From 49a392942cbea18432c44f227804e3cc8f5d79b0 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 14 Nov 2013 14:19:20 -0800
Subject: acl in webpages and a couple of other little bits related to webpages
 - sort the list of pages by last edited and use prepare_body() so we get
 private stuff (and attachments, categories, etc.) formatted correctly

---
 mod/magic.php    |  2 ++
 mod/page.php     | 31 ++++++++++++++++++++++++-------
 mod/webpages.php | 25 ++++++++++++++-----------
 3 files changed, 40 insertions(+), 18 deletions(-)

(limited to 'mod')

diff --git a/mod/magic.php b/mod/magic.php
index 623a80751..4eb688767 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -33,10 +33,12 @@ function magic_init(&$a) {
 
 		if(count($b) >= 2) {
 			$u = $b[0] . '//' . $b[2];
+dbg(1);
 			$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
 				where hubloc_url = '%s' order by hubloc_id desc limit 1",
 				dbesc($u)
 			);
+dbg(0);
 		}
 	}
 
diff --git a/mod/page.php b/mod/page.php
index 452341cb1..403016eb2 100644
--- a/mod/page.php
+++ b/mod/page.php
@@ -53,20 +53,38 @@ function page_content(&$a) {
 	else
 		$revision = " order by revision desc ";
 
+	require_once('include/security.php');
+	$sql_options = item_permissions_sql($u[0]['channel_id']);
 
 	$r = q("select item.* from item left join item_id on item.id = item_id.iid
 		where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and 
-		item_restrict = %d $revision limit 1",
+		item_restrict = %d $sql_options $revision limit 1",
 		intval($u[0]['channel_id']),
 		dbesc($page_id),
 		intval(ITEM_WEBPAGE)
 	);
 
 	if(! $r) {
-		notice( t('Item not found.') . EOL);
+
+		// Check again with no permissions clause to see if it is a permissions issue
+
+		$x = q("select item.* from item left join item_id on item.id = item_id.iid
+		where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and 
+		item_restrict = %d $revision limit 1",
+			intval($u[0]['channel_id']),
+			dbesc($page_id),
+			intval(ITEM_WEBPAGE)
+		);
+		if($x) {
+			// Yes, it's there. You just aren't allowed to see it.
+			notice( t('Permission denied.') . EOL);
+		}
+		else {
+			notice( t('Page not found.') . EOL);
+		}
 		return;
 	}
-dbg(1);
+
 	if($r[0]['layout_mid']) {
 		$l = q("select body from item where mid = '%s' and uid = %d limit 1",
 			dbesc($r[0]['layout_mid']),
@@ -78,12 +96,11 @@ dbg(1);
 			comanche_parser(get_app(),$l[0]['body']);
 		}
 	}
-dbg(0);
 
-logger('layout: ' . print_r($a->layout,true));
 
+	// logger('layout: ' . print_r($a->layout,true));
 
-	// Use of widgets should be determined by Comanche, but we don't have it yet, so...
+	// Use of widgets should be determined by Comanche, but we don't have it on system pages yet, so...
 
 	if ($perms['write_pages']) {
 		$chan = $a->channel['channel_id'];
@@ -95,7 +112,7 @@ logger('layout: ' . print_r($a->layout,true));
 	xchan_query($r);
 	$r = fetch_post_tags($r,true);
 
-	$o .= prepare_page($r[0]);
+	$o .= prepare_body($r[0],true);
 	return $o;
 
 }
diff --git a/mod/webpages.php b/mod/webpages.php
index 2c5728531..5257bc91d 100644
--- a/mod/webpages.php
+++ b/mod/webpages.php
@@ -57,13 +57,16 @@ function webpages_content(&$a) {
 
 // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
 // Nickname is set to the observers xchan, and profile_uid to the owners.  This lets you post pages at other people's channels.
-require_once ('include/conversation.php');
+	require_once ('include/conversation.php');
+	require_once('include/acl_selectors.php');
+
 		$x = array(
 			'webpage' => ITEM_WEBPAGE,
 			'is_owner' => true,
 			'nickname' => $a->profile['channel_address'],
 			'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
 			'bang' => (($group || $cid) ? '!' : ''),
+			'acl' => ((local_user() && local_user() == $owner) ? populate_acl($a->get_channel()) : ''),
 			'visitor' => 'block',
 			'profile_uid' => intval($owner),
 			'mimetype' => $mimetype,			
@@ -76,18 +79,18 @@ require_once ('include/conversation.php');
 //Get a list of webpages.  We can't display all them because endless scroll makes that unusable, so just list titles and an edit link.
 //TODO - this should be replaced with pagelist_widget
 
-$r = q("select * from item_id where uid = %d and service = 'WEBPAGE' order by sid asc",
-	intval($owner)
-);
+	$r = q("select item_id.* from item_id left join item on item_id.iid = item.id where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc",
+		intval($owner)
+	);
 
-		$pages = null;
+	$pages = null;
 
-		if($r) {
-			$pages = array();
-			foreach($r as $rr) {
-				$pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']);
-			} 
-		}
+	if($r) {
+		$pages = array();
+		foreach($r as $rr) {
+			$pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']);
+		} 
+	}
 
 
 //Build the base URL for edit links
-- 
cgit v1.2.3