From 5aefe0b74f00b199a1f690c1787d26e833d3a2d5 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 18 Dec 2021 19:09:15 +0000 Subject: guest token xchan_network = "token" and remove permission checks since the guest tokens are now added to the abook automatically --- include/connections.php | 2 +- include/conversation.php | 2 +- include/permissions.php | 43 ------------------------------------------- include/security.php | 2 +- 4 files changed, 3 insertions(+), 46 deletions(-) (limited to 'include') diff --git a/include/connections.php b/include/connections.php index 98cd4bbb5..a0a9e04a7 100644 --- a/include/connections.php +++ b/include/connections.php @@ -114,7 +114,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { // don't provide a connect button for transient or one-way identities - if(in_array($xchan['xchan_network'],['rss','anon','unknown']) || strpos($xchan['xchan_addr'],'guest:') === 0) { + if(in_array($xchan['xchan_network'],['rss', 'anon', 'unknown', 'token'])) { $connect = false; } diff --git a/include/conversation.php b/include/conversation.php index d12151fcc..bdd27c55f 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1061,7 +1061,7 @@ function thread_author_menu($item, $mode = '') { } else { $url = (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']); - if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot' ]))) { + if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot', 'token']))) { $follow_url = z_root() . '/follow/?f=&url=' . urlencode($url) . '&interactive=0'; } } diff --git a/include/permissions.php b/include/permissions.php index bbd13ed58..c3a9286c0 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -80,23 +80,6 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ intval($uid), dbesc($observer_xchan) ); - if(! $x) { - // see if they've got a guest access token; these are treated as connections - $y = atoken_abook($uid,$observer_xchan); - if($y) - $x = array($y); - - if(! $x) { - // not in address book and no guest token, see if they've got an xchan - // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); - if($y) { - $x = array(pseudo_abook($y[0])); - } - } - } $abook_checked = true; } @@ -309,32 +292,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) return false; - if(! $x) { - // see if they've got a guest access token - $y = atoken_abook($uid,$observer_xchan); - if($y) - $x = array($y); - - if(! $x) { - // not in address book and no guest token, see if they've got an xchan - - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); - if($y) { - - // This requires an explanation and the effects are subtle. - // The following line creates a fake connection, and this allows - // access tokens to have specific permissions even though they are - // not actual connections. - // The existence of this fake entry must be checked when dealing - // with connection related permissions. - - $x = array(pseudo_abook($y[0])); - } - } - - } $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } diff --git a/include/security.php b/include/security.php index f02fb8023..7f5f3193f 100644 --- a/include/security.php +++ b/include/security.php @@ -128,7 +128,7 @@ function atoken_xchan($atoken) { 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'], 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(), - 'xchan_network' => 'unknown', + 'xchan_network' => 'token', 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'], 'xchan_hidden' => 1, 'xchan_photo_mimetype' => 'image/png', -- cgit v1.2.3