From a338a97d5bb947f462483de8a9d87dd52fa3b2eb Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 10 Jul 2016 06:58:20 -0400 Subject: First draft of website import tools --- include/text.php | 24 ++++++++++++++++++++++++ include/widgets.php | 14 ++++++++++++++ 2 files changed, 38 insertions(+) (limited to 'include') diff --git a/include/text.php b/include/text.php index 986e3b56c..57339e16d 100644 --- a/include/text.php +++ b/include/text.php @@ -2246,6 +2246,30 @@ function design_tools() { )); } +/** + * @brief Creates website import tools menu + * + * @return string + */ +function website_import_tools() { + + $channel = App::get_channel(); + $sys = false; + + if(App::$is_sys && is_site_admin()) { + require_once('include/channel.php'); + $channel = get_sys_channel(); + $sys = true; + } + + $who = $channel['channel_address']; + + return replace_macros(get_markup_template('design_tools.tpl'), array( + '$title' => t('Import'), + '$who' => $who, + )); +} + /* case insensitive in_array() */ function in_arrayi($needle, $haystack) { diff --git a/include/widgets.php b/include/widgets.php index a4a6fb55a..6bb53bdf9 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -770,6 +770,20 @@ function widget_design_tools($arr) { return design_tools(); } +function widget_website_import_tools($arr) { + + // mod menu doesn't load a profile. For any modules which load a profile, check it. + // otherwise local_channel() is sufficient for permissions. + + if(App::$profile['profile_uid']) + if((App::$profile['profile_uid'] != local_channel()) && (! App::$is_sys)) + return ''; + + if(! local_channel()) + return ''; + + return website_import_tools(); +} function widget_findpeople($arr) { return findpeople_widget(); -- cgit v1.2.3 From c5e534c0cb939b9730f289a844f24b1121e6e9cf Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 10 Jul 2016 07:21:52 -0400 Subject: Clearer import control interface --- include/text.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 57339e16d..096c8a5aa 100644 --- a/include/text.php +++ b/include/text.php @@ -2264,9 +2264,13 @@ function website_import_tools() { $who = $channel['channel_address']; - return replace_macros(get_markup_template('design_tools.tpl'), array( + return replace_macros(get_markup_template('website_import_tools.tpl'), array( '$title' => t('Import'), - '$who' => $who, + //'$who' => $who, + '$import_label' => t('Import website...'), + '$import_placeholder' => t('Select folder to import'), + '$file_upload_text' => t('Import from a zipped folder:'), + '$file_import_text' => t('Import from cloud files:') )); } -- cgit v1.2.3 From 514ffb74aa8457d8dec5c0158550d93d1a18c072 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 14 Jul 2016 22:24:23 -0400 Subject: Refactored the scan and import functions to reduce redundant code and simplify logic. Import of pages, layouts, and blocks works. --- include/import.php | 200 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 200 insertions(+) (limited to 'include') diff --git a/include/import.php b/include/import.php index 00ecef07d..3dfe9c7c9 100644 --- a/include/import.php +++ b/include/import.php @@ -1217,3 +1217,203 @@ function convert_oldfields(&$arr,$old,$new) { unset($arr[$old]); } } + +function scan_webpage_elements($path, $type) { + + $dirtoscan = $path; + switch ($type) { + case 'page': + $dirtoscan .= '/pages/'; + $json_filename = 'page.json'; + break; + case 'layout': + $dirtoscan .= '/layouts/'; + $json_filename = 'layout.json'; + break; + case 'block': + $dirtoscan .= '/blocks/'; + $json_filename = 'block.json'; + break; + default : + return array(); + } + $elements = []; + if (is_dir($dirtoscan)) { + $dirlist = scandir($dirtoscan); + if ($dirlist) { + foreach ($dirlist as $element) { + if ($element === '.' || $element === '..') { + continue; + } + $folder = $dirtoscan . '/' . $element; + if (is_dir($folder)) { + $jsonfilepath = $folder . '/' . $json_filename; + if (is_file($jsonfilepath)) { + $metadata = json_decode(file_get_contents($jsonfilepath), true); + $metadata['path'] = $folder . '/' . $metadata['contentfile']; + if ($metadata['contentfile'] === '') { + logger('Invalid ' . $type . ' content file'); + return false; + } + $content = file_get_contents($folder . '/' . $metadata['contentfile']); + if (!