From 1c5f98440da1b4713d0f5b9f8f6a2d3ca39e23af Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 29 Nov 2013 14:08:37 -0800
Subject: quite a bit of work on default acl permissions and various acl quirks

---
 mod/network.php | 40 +++++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

(limited to 'mod/network.php')

diff --git a/mod/network.php b/mod/network.php
index 9ee21dc05..6c0b84873 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -278,8 +278,21 @@ function network_content(&$a, $update = 0, $load = false) {
 		$_GET['order'] = 'post';
 
 	if($gid) {
+        $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1",
+            intval($gid),
+            intval(local_user())
+        );
+        if(! $r) {
+			if($update)
+				killme();
+			notice( t('No such group') . EOL );
+			goaway($a->get_baseurl(true) . '/network');
+			// NOTREACHED
+		}
+
 		$group = $gid;
-		$def_acl = array('allow_gid' => '<' . $group . '>');
+		$group_hash = $r[0]['hash'];
+		$def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>');
 	}
 
 	$o = '';
@@ -409,7 +422,13 @@ function network_content(&$a, $update = 0, $load = false) {
 
 		nav_set_selected('network');
 
-		$celeb = false;
+		$channel_acl = array(
+			'allow_cid' => $channel['channel_allow_cid'], 
+			'allow_gid' => $channel['channel_allow_gid'], 
+			'deny_cid' => $channel['channel_deny_cid'], 
+			'deny_gid' => $channel['channel_deny_gid']
+		); 
+
 
 		$x = array(
 			'is_owner' => true,
@@ -417,8 +436,7 @@ function network_content(&$a, $update = 0, $load = false) {
 			'default_location' => $channel['channel_location'],
 			'nickname' => $channel['channel_address'],
 			'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-// FIXME
-			'acl' => populate_acl((($group || $cid || $nets) ? $def_acl : $channel), $celeb),
+			'acl' => populate_acl((($group || $cid) ? $def_acl : $channel_acl)),
 			'bang' => (($group || $cid) ? '!' : ''),
 			'visitor' => 'block',
 			'profile_uid' => local_user()
@@ -443,18 +461,6 @@ function network_content(&$a, $update = 0, $load = false) {
 	$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) ";
 
 	if($group) {
-        $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1",
-            intval($group),
-            intval(local_user())
-        );
-        if(! $r) {
-			if($update)
-				killme();
-			notice( t('No such group') . EOL );
-			goaway($a->get_baseurl(true) . '/network');
-			// NOTREACHED
-		}
-
 		$contact_str = '';
         $contacts = group_get_members($group);
         if($contacts) {
@@ -469,7 +475,7 @@ function network_content(&$a, $update = 0, $load = false) {
 			info( t('Group is empty'));
         }
 
-        $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) ";
+        $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) ";
 
     }
 
-- 
cgit v1.2.3