From ca0bc2bb7bc2b9e7d81a356a394d47bcb688004c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 27 Aug 2015 22:20:30 -0700 Subject: more work on AccessList integration --- mod/chat.php | 24 ++++++++++-------------- mod/events.php | 52 +++++++++++++++------------------------------------- mod/item.php | 1 - mod/mitem.php | 1 - mod/photos.php | 53 +++++++++++++++++++++++++---------------------------- 5 files changed, 50 insertions(+), 81 deletions(-) (limited to 'mod') diff --git a/mod/chat.php b/mod/chat.php index c54d29313..c2c11d0ab 100644 --- a/mod/chat.php +++ b/mod/chat.php @@ -54,12 +54,11 @@ function chat_post(&$a) { goaway(z_root() . '/chat/' . $channel['channel_address']); } + $acl = new AccessList($channel); + $acl->set_from_array($_REQUEST); - $arr = array('name' => $room); - $arr['allow_gid'] = perms2str($_REQUEST['group_allow']); - $arr['allow_cid'] = perms2str($_REQUEST['contact_allow']); - $arr['deny_gid'] = perms2str($_REQUEST['group_deny']); - $arr['deny_cid'] = perms2str($_REQUEST['contact_deny']); + $arr = $acl->get(); + $arr['name'] = $room; chatroom_create($channel,$arr); @@ -158,7 +157,10 @@ function chat_content(&$a) { intval($a->profile['profile_uid']) ); if($x) { - $private = ((($x[0]['allow_cid']) || ($x[0]['allow_gid']) || ($x[0]['deny_cid']) || ($x[0]['deny_gid'])) ? true : false); + $acl = new AccessList(false); + $acl->set($x[0]); + + $private = $acl->is_private(); $room_name = $x[0]['cr_name']; if($bookmark_link) $bookmark_link .= '&url=' . z_root() . '/chat/' . argv(1) . '/' . argv(2) . '&title=' . urlencode($x[0]['cr_name']) . (($private) ? '&private=1' : '') . '&ischat=1'; @@ -192,14 +194,8 @@ function chat_content(&$a) { if(local_channel() && argc() > 2 && argv(2) === 'new') { - - - $channel_acl = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] - ); + $acl = new AccessList($channel); + $channel_acl = $acl->get(); require_once('include/acl_selectors.php'); diff --git a/mod/events.php b/mod/events.php index edb61a6cd..9120f8713 100755 --- a/mod/events.php +++ b/mod/events.php @@ -41,16 +41,11 @@ function events_post(&$a) { $categories = escape_tags(trim($_POST['category'])); - - // only allow editing your own events. if(($xchan) && ($xchan !== get_observer_hash())) return; - // The default setting for the `private` field in event_store() is false, so mirror that - $private_event = false; - if($start_text) { $start = $start_text; } @@ -119,6 +114,8 @@ function events_post(&$a) { $channel = $a->get_channel(); + $acl = new AccessList(false); + if($event_id) { $x = q("select * from event where id = %d and uid = %d limit 1", intval($event_id), @@ -133,6 +130,8 @@ function events_post(&$a) { return; } + $acl->set($x[0]); + $created = $x[0]['created']; $edited = datetime_convert(); @@ -142,39 +141,21 @@ function events_post(&$a) { } else { $share = true; - $str_group_allow = $x[0]['allow_gid']; - $str_contact_allow = $x[0]['allow_cid']; - $str_group_deny = $x[0]['deny_gid']; - $str_contact_deny = $x[0]['deny_cid']; - - if(strlen($str_group_allow) || strlen($str_contact_allow) - || strlen($str_group_deny) || strlen($str_contact_deny)) { - $private_event = true; - } } } else { $created = $edited = datetime_convert(); if($share) { - $str_group_allow = perms2str($_POST['group_allow']); - $str_contact_allow = perms2str($_POST['contact_allow']); - $str_group_deny = perms2str($_POST['group_deny']); - $str_contact_deny = perms2str($_POST['contact_deny']); - - if(strlen($str_group_allow) || strlen($str_contact_allow) - || strlen($str_group_deny) || strlen($str_contact_deny)) { - $private_event = true; - } + $acl->set_from_array($_POST); } else { - $str_contact_allow = '<' . $channel['channel_hash'] . '>'; - $str_group_allow = $str_contact_deny = $str_group_deny = ''; - $private_event = true; + $acl->set(array('allow_cid' => '<' . $channel['channel_hash'] . '>', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '')); } } $post_tags = array(); $channel = $a->get_channel(); + $ac = $acl->get(); if(strlen($categories)) { $cats = explode(',',$categories); @@ -201,11 +182,11 @@ function events_post(&$a) { $datarray['uid'] = local_channel(); $datarray['account'] = get_account_id(); $datarray['event_xchan'] = $channel['channel_hash']; - $datarray['allow_cid'] = $str_contact_allow; - $datarray['allow_gid'] = $str_group_allow; - $datarray['deny_cid'] = $str_contact_deny; - $datarray['deny_gid'] = $str_group_deny; - $datarray['private'] = (($private_event) ? 