$content) { + logger('Failed to get file content for ' . $metadata['contentfile']); + return false; + } + $elements[] = $metadata; + } + } + } + } + } + return $elements; + } + + + function import_webpage_element($element, $channel, $type) { + + $arr = array(); // construct information for the webpage element item table record + + switch ($type) { + // + // PAGES + // + case 'page': + $arr['item_type'] = ITEM_TYPE_WEBPAGE; + $namespace = 'WEBPAGE'; + $name = $element['pagelink']; + if($name) { + require_once('library/urlify/URLify.php'); + $name = strtolower(\URLify::transliterate($name)); + } + $arr['title'] = $element['title']; + $arr['term'] = $element['term']; + $arr['layout_mid'] = ''; // by default there is no layout associated with the page + // If a layout was specified, find it in the database and get its info. If + // it does not exist, leave layout_mid empty + if($element['layout'] !== '') { + $liid = q("select iid from iconfig where k = 'PDL' and v = '%s' and cat = 'system'", + dbesc($element['layout']) + ); + if($liid) { + $linfo = q("select mid from item where id = %d", + intval($liid[0]['iid']) + ); + $arr['layout_mid'] = $linfo[0]['mid']; + } + } + break; + // + // LAYOUTS + // + case 'layout': + $arr['item_type'] = ITEM_TYPE_PDL; + $namespace = 'PDL'; + $name = $element['name']; + $arr['title'] = $element['description']; + $arr['term'] = $element['term']; + break; + // + // BLOCKS + // + case 'block': + $arr['item_type'] = ITEM_TYPE_BLOCK; + $namespace = 'BUILDBLOCK'; + $name = $element['name']; + $arr['title'] = $element['title']; + + break; + default : + return null; // return null if invalid element type + } + + $arr['uid'] = $channel['channel_id']; + $arr['aid'] = $channel['channel_account_id']; + + // Check if an item already exists based on the name + $iid = q("select iid from iconfig where k = '" . $namespace . "' and v = '%s' and cat = 'system'", + dbesc($name) + ); + if($iid) { // If the item does exist, get the item metadata + $iteminfo = q("select mid,created,edited from item where id = %d", + intval($iid[0]['iid']) + ); + $arr['mid'] = $arr['parent_mid'] = $iteminfo[0]['mid']; + $arr['created'] = $iteminfo[0]['created']; + $arr['edited'] = (($element['edited']) ? datetime_convert('UTC', 'UTC', $element['edited']) : datetime_convert()); + } else { // otherwise, generate the creation times and unique id + $arr['created'] = (($element['created']) ? datetime_convert('UTC', 'UTC', $element['created']) : datetime_convert()); + $arr['edited'] = datetime_convert('UTC', 'UTC', '0000-00-00 00:00:00'); + $arr['mid'] = $arr['parent_mid'] = item_message_id(); + } + // Import the actual element content + $arr['body'] = file_get_contents($element['path']); + // The element owner is the channel importing the elements + $arr['owner_xchan'] = get_observer_hash(); + // The author is either the owner or whomever was specified + $arr['author_xchan'] = (($element['author_xchan']) ? $element['author_xchan'] : get_observer_hash()); + // Import mimetype if it is a valid mimetype for the element + $mimetypes = [ 'text/bbcode', + 'text/html', + 'text/markdown', + 'text/plain', + 'application/x-pdl', + 'application/x-php' + ]; + // Blocks and pages can have any mimetype, but layouts must be text/bbcode + if((in_array($element['mimetype'], $mimetypes)) && ($type === 'page' || $type === 'block') ) { + $arr['mimetype'] = $element['mimetype']; + } else { + $arr['mimetype'] = 'text/bbcode'; + } + + // Verify ability to use html or php!!! + $execflag = false; + if ($arr['mimetype'] === 'application/x-php') { + $z = q("select account_id, account_roles, channel_pageflags from account " + . "left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval(local_channel()) + ); + + if ($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { + $execflag = true; + } + } + + $z = q("select * from iconfig where v = '%s' and k = '%s' and cat = 'service' limit 1", + dbesc($name), + dbesc($namespace) + ); + + $i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['mid']), + intval(local_channel()) + ); + $remote_id = 0; + if ($z && $i) { + $remote_id = $z[0]['id']; + $arr['id'] = $i[0]['id']; + // don't update if it has the same timestamp as the original + if ($arr['edited'] > $i[0]['edited']) + $x = item_store_update($arr, $execflag); + } else { + if (($i) && (intval($i[0]['item_deleted']))) { + // was partially deleted already, finish it off + q("delete from item where mid = '%s' and uid = %d", + dbesc($arr['mid']), + intval(local_channel()) + ); + } + $x = item_store($arr, $execflag); + } + if ($x['success']) { + $item_id = $x['item_id']; + update_remote_id($channel, $item_id, $arr['item_type'], $name, $namespace, $remote_id, $arr['mid']); + $element['import_success'] = 1; + } else { + $element['import_success'] = 0; + } + + return $element; + +} -- cgit v1.2.3 From ff2f599142348162b6459a02aa014c7dbca84f76 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 16 Jul 2016 19:25:44 -0400 Subject: Postpone remote folder import until filesystem mirroring matures. --- include/text.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 096c8a5aa..a0f0ed7ae 100644 --- a/include/text.php +++ b/include/text.php @@ -2270,7 +2270,11 @@ function website_import_tools() { '$import_label' => t('Import website...'), '$import_placeholder' => t('Select folder to import'), '$file_upload_text' => t('Import from a zipped folder:'), - '$file_import_text' => t('Import from cloud files:') + '$file_import_text' => t('Import from cloud files:'), + '$file_remote_text' => t('Import from another channel'), + '$desc' => t('https://example.com/cloud/peter/sharedfolder'), + '$hint' => t('https://example.com/cloud/peter/sharedfolder'), + '$follow' => t('Import'), )); } -- cgit v1.2.3 From e7b853175154688d60d83ca5935650d1128973c6 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 16 Jul 2016 21:02:13 -0400 Subject: Stash changes to merge from dev --- include/text.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index a0f0ed7ae..3b285cfca 100644 --- a/include/text.php +++ b/include/text.php @@ -2271,10 +2271,9 @@ function website_import_tools() { '$import_placeholder' => t('Select folder to import'), '$file_upload_text' => t('Import from a zipped folder:'), '$file_import_text' => t('Import from cloud files:'), - '$file_remote_text' => t('Import from another channel'), - '$desc' => t('https://example.com/cloud/peter/sharedfolder'), - '$hint' => t('https://example.com/cloud/peter/sharedfolder'), - '$follow' => t('Import'), + '$desc' => t('/path/to/folder'), + '$hint' => t('/path/to/folder'), + '$select' => t('Select folder'), )); } -- cgit v1.2.3 From 6c5086a933451969b72890c9b703d6ee141f9d9f Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 17 Jul 2016 11:52:21 -0400 Subject: Added functions to check cloud files path and return path with hashed names --- include/attach.php | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ include/import.php | 23 +++++++++++++++---- 2 files changed, 85 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index b3ddfee88..0ca87624f 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1910,3 +1910,70 @@ function get_attach_binname($s) { } return $p; } + + +function get_dirpath_by_cloudpath($channel, $path) { + + // Warning: Do not edit the following line. The first symbol is UTF-8 @ + $path = str_replace('@','@',notags(trim($path))); + + $h = @parse_url($path); + + if(! $h || !x($h, 'path')) { + return null; + } + if(substr($h['path'],-1,1) === '/') { + $h['path'] = substr($h['path'],0,-1); + } + if(substr($h['path'],0,1) === '/') { + $h['path'] = substr($h['path'],1); + } + $folders = explode('/', $h['path']); + $f = array_shift($folders); + + $nick = $channel['channel_address']; + //check to see if the absolute path was provided (/cloud/channelname/path/to/folder) + if($f === 'cloud' ) { + $g = array_shift($folders); + if( $g !== $nick) { + // if nick does not follow "cloud", then the top level folder must be called "cloud" + // and the given path must be relative to "/cloud/channelname/". + $folders = array_unshift(array_unshift($folders, $g), $f); + } + } else { + array_unshift($folders, $f); + } + $clouddir = 'store/' . $nick . '/' ; + $subdir = '/'; + $valid = true; + while($folders && $valid && is_dir($clouddir . $subdir) && is_readable($clouddir . $subdir)) { + $valid = false; + $f = array_shift($folders); + $items = array_diff(scandir($clouddir . $subdir), array('.', '..')); // hashed names + foreach($items as $item) { + $filename = find_filename_by_hash($channel['channel_id'], $item); + if($filename === $f) { + $subdir .