From ccdfbc721fa0cf6710cce262cbaa219e2803e8c2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 12 Feb 2017 15:56:33 -0800 Subject: Create virtual privacy groups for private profile member lists --- include/attach.php | 58 ++++++++++++++++++++++---------------------- include/group.php | 68 +++++++++++++++++++++++++++++++++++++++++++--------- include/photos.php | 53 ++++++++++++++++++++++++++++++++++++++-- include/security.php | 16 ++++++++++++- 4 files changed, 153 insertions(+), 42 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index dc5bfd308..937d33ea3 100644 --- a/include/attach.php +++ b/include/attach.php @@ -28,29 +28,31 @@ function z_mime_content_type($filename) { $mime_types = array( - 'txt' => 'text/plain', - 'htm' => 'text/html', + 'txt' => 'text/plain', + 'htm' => 'text/html', 'html' => 'text/html', - 'php' => 'text/html', - 'css' => 'text/css', - 'js' => 'application/javascript', + 'php' => 'text/html', + 'css' => 'text/css', + 'md' => 'text/markdown', + 'bb' => 'text/bbcode', + 'js' => 'application/javascript', 'json' => 'application/json', - 'xml' => 'application/xml', - 'swf' => 'application/x-shockwave-flash', - 'flv' => 'video/x-flv', + 'xml' => 'application/xml', + 'swf' => 'application/x-shockwave-flash', + 'flv' => 'video/x-flv', 'epub' => 'application/epub+zip', // images - 'png' => 'image/png', - 'jpe' => 'image/jpeg', + 'png' => 'image/png', + 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', - 'jpg' => 'image/jpeg', - 'gif' => 'image/gif', - 'bmp' => 'image/bmp', - 'ico' => 'image/vnd.microsoft.icon', + 'jpg' => 'image/jpeg', + 'gif' => 'image/gif', + 'bmp' => 'image/bmp', + 'ico' => 'image/vnd.microsoft.icon', 'tiff' => 'image/tiff', - 'tif' => 'image/tiff', - 'svg' => 'image/svg+xml', + 'tif' => 'image/tiff', + 'svg' => 'image/svg+xml', 'svgz' => 'image/svg+xml', // archives @@ -61,27 +63,27 @@ function z_mime_content_type($filename) { 'cab' => 'application/vnd.ms-cab-compressed', // audio/video - 'mp3' => 'audio/mpeg', - 'wav' => 'audio/wav', - 'qt' => 'video/quicktime', - 'mov' => 'video/quicktime', - 'ogg' => 'audio/ogg', - 'ogv' => 'video/ogg', - 'ogx' => 'application/ogg', + 'mp3' => 'audio/mpeg', + 'wav' => 'audio/wav', + 'qt' => 'video/quicktime', + 'mov' => 'video/quicktime', + 'ogg' => 'audio/ogg', + 'ogv' => 'video/ogg', + 'ogx' => 'application/ogg', 'flac' => 'audio/flac', 'opus' => 'audio/ogg', 'webm' => 'video/webm', // 'webm' => 'audio/webm', - 'mp4' => 'video/mp4', -// 'mp4' => 'audio/mp4', - 'mkv' => 'video/x-matroska', + 'mp4' => 'video/mp4', +// 'mp4' => 'audio/mp4', + 'mkv' => 'video/x-matroska', // adobe 'pdf' => 'application/pdf', 'psd' => 'image/vnd.adobe.photoshop', - 'ai' => 'application/postscript', + 'ai' => 'application/postscript', 'eps' => 'application/postscript', - 'ps' => 'application/postscript', + 'ps' => 'application/postscript', // ms office 'doc' => 'application/msword', diff --git a/include/group.php b/include/group.php index 38d9d190f..3b208ef95 100644 --- a/include/group.php +++ b/include/group.php @@ -227,6 +227,26 @@ function group_get_members_xchan($gid) { return $ret; } +function group_get_profile_members_xchan($uid,$gid) { + $ret = []; + + if(intval($gid)) { + $r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d", + intval($gid), + intval($uid) + ); + if($r) { + foreach($r as $rr) { + $ret[] = $rr['xchan']; + } + } + } + return $ret; +} + + + + function mini_group_select($uid,$group = '') { $grps = array(); @@ -320,20 +340,46 @@ function group_side($every="connections",$each="group",$edit = false, $group_id return $o; } -function