From 3845e1de7d73664c818360c12ae2b7b3b1882c90 Mon Sep 17 00:00:00 2001 From: sirius Date: Sun, 20 Apr 2014 00:31:18 +0200 Subject: Added permission handling of profile-photos Now we automatically set the appropiate viewing-permissions on profile edit and revert photos chosen as default profile picture bacl to public access. --- mod/profile_photo.php | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) (limited to 'mod/profile_photo.php') diff --git a/mod/profile_photo.php b/mod/profile_photo.php index ef0a31673..ab7c3b12f 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -13,30 +13,43 @@ require_once('include/photo/photo_driver.php'); * @return void */ -function profile_photo_set_profile_perms($profileid) { +function profile_photo_set_profile_perms($profileid = '') { $allowcid = ''; if (x($profileid)) { - $r = q("SELECT photo, profile_guid, id, is_default FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid)); - $profile = $r[0]; - if(x($profile['id']) && x($profile['photo']) && intval($profile['is_default']) != 1) { //Only set perms when query suceeded and when we are not on the default profile - preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); - $resource_id = $resource_id[0]; + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid)); + } else { + + logger('Resetting permissions on default-profile-photo for user'.local_user()); + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1", intval(local_user()) ); //If no profile is given, we update the default profile + } + + $profile = $r[0]; + if(x($profile['id']) && x($profile['photo'])) { + preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); + $resource_id = $resource_id[0]; + + if (intval($profile['is_default']) != 1) { + $r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_user()) ); $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); + $allowcid = "<" . $r0[0]['channel_hash'] . ">"; foreach ($r1 as $entry) { $allowcid .= "<" . $entry['abook_xchan'] . ">"; } foreach ($r2 as $entry) { - $allowcid .= "<" . $entry['abook_xchan'] . ">"; - } - if(x($allowcid)) { - q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['id'])); - } + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + + q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['uid'])); + + } else { + q("UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d",intval($profile['uid'])); //Reset permissions on default profile picture to public } } + return; } @@ -273,7 +286,7 @@ function profile_photo_content(&$a) { intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), intval(local_user())); - + // set all sizes of this one as profile photos $r = q("UPDATE photo SET profile = 1 WHERE uid = %d AND resource_id = '%s'", intval(local_user()), @@ -292,7 +305,8 @@ function profile_photo_content(&$a) { dbesc($channel['xchan_hash']) ); - proc_run('php','include/directory.php',local_user()); + profile_photo_set_profile_perms(); //Reset default photo permissions to public + proc_run('php','include/directory.php',local_user()); goaway($a->get_baseurl() . '/profiles'); } @@ -316,7 +330,7 @@ function profile_photo_content(&$a) { ); if(! x($a->data,'imagecrop')) { - + $tpl = get_markup_template('profile_photo.tpl'); $o .= replace_macros($tpl,array( @@ -389,7 +403,7 @@ function profile_photo_crop_ui_head(&$a, $ph){ $p['scale'] = 1; $r = $ph->save($p); - + if($r === false) notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL ); else -- cgit v1.2.3