harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hopefully this won't screw up everything - if it does, revert. Otherwise this should work at delivery time to check tag deliveries and bounce the message before it's stored if the channel doesn't allow you to post and you aren't allowed to tag deliver either. Previously this was handled after the post was already stored so you needed posting permission as well as tag deliver permission to get past the checks.

Browse Source
This commit is contained in:
friendica
2013-06-16 00:57:39 -07:00
parent a37ac8f2f3
commit 2971ee9a4c
2 changed files with 31 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/zot.php
View File

@@ -1017,9 +1017,11 @@ function process_delivery($sender,$arr,$deliveries,$relay) {
$channel = $r[0];
$tag_delivery = tgroup_check($channel['channel_id'],$arr);
$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
if(! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) {
if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery)) {
logger("permission denied for delivery {$channel['channel_id']}");
$result[] = array($d['hash'],'permission denied');
continue;