef19b8e25a687ec7cfa3 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 19 Jul 2016 19:33:48 -0700 Subject: fixes to perms --- include/zot.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index cc892e13b..dec3dc2bc 100644 --- a/include/zot.php +++ b/include/zot.php @@ -468,9 +468,9 @@ function zot_refresh($them, $channel = null, $force = false) { } if(! $my_perms) { - $x = \Zotlabs\Access\Permissions::FilledAutoperms($channel['channel_id']); - if($x) { - $my_perms = $x; + $m = \Zotlabs\Access\Permissions::FilledAutoperms($channel['channel_id']); + if($m) { + $my_perms = $m; } } -- cgit v1.2.3 From a961d5e6c8cd79b375e13a0b3d887e521392f8aa Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 19 Jul 2016 20:49:54 -0700 Subject: permission fixes --- include/items.php | 12 ++++++------ include/photos.php | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 702d49d40..553c06b3c 100755 --- a/include/items.php +++ b/include/items.php @@ -385,7 +385,7 @@ function post_activity_item($arr) { return $ret; } - $arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true)); + $arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true)); if($arr['public_policy']) $arr['item_private'] = 1; @@ -421,7 +421,7 @@ function post_activity_item($arr) { $arr['deny_cid'] = ((x($arr,'deny_cid')) ? $arr['deny_cid'] : $channel['channel_deny_cid']); $arr['deny_gid'] = ((x($arr,'deny_gid')) ? $arr['deny_gid'] : $channel['channel_deny_gid']); - $arr['comment_policy'] = map_scope($channel['channel_w_comment']); + $arr['comment_policy'] = map_scope(\Zotlabs\Access/PermissionLimits::Get($channel['channel_id'],'post_comments')); if ((! $arr['plink']) && (intval($arr['item_thread_top']))) { $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; @@ -970,12 +970,12 @@ function encode_item($item,$mirror = false) { // logger('encode_item: ' . print_r($item,true)); - $r = q("select channel_r_stream, channel_w_comment from channel where channel_id = %d limit 1", + $r = q("select channel_id from channel where channel_id = %d limit 1", intval($item['uid']) ); if($r) - $comment_scope = $r[0]['channel_w_comment']; + $comment_scope = \Zotlabs\Access\PermissionLimits::Get($item['uid'],'post_comments'); else $comment_scope = 0; @@ -2761,7 +2761,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent) { $private = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 1 : 0); - $new_public_policy = map_scope($channel['channel_r_stream'],true); + $new_public_policy = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true); if((! $private) && $new_public_policy) $private = 1; @@ -2806,7 +2806,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent) { dbesc($channel['channel_deny_gid']), intval($private), dbesc($new_public_policy), - dbesc(map_scope($channel['channel_w_comment'])), + dbesc(map_scope(\Zotlabs\Access\PermissionLimits($channel['channel_id'],'post_comments'))), dbesc($title), dbesc($body), intval($item_wall), diff --git a/include/photos.php b/include/photos.php index c70478146..d14c12d84 100644 --- a/include/photos.php +++ b/include/photos.php @@ -412,7 +412,7 @@ function photo_upload($channel, $observer, $args) { // in the photos pages - using the photos permissions instead. We need the public policy to keep the photo // linked item from leaking into the feed when somebody has a channel with read_stream restrictions. - $arr['public_policy'] = map_scope($channel['channel_r_stream'],true); + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true); if($arr['public_policy']) $arr['item_private'] = 1; -- cgit v1.2.3 From ae6256f95a45dce44672bdc2e832c5c5757e0f20 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 19 Jul 2016 22:32:22 -0700 Subject: another couple of minor perms fixes --- include/channel.php | 8 +++++--- include/connections.php | 10 +++++----- 2 files changed, 10 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 1101e39e9..708e70b1c 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1566,9 +1566,11 @@ function is_public_profile() { if(intval(get_config('system','block_public'))) return false; $channel = App::get_channel(); - if($channel && $channel['channel_r_profile'] == PERMS_PUBLIC) - return true; - + if($channel) { + $perm = \Zotlabs\Access\PermissionLimit::Get($channel['channel_id'],'view_profile'); + if($perm == PERMS_PUBLIC) + return true; + } return false; } diff --git a/include/connections.php b/include/connections.php index ed4526a09..9f55820cc 100644 --- a/include/connections.php +++ b/include/connections.php @@ -260,15 +260,15 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { if(! $local) { - $r = q("update channel set channel_deleted = '%s', channel_removed = 1, channel_r_stream = 0, channel_r_profile = 0, - channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0, - channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0, - channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0 - where channel_id = %d", + $r = q("update channel set channel_deleted = '%s', channel_removed = 1 where channel_id = %d", dbesc(datetime_convert()), intval($channel_id) ); + q("delete from pconfig where