quite a bit of work on default acl permissions and various acl quirks

This commit is contained in:
friendica
2013-11-29 14:08:37 -08:00
parent b707495b50
commit 1c5f98440d
8 changed files with 86 additions and 36 deletions

View File

@@ -208,22 +208,22 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
function fixacl(&$item) { function fixacl(&$item) {
$item = intval(str_replace(array('<','>'),array('',''),$item)); $item = str_replace(array('<','>'),array('',''),$item);
} }
function populate_acl($user = null,$celeb = false) { function populate_acl($defaults = null,$unused = false) {
$allow_cid = $allow_gid = $deny_cid = $deny_gid = false; $allow_cid = $allow_gid = $deny_cid = $deny_gid = false;
if(is_array($user)) { if(is_array($defaults)) {
$allow_cid = ((strlen($user['allow_cid'])) $allow_cid = ((strlen($defaults['allow_cid']))
? explode('><', $user['allow_cid']) : array() ); ? explode('><', $defaults['allow_cid']) : array() );
$allow_gid = ((strlen($user['allow_gid'])) $allow_gid = ((strlen($defaults['allow_gid']))
? explode('><', $user['allow_gid']) : array() ); ? explode('><', $defaults['allow_gid']) : array() );
$deny_cid = ((strlen($user['deny_cid'])) $deny_cid = ((strlen($defaults['deny_cid']))
? explode('><', $user['deny_cid']) : array() ); ? explode('><', $defaults['deny_cid']) : array() );
$deny_gid = ((strlen($user['deny_gid'])) $deny_gid = ((strlen($defaults['deny_gid']))
? explode('><', $user['deny_gid']) : array() ); ? explode('><', $defaults['deny_gid']) : array() );
array_walk($allow_cid,'fixacl'); array_walk($allow_cid,'fixacl');
array_walk($allow_gid,'fixacl'); array_walk($allow_gid,'fixacl');
array_walk($deny_cid,'fixacl'); array_walk($deny_cid,'fixacl');

View File

@@ -131,6 +131,13 @@ function channel_content(&$a, $update = 0, $load = false) {
$o .= common_friends_visitor_widget($a->profile['profile_uid']); $o .= common_friends_visitor_widget($a->profile['profile_uid']);
$channel_acl = array(
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'deny_gid' => $channel['channel_deny_gid']
);
if($perms['post_wall']) { if($perms['post_wall']) {
@@ -140,7 +147,7 @@ function channel_content(&$a, $update = 0, $load = false) {
'default_location' => (($is_owner) ? $a->profile['channel_location'] : ''), 'default_location' => (($is_owner) ? $a->profile['channel_location'] : ''),
'nickname' => $a->profile['channel_address'], 'nickname' => $a->profile['channel_address'],
'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'), 'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
'acl' => (($is_owner) ? populate_acl($channel, false) : ''), 'acl' => (($is_owner) ? populate_acl($channel_acl) : ''),
'showacl' => (($is_owner) ? 'yes' : ''), 'showacl' => (($is_owner) ? 'yes' : ''),
'bang' => '', 'bang' => '',
'visitor' => (($is_owner || $observer) ? 'block' : 'none'), 'visitor' => (($is_owner || $observer) ? 'block' : 'none'),

View File

@@ -40,6 +40,14 @@ function display_content(&$a, $update = 0, $load = false) {
$channel = $a->get_channel(); $channel = $a->get_channel();
$channel_acl = array(
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'deny_gid' => $channel['channel_deny_gid']
);
$x = array( $x = array(
'is_owner' => true, 'is_owner' => true,
'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
@@ -47,7 +55,7 @@ function display_content(&$a, $update = 0, $load = false) {
'nickname' => $channel['channel_address'], 'nickname' => $channel['channel_address'],
'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
'acl' => populate_acl($channel, false), 'acl' => populate_acl($channel_acl, false),
'bang' => '', 'bang' => '',
'visitor' => 'block', 'visitor' => 'block',
'profile_uid' => local_user(), 'profile_uid' => local_user(),

View File

@@ -278,8 +278,21 @@ function network_content(&$a, $update = 0, $load = false) {
$_GET['order'] = 'post'; $_GET['order'] = 'post';
if($gid) { if($gid) {
$r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1",
intval($gid),
intval(local_user())
);
if(! $r) {
if($update)
killme();
notice( t('No such group') . EOL );
goaway($a->get_baseurl(true) . '/network');
// NOTREACHED
}
$group = $gid; $group = $gid;
$def_acl = array('allow_gid' => '<' . $group . '>'); $group_hash = $r[0]['hash'];
$def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>');
} }
$o = ''; $o = '';
@@ -409,7 +422,13 @@ function network_content(&$a, $update = 0, $load = false) {
nav_set_selected('network'); nav_set_selected('network');
$celeb = false; $channel_acl = array(
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'deny_gid' => $channel['channel_deny_gid']
);
$x = array( $x = array(
'is_owner' => true, 'is_owner' => true,
@@ -417,8 +436,7 @@ function network_content(&$a, $update = 0, $load = false) {
'default_location' => $channel['channel_location'], 'default_location' => $channel['channel_location'],
'nickname' => $channel['channel_address'], 'nickname' => $channel['channel_address'],
'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
// FIXME 'acl' => populate_acl((($group || $cid) ? $def_acl : $channel_acl)),
'acl' => populate_acl((($group || $cid || $nets) ? $def_acl : $channel), $celeb),
'bang' => (($group || $cid) ? '!' : ''), 'bang' => (($group || $cid) ? '!' : ''),
'visitor' => 'block', 'visitor' => 'block',
'profile_uid' => local_user() 'profile_uid' => local_user()
@@ -443,18 +461,6 @@ function network_content(&$a, $update = 0, $load = false) {
$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) ";
if($group) { if($group) {
$r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1",
intval($group),
intval(local_user())
);
if(! $r) {
if($update)
killme();
notice( t('No such group') . EOL );
goaway($a->get_baseurl(true) . '/network');
// NOTREACHED
}
$contact_str = ''; $contact_str = '';
$contacts = group_get_members($group); $contacts = group_get_members($group);
if($contacts) { if($contacts) {
@@ -469,7 +475,7 @@ function network_content(&$a, $update = 0, $load = false) {
info( t('Group is empty')); info( t('Group is empty'));
} }
$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) ";
} }