1 : 0); + $datarray['allow_cid'] = $ac['allow_cid']; + $datarray['allow_gid'] = $ac['allow_gid']; + $datarray['deny_cid'] = $ac['deny_cid']; + $datarray['deny_gid'] = $ac['deny_gid']; + $datarray['private'] = (($acl->is_private()) ? 1 : 0); $datarray['id'] = $event_id; $datarray['created'] = $created; $datarray['edited'] = $edited; @@ -660,12 +641,9 @@ function events_content(&$a) { require_once('include/acl_selectors.php'); - $perm_defaults = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] - ); + $acl = new AccessList($channel); + $perm_defaults = $acl->get(); + $tpl = get_markup_template('event_form.tpl'); diff --git a/mod/item.php b/mod/item.php index 254904c9f..750512bcf 100644 --- a/mod/item.php +++ b/mod/item.php @@ -19,7 +19,6 @@ require_once('include/crypto.php'); require_once('include/enotify.php'); require_once('include/items.php'); require_once('include/attach.php'); -require_once('include/AccessList.php'); function item_post(&$a) { diff --git a/mod/mitem.php b/mod/mitem.php index 3959da032..0fadd1548 100644 --- a/mod/mitem.php +++ b/mod/mitem.php @@ -2,7 +2,6 @@ require_once('include/menu.php'); require_once('include/acl_selectors.php'); -require_once('include/AccessList.php'); function mitem_init(&$a) { diff --git a/mod/photos.php b/mod/photos.php index dc70e4f90..d06a8e69c 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -85,6 +85,7 @@ function photos_post(&$a) { $owner_record = $s[0]; + $acl = AccessList($a->data['channel']); if((argc() > 3) && (argv(2) === 'album')) { @@ -200,6 +201,7 @@ function photos_post(&$a) { goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); } + if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { @@ -208,10 +210,9 @@ function photos_post(&$a) { $item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0); $albname = ((x($_POST,'albname')) ? notags(trim($_POST['albname'])) : ''); $is_nsfw = ((x($_POST,'adult')) ? intval($_POST['adult']) : 0); - $str_group_allow = perms2str($_POST['group_allow']); - $str_contact_allow = perms2str($_POST['contact_allow']); - $str_group_deny = perms2str($_POST['group_deny']); - $str_contact_deny = perms2str($_POST['contact_deny']); + + $acl->set_from_array($_POST); + $perm = $acl->get(); $resource_id = $a->argv[2]; @@ -284,10 +285,10 @@ function photos_post(&$a) { $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid) ); @@ -331,20 +332,20 @@ function photos_post(&$a) { // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d", - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - intval($item_private), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), + intval($acl->is_private()), intval($item_id) ); // make sure the attach has the same permissions as the photo regardless of any other changes $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid) ); @@ -418,11 +419,11 @@ function photos_post(&$a) { $_REQUEST['source'] = 'photos'; require_once('include/attach.php'); - if(!local_channel()) { + if(! local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); - $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); - $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); - $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); + $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); + $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); + $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } $r = attach_store($a->channel,get_observer_hash(), '', $_REQUEST); @@ -557,14 +558,10 @@ function photos_content(&$a) { if($_is_owner) { $channel = $a->get_channel(); - $channel_acl = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] - ); + $acl = new AccessList($channel); + $channel_acl = $acl->get(); - $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); + $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); } $aclselect = (($_is_owner) ? populate_acl($channel_acl,false) : ''); -- cgit v1.2.3