uid = %d", + intval($channel_id) + ); + logger('deleting hublocs',LOGGER_DEBUG); $r = q("update hubloc set hubloc_deleted = 1 where hubloc_hash = '%s'", -- cgit v1.2.3 From a3e5307b93ea524781abd885e26a5d6c8f5c4c54 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 19 Jul 2016 22:57:23 -0700 Subject: fix the forum detection in include/zot --- include/api.php | 3 ++- include/zot.php | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index df6aba957..8d475c5fa 100644 --- a/include/api.php +++ b/include/api.php @@ -282,7 +282,8 @@ require_once('include/api_auth.php'); intval($uinfo[0]['xchan_hash']) ); $countitms = $r[0]['count']; - $following = (($uinfo[0]['abook_myperms'] & PERMS_R_STREAM) ? true : false ); + + $following = ((get_abconfig($uinfo[0]['abook_channel'],$uinfo[0]['abook_xchan'],'my_perms','view_stream')) ? true : false ); } diff --git a/include/zot.php b/include/zot.php index dec3dc2bc..73d9ef950 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3782,11 +3782,21 @@ function zotinfo($arr) { } else { // check if it has characteristics of a public forum based on custom permissions. - $t = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1", - intval($e['channel_id']) + $t = q("select * from abconfig where abconfig.cat = 'my_perms' and abconfig.chan = %d and abconfig.xchan = '%s' and abconfig.k in ('tag_deliver', 'send_stream') ", + intval($e['channel_id']), + intval($e['channel_hash']) ); - if(($t) && (($t[0]['abook_my_perms'] & PERMS_W_TAGWALL) && (! ($t[0]['abook_my_perms'] & PERMS_W_STREAM)))) - $public_forum = true; + $ch = 0; + if($t) { + foreach($t as $tt) { + if($tt['k'] == 'tag_deliver' && $tt['v'] == 1) + $ch ++; + if($tt['k'] == 'send_stream' && $tt['v'] == 0) + $ch ++; + } + if($ch == 2) + $public_forum = true; + } } -- cgit v1.2.3 From 3affb2e8172b4cc673aafe9551c21dad6f606d87 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 20 Jul 2016 17:55:40 -0700 Subject: sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for. --- include/account.php | 2 +- include/api_auth.php | 14 ++---- include/auth.php | 139 ++++++++++++++++++++++++++++++--------------------- include/oauth.php | 2 +- include/security.php | 29 +++++------ 5 files changed, 102 insertions(+), 84 deletions(-) (limited to 'include') diff --git a/include/account.php b/include/account.php index c02a74928..142ad1bea 100644 --- a/include/account.php +++ b/include/account.php @@ -515,7 +515,7 @@ function account_approve($hash) { auto_channel_create($register[0]['uid']); else { $_SESSION['login_return_url'] = 'new_channel'; - authenticate_success($account[0],true,true,false,true); + authenticate_success($account[0],null,true,true,false,true); } diff --git a/include/api_auth.php b/include/api_auth.php index dc8492b20..7a71bad73 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -59,20 +59,12 @@ function api_login(&$a){ if(isset($_SERVER['PHP_AUTH_USER'])) { $channel_login = 0; $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); - if(! $record) { - $r = q("select * from channel left join account on account.account_id = channel.channel_account_id - where channel.channel_address = '%s' limit 1", - dbesc($_SERVER['PHP_AUTH_USER']) - ); - if ($r) { - $record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']); - if($record) - $channel_login = $r[0]['channel_id']; - } + if($record && $record['channel']) { + $channel_login = $record['channel']['channel_id']; } } - if($record) { + if($record['account']) { authenticate_success($record); if($channel_login) diff --git a/include/auth.php b/include/auth.php index 79d04c728..f8120981a 100644 --- a/include/auth.php +++ b/include/auth.php @@ -20,62 +20,85 @@ require_once('include/security.php'); * attempts. * * @param string $email - * The email address to verify. + * The login to verify (channel address, account email or guest login token). * @param string $pass * The provided password to verify. * @return array|null * Returns account record on success, null on failure. */ -function account_verify_password($email, $pass) { +function account_verify_password($login, $pass) { + + $ret = [ 'account' => null, 'channel' => null, 'xchan' => null ]; $email_verify = get_config('system', 'verify_email'); $register_policy = get_config('system', 'register_policy'); + if(! $login) + return null; + + $account = null; + $channel = null; + $xchan = null; + + if(! strpos($login,'@')) { + $channel = channelx_by_nick($login); + if(! $channel) { + $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1", + dbesc($login), + dbesc($pass) + ); + if($x) { + $ret['xchan'] = atoken_xchan($x[0]); + return $ret; + } + } + } + if($channel) { + $where = " where account_id = " . intval($channel['channel_account_id']) . " "; + } + else { + $where = " where account_email = '" . dbesc($login) . "' "; + } + + $a = q("select * from account $where"); + if(! $a) { + return null; + } + + $account = $a[0]; + // Currently we only verify email address if there is an open registration policy. // This isn't because of any policy - it's because the workflow gets too complicated if // you have to verify the email