From f8c33243bf0440c6ddab63dbf3a755e4d506122b Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 9 Dec 2012 18:07:36 -0800
Subject: start to whip the permissions into shape, also got rid of the mce
 drop shadow until we can figure out how to do it without the ugly black bars.
 I tend to prefer "outy" shadows over "inny" shadows anyway, but maybe that's
 just me.

---
 mod/channel.php   | 64 +++++++++++++++----------------------------------------
 mod/photos.php    | 11 ++++++----
 mod/subthread.php |  6 ++++--
 3 files changed, 28 insertions(+), 53 deletions(-)

(limited to 'mod')

diff --git a/mod/channel.php b/mod/channel.php
index de5df649e..affef9613 100644
--- a/mod/channel.php
+++ b/mod/channel.php
@@ -53,6 +53,7 @@ function channel_content(&$a, $update = 0) {
 		}
 	}
 
+
 	if(get_config('system','block_public') && (! get_account_id()) && (! remote_user())) {
 			return login();
 	}
@@ -64,9 +65,12 @@ function channel_content(&$a, $update = 0) {
 	require_once('include/conversation.php');
 	require_once('include/acl_selectors.php');
 	require_once('include/items.php');
+	require_once('include/permissions.php');
+
 
 	$groups = array();
 
+
 	$tab = 'posts';
 	$o = '';
 
@@ -80,47 +84,17 @@ function channel_content(&$a, $update = 0) {
 		}
 	}
 
+	$observer = $a->get_observer();
+	$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 
-	$contact = null;
-	$remote_contact = false;
-
-	$contact_id = 0;
-
-	if(is_array($_SESSION['remote'])) {
-		foreach($_SESSION['remote'] as $v) {
-			if($v['uid'] == $a->profile['profile_uid']) {
-				$contact_id = $v['cid'];
-				break;
-			}
-		}
-	}
-
-	if($contact_id) {
-		$groups = init_groups_visitor($contact_id);
-		$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
-			intval($contact_id),
-			intval($a->profile['profile_uid'])
-		);
-		if(count($r)) {
-			$contact = $r[0];
-			$remote_contact = true;
-		}
-	}
-
-	if(! $remote_contact) {
-		if(local_user()) {
-			$contact_id = $_SESSION['cid'];
-			$contact = $a->contact;
-		}
-	}
-
-	$is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
+	$perms = get_all_perms($a->profile['profile_uid'],$ob_hash);
 
-	if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
-		notice( t('Access to this profile has been restricted.') . EOL);
+	if(! $perms['view_stream']) {
+		notice( t('Permission denied.') . EOL);
 		return;
 	}
 
+
 	if(! $update) {
 
 
@@ -129,22 +103,17 @@ function channel_content(&$a, $update = 0) {
 		$o .= common_friends_visitor_widget($a->profile['profile_uid']);
 
 
-		$commpage = (($a->profile['page-flags'] == PAGE_COMMUNITY) ? true : false);
-		$commvisitor = (($commpage && $remote_contact == true) ? true : false);
-
-		$celeb = ((($a->profile['page-flags'] == PAGE_SOAPBOX) || ($a->profile['page-flags'] == PAGE_COMMUNITY)) ? true : false);
-
-		if(can_write_wall($a,$a->profile['profile_uid'])) {
+		if($perms['post_wall']) {
 
 			$x = array(
 				'is_owner' => $is_owner,
-            	'allow_location' => ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? true : false),
+            	'allow_location' => ((($is_owner || $observer) && $a->profile['allow_location']) ? true : false),
 	            'default_location' => (($is_owner) ? $a->user['default-location'] : ''),
     	        'nickname' => $a->profile['channel_address'],
         	    'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
-            	'acl' => (($is_owner) ? populate_acl($channel, $celeb) : ''),
+            	'acl' => (($is_owner) ? populate_acl($channel, false) : ''),
 	            'bang' => '',
-    	        'visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'),
+    	        'visitor' => (($is_owner || $observer) ? 'block' : 'none'),
         	    'profile_uid' => $a->profile['profile_uid']
         	);
 
@@ -158,6 +127,7 @@ function channel_content(&$a, $update = 0) {
 	 * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
 	 */
 
+// fixme
 	$sql_extra = item_permissions_sql($a->profile['profile_uid'],$remote_contact,$groups);
 
 
@@ -211,7 +181,7 @@ function channel_content(&$a, $update = 0) {
 
 	}
 
-	if($r && count($r)) {
+	if($r) {
 
 		$parents_str = ids_to_querystr($r,'item_id');
  
@@ -233,7 +203,7 @@ function channel_content(&$a, $update = 0) {
 	}
 
 
-	if((! $update) && ($tab === 'posts')) {
+	if(! $update) {
 
 		// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
 		// because browser prefetching might change it on us. We have to deliver it with the page.
diff --git a/mod/photos.php b/mod/photos.php
index c98655df3..ee0a930fd 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -25,6 +25,9 @@ function photos_init(&$a) {
 
 		$a->data['channel'] = $r[0];
 
+		$observer = $a->get_observer();
+		$a->data['perms'] = get_all_perms($r[0]['channel_id'],(($observer) ? $observer['xchan_hash'] : ''));
+
 		$o .= '<div class="vcard">';
 		$o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
 		$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
@@ -1394,7 +1397,7 @@ function photos_content(&$a) {
 
 			$likebuttons = '';
 
-			if($can_post || can_write_wall($a,$owner_uid)) {
+			if($can_post || $a->data['perms']['post_comments']) {
 				$likebuttons = replace_macros($like_tpl,array(
 					'$id' => $link_item['id'],
 					'$likethis' => t("I like this \x28toggle\x29"),
@@ -1406,7 +1409,7 @@ function photos_content(&$a) {
 
 			$comments = '';
 			if(! count($r)) {
-				if($can_post || can_write_wall($a,$owner_uid)) {
+				if($can_post || $a->data['perms']['post_comments']) {
 					$comments .= replace_macros($cmnt_tpl,array(
 						'$return_path' => '', 
 						'$jsreload' => $return_url,
@@ -1444,7 +1447,7 @@ function photos_content(&$a) {
 
 
 
-				if($can_post || can_write_wall($a,$owner_uid)) {
+				if($can_post || $a->data['perms']['post_comments']) {
 					$comments .= replace_macros($cmnt_tpl,array(
 						'$return_path' => '',
 						'$jsreload' => $return_url,
@@ -1471,7 +1474,7 @@ function photos_content(&$a) {
 
 					$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
 			
-					if($can_post || can_write_wall($a,$owner_uid)) {
+					if($can_post || $a->data['perms']['post_comments']) {
 						$comments .= replace_macros($cmnt_tpl,array(
 							'$return_path' => '',
 							'$jsreload' => $return_url,
diff --git a/mod/subthread.php b/mod/subthread.php
index 7ad7dfd6b..f8918e25d 100755
--- a/mod/subthread.php
+++ b/mod/subthread.php
@@ -28,10 +28,12 @@ function subthread_content(&$a) {
 	$item = $r[0];
 
 	$owner_uid = $item['uid'];
+	$observer = $a->get_observer();
+	$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 
-	if(! can_write_wall($a,$owner_uid)) {
+	if(! perm_is_allowed($owner_uid,$ob_hash,'post_comments'))
 		return;
-	}
+
 
 	$remote_owner = null;
 
-- 
cgit v1.2.3