harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revamp permissions, blocking a contact takes priority over all other permission settings, such as "allow anybody in network to do xyz". If they're blocked they can't do it.

Browse Source
This commit is contained in:
friendica 2012-12-10 20:09:19 -08:00
parent d6fde94108
commit 7737382378
1 changed files with 65 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
include/permissions.php
View File

@ -67,23 +67,61 @@ function get_all_perms($uid,$observer,$internal_use = true) {
$channel_checked = true; $channel_checked = true;
} }
// The uid provided doesn't exist. This would be a big fail.
if(! $r) { if(! $r) {
$ret[$perm_name] = false; $ret[$perm_name] = false;
continue; continue;
} }
// Check if this $uid is actually the $observer
if($r[0]['channel_hash'] === $observer) { // Next we're going to check for blocked or ignored contacts.
// These take priority over all other settings.
if($observer) {
if(! $abook_checked) {
$x = q("select abook_my_perms, abook_flags from abook
where abook_channel = %d and abook_xchan = '%s' limit 1",
intval($uid),
dbesc($observer)
);
$abook_checked = true;
}
// If they're blocked - they can't read or write
if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) {
$ret[$perm_name] = false;
continue;
}
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
if(($x) && ($internal_use) && (! $global_perms[$perm_name][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED)) {
$ret[$perm_name] = false;
continue;
}
}
// Check if this $uid is actually the $observer - if it's your content
// you always have permission to do anything
if(($observer) && ($r[0]['channel_hash'] === $observer)) {
$ret[$perm_name] = true; $ret[$perm_name] = true;
continue; continue;
} }
// Anybody at all (that wasn't blocked or ignored). They have permission.
if($r[0][$channel_perm] & PERMS_PUBLIC) { if($r[0][$channel_perm] & PERMS_PUBLIC) {
$ret[$perm_name] = true; $ret[$perm_name] = true;
continue; continue;
} }
// From here on out, we need to know who they are. If we can't figure it
// out, permission is denied.
if(! $observer) { if(! $observer) {
$ret[$perm_name] = false; $ret[$perm_name] = false;
continue; continue;
@ -116,38 +154,16 @@ function get_all_perms($uid,$observer,$internal_use = true) {
} }
// If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book // If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book
// and not blocked/ignored // $x is a valid address book entry
if(! $abook_checked) { if(! $x) {
$x = q("select abook_my_perms, abook_flags from abook
where abook_channel = %d and abook_xchan = '%s' limit 1",
intval($uid),
dbesc($observer)
);
$abook_checked = true;
}
// If they're blocked - they can't read or write
if((! $x) || ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) {
$ret[$perm_name] = false; $ret[$perm_name] = false;
continue; continue;
} }
// If we're still going, they are a contact if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) {
if($r && $r[0][$channel_perm] & PERMS_CONTACTS) { // They're a contact, so they have permission
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
if(($internal_use) && (! $global_perms[$perm_name][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED)) {
$ret[$perm_name] = false;
continue;
}
// Otherwise they're a contact, so they have permission
$ret[$perm_name] = true; $ret[$perm_name] = true;
continue; continue;
@ -156,7 +172,7 @@ function get_all_perms($uid,$observer,$internal_use = true) {
// Permission granted to certain channels. Let's see if the observer is one of them // Permission granted to certain channels. Let's see if the observer is one of them
if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) { if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) {
if(($x) && ($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
$ret[$perm_name] = true; $ret[$perm_name] = true;
continue; continue;
} }
@ -188,6 +204,23 @@ function perm_is_allowed($uid,$observer,$permission) {
if(! $r) if(! $r)
return false; return false;
if($observer) {
$x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' limit 1",
intval($uid),
dbesc($observer)
);
// If they're blocked - they can't read or write
if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED))
return false;
if(($x) && (! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED))
return false;
}
// Check if this $uid is actually the $observer // Check if this $uid is actually the $observer
if($r[0]['channel_hash'] === $observer) if($r[0]['channel_hash'] === $observer)
@ -220,36 +253,17 @@ function perm_is_allowed($uid,$observer,$permission) {
return false; return false;
} }
// If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book if(! $x) {
// and not blocked/ignored
$x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' limit 1",
intval($uid),
dbesc($observer)
);
// If they're blocked - they can't read or write
if((! $x) || ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED))
return false; return false;
}
// If we're still going, they are a contact
if($r[0][$channel_perm] & PERMS_CONTACTS) { if($r[0][$channel_perm] & PERMS_CONTACTS) {
// Check if this is a write permission and they are being ignored
if((! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED))
return false;
// Otherwise they're a contact, so they have permission
return true; return true;
} }
// Permission granted to certain channels. Let's see if the observer is one of them // Permission granted to certain channels. Let's see if the observer is one of them
if($r[0][$channel_perm] & PERMS_SPECIFIC) { if(($r) && $r[0][$channel_perm] & PERMS_SPECIFIC) {
if($x[0]['abook_my_perms'] & $global_perms[$permission][1]) if($x[0]['abook_my_perms'] & $global_perms[$permission][1])
return true; return true;
} }