and then go through the account approval workflow before // letting them login. - // @bug there is no record here - //if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED)) - // return null; - - $r = q("select * from account where account_email = '%s'", - dbesc($email) - ); - if($r) { - - foreach($r as $record) { - if(($record['account_flags'] == ACCOUNT_OK) - && (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) { - logger('password verified for ' . $email); - return $record; - } - } + if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($account['account_flags'] & ACCOUNT_UNVERIFIED)) { + logger('email verification required for ' . $login); + return null; } - $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1", - dbesc($email), - dbesc($pass) - ); - if($x) { - atoken_login($x[0]); - return $x[0]; + if(($account['account_flags'] == ACCOUNT_OK) + && (hash('whirlpool',$account['account_salt'] . $pass) === $account['account_password'])) { + logger('password verified for ' . $login); + $ret['account'] = $account; + if($channel) + $ret['channel'] = $channel; + return $ret; } - $error = 'password failed for ' . $email; + $error = 'password failed for ' . $login; logger($error); - if($record['account_flags'] & ACCOUNT_UNVERIFIED) - logger('Account is unverified. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_BLOCKED) - logger('Account is blocked. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_EXPIRED) - logger('Account is expired. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_REMOVED) - logger('Account is removed. account_flags = ' . $record['account_flags']); - if($record['account_flags'] & ACCOUNT_PENDING) - logger('Account is pending. account_flags = ' . $record['account_flags']); + if($account['account_flags'] & ACCOUNT_UNVERIFIED) + logger('Account is unverified. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_BLOCKED) + logger('Account is blocked. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_EXPIRED) + logger('Account is expired. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_REMOVED) + logger('Account is removed. account_flags = ' . $account['account_flags']); + if($account['account_flags'] & ACCOUNT_PENDING) + logger('Account is pending. account_flags = ' . $account['account_flags']); log_failed_login($error); @@ -131,7 +154,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && App::$session->new_cookie(60 * 60 * 24); // one day $_SESSION['last_login_date'] = datetime_convert(); unset($_SESSION['visitor_id']); // no longer a visitor - authenticate_success($x[0], true, true); + authenticate_success($x[0], null, true, true); } } if(array_key_exists('atoken',$_SESSION)) { @@ -177,7 +200,8 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && App::$session->extend_cookie(); $login_refresh = true; } - authenticate_success($r[0], false, false, false, $login_refresh); + $ch = (($_SESSION['uid']) ? channelx_by_n($_SESSION['uid']) : null); + authenticate_success($r[0], null, $ch, false, false, $login_refresh); } else { $_SESSION['account_id'] = 0; @@ -218,37 +242,38 @@ else { call_hooks('authenticate', $addon_auth); - $atoken = false; + $atoken = null; + $account = null; if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) { - $record = $addon_auth['user_record']; + $account = $addon_auth['user_record']; } else { - $x = account_verify_password($_POST['username'], $_POST['password']); - if(array_key_exists('atoken',$x)) - $atoken = true; - if(! $atoken) { - $record = App::$account = $x; - - if(App::$account) { - $_SESSION['account_id'] = App::$account['account_id']; - } - else { - notice( t('Failed authentication') . EOL); - } - - logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL); + $verify = account_verify_password($_POST['username'], $_POST['password']); + if($verify) { + $atoken = $verify['xchan']; + $channel = $verify['channel']; + $account = App::$account = $verify['account']; + } + + if(App::$account) { + $_SESSION['account_id'] = App::$account['account_id']; + } + elseif($atoken) { + atoken_login($atoken); + } + else { + notice( t('Failed authentication') . EOL); } } - if((! $record) || (! count($record))) { + if(! ($account || $atoken)) { $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; logger($error); // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention $authlog = get_config('system', 'authlog'); if ($authlog) @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); - notice( t('Login failed.') . EOL ); goaway(z_root() . '/login'); } @@ -279,7 +304,7 @@ else { $_SESSION['last_login_date'] = datetime_convert(); if(! $atoken) - authenticate_success($record, true, true); + authenticate_success($account,$channel,true, true); } } diff --git a/include/oauth.php b/include/oauth.php index 984e0e6c6..a3c52bf27 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -170,7 +170,7 @@ class ZotOAuth1 extends OAuth1Server { ); if($x) { require_once('include/security.php'); - authenticate_success($x[0],true,false,true,true); + authenticate_success($x[0],null,true,false,true,true); $_SESSION['allow_api'] = true; } } diff --git