harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added permission handling of profile-photos

Browse Source 
Now we automatically set the appropiate viewing-permissions on profile edit and revert photos chosen as default profile picture bacl to public access.
This commit is contained in:
sirius 2014-04-20 00:31:18 +02:00
parent b0dc9f13ed
commit 3845e1de7d
2 changed files with 29 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
mod/profile_photo.php
View File

@ -13,30 +13,43 @@ require_once('include/photo/photo_driver.php');
* @return void * @return void
*/ */
function profile_photo_set_profile_perms($profileid) { function profile_photo_set_profile_perms($profileid = '') {
$allowcid = ''; $allowcid = '';
if (x($profileid)) { if (x($profileid)) {
$r = q("SELECT photo, profile_guid, id, is_default FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid)); $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid));
$profile = $r[0];
if(x($profile['id']) && x($profile['photo']) && intval($profile['is_default']) != 1) { //Only set perms when query suceeded and when we are not on the default profile
preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id);
$resource_id = $resource_id[0];
} else {
logger('Resetting permissions on default-profile-photo for user'.local_user());
$r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1", intval(local_user()) ); //If no profile is given, we update the default profile
}
$profile = $r[0];
if(x($profile['id']) && x($profile['photo'])) {
preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id);
$resource_id = $resource_id[0];
if (intval($profile['is_default']) != 1) {
$r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_user()) );
$r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids.
$r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid']));
$allowcid = "<" . $r0[0]['channel_hash'] . ">";
foreach ($r1 as $entry) { foreach ($r1 as $entry) {
$allowcid .= "<" . $entry['abook_xchan'] . ">"; $allowcid .= "<" . $entry['abook_xchan'] . ">";
} }
foreach ($r2 as $entry) { foreach ($r2 as $entry) {
$allowcid .= "<" . $entry['abook_xchan'] . ">"; $allowcid .= "<" . $entry['abook_xchan'] . ">";
} }
if(x($allowcid)) {
q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['id'])); q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['uid']));
}
} else {
q("UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d",intval($profile['uid'])); //Reset permissions on default profile picture to public
} }
} }
return; return;
} }
@ -273,7 +286,7 @@ function profile_photo_content(&$a) {
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
intval(local_user())); intval(local_user()));
// set all sizes of this one as profile photos // set all sizes of this one as profile photos
$r = q("UPDATE photo SET profile = 1 WHERE uid = %d AND resource_id = '%s'", $r = q("UPDATE photo SET profile = 1 WHERE uid = %d AND resource_id = '%s'",
intval(local_user()), intval(local_user()),
@ -292,7 +305,8 @@ function profile_photo_content(&$a) {
dbesc($channel['xchan_hash']) dbesc($channel['xchan_hash'])
); );
proc_run('php','include/directory.php',local_user()); profile_photo_set_profile_perms(); //Reset default photo permissions to public
proc_run('php','include/directory.php',local_user());
goaway($a->get_baseurl() . '/profiles'); goaway($a->get_baseurl() . '/profiles');
} }
@ -316,7 +330,7 @@ function profile_photo_content(&$a) {
); );
if(! x($a->data,'imagecrop')) { if(! x($a->data,'imagecrop')) {
$tpl = get_markup_template('profile_photo.tpl'); $tpl = get_markup_template('profile_photo.tpl');
$o .= replace_macros($tpl,array( $o .= replace_macros($tpl,array(
@ -389,7 +403,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
$p['scale'] = 1; $p['scale'] = 1;
$r = $ph->save($p); $r = $ph->save($p);
if($r === false) if($r === false)
notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL ); notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL );
else else

1
mod/profperm.php
View File

@ -95,7 +95,6 @@ function profperm_content(&$a) {
profile_photo_set_profile_perms($profile['id']); profile_photo_set_profile_perms($profile['id']);
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'",
intval(local_user()), intval(local_user()),
dbesc($profile['profile_guid']) dbesc($profile['profile_guid'])
); );