<?php namespace Zotlabs\Access; use Zotlabs\Lib as Zlib; /** * @brief Extensible permissions. * * To add new permissions, add to the list of $perms below, with a simple description. * * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role * if this permission should be granted to new connections. * * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom * permission roles. You will want to set a default PermissionLimit for each channel and also * provide a sane default for any existing connections. You may or may not wish to provide a * default auto permission. If in doubt, leave this alone as custom permissions by definition * are the responsibility of the channel owner to manage. You just don't want to create any * suprises or break things so you have an opportunity to provide sane settings. * * Update the version here and in PermissionRoles. * * * Permissions with 'view' in the name are considered read permissions. Anything * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else * is given PERMS_SPECIFIC. * * PermissionLimits::Std_limits() retrieves the standard limits. A permission role * MAY alter an individual setting after retrieving the Std_limits if you require * something different for a specific permission within the given role. * */ class Permissions { /** * @brief Permissions version. * * This must match the version in PermissionRoles.php before permission updates can run. * * @return number */ static public function version() { return 2; } /** * @brief Return an array with Permissions. * * @param string $filter (optional) only passed to hook permissions_list * @return array Associative array with permissions and short description. */ static public function Perms($filter = '') { $perms = [ 'view_stream' => t('Can view my channel stream and posts'), 'send_stream' => t('Can send me their channel stream and posts'), 'view_profile' => t('Can view my default channel profile'), 'view_contacts' => t('Can view my connections'), 'view_storage' => t('Can view my file storage and photos'), 'write_storage' => t('Can upload/modify my file storage and photos'), 'view_pages' => t('Can view my channel webpages'), 'view_wiki' => t('Can view my wiki pages'), 'write_pages' => t('Can create/edit my channel webpages'), 'write_wiki' => t('Can write to my wiki pages'), 'post_wall' => t('Can post on my channel (wall) page'), 'post_comments' => t('Can comment on or like my posts'), 'post_mail' => t('Can send me direct messages'), 'post_like' => t('Can like/dislike profiles and profile things'), 'tag_deliver' => t('Can forward direct messages to all my channel connections (forum)'), 'chat' => t('Can chat with me'), 'republish' => t('Can source my public posts in derived channels'), 'delegate' => t('Can administer my channel') ]; $x = [ 'permissions' => $perms, 'filter' => $filter ]; /** * @hooks permissions_list * * \e array \b permissions * * \e string \b filter */ call_hooks('permissions_list', $x); return ($x['permissions']); } /** * @brief Perms from the above list that are blocked from anonymous observers. * * e.g. you must be authenticated. * * @return array Associative array with permissions and short description. */ static public function BlockedAnonPerms() { $res = []; $perms = PermissionLimits::Std_limits(); foreach ($perms as $perm => $limit) { if ($limit != PERMS_PUBLIC) { $res[] = $perm; } } $x = ['permissions' => $res]; /** * @hooks write_perms * * \e array \b permissions */ call_hooks('write_perms', $x); return ($x['permissions']); } /** * @brief Converts indexed perms array to associative perms array. * * Converts [ 0 => 'view_stream', ... ] * to [ 'view_stream' => 1 ] for any permissions in $arr; * Undeclared permissions which exist in Perms() are added and set to 0. * * @param array $arr * @return array */ static public function FilledPerms($arr) { if (is_null($arr)) { btlogger('FilledPerms: null'); $arr = []; } $everything = self::Perms(); $ret = []; foreach ($everything as $k => $v) { if (in_array($k, $arr)) $ret[$k] = 1; else $ret[$k] = 0; } return $ret; } /** * @brief Convert perms array to indexed array. * * Converts [ 'view_stream' => 1 ] for any permissions in $arr * to [ 0 => ['name' => 'view_stream', 'value' => 1], ... ] * * @param array $arr associative perms array 'view_stream' => 1 * @return array Indexed array with elements that look like * * \e string \b name the perm name (e.g. view_stream) * * \e int \b value the value of the perm (e.g. 1) */ static public function OPerms($arr) { $ret = []; if ($arr) { foreach ($arr as $k => $v) { $ret[] = ['name' => $k, 'value' => $v]; } } return $ret; } /** * @brief * * @param int $channel_id * @return boolean|array */ static public function FilledAutoperms($channel_id) { if (!intval(get_pconfig($channel_id, 'system', 'autoperms'))) return false; $arr = []; $r = q("select * from pconfig where uid = %d and cat = 'autoperms'", intval($channel_id) ); if ($r) { foreach ($r as $rr) { $arr[$rr['k']] = intval($rr['v']); } } return $arr; } /** * @brief Compares that all Permissions from $p1 exist also in $p2. * * @param array $p1 The perms that have to exist in $p2 * @param array $p2 The perms to compare against * @return boolean true if all perms from $p1 exist also in $p2 */ static public function PermsCompare($p1, $p2) { foreach ($p1 as $k => $v) { if (!array_key_exists($k, $p2)) return false; if ($p1[$k] != $p2[$k]) return false; } return true; } /** * @brief * * @param int $channel_id A channel id * @return array Associative array with * * \e array \b perms Permission array * * \e int \b automatic 0 or 1 */ static public function connect_perms($channel_id) { $my_perms = []; $permcat = null; $automatic = 0; // If a default permcat exists, use that $pc = ((feature_enabled($channel_id, 'permcats')) ? get_pconfig($channel_id, 'system', 'default_permcat') : 'default'); if (!in_array($pc, ['', 'default'])) { $pcp = new Zlib\Permcat($channel_id); $permcat = $pcp->fetch($pc); if ($permcat && $permcat['perms']) { foreach ($permcat['perms'] as $p) { $my_perms[$p['name']] = $p['value']; } } } // look up the permission role to see if it specified auto-connect // and if there was no permcat or a default permcat, set the perms // from the role $role = get_pconfig($channel_id, 'system', 'permissions_role'); if ($role) { $xx = PermissionRoles::role_perms($role); if ($xx['perms_auto']) $automatic = 1; if ((!$my_perms) && ($xx['perms_connect'])) { $default_perms = $xx['perms_connect']; $my_perms = Permissions::FilledPerms($default_perms); } } // If we reached this point without having any permission information, // it is likely a custom permissions role. First see if there are any // automatic permissions. if (!$my_perms) { $m = Permissions::FilledAutoperms($channel_id); if ($m) { $automatic = 1; $my_perms = $m; } } // If we reached this point with no permissions, the channel is using // custom perms but they are not automatic. They will be stored in abconfig with // the channel's channel_hash (the 'self' connection). if (!$my_perms) { $r = q("select channel_hash from channel where channel_id = %d", intval($channel_id) ); if ($r) { $x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'", intval($channel_id), dbesc($r[0]['channel_hash']) ); if ($x) { foreach ($x as $xv) { $my_perms[$xv['k']] = intval($xv['v']); } } } } return (['perms' => $my_perms, 'automatic' => $automatic]); } static public function serialise($p) { $n = []; if ($p) { foreach ($p as $k => $v) { if (intval($v)) { $n[] = $k; } } } return implode(',', $n); } }