harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make guest access tokens work with PERMS_NETWORK, PERMS_SITE, PERMS_PENDING, and PERMS_CONTACTS; or everything but PERMS_SPECIFIC. PERMS_SITE could be contentious, but we're currently denying them as they are a guest and don't actually have a channel on this site. We can't easily make PERMS_SPECIFIC work without providing an abook entry for the guest since we would need to set specific permissions for the guest login, but unfortunately this could be the most desirable setting to use in many cases. There is also an update of hmessages.po in this commit.

Browse Source
This commit is contained in:
redmatrix 2016-07-31 18:08:41 -07:00
parent 74c68f09e5
commit 86eb923f29
3 changed files with 4354 additions and 4387 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/permissions.php
View File

@ -1,4 +1,7 @@
<?php
require_once('include/security.php');
/**
* @file include/permissions.php
*
@ -123,6 +126,9 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
dbesc($observer_xchan)
);
// no xchan either, see if they've got a guest access token
if(! $y)
$x = atoken_abook($uid,$observer_xchan);
}
$abook_checked = true;
@ -332,6 +338,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
dbesc($observer_xchan)
);
// no xchan either, see if they've got a guest access token
if(! $y)
$x = atoken_abook($uid,$observer_xchan);
}
$abperms = load_abconfig($uid,$observer_xchan,'my_perms');
}

28
include/security.php
View File

@ -119,6 +119,34 @@ function atoken_xchan($atoken) {
return null;
}
function atoken_abook($uid,$xchan_hash) {
if(substr($xchan_hash,16,1) != '.')
return false;
$r = q("select channel_hash from channel where channel_id = %d limit 1",
intval($uid)
);
if(! $r)
return false;
$x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
intval($uid),
dbesc(substr($xchan_hash,17))
);
if($x) {
$xchan = atoken_xchan($x[0]);
$xchan['abook_blocked'] = 0;
$xchan['abook_ignored'] = 0;
$xchan['abook_pending'] = 0;
return $xchan;
}
return false;
}
/**

8704
util/hmessages.po
View File

File diff suppressed because it is too large Load Diff