= $item . '/'; + $valid = true; + } + } + } + if(!$valid) { + return null; + } else { + return $clouddir . $subdir; + } + + +} + +function get_filename_by_cloudname($cloudname, $channel, $storepath) { + $items = array_diff(scandir($storepath), array('.', '..')); // hashed names + foreach($items as $item) { + $filename = find_filename_by_hash($channel['channel_id'], $item); + if($filename === $cloudname) { + return $filename; + } + } + return null; +} \ No newline at end of file diff --git a/include/import.php b/include/import.php index 3dfe9c7c9..ac52cc9cf 100644 --- a/include/import.php +++ b/include/import.php @@ -1218,8 +1218,8 @@ function convert_oldfields(&$arr,$old,$new) { } } -function scan_webpage_elements($path, $type) { - +function scan_webpage_elements($path, $type, $cloud = false) { + $channel = \App::get_channel(); $dirtoscan = $path; switch ($type) { case 'page': @@ -1237,6 +1237,9 @@ function scan_webpage_elements($path, $type) { default : return array(); } + if($cloud) { + $dirtoscan = get_dirpath_by_cloudpath($channel, $dirtoscan); + } $elements = []; if (is_dir($dirtoscan)) { $dirlist = scandir($dirtoscan); @@ -1247,15 +1250,25 @@ function scan_webpage_elements($path, $type) { } $folder = $dirtoscan . '/' . $element; if (is_dir($folder)) { - $jsonfilepath = $folder . '/' . $json_filename; + if($cloud) { + $jsonfilepath = get_filename_by_cloudname($json_filename, $channel, $folder); + } else { + $jsonfilepath = $folder . '/' . $json_filename; + } if (is_file($jsonfilepath)) { $metadata = json_decode(file_get_contents($jsonfilepath), true); - $metadata['path'] = $folder . '/' . $metadata['contentfile']; + if($cloud) { + $contentfilename = get_filename_by_cloudname($metadata['contentfile'], $channel, $folder); + $metadata['path'] = $folder . '/' . $contentfilename; + } else { + $contentfilename = $metadata['contentfile']; + $metadata['path'] = $folder . '/' . $contentfilename; + } if ($metadata['contentfile'] === '') { logger('Invalid ' . $type . ' content file'); return false; } - $content = file_get_contents($folder . '/' . $metadata['contentfile']); + $content = file_get_contents($folder . '/' . $contentfilename); if (!$content) { logger('Failed to get file content for ' . $metadata['contentfile']); return false; -- cgit v1.2.3 From d6b28cdc575aba40c6a7861d4c2031d844a848d9 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 17 Jul 2016 16:05:26 -0400 Subject: Importing webpage elements from manually entered cloud file path work. All detected elements are automatically imported. --- include/attach.php | 2 +- include/import.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 0ca87624f..40410d41e 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1972,7 +1972,7 @@ function get_filename_by_cloudname($cloudname, $channel, $storepath) { foreach($items as $item) { $filename = find_filename_by_hash($channel['channel_id'], $item); if($filename === $cloudname) { - return $filename; + return $item; } } return null; diff --git a/include/import.php b/include/import.php index ac52cc9cf..73a2dfff4 100644 --- a/include/import.php +++ b/include/import.php @@ -1223,15 +1223,15 @@ function scan_webpage_elements($path, $type, $cloud = false) { $dirtoscan = $path; switch ($type) { case 'page': - $dirtoscan .= '/pages/'; + $dirtoscan .= 'pages/'; $json_filename = 'page.json'; break; case 'layout': - $dirtoscan .= '/layouts/'; + $dirtoscan .= 'layouts/'; $json_filename = 'layout.json'; break; case 'block': - $dirtoscan .= '/blocks/'; + $dirtoscan .