harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lots more permission work

Browse Source
This commit is contained in:
redmatrix
2016-07-13 19:53:28 -07:00
parent b72720f6b6
commit 1fd65c934d
5 changed files with 50 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
Zotlabs/Module/Acl.php
View File

@@ -58,7 +58,23 @@ class Acl extends \Zotlabs\Web\Controller {
if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
killme(); killme();
$permitted = [];
if(in_array($type, [ 'm', 'a', 'c' ])) {
// These queries require permission checking. We'll create a simple array of xchan_hash for those with
// the requisite permissions which we can check against.
$x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1",
intval(local_channel()),
dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver')
);
$permitted = ids_to_array($x,'xchan');
}
if($search) { if($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
@@ -87,13 +103,13 @@ class Acl extends \Zotlabs\Web\Controller {
if($type == '' || $type == 'g') { if($type == '' || $type == 'g') {
$r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname` $r = q("SELECT groups.id, groups.hash, groups.gname
FROM `groups`,`group_member` FROM groups,group_member
WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d WHERE groups.deleted = 0 AND groups.uid = %d
AND `group_member`.`gid`=`groups`.`id` AND group_member.gid=groups.id
$sql_extra $sql_extra
GROUP BY `groups`.`id` GROUP BY groups.id
ORDER BY `groups`.`gname` ORDER BY groups.gname
LIMIT %d OFFSET %d", LIMIT %d OFFSET %d",
intval(local_channel()), intval(local_channel()),
intval($count), intval($count),
@@ -139,7 +155,7 @@ class Acl extends \Zotlabs\Web\Controller {
} }
else { // Visitors else { // Visitors
$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, xchan_pubforum, 0 as abook_flags, 0 as abook_self $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
FROM xchan left join xlink on xlink_link = xchan_hash FROM xchan left join xlink on xlink_link = xchan_hash
WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
dbesc(get_observer_hash()) dbesc(get_observer_hash())
@@ -155,7 +171,7 @@ class Acl extends \Zotlabs\Web\Controller {
$known_hashes[] = "'".$rr['hash']."'"; $known_hashes[] = "'".$rr['hash']."'";
$known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')'; $known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')';
$r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"); WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc");
if($r2) if($r2)
@@ -184,7 +200,7 @@ class Acl extends \Zotlabs\Web\Controller {
} }
if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) { if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) {
if((count($r) < 100) && $type == 'c') { if((count($r) < 100) && $type == 'c') {
$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self, xchan_pubforum $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
FROM xchan FROM xchan
WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"
); );
@@ -194,20 +210,27 @@ class Acl extends \Zotlabs\Web\Controller {
} }
} }
elseif($type == 'm') { elseif($type == 'm') {
$r = array();
$r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url $z = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
FROM abook left join xchan on abook_xchan = xchan_hash FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) WHERE abook_channel = %d
and xchan_deleted = 0 and xchan_deleted = 0
$sql_extra3 $sql_extra3
ORDER BY `xchan_name` ASC ", ORDER BY xchan_name ASC ",
intval(local_channel()), intval(local_channel())
intval(PERMS_W_MAIL)
); );
if($z) {
foreach($z as $zz) {
if(in_array($zz['id'],$permitted)) {
$r[] = $zz;
}
}
}
} }
elseif($type == 'a') { elseif($type == 'a') {
$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , xchan_pubforum, abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d WHERE abook_channel = %d
and xchan_deleted = 0 and xchan_deleted = 0
$sql_extra3 $sql_extra3
@@ -247,7 +270,7 @@ class Acl extends \Zotlabs\Web\Controller {
if(strpos($g['hash'],'/') && $type != 'a') if(strpos($g['hash'],'/') && $type != 'a')
continue; continue;
if(($g['xchan_pubforum']) && $type == 'c' && (! $noforums)) { if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
$contacts[] = array( $contacts[] = array(
"type" => "c", "type" => "c",
"photo" => "images/twopeople.png", "photo" => "images/twopeople.png",

2
Zotlabs/Module/Connedit.php
View File

@@ -133,7 +133,7 @@ class Connedit extends \Zotlabs\Web\Controller {
if($all_perms) { if($all_perms) {
foreach($all_perms as $perm => $desc) { foreach($all_perms as $perm => $desc) {
if(in_array('perms_' . $perm, $_POST)) { if(array_key_exists('perms_' . $perm, $_POST)) {
set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm, set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,
intval($_POST['perms_' . $perm])); intval($_POST['perms_' . $perm]));
$abook_my_perms ++; $abook_my_perms ++;

2
Zotlabs/Module/Probe.php
View File

@@ -23,8 +23,6 @@ class Probe extends \Zotlabs\Web\Controller {
$j = \Zotlabs\Zot\Finger::run($addr,$channel,false); $j = \Zotlabs\Zot\Finger::run($addr,$channel,false);
// $res = zot_finger($addr,$channel,false);
$o .= '<pre>'; $o .= '<pre>';
if(! $j['success']) { if(! $j['success']) {
$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n"); $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");

2
Zotlabs/Zot/Finger.php
View File

@@ -28,7 +28,7 @@ class Finger {
if (strpos($webbie,'@') === false) { if (strpos($webbie,'@') === false) {
$address = $webbie; $address = $webbie;
$host = App::get_hostname(); $host = \App::get_hostname();
} else { } else {
$address = substr($webbie,0,strpos($webbie,'@')); $address = substr($webbie,0,strpos($webbie,'@'));
$host = substr($webbie,strpos($webbie,'@')+1); $host = substr($webbie,strpos($webbie,'@')+1);

9
include/permissions.php
View File

@@ -239,8 +239,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// Permission granted to certain channels. Let's see if the observer is one of them // Permission granted to certain channels. Let's see if the observer is one of them
if($channel_perm & PERMS_SPECIFIC) { if($channel_perm & PERMS_SPECIFIC) {
if(array_key_exists('my_perms',$abperms) && array_key_exists($perm_name,$abperms['my_perms']) && $abperms['my_perms'][$perm_name]) { if($abperms) {
$ret[$perm_name] = true; foreach($abperms as $ab) {
if(($ab['cat'] == 'my_perms') && ($ab['k'] == $perm_name)) {
$ret[$perm_name] = (intval($ab['v']) ? true : false);
break;
}
}
continue; continue;
} }
} }