channel delegation
This commit is contained in:
friendica
parent
4237e8052e
commit
98dffd77ef
3
boot.php
3
boot.php
@ -1880,6 +1880,9 @@ function current_theme_url($installing = false) {
|
||||
function is_site_admin() {
|
||||
$a = get_app();
|
||||
|
||||
if($_SESSION['delegate'])
|
||||
return false;
|
||||
|
||||
if((intval($_SESSION['authenticated']))
|
||||
&& (is_array($a->account))
|
||||
&& ($a->account['account_roles'] & ACCOUNT_ROLE_ADMIN))
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
function admin_post(&$a){
|
||||
logger('admin_post', LOGGER_DEBUG);
|
||||
|
||||
if(!is_site_admin()) {
|
||||
if((!is_site_admin()) || ($_SESSION['delegate'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
@ -79,7 +79,8 @@ function admin_post(&$a){
|
||||
function admin_content(&$a) {
|
||||
|
||||
logger('admin_content', LOGGER_DEBUG);
|
||||
if(!is_site_admin()) {
|
||||
|
||||
if((!is_site_admin()) || ($_SESSION['delegate'])) {
|
||||
return login(false);
|
||||
}
|
||||
|
||||
|
||||
@ -10,11 +10,10 @@ function magic_init(&$a) {
|
||||
logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
|
||||
|
||||
$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
|
||||
$hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : '');
|
||||
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
|
||||
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
|
||||
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
|
||||
|
||||
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
|
||||
|
||||
$parsed = parse_url($dest);
|
||||
if(! $parsed) {
|
||||
@ -100,6 +99,29 @@ function magic_init(&$a) {
|
||||
$ret['message'] .= 'Local site - you are already authenticated.' . EOL;
|
||||
return $ret;
|
||||
}
|
||||
|
||||
$delegation_success = false;
|
||||
if($delegate) {
|
||||
$r = q("select * from channel left join hubloc on channel_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
|
||||
dbesc($delegate)
|
||||
);
|
||||
if($r && intval($r[0]['channel_id'])) {
|
||||
$allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate');
|
||||
if($allowed) {
|
||||
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
|
||||
$_SESSION['delegate'] = get_observer_hash();
|
||||
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
|
||||
change_channel($r[0]['channel_id']);
|
||||
$delegation_success = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
// FIXME: check and honour local delegation
|
||||
|
||||
|
||||
goaway($dest);
|
||||
}
|
||||
|
||||
@ -123,6 +145,9 @@ function magic_init(&$a) {
|
||||
$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname())
|
||||
. '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION;
|
||||
|
||||
if($delegate)
|
||||
$target_url .= '&delegate=' . urlencode($delegate);
|
||||
|
||||
logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG);
|
||||
|
||||
if($test) {
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
function manage_content(&$a) {
|
||||
|
||||
if(! get_account_id()) {
|
||||
if((! get_account_id()) || ($_SESSION['delegate'])) {
|
||||
notice( t('Permission denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
@ -144,6 +144,22 @@ function manage_content(&$a) {
|
||||
array( 'new_channel', t('Create a new channel'), t('Create a new channel'))
|
||||
);
|
||||
|
||||
$delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where
|
||||
abook_channel = %d and (abook_their_perms & %d) > 0",
|
||||
intval(local_channel()),
|
||||
intval(PERMS_A_DELEGATE)
|
||||
);
|
||||
if(! $delegates)
|
||||
$delegates = null;
|
||||
|
||||
if($delegates) {
|
||||
for($x = 0; $x < count($delegates); $x ++) {
|
||||
$delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url']) . '&delegate=' . urlencode($delegates[$x]['xchan_addr']);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
$o = replace_macros(get_markup_template('channels.tpl'), array(
|
||||
'$header' => t('Channel Manager'),
|
||||
'$msg_selected' => t('Current Channel'),
|
||||
@ -153,9 +169,12 @@ function manage_content(&$a) {
|
||||
'$msg_make_default' => t('Make Default'),
|
||||
'$links' => $links,
|
||||
'$all_channels' => $channels,
|
||||
'$mail_format' => t('%d new messages'),
|
||||
'$intros_format' => t('%d new introductions'),
|
||||
'$mail_format' => t('%d new messages'),
|
||||
'$intros_format' => t('%d new introductions'),
|
||||
'$channel_usage_message' => $channel_usage_message,
|
||||
'$delegate_header' => t('Delegated Channels'),
|
||||
'$delegates' => $delegates,
|
||||
|
||||
));
|
||||
|
||||
|
||||
|
||||
52
mod/post.php
52
mod/post.php
@ -30,6 +30,7 @@ function post_init(&$a) {
|
||||
** dest => the desired destination URL (urlencoded)
|
||||
** sec => a random string which is also stored on $mysite for use during the verification phase.
|
||||
** version => the zot revision
|
||||
** delegate => optional urlencoded webbie of a local channel to invoke delegation rights for
|
||||
*
|
||||
* When this packet is received, an "auth-check" zot message is sent to $mysite.