= 'blocks/'; $json_filename = 'block.json'; break; default : @@ -1251,7 +1251,7 @@ function scan_webpage_elements($path, $type, $cloud = false) { $folder = $dirtoscan . '/' . $element; if (is_dir($folder)) { if($cloud) { - $jsonfilepath = get_filename_by_cloudname($json_filename, $channel, $folder); + $jsonfilepath = $folder . '/' . get_filename_by_cloudname($json_filename, $channel, $folder); } else { $jsonfilepath = $folder . '/' . $json_filename; } -- cgit v1.2.3 From 4ce8f965aab8cfb09fc9f102f771cf67a7ee84fa Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 28 Jul 2016 13:10:19 -0700 Subject: issue #466, sql typo --- include/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index f52b03240..2587a72bb 100644 --- a/include/api.php +++ b/include/api.php @@ -13,7 +13,7 @@ require_once('include/api_auth.php'); /* * - * Red API. Loosely based on and possibly compatible with a Twitter-Like API but all similarities end there. + * Hubzilla API. Loosely based on and possibly compatible with Twitter-Like (v1.0) API but all similarities end there. * */ -- cgit v1.2.3 From 7c475575549161d465189fa5e726739f4a4ac76c Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 31 Jul 2016 07:30:25 -0400 Subject: Improved UI. Removed logger statements. --- include/import.php | 6 +++--- include/text.php | 7 ++----- 2 files changed, 5 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/import.php b/include/import.php index c69f2eadd..0b2cd38df 100644 --- a/include/import.php +++ b/include/import.php @@ -1252,15 +1252,15 @@ function scan_webpage_elements($path, $type, $cloud = false) { $dirtoscan = $path; switch ($type) { case 'page': - $dirtoscan .= 'pages/'; + $dirtoscan .= '/pages/'; $json_filename = 'page.json'; break; case 'layout': - $dirtoscan .= 'layouts/'; + $dirtoscan .= '/layouts/'; $json_filename = 'layout.json'; break; case 'block': - $dirtoscan .= 'blocks/'; + $dirtoscan .= '/blocks/'; $json_filename = 'block.json'; break; default : diff --git a/include/text.php b/include/text.php index f81155edb..d508f8ab3 100644 --- a/include/text.php +++ b/include/text.php @@ -2258,17 +2258,14 @@ function website_import_tools() { $sys = true; } - $who = $channel['channel_address']; - return replace_macros(get_markup_template('website_import_tools.tpl'), array( '$title' => t('Import'), - //'$who' => $who, '$import_label' => t('Import website...'), '$import_placeholder' => t('Select folder to import'), '$file_upload_text' => t('Import from a zipped folder:'), '$file_import_text' => t('Import from cloud files:'), - '$desc' => t('/path/to/folder'), - '$hint' => t('/path/to/folder'), + '$desc' => t('/cloud/channel/path/to/folder'), + '$hint' => t('Enter path to website files'), '$select' => t('Select folder'), )); } -- cgit v1.2.3 From 86eb923f296ff911e3f516e9052b3edc55a02c8a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 31 Jul 2016 18:08:41 -0700 Subject: make guest access tokens work with PERMS_NETWORK, PERMS_SITE, PERMS_PENDING, and PERMS_CONTACTS; or everything but PERMS_SPECIFIC. PERMS_SITE could be contentious, but we're currently denying them as they are a guest and don't actually have a channel on this site. We can't easily make PERMS_SPECIFIC work without providing an abook entry for the guest since we would need to set specific permissions for the guest login, but unfortunately this could be the most desirable setting to use in many cases. There is also an update of hmessages.po in this commit. --- include/permissions.php | 9 +++++++++ include/security.php | 28 ++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index 638bedb24..a1e05d120 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -1,4 +1,7 @@ Date: Sun, 31 Jul 2016 20:14:25 -0700 Subject: add a few more path macros to portable menu elements (channelurl, pageurl, storeurl and baseurl) --- include/channel.php | 11 +---------- include/import.php | 9 +++++++++ include/menu.php | 10 ++++++++-- 3 files changed, 18 insertions(+), 12 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 88dd818e6..c07cd14e2 100644 --- a/include/channel.php +++ b/include/channel.php @@ -640,19 +640,10 @@ function identity_basic_export($channel_id, $items = false) { for($y = 0; $y < count($x); $y ++) { $m = menu_fetch($x[$y]['menu_name'],$channel_id,$ret['channel']['channel_hash']); if($m) - $ret['menu'][] = menu_element($m); + $ret['menu'][] = menu_element($ret['channel'],$m); } } - $x = menu_list($channel_id); - if($x) { - $ret['menu'] = array(); - for($y = 0; $y < count($x); $y ++) { - $m = menu_fetch($x[$y]['menu_name'],$channel_id,$ret['channel']['channel_hash']); - if($m) - $ret['menu'][] = menu_element($m); - } - } $addon = array('channel_id' => $channel_id,'data' => $ret); call_hooks('identity_basic_export',$addon); diff --git a/include/import.php b/include/import.php index 0b2cd38df..27e0bfac6 100644 --- a/include/import.php +++ b/include/import.php @@ -784,7 +784,11 @@ function import_menus($channel,$menus) { foreach($menu['items'] as $it) { $mitem = array(); + $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[storeurl]',z_root() . '/store/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']); + $mitem['mitem_desc'] = escape_tags($it['desc']); $mitem['mitem_order'] = intval($it['order']); if(is_array($it['flags'])) { @@ -864,7 +868,12 @@ function sync_menus($channel,$menus) { foreach($menu['items'] as $it) { $mitem = array(); + + $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[storeurl]',z_root() . '/store/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']); + $mitem['mitem_desc'] = escape_tags($it['desc']); $mitem['mitem_order'] = intval($it['order']); if(is_array($it['flags'])) { diff --git a/include/menu.php b/include/menu.php index e8f1d8eb8..71d0e3ffe 100644 --- a/include/menu.php +++ b/include/menu.php @@ -25,7 +25,7 @@ function menu_fetch($name,$uid,$observer_xchan) { return null; } -function menu_element($menu) { +function menu_element($channel,$menu) { $arr = array(); $arr['type'] = 'menu'; @@ -46,7 +46,12 @@ function menu_element($menu) { $arr['items'] = array(); foreach($menu['items'] as $it) { $entry = array(); + + $entry['link'] = str_replace(z_root() . '/channel/' . $channel['channel_address'],'[channelurl]',$it['mitem_link']); + $entry['link'] = str_replace(z_root() . '/page/' . $channel['channel_address'],'[pageurl]',$it['mitem_link']); + $entry['link'] = str_replace(z_root() . '/store/' . $channel['channel_address'],'[storeurl]',$it['mitem_link']); $entry['link'] = str_replace(z_root(),'[baseurl]',$it['mitem_link']); + $entry['desc'] = $it['mitem_desc']; $entry['order'] = $it['mitem_order']; if($it['mitem_flags']) { @@ -389,12 +394,13 @@ function menu_del_item($menu_id,$uid,$item_id) { function menu_sync_packet($uid,$observer_hash,$menu_id,$delete = false) { $r = menu_fetch_id($menu_id,$uid); + $c = channelx_by_n($uid); if($r) { $m = menu_fetch($r['menu_name'],$uid,$observer_hash); if($m) { if($delete) $m['menu_delete'] = 1; - build_sync_packet($uid,array('menu' => array(menu_element($m)))); + build_sync_packet($uid,array('menu' => array(menu_element($c,$m)))); } } } -- cgit v1.2.3 From 4c76b31684342259a43c036373f3757a916b1d3a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 1 Aug 2016 17:44:21 -0700 Subject: /storeurl/cloudurl/ --- include/import.php | 4 ++-- include/menu.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/import.php b/include/import.php index 27e0bfac6..5bbed828f 100644 --- a/include/import.php +++ b/include/import.php @@ -786,7 +786,7 @@ function import_menus($channel,$menus) { $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']); - $mitem['mitem_link'] = str_replace('[storeurl]',z_root() . '/store/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[cloudurl]',z_root() . '/cloud/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']); $mitem['mitem_desc'] = escape_tags($it['desc']); @@ -871,7 +871,7 @@ function sync_menus($channel,$menus) { $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']); - $mitem['mitem_link'] = str_replace('[storeurl]',z_root() . '/store/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[cloudurl]',z_root() . '/cloud/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']); $mitem['mitem_desc'] = escape_tags($it['desc']); diff --git a/include/menu.php b/include/menu.php index 71d0e3ffe..3b0180d37 100644 --- a/include/menu.php +++ b/include/menu.php @@ -49,7 +49,7 @@ function menu_element($channel,$menu) { $entry['link'] = str_replace(z_root() . '/channel/' . $channel['channel_address'],'[channelurl]',$it['mitem_link']); $entry['link'] = str_replace(z_root() . '/page/' . $channel['channel_address'],'[pageurl]',$it['mitem_link']); - $entry['link'] = str_replace(z_root() . '/store/' . $channel['channel_address'],'[storeurl]',$it['mitem_link']); + $entry['link'] = str_replace(z_root() . '/cloud/' . $channel['channel_address'],'[cloudurl]',$it['mitem_link']); $entry['link'] = str_replace(z_root(),'[baseurl]',$it['mitem_link']); $entry['desc'] = $it['mitem_desc']; -- cgit