a bit more cleanup and a bug fix or two for the new private post security model
This commit is contained in:
friendica
parent
f475317dba
commit
640dbdf5e9
@ -7,17 +7,13 @@ require_once('include/photo/photo_driver.php');
|
||||
require_once('include/permissions.php');
|
||||
|
||||
|
||||
function collect_recipients($item,&$private) {
|
||||
function collect_recipients($item,&$private_envelope) {
|
||||
|
||||
require_once('include/group.php');
|
||||
|
||||
$private = ((intval($item['item_private'])) ? true : false);
|
||||
$private_envelope = ((intval($item['item_private'])) ? true : false);
|
||||
$recipients = array();
|
||||
|
||||
// if the post is marked private but there are no recipients, only add the author and owner
|
||||
// as recipients. The ACL for the post may live on the hub of a different clone. We need to
|
||||
// get the post to that hub.
|
||||
|
||||
if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) {
|
||||
|
||||
// it is private
|
||||
@ -49,10 +45,21 @@ function collect_recipients($item,&$private) {
|
||||
|
||||
$deny = array_unique(array_merge($deny_people,$deny_groups));
|
||||
$recipients = array_diff($recipients,$deny);
|
||||
$private = true;
|
||||
$private_envelope = true;
|
||||
}
|
||||
else {
|
||||
if($item['public_policy'] || (! $private)) {
|
||||
|
||||
// if the post is marked private but there are no recipients and public_policy/scope = self,
|
||||
// only add the author and owner as recipients. The ACL for the post may live on the hub of
|
||||
// a different clone. We need to get the post to that hub.
|
||||
|
||||
// The post may be private by virtue of not being visible to anybody on the internet,
|
||||
// but there are no envelope recipients, so set this to false. Delivery is controlled
|
||||
// by the directives in $item['public_policy'].
|
||||
|
||||
$private_envelope = false;
|
||||
|
||||
if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') {
|
||||
$r = q("select abook_xchan from abook where abook_channel = %d and not (abook_flags & %d) ",
|
||||
intval($item['uid']),
|
||||
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED)
|
||||
|
||||
@ -10,12 +10,12 @@ function get_perms() {
|
||||
|
||||
$global_perms = array(
|
||||
// Read only permissions
|
||||
'view_stream' => array('channel_r_stream', intval(PERMS_R_STREAM), true, t('Can view my "public" stream and posts'), ''),
|
||||
'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my "public" channel profile'), ''),
|
||||
'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my "public" photo albums'), ''),
|
||||
'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my "public" address book'), ''),
|
||||
'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my "public" file storage'), ''),
|
||||
'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my "public" pages'), ''),
|
||||
'view_stream' => array('channel_r_stream', intval(PERMS_R_STREAM), true, t('Can view my normal stream and posts'), ''),
|
||||
'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my default channel profile'), ''),
|
||||
'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my photo albums'), ''),
|
||||
'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my connections'), ''),
|
||||
'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''),
|
||||
'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''),
|
||||
|
||||
// Write permissions
|
||||
'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''),
|
||||
@ -27,10 +27,10 @@ function get_perms() {
|
||||
|
||||
'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post @mentions'), t('Advanced - useful for creating group forum channels')),
|
||||
'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('')),
|
||||
'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my "public" file storage'), ''),
|
||||
'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my "public" pages'), ''),
|
||||
'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''),
|
||||
'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''),
|
||||
|
||||
'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my "public" posts in derived channels'), t('Somewhat advanced - very useful in open communities')),
|
||||
'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')),
|
||||
|
||||
'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')),
|
||||
);
|
||||
|
||||
@ -1 +1 @@
|
||||
2014-08-06.759
|
||||
2014-08-07.760
|
||||
|
||||
Reference in New Issue
Block a user