|
||||
* (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post)
|
||||
@ -88,10 +89,12 @@ function post_init(&$a) {
|
||||
$ret = array('success' => false, 'message' => '');
|
||||
|
||||
logger('mod_zot: auth request received.');
|
||||
$address = $_REQUEST['auth'];
|
||||
$desturl = $_REQUEST['dest'];
|
||||
$sec = $_REQUEST['sec'];
|
||||
$version = $_REQUEST['version'];
|
||||
$address = $_REQUEST['auth'];
|
||||
$desturl = $_REQUEST['dest'];
|
||||
$sec = $_REQUEST['sec'];
|
||||
$version = $_REQUEST['version'];
|
||||
$delegate = $_REQUEST['delegate'];
|
||||
|
||||
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
|
||||
|
||||
// They are authenticating ultimately to the site and not to a particular channel.
|
||||
@ -158,6 +161,8 @@ function post_init(&$a) {
|
||||
// Also check that they are coming from the same site as they authenticated with originally.
|
||||
|
||||
$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
|
||||
if($delegate && $delegate !== $_SESSION['delegate_channel'])
|
||||
$already_authed = false;
|
||||
|
||||
$j = array();
|
||||
|
||||
@ -235,6 +240,8 @@ function post_init(&$a) {
|
||||
}
|
||||
goaway($desturl);
|
||||
}
|
||||
|
||||
|
||||
// log them in
|
||||
|
||||
if($test) {
|
||||
@ -243,16 +250,37 @@ function post_init(&$a) {
|
||||
json_return_and_die($ret);
|
||||
}
|
||||
|
||||
$delegation_success = false;
|
||||
if($delegate) {
|
||||
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
|
||||
dbesc($delegate)
|
||||
);
|
||||
if($r && intval($r[0]['channel_id'])) {
|
||||
$allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate');
|
||||
if($allowed) {
|
||||
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
|
||||
$_SESSION['delegate'] = $x[0]['xchan_hash'];
|
||||
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
|
||||
change_channel($r[0]['channel_id']);
|
||||
$delegation_success = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
$_SESSION['authenticated'] = 1;
|
||||
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
|
||||
$_SESSION['my_url'] = $x[0]['xchan_url'];
|
||||
$_SESSION['my_address'] = $address;
|
||||
$_SESSION['remote_service_class'] = $remote_service_class;
|
||||
$_SESSION['remote_level'] = $remote_level;
|
||||
$_SESSION['remote_hub'] = $remote_hub;
|
||||
$_SESSION['DNT'] = $DNT;
|
||||
|
||||
if(! $delegation_success) {
|
||||
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
|
||||
$_SESSION['my_url'] = $x[0]['xchan_url'];
|
||||
$_SESSION['my_address'] = $address;
|
||||
$_SESSION['remote_service_class'] = $remote_service_class;
|
||||
$_SESSION['remote_level'] = $remote_level;
|
||||
$_SESSION['remote_hub'] = $remote_hub;
|
||||
$_SESSION['DNT'] = $DNT;
|
||||
}
|
||||
|
||||
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
|
||||
call_hooks('magic_auth_success',$arr);
|
||||
$a->set_observer($x[0]);
|
||||
|
||||
@ -19,6 +19,9 @@ function settings_init(&$a) {
|
||||
if(! local_channel())
|
||||
return;
|
||||
|
||||
if($_SESSION['delegate'])
|
||||
return;
|
||||
|
||||
$a->profile_uid = local_channel();
|
||||
|
||||
// default is channel settings in the absence of other arguments
|
||||
@ -39,6 +42,9 @@ function settings_post(&$a) {
|
||||
if(! local_channel())
|
||||
return;
|
||||
|
||||
if($_SESSION['delegate'])
|
||||
return;
|
||||
|
||||
$channel = $a->get_channel();
|
||||
|
||||
logger('mod_settings: ' . print_r($_REQUEST,true));
|
||||
@ -550,14 +556,14 @@ function settings_post(&$a) {
|
||||
}
|
||||
|
||||
|
||||
if(! function_exists('settings_content')) {
|
||||
|
||||
function settings_content(&$a) {
|
||||
|
||||
$o = '';
|
||||
nav_set_selected('settings');
|
||||
|
||||
|
||||
if(! local_channel()) {
|
||||
if((! local_channel()) || ($_SESSION['delegate'])) {
|
||||
notice( t('Permission denied.') . EOL );
|
||||
return login();
|
||||
}
|
||||
@ -1137,5 +1143,5 @@ function settings_content(&$a) {
|
||||
|
||||
return $o;
|
||||
}
|
||||
}}
|
||||
}
|
||||
|
||||
|
||||
@ -1 +1 @@
|
||||
2015-03-09.966
|
||||
2015-03-10.967
|
||||
|
||||
@ -23,4 +23,16 @@
|
||||
|
||||
<div class="channels-end all"></div>
|
||||
|
||||
{{if $delegates}}
|
||||
<hr />
|
||||
<h3>{{$delegate_header}}</h3>
|
||||
<div id="delegated-channels">
|
||||
{{foreach $delegates as $chn}}
|
||||
{{include file="channel.tpl" channel=$chn}}
|
||||
{{/foreach}}
|
||||
</div>
|
||||
|
||||
<div class="channels-end all"></div>
|
||||
{{/if}}
|
||||
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user