v1.2.3 From 3a7d3e3a542ef9297a8a20e3548f01f43fb37f0e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 1 Aug 2016 20:12:52 -0700 Subject: This checkin should make all permission modes work correctly with atokens (they should be able to post content if allowed to). It also removes the strict linkage between permissions and connections so any individual permission can be set for any xchan; even those for which you have no connections. --- include/auth.php | 1 + include/connections.php | 6 ++++ include/permissions.php | 56 +++++++++++++++++++++++++++---------- include/security.php | 74 ++++++++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 121 insertions(+), 16 deletions(-) (limited to 'include') diff --git a/include/auth.php b/include/auth.php index f3592cee3..fdcecec36 100644 --- a/include/auth.php +++ b/include/auth.php @@ -57,6 +57,7 @@ function account_verify_password($login, $pass) { ); if($x) { $ret['xchan'] = atoken_xchan($x[0]); + atoken_create_xchan($ret['xchan']); return $ret; } } diff --git a/include/connections.php b/include/connections.php index 9f55820cc..4f685388c 100644 --- a/include/connections.php +++ b/include/connections.php @@ -566,6 +566,7 @@ function contact_remove($channel_id, $abook_id) { drop_item($rr['id'],false); } } + q("delete from abook where abook_id = %d and abook_channel = %d", intval($abook['abook_id']), @@ -588,6 +589,11 @@ function contact_remove($channel_id, $abook_id) { intval($channel_id) ); + $r = q("delete from abconfig where chan = %d and xchan = '%s'", + intval($channel_id), + dbesc($abook['abook_xchan']) + ); + return true; } diff --git a/include/permissions.php b/include/permissions.php index a1e05d120..637193973 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -122,13 +122,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { dbesc($observer_xchan) ); if(! $x) { - // not in address book, see if they've got an xchan - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); - // no xchan either, see if they've got a guest access token - if(! $y) - $x = atoken_abook($uid,$observer_xchan); + // see if they've got a guest access token; these are treated as connections + $y = atoken_abook($uid,$observer_xchan); + if($y) + $x = array($y); + + if(! $x) { + // not in address book and no guest token, see if they've got an xchan + // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections + $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", + dbesc($observer_xchan) + ); + if($y) { + $x = array(pseudo_abook($y[0])); + } + } } $abook_checked = true; @@ -190,7 +198,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) { + if($x && $x[0]['xchan_network'] === 'zot') { $ret[$perm_name] = true; continue; } @@ -238,6 +246,12 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { + // it was a fake abook entry, not really a connection + if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { + $ret[$perm_name] = false; + continue; + } + $ret[$perm_name] = true; continue; } @@ -334,13 +348,21 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { return false; if(! $x) { - // not in address book, see if they've got an xchan - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); - // no xchan either, see if they've got a guest access token - if(! $y) - $x = atoken_abook($uid,$observer_xchan); + // see if they've got a guest access token + $y = atoken_abook($uid,$observer_xchan); + if($y) + $x = array($y); + + if(! $x) { + // not in address book and no guest token, see if they've got an xchan + $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", + dbesc($observer_xchan) + ); + if($y) { + $x = array(pseudo_abook($y[0])); + } + } + } $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } @@ -410,6 +432,10 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { + // it was a fake abook entry, not really a connection + if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { + return false; + } return true; } diff --git a/include/security.php b/include/security.php index 7d2a49bdf..83bf51bc0 100644 --- a/include/security.php +++ b/include/security.php @@ -108,6 +108,7 @@ function atoken_xchan($atoken) { 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), 'xchan_network' => 'unknown', + 'xchan_url' => z_root(), 'xchan_hidden' => 1, 'xchan_photo_mimetype' => 'image/jpeg', 'xchan_photo_l' => get_default_profile_photo(300), @@ -119,6 +120,62 @@ function atoken_xchan($atoken) { return null; } +function atoken_delete($atoken_id) { + + $r = q("select * from atoken where atoken_id = %d", + intval($atoken_id) + ); + if(! $r) + return; + + $c = q("select channel_id, channel_hash from channel where channel_id = %d", + intval($r[0]['atoken_uid']) + ); + if(! $c) + return; + + $atoken_xchan = substr($c[0]['channel_hash'],0,16) . '.' . $r[0]['atoken_name']; + + q("delete from atoken where atoken_id = %d", + intval($atoken_id) + ); + q("delete from abconfig where chan = %d and xchan = '%s'", + intval($c[0]['channel_id']), + dbesc($atoken_xchan) + ); +} + + + +// in order for atoken logins to create content (such as posts) they need a stored xchan. +// we'll create one on the first atoken_login; it can't really ever go away but perhaps +// @fixme we should set xchan_deleted if it's expired or removed + +function atoken_create_xchan($xchan) { + + $r = q("select xchan_hash from xchan where xchan_hash = '%s'", + dbesc($xchan['xchan_hash']) + ); + if($r) + return; + + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_photo_mimetype, xchan_photo_l, xchan_photo_m, xchan_photo_s ) + values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", + dbesc($xchan['xchan_hash']), + dbesc($xchan['xchan_hash']), + dbesc($xchan['xchan_addr']), + dbesc($xchan['xchan_url']), + dbesc($xchan['xchan_name']), + dbesc($xchan['xchan_network']), + dbesc($xchan['xchan_photo_mimetype']), + dbesc($xchan['xchan_photo_l']), + dbesc($xchan['xchan_photo_m']), + dbesc($xchan['xchan_photo_s']) + ); + + return true; +} + function atoken_abook($uid,$xchan_hash) { if(substr($xchan_hash,16,1) != '.') @@ -149,6 +206,21 @@ function atoken_abook($uid,$xchan_hash) { } +function pseudo_abook($xchan) { + if(! $xchan) + return false; + + // set abook_pseudo to flag that we aren't really connected. + + $xchan['abook_pseudo'] = 1; + $xchan['abook_blocked'] = 0; + $xchan['abook_ignored'] = 0; + $xchan['abook_pending'] = 0; + return $xchan; + +} + + /** * @brief Change to another channel with current logged-in account. * @@ -424,7 +496,7 @@ function public_permissions_sql($observer_hash) { * In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes; * or if the security token is used for ajax-calls that happen several times), but only valid for a certain amout of time (3hours). * The "typename" seperates the security tokens of different types of forms. This could be relevant in the following case: - * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link). + * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link). * If the new page contains by any chance external elements, then the used security token is exposed by the referrer. * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are, * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types). -- cgit v1.2.3 From c4fd0af16dbec94d8a15006dbe320dddc6d13d85 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 2 Aug 2016 18:21:43 -0700 Subject: comment policy permissions typo --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 178fb30d6..5bd0b0968 100755 --- a/include/items.php +++ b/include/items.php @@ -421,7 +421,7 @@ function post_activity_item($arr) { $arr['deny_cid'] = ((x($arr,'deny_cid')) ? $arr['deny_cid'] : $channel['channel_deny_cid']); $arr['deny_gid'] = ((x($arr,'deny_gid')) ? $arr['deny_gid'] : $channel['channel_deny_gid']); - $arr['comment_policy'] = map_scope(\Zotlabs\Access/PermissionLimits::Get($channel['channel_id'],'post_comments')); + $arr['comment_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments')); if ((! $arr['plink']) && (intval($arr['item_thread_top']))) { $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; -- cgit v1.2.3