From e3aa7d2aaf223d0edfe9665adad59bcb0affade9 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 13 Apr 2014 18:07:19 -0700 Subject: only show forum tags on contact autocomplete, not in the ACL selector --- mod/acl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/acl.php b/mod/acl.php index 3b737d36e..0f997c8b8 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -206,7 +206,7 @@ function acl_init(&$a){ if(count($r)) { foreach($r as $g){ - if($g['abook_their_perms'] & PERMS_W_TAGWALL) { + if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c') { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", -- cgit v1.2.3 From bc041bdb77036eba31468278d0a0796c1e354379 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 13 Apr 2014 19:57:47 -0700 Subject: profperm: abook_profile was being handled by profile id rather than profile_guid, causing private profiles to not be activated in many cases. --- mod/profperm.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'mod') diff --git a/mod/profperm.php b/mod/profperm.php index 08838831b..915f2a994 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -61,9 +61,9 @@ function profperm_content(&$a) { $profile = $r[0]; - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = %d", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", intval(local_user()), - intval(argv(1)) + dbesc($profile['profile_guid']) ); $ingroup = array(); @@ -75,23 +75,23 @@ function profperm_content(&$a) { if($change) { if(in_array($change,$ingroup)) { - q("UPDATE abook SET abook_profile = 0 WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($change), intval(local_user()) ); } else { - q("UPDATE abook SET abook_profile = %d WHERE abook_id = %d AND abook_channel = %d LIMIT 1", - intval(argv(1)), + q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + dbesc($profile['profile_guid']), intval($change), intval(local_user()) ); } - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = %d", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", intval(local_user()), - intval(argv(1)) + dbesc($profile['profile_guid']) ); $members = $r; -- cgit v1.2.3 From 506ae56385f5f731b7f3a8f5ee7feda2a66ae985 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 14 Apr 2014 16:45:16 -0700 Subject: Better handling of restricted /channel and /profile permissions. We will show the name, profile photo and a 'connect' button if appropriate on these pages regardless of permissions. A blank page makes it difficult for folks to figure out how to connect and if it is their real life friend 'x' or not. It also matches our overall policy (adopted from Facebook's lessons learned) that the channel name and default profile photo are always visible and can't really be blocked without messing up the usability of the entire network. This also makes sure that a connect button can be found somewhere besides the directory - where the entry could be blocked; and avoid somebody having to figure out the webbie and find the link to "follow" (another related issue). --- mod/profile.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'mod') diff --git a/mod/profile.php b/mod/profile.php index fca7c8f9f..792bf34c5 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -61,7 +61,7 @@ function profile_content(&$a, $update = 0) { $o = ''; if(! (perm_is_allowed($a->profile['profile_uid'],get_observer_hash(), 'view_profile'))) { - notice( t('Access to this profile has been restricted.') . EOL); + notice( t('Permission denied.') . EOL); return; } @@ -69,11 +69,10 @@ function profile_content(&$a, $update = 0) { $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false); if($a->profile['hidewall'] && (! $is_owner) && (! remote_user())) { - notice( t('Access to this profile has been restricted.') . EOL); + notice( t('Permission denied.') . EOL); return; } - $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); -- cgit v1.2.3 From 9026ea649a92b8f3e48a4940dd02c316c0a87c02 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 14 Apr 2014 17:29:19 -0700 Subject: better mapping of visible connections --- mod/connections.php | 12 +++++------- mod/viewconnections.php | 14 ++++++-------- 2 files changed, 11 insertions(+), 15 deletions(-) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index a453203ab..e95f72b49 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -213,12 +213,10 @@ function connections_content(&$a) { nav_set_selected('intros'); break; case 'ifpending': - $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) and (abook_flags & %d) and not (abook_flags & %d)", + $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d )", intval(local_user()), - intval(ABOOK_FLAG_SELF), - intval(XCHAN_FLAGS_DELETED), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_IGNORED) + intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_IGNORED), + intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) ); if($r && $r[0]['total']) { $search_flags = ABOOK_FLAG_PENDING; @@ -342,7 +340,7 @@ function connections_content(&$a) { where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) $sql_extra $sql_extra2 ", intval(local_user()), intval(ABOOK_FLAG_SELF), - intval(XCHAN_FLAGS_DELETED) + intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) ); if($r) { $a->set_pager_total($r[0]['total']); @@ -353,7 +351,7 @@ function connections_content(&$a) { WHERE abook_channel = %d and not (abook_flags & %d) and not ( xchan_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", intval(local_user()), intval(ABOOK_FLAG_SELF), - intval(XCHAN_FLAGS_DELETED), + intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN), intval($a->pager['start']), intval($a->pager['itemspage']) ); diff --git a/mod/viewconnections.php b/mod/viewconnections.php index a9fb967f7..f5e7ab213 100644 --- a/mod/viewconnections.php +++ b/mod/viewconnections.php @@ -29,21 +29,19 @@ function viewconnections_content(&$a) { } - $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) ", + $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d ) and not ( xchan_flags & %d ) ", intval($a->profile['uid']), - intval(XCHAN_FLAGS_HIDDEN), - intval(XCHAN_FLAGS_ORPHAN), - intval(XCHAN_FLAGS_DELETED) + intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_SELF), + intval(XCHAN_FLAGS_HIDDEN|XCHAN_FLAGS_ORPHAN|XCHAN_FLAGS_DELETED) ); if($r) { $a->set_pager_total($r[0]['total']); } - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not ( abook_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", intval($a->profile['uid']), - intval(XCHAN_FLAGS_HIDDEN), - intval(XCHAN_FLAGS_ORPHAN), - intval(XCHAN_FLAGS_DELETED), + intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_SELF), + intval(XCHAN_FLAGS_HIDDEN|XCHAN_FLAGS_ORPHAN|XCHAN_FLAGS_DELETED), intval($a->pager['start']), intval($a->pager['itemspage']) ); -- cgit v1.2.3