1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
<?php
function delegate_content(&$a) {
if(! local_user()) {
notice( t('Permission denied.') . EOL);
return;
}
if($a->argc > 2 && $a->argv[1] === 'add' && intval($a->argv[2])) {
// delegated admins can view but not change delegation permissions
if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
goaway($a->get_baseurl() . '/delegate');
$id = $a->argv[2];
$r = q("select `nickname` from user where uid = %d limit 1",
intval($id)
);
if(count($r)) {
$r = q("select id from contact where uid = %d and nurl = '%s' limit 1",
intval(local_user()),
dbesc(normalise_link($a->get_baseurl() . '/channel/' . $r[0]['nickname']))
);
if(count($r)) {
q("insert into manage ( uid, mid ) values ( %d , %d ) ",
intval($a->argv[2]),
intval(local_user())
);
}
}
goaway($a->get_baseurl() . '/delegate');
}
if($a->argc > 2 && $a->argv[1] === 'remove' && intval($a->argv[2])) {
// delegated admins can view but not change delegation permissions
if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
goaway($a->get_baseurl() . '/delegate');
q("delete from manage where uid = %d and mid = %d limit 1",
intval($a->argv[2]),
intval(local_user())
);
goaway($a->get_baseurl() . '/delegate');
}
$full_managers = array();
// These people can manage this account/page with full privilege
$r = q("SELECT * FROM `user` WHERE `email` = '%s' AND `password` = '%s' ",
dbesc($a->user['email']),
dbesc($a->user['password'])
);
if(count($r))
$full_managers = $r;
$delegates = array();
// find everybody that currently has delegated management to this account/page
$r = q("select * from user where uid in ( select uid from manage where mid = %d ) ",
intval(local_user())
);
if(count($r))
$delegates = $r;
$uids = array();
if(count($full_managers))
foreach($full_managers as $rr)
$uids[] = $rr['uid'];
if(count($delegates))
foreach($delegates as $rr)
$uids[] = $rr['uid'];
// find every contact who might be a candidate for delegation
$r = q("select nurl from contact where substring_index(contact.nurl,'/',3) = '%s'
and contact.uid = %d and contact.self = 0 and network = '%s' ",
dbesc(normalise_link($a->get_baseurl())),
intval(local_user()),
dbesc(NETWORK_DFRN)
);
if(! count($r)) {
notice( t('No potential page delegates located.') . EOL);
return;
}
$nicknames = array();
if(count($r)) {
foreach($r as $rr) {
$nicknames[] = "'" . dbesc(basename($rr['nurl'])) . "'";
}
}
$potentials = array();
$nicks = implode(',',$nicknames);
// get user records for all potential page delegates who are not already delegates or managers
$r = q("select `uid`, `username`, `nickname` from user where nickname in ( $nicks )");
if(count($r))
foreach($r as $rr)
if(! in_array($rr['uid'],$uids))
$potentials[] = $rr;
$o = replace_macros(get_markup_template('delegate.tpl'),array(
'$header' => t('Delegate Page Management'),
'$base' => $a->get_baseurl(),
'$desc' => t('Delegates are able to manage all aspects of this account/page except for basic account settings. Please do not delegate your personal account to anybody that you do not trust completely.'),
'$head_managers' => t('Existing Page Managers'),
'$managers' => $full_managers,
'$head_delegates' => t('Existing Page Delegates'),
'$delegates' => $delegates,
'$head_potentials' => t('Potential Delegates'),
'$potentials' => $potentials,
'$remove' => t('Remove'),
'$add' => t('Add'),
'$none' => t('No entries.')
));
return $o;
}
|
