Added permission handling of profile-photos
Now we automatically set the appropiate viewing-permissions on profile edit and revert photos chosen as default profile picture bacl to public access.
This commit is contained in:
sirius
parent
b0dc9f13ed
commit
3845e1de7d
@ -13,30 +13,43 @@ require_once('include/photo/photo_driver.php');
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function profile_photo_set_profile_perms($profileid) {
|
||||
function profile_photo_set_profile_perms($profileid = '') {
|
||||
|
||||
$allowcid = '';
|
||||
if (x($profileid)) {
|
||||
|
||||
$r = q("SELECT photo, profile_guid, id, is_default FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid));
|
||||
$r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid));
|
||||
|
||||
} else {
|
||||
|
||||
logger('Resetting permissions on default-profile-photo for user'.local_user());
|
||||
$r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1", intval(local_user()) ); //If no profile is given, we update the default profile
|
||||
}
|
||||
|
||||
$profile = $r[0];
|
||||
if(x($profile['id']) && x($profile['photo']) && intval($profile['is_default']) != 1) { //Only set perms when query suceeded and when we are not on the default profile
|
||||
if(x($profile['id']) && x($profile['photo'])) {
|
||||
preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id);
|
||||
$resource_id = $resource_id[0];
|
||||
|
||||
if (intval($profile['is_default']) != 1) {
|
||||
$r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_user()) );
|
||||
$r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids.
|
||||
$r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid']));
|
||||
$allowcid = "<" . $r0[0]['channel_hash'] . ">";
|
||||
foreach ($r1 as $entry) {
|
||||
$allowcid .= "<" . $entry['abook_xchan'] . ">";
|
||||
}
|
||||
foreach ($r2 as $entry) {
|
||||
$allowcid .= "<" . $entry['abook_xchan'] . ">";
|
||||
}
|
||||
if(x($allowcid)) {
|
||||
q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['id']));
|
||||
}
|
||||
|
||||
q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['uid']));
|
||||
|
||||
} else {
|
||||
q("UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d",intval($profile['uid'])); //Reset permissions on default profile picture to public
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
@ -292,6 +305,7 @@ function profile_photo_content(&$a) {
|
||||
dbesc($channel['xchan_hash'])
|
||||
);
|
||||
|
||||
profile_photo_set_profile_perms(); //Reset default photo permissions to public
|
||||
proc_run('php','include/directory.php',local_user());
|
||||
goaway($a->get_baseurl() . '/profiles');
|
||||
}
|
||||
|
||||
@ -95,7 +95,6 @@ function profperm_content(&$a) {
|
||||
profile_photo_set_profile_perms($profile['id']);
|
||||
|
||||
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'",
|
||||
|
||||
intval(local_user()),
|
||||
dbesc($profile['profile_guid'])
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user