a/include/security.php b/include/security.php index e345636e7..2107ed819 100644 --- a/include/security.php +++ b/include/security.php @@ -12,7 +12,7 @@ * @param bool $return * @param bool $update_lastlog */ -function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) { +function authenticate_success($user_record, $channel = null, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) { $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; @@ -23,11 +23,15 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['account_id'] = $user_record['account_id']; $_SESSION['authenticated'] = 1; + if($channel) + $uid_to_load = $channel['channel_id']; - $uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) - ? intval($_SESSION['uid']) - : intval(App::$account['account_default_channel']) - ); + if(! $uid_to_load) { + $uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) + ? intval($_SESSION['uid']) + : intval(App::$account['account_default_channel']) + ); + } if($uid_to_load) { change_channel($uid_to_load); @@ -85,16 +89,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive function atoken_login($atoken) { if(! $atoken) return false; - - $xchan = atoken_xchan($atoken); - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $xchan['xchan_hash']; + $_SESSION['visitor_id'] = $atoken['xchan_hash']; $_SESSION['atoken'] = $atoken['atoken_id']; - \App::set_observer($xchan); - - return [ 'atoken' => true ]; + \App::set_observer($atoken); + return true; } @@ -102,7 +102,8 @@ function atoken_xchan($atoken) { $c = channelx_by_n($atoken['atoken_uid']); if($c) { - return [ + return [ + 'atoken_id' => $atoken['atoken_id'], 'xchan_hash' => substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'], 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), @@ -115,7 +116,7 @@ function atoken_xchan($atoken) { ]; } - + return null; } -- cgit v1.2.3 From 779885f9afe99980c32d2bf30757cc655e5d9427 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 20 Jul 2016 18:59:51 -0700 Subject: fix vevent multi-line formatting --- include/event.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/event.php b/include/event.php index a4118ec78..3d650cd14 100644 --- a/include/event.php +++ b/include/event.php @@ -183,7 +183,9 @@ function format_ical_text($s) { require_once('include/bbcode.php'); require_once('include/html2plain.php'); - return(wordwrap(str_replace(array(',',';','\\'),array('\\,','\\;','\\\\'),html2plain(bbcode($s))),72,"\r\n ",true)); + $s = html2plain(bbcode($s)); + $s = str_replace(["\r\n","\n"],["",""],$s); + return(wordwrap(str_replace(['\\',',',';'],['\\\\','\\,','\\;'],$s),72,"\r\n ",true)); } -- cgit v1.2.3 From da707736a075e8f050458316edfcf0177aef0bfc Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 20 Jul 2016 23:04:07 -0700 Subject: issue #453 and a bug noted from the logfiles related to the schema change last month --- include/import.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/import.php b/include/import.php index e4f5ba5a7..42c902a0a 100644 --- a/include/import.php +++ b/include/import.php @@ -1033,7 +1033,7 @@ function sync_files($channel,$files) { $attach_id = $x[0]['id']; } - $newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['data']); + $newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['content']); unset($att['id']); $att['aid'] = $channel['channel_account_id']; -- cgit v1.2.3 From cf0b1f1f156da396cafea08ddac86307e78259a7 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 21 Jul 2016 01:48:20 -0700 Subject: typo --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 553c06b3c..178fb30d6 100755 --- a/include/items.php +++ b/include/items.php @@ -2806,7 +2806,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent) { dbesc($channel['channel_deny_gid']), intval($private), dbesc($new_public_policy), - dbesc(map_scope(\Zotlabs\Access\PermissionLimits($channel['channel_id'],'post_comments'))), + dbesc(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments'))), dbesc($title), dbesc($body), intval($item_wall), -- cgit v1.2.3 From 8566f9130395ecdbe19f9fce85a26dac39d9fe24 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 21 Jul 2016 17:44:04 -0700 Subject: fail oembed if it is attempted and less than 80% of the original content is left after html filtering. For the original poster, this will fall back to linkinfo results. If the embed gets through their site but is filtered downstream (with more than 20% of the content removed), it will result in just a link. --- include/oembed.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'include') diff --git a/include/oembed.php b/include/oembed.php index fe068278e..fe3a3c33c 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -215,6 +215,17 @@ function oembed_fetch_url($embedurl){ if($j->html != $orig) { logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j->html, LOGGER_DEBUG, LOG_INFO); } + + $orig_len = trim(mb_strlen($orig)); + $new_len = trim(mb_strlen($j->html)); + if(! $new_len) + $j->type = 'error'; + elseif($orig_len) { + $ratio = $new_len / $orig_len; + if($ratio < 0.8) + $j->type = 'error'; + } + } } -- cgit v1.2.3