finally fix recursive attachments permissions
This commit is contained in:
		| @@ -1598,7 +1598,10 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, | |||||||
|  |  | ||||||
| 		$folder_hash = $object['folder']; | 		$folder_hash = $object['folder']; | ||||||
|  |  | ||||||
| 		$r_perms = recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash); | 		$r_perms = attach_recursive_perms($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash); | ||||||
|  |  | ||||||
|  | 		if($r_perms === false) //nobody has recursive perms - nobody must be notified | ||||||
|  | 			return; | ||||||
|  |  | ||||||
| 		//split up returned perms | 		//split up returned perms | ||||||
| 		$arr_allow_cid = $r_perms['allow_cid']; | 		$arr_allow_cid = $r_perms['allow_cid']; | ||||||
| @@ -1761,7 +1764,7 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * @brief Returns array of channels which have recursive permission for a file |  * @brief Returns recursive permissions array or false if nobody has recursive permissions | ||||||
|  * |  * | ||||||
|  * @param array $arr_allow_cid |  * @param array $arr_allow_cid | ||||||
|  * @param array $arr_allow_gid |  * @param array $arr_allow_gid | ||||||
| @@ -1769,19 +1772,20 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) { | |||||||
|  * @param array $arr_deny_gid |  * @param array $arr_deny_gid | ||||||
|  * @param string $folder_hash |  * @param string $folder_hash | ||||||
|  */ |  */ | ||||||
| function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) { | function attach_recursive_perms($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) { | ||||||
|  |  | ||||||
| 	$ret = array(); | 	$ret = array(); | ||||||
| 	$parent_arr = array(); | 	$parent_arr = array(); | ||||||
| 	$count_values = array(); | 	$count_values = array(); | ||||||
| 	$poster = App::get_observer(); | 	$poster = App::get_observer(); | ||||||
|  |  | ||||||
| 	//turn allow_gid into allow_cid's | 	//lookup all channels in sharee group and add them to sharee $arr_allow_cid | ||||||
| 	foreach($arr_allow_gid as $gid) { | 	if($arr_allow_gid) { | ||||||
| 		$in_group = group_get_members($gid); | 		$in_group = expand_groups($arr_allow_gid); | ||||||
| 		$arr_allow_cid = array_unique(array_merge($arr_allow_cid, $in_group)); | 		$arr_allow_cid = array_unique(array_merge($arr_allow_cid, $in_group)); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | 	//count existing parent folders - we will compare to that count later | ||||||
| 	$count = 0; | 	$count = 0; | ||||||
| 	while($folder_hash) { | 	while($folder_hash) { | ||||||
| 		$x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1", | 		$x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1", | ||||||
| @@ -1790,30 +1794,20 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny | |||||||
|  |  | ||||||
| 		//only process private folders | 		//only process private folders | ||||||
| 		if($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) { | 		if($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) { | ||||||
|  |  | ||||||
| 			$parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']); | 			$parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']); | ||||||
| 			$parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']); | 			$parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']); | ||||||
|  |  | ||||||
| 			/** |  | ||||||
| 			 * @TODO should find a much better solution for the allow_cid <-> allow_gid problem. |  | ||||||
| 			 * Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid. |  | ||||||
| 			 * */ |  | ||||||
| 			if($parent_arr['allow_gid']) { |  | ||||||
| 				foreach($parent_arr['allow_gid'][$count] as $gid) { |  | ||||||
| 					$in_group = group_get_members($gid); |  | ||||||
| 					$parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group)); |  | ||||||
| 				} |  | ||||||
| 			} |  | ||||||
|  |  | ||||||
| 			$parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']); | 			$parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']); | ||||||
| 			$parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']); | 			$parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']); | ||||||
|  |  | ||||||
|  | 			//this is the number of all existing parent folders - we will compare to that count later | ||||||
| 			$count++; | 			$count++; | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		$folder_hash = $x[0]['folder']; | 		$folder_hash = $x[0]['folder']; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | 	//logger(EOL . 'parent_arr: ' . print_r($parent_arr,true)); | ||||||
|  |  | ||||||
| 	//if none of the parent folders is private just return file perms | 	//if none of the parent folders is private just return file perms | ||||||
| 	if(!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) { | 	if(!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) { | ||||||
| 		$ret['allow_gid'] = $arr_allow_gid; | 		$ret['allow_gid'] = $arr_allow_gid; | ||||||
| @@ -1824,7 +1818,7 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny | |||||||
| 		return $ret; | 		return $ret; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	//if there are no perms on the file we get them from the first parent folder | 	//if there are no perms on the file we will work with the perms from the first parent folder | ||||||