expand_groups($a) { - if(! (is_array($a) && count($a))) +function expand_groups($g) { + if(! (is_array($g) && count($g))) return array(); - $x = $a; - stringify_array_elms($x,true); - $groups = implode(',', $x); - if($groups) - $r = q("SELECT xchan FROM group_member WHERE gid IN ( select id from groups where hash in ( $groups ))"); - $ret = array(); + $ret = []; + $x = []; - if($r) - foreach($r as $rr) - $ret[] = $rr['xchan']; + // private profile linked virtual groups + + foreach($g as $gv) { + if(substr($gv,0,3) === 'vp.') { + $profile_hash = substr($gv,3); + if($profile_hash) { + $r = q("select abook_xchan from abook where abook_profile = '%s'", + dbesc($profile_hash) + ); + if($r) { + foreach($r as $rv) { + $ret[] = $rv['abook_xchan']; + } + } + } + } + else { + $x[] = $gv; + } + } + + if($x) { + stringify_array_elms($x,true); + $groups = implode(',', $x); + if($groups) { + $r = q("SELECT xchan FROM group_member WHERE gid IN ( select id from groups where hash in ( $groups ))"); + if($r) { + foreach($r as $rr) { + $ret[] = $rr['xchan']; + } + } + } + } return $ret; } diff --git a/include/photos.php b/include/photos.php index 55cc2d945..4cd5952f9 100644 --- a/include/photos.php +++ b/include/photos.php @@ -718,10 +718,59 @@ function gps2Num($coordPart) { return floatval($parts[0]) / floatval($parts[1]); } + +function photo_profile_setperms($channel_id,$resource_id,$profile_id) { + + if(! $profile_id) + return; + + $r = q("select profile_guid, is_default from profile where id = %d and uid = %d limit 1", + dbesc($profile_id), + intval($channel_id) + ); + + if(! $r) + return; + + $is_default = $r[0]['is_default']; + $profile_guid = $r[0]['profile_guid']; + + if($is_default) { + $r = q("update photo set allow_cid = '', allow_gid = '', deny_cid = '', deny_gid = '' + where resource_id = '%s' and uid = %d", + dbesc($resource_id), + intval($channel_id) + ); + $r = q("update attach set allow_cid = '', allow_gid = '', deny_cid = '', deny_gid = '' + where hash = '%s' and uid = %d", + dbesc($resource_id), + intval($channel_id) + ); + } + else { + $r = q("update photo set allow_cid = '', allow_gid = '%s', deny_cid = '', deny_gid = '' + where resource_id = '%s' and uid = %d", + dbesc('vp.' . $profile_guid), + dbesc($resource_id), + intval($channel_id) + ); + + $r = q("update attach set allow_cid = '', allow_gid = '%s', deny_cid = '', deny_gid = '' + where hash = '%s' and uid = %d", + dbesc('vp.' . $profile_guid), + dbesc($resource_id), + intval($channel_id) + ); + } +} + function profile_photo_set_profile_perms($uid, $profileid = 0) { - $allowcid = ''; - if($profileid) { + $allowcid = ''; + + + if($profileid) { + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE uid = %d and ( profile.id = %d OR profile.profile_guid = '%s') LIMIT 1", intval($uid), diff --git a/include/security.php b/include/security.php index 57b33251f..b49ceec0d 100644 --- a/include/security.php +++ b/include/security.php @@ -553,7 +553,21 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f // var $contact_id = xchan_hash of connection function init_groups_visitor($contact_id) { - $groups = array(); + $groups = []; + + // private profiles are treated as a virtual group + + $r = q("SELECT abook_profile from abook where abook_xchan = '%s' and abook_profile != '' ", + dbesc($contact_id) + ); + if($r) { + foreach($r as $rv) { + $groups[] = 'vp.' . $rv['abook_profile']; + } + } + + // physical groups this channel is a member of + $r = q("SELECT hash FROM groups left join group_member on groups.id = group_member.gid WHERE xchan = '%s' ", dbesc($contact_id) ); -- cgit v1.2.3