View File

@@ -699,8 +699,19 @@ function photos_content(&$a) {
$usage_message = sprintf( t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000 ); $usage_message = sprintf( t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000 );
} }
if($_is_owner) {
$channel = $a->get_channel();
$channel_acl = array(
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'deny_gid' => $channel['channel_deny_gid']
);
}
$albumselect_e = $albumselect; $albumselect_e = $albumselect;
$aclselect_e = (($_is_owner) ? populate_acl($a->get_channel(), false) : ''); $aclselect_e = (($_is_owner) ? populate_acl($channel_acl) : '');
$tpl = get_markup_template('photos_upload.tpl'); $tpl = get_markup_template('photos_upload.tpl');
$o .= replace_macros($tpl,array( $o .= replace_macros($tpl,array(

View File

@@ -141,6 +141,8 @@ function settings_post(&$a) {
if(! local_user()) if(! local_user())
return; return;
// logger('mod_settings: ' . print_r($_REQUEST,true));
if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
return; return;
@@ -502,6 +504,8 @@ function settings_post(&$a) {
set_pconfig(local_user(),'system','blocktags',$blocktags); set_pconfig(local_user(),'system','blocktags',$blocktags);
/* /*
if($page_flags == PAGE_PRVGROUP) { if($page_flags == PAGE_PRVGROUP) {
$hidewall = 1; $hidewall = 1;
@@ -545,7 +549,7 @@ function settings_post(&$a) {
); );
*/ */
$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d where channel_id = %d limit 1", $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d, channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d limit 1",
dbesc($username), dbesc($username),
intval($pageflags), intval($pageflags),
dbesc($timezone), dbesc($timezone),
@@ -572,6 +576,10 @@ function settings_post(&$a) {
intval($arr['channel_r_pages']), intval($arr['channel_r_pages']),
intval($arr['channel_w_pages']), intval($arr['channel_w_pages']),
intval($arr['channel_a_republish']), intval($arr['channel_a_republish']),
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
intval(local_user()) intval(local_user())
); );
@@ -1042,7 +1050,12 @@ function settings_content(&$a) {
); );
$perm_defaults = array(
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'deny_gid' => $channel['channel_deny_gid']
);
require_once('include/group.php'); require_once('include/group.php');
@@ -1079,7 +1092,7 @@ function settings_content(&$a) {
'$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')), '$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')),
'$permissions' => t('Default Post Permissions'), '$permissions' => t('Default Post Permissions'),
'$permdesc' => t("\x28click to open/close\x29"), '$permdesc' => t("\x28click to open/close\x29"),
'$aclselect' => populate_acl($a->user,$celeb), '$aclselect' => populate_acl($perm_defaults),
'$suggestme' => $suggestme, '$suggestme' => $suggestme,
'$group_select' => $group_select, '$group_select' => $group_select,

View File

@@ -3,6 +3,11 @@ var ispublic = aStr['everybody'] ;
$(document).ready(function() { $(document).ready(function() {
$("a#settings-default-perms-menu").colorbox({
'inline' : true,
'transition' : 'elastic'
});
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {

View File

@@ -4,7 +4,7 @@
{{$nickname_block}} {{$nickname_block}}
<form action="settings" id="settings-form" method="post" autocomplete="off" > <form action="settings" id="settings-form" method="post" autocomplete="off" >
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'> <input type='hidden' name='form_security_token' value='{{$form_security_token}}' />
<h3 class="settings-heading">{{$h_basic}}</h3> <h3 class="settings-heading">{{$h_basic}}</h3>
@@ -73,7 +73,7 @@
{{/if}} {{/if}}
<div id="settings-default-perms" class="settings-default-perms" > <div id="settings-default-perms" class="settings-default-perms" >
<a href="#profile-jot-acl-wrapper" id="settings-default-perms-menu" class='popupbox'>{{$permissions}} {{$permdesc}}</a> <a href="#profile-jot-acl-wrapper" id="settings-default-perms-menu" >{{$permissions}} {{$permdesc}}</a>
<div id="settings-default-perms-menu-end"></div> <div id="settings-default-perms-menu-end"></div>
<div id="settings-default-perms-select" style="display: none; margin-bottom: 20px" > <div id="settings-default-perms-select" style="display: none; margin-bottom: 20px" >