| 	if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) { | 	if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) { | ||||||
| 		$arr_allow_cid = $parent_arr['allow_cid'][0]; | 		$arr_allow_cid = $parent_arr['allow_cid'][0]; | ||||||
| 		$arr_allow_gid = $parent_arr['allow_gid'][0]; | 		$arr_allow_gid = $parent_arr['allow_gid'][0]; | ||||||
| @@ -1832,51 +1826,82 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny | |||||||
| 		$arr_deny_gid = $parent_arr['deny_gid'][0]; | 		$arr_deny_gid = $parent_arr['deny_gid'][0]; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	//allow_cid |  | ||||||
| 	$r_arr_allow_cid = false; | 	/*** | ||||||
| 	foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) { | 	* | ||||||
| 		foreach ($folder_arr_allow_cid as $ac_hash) { | 	* check if sharee has perms for all parent folders | ||||||
|  | 	* | ||||||
|  | 	***/ | ||||||
|  |  | ||||||
|  | 	$r_arr_allow_cid = []; | ||||||
|  |  | ||||||
|  | 	if($parent_arr['allow_cid']) { | ||||||
|  | 		//check sharee arr_allow_cid against allow_cid of all parent folders | ||||||
|  | 		foreach($parent_arr['allow_cid'] as $folder_arr_allow_cid) { | ||||||
|  | 			foreach($folder_arr_allow_cid as $ac_hash) { | ||||||
| 				$count_values[$ac_hash]++; | 				$count_values[$ac_hash]++; | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	foreach ($arr_allow_cid as $fac_hash) { | 		foreach($arr_allow_cid as $fac_hash) { | ||||||
| 			if($count_values[$fac_hash] == $count) | 			if($count_values[$fac_hash] == $count) | ||||||
| 				$r_arr_allow_cid[] = $fac_hash; | 				$r_arr_allow_cid[] = $fac_hash; | ||||||
| 		} | 		} | ||||||
|  | 		//logger(EOL . 'r_arr_allow_cid: ' . print_r($r_arr_allow_cid,true)); | ||||||
| 	//allow_gid |  | ||||||
| 	$r_arr_allow_gid = false; |  | ||||||
| 	foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) { |  | ||||||
| 		foreach ($folder_arr_allow_gid as $ag_hash) { |  | ||||||
| 			$count_values[$ag_hash]++; |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
| 	foreach ($arr_allow_gid as $fag_hash) { |  | ||||||
| 		if($count_values[$fag_hash] == $count) |  | ||||||
| 			$r_arr_allow_gid[] = $fag_hash; |  | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	//deny_gid | 	if($parent_arr['allow_gid']) { | ||||||
| 	foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) { | 		//check sharee arr_allow_cid against members of allow_gid of all parent folders | ||||||
| 		$r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); | 		foreach($parent_arr['allow_gid'] as $folder_arr_allow_gid) { | ||||||
|  | 			//get the group members | ||||||
|  | 			$folder_arr_allow_cid = expand_groups($folder_arr_allow_gid); | ||||||
|  | 			foreach($folder_arr_allow_cid as $ac_hash) { | ||||||
|  | 				$count_values[$ac_hash]++; | ||||||
| 			} | 			} | ||||||
| 	$r_arr_deny_gid = array_unique($r_arr_deny_gid); | 		} | ||||||
|  | 		foreach($arr_allow_cid as $fac_hash) { | ||||||
|  | 			if($count_values[$fac_hash] == $count) | ||||||
|  | 				$r_arr_allow_cid[] = $fac_hash; | ||||||
|  | 		} | ||||||
|  | 		//logger(EOL . 'groups - r_arr_allow_cid: ' . print_r($r_arr_allow_cid,true)); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | 	/*** | ||||||
|  | 	* | ||||||
|  | 	* check if sharee is denied somewhere in parent folders and deny him if so | ||||||
|  | 	* | ||||||
|  | 	***/ | ||||||
|  |  | ||||||
| 	//deny_cid | 	//deny_cid | ||||||
|  | 	$r_arr_deny_cid = []; | ||||||
|  |  | ||||||
|  | 	if($parent_arr['deny_cid']) { | ||||||
| 		foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) { | 		foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) { | ||||||
| 			$r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); | 			$r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); | ||||||
| 		} | 		} | ||||||
| 		$r_arr_deny_cid = array_unique($r_arr_deny_cid); | 		$r_arr_deny_cid = array_unique($r_arr_deny_cid); | ||||||
|  | 		//logger(EOL . 'r_arr_deny_cid: ' . print_r($r_arr_deny_cid,true)); | ||||||
|  | 	} | ||||||
|  |  | ||||||
| 	//if none is allowed restrict to self | 	//deny_gid | ||||||
| 	if(($r_arr_allow_gid === false) && ($r_arr_allow_cid === false)) { | 	$r_arr_deny_gid = []; | ||||||
| 		$ret['allow_cid'] = [$poster['xchan_hash']]; |  | ||||||
| 	} else { | 	if($parent_arr['deny_cid']) { | ||||||
| 		$ret['allow_gid'] = $r_arr_allow_gid; | 		foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) { | ||||||
|  | 			$r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); | ||||||
|  | 		} | ||||||
|  | 		$r_arr_deny_gid = array_unique($r_arr_deny_gid); | ||||||
|  | 		//logger(EOL . 'r_arr_deny_gid: ' . print_r($r_arr_dr_arr_deny_gideny_cid,true)); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	//if no channel is allowed return false | ||||||
|  | 	if(! $r_arr_allow_cid) | ||||||
|  | 		return false; | ||||||
|  |  | ||||||
|  | 	$ret['allow_gid'] = []; // eventual group members are already collected in $r_arr_allow_cid | ||||||
| 	$ret['allow_cid'] = $r_arr_allow_cid; | 	$ret['allow_cid'] = $r_arr_allow_cid; | ||||||
| 	$ret['deny_gid'] = $r_arr_deny_gid; | 	$ret['deny_gid'] = $r_arr_deny_gid; | ||||||
| 	$ret['deny_cid'] = $r_arr_deny_cid; | 	$ret['deny_cid'] = $r_arr_deny_cid; | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return $ret; | 	return $ret; | ||||||
| } | } | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user