permission fixes
This commit is contained in:
redmatrix
parent
237cca7a0d
commit
a961d5e6c8
@ -78,22 +78,13 @@ class PermissionDescription {
|
||||
|
||||
$result = null;
|
||||
|
||||
$global_perms = get_perms();
|
||||
$global_perms = \Zotlabs\Access\Permissions::Perms();
|
||||
|
||||
if (array_key_exists($permname, $global_perms)) {
|
||||
|
||||
$permDetails = $global_perms[$permname];
|
||||
$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'],$permname);
|
||||
|
||||
// It should be OK to always just read the permissions from App::$channel
|
||||
//
|
||||
// App::$profile is a union of channel and profile fields.
|
||||
// The distinction is basically that App::$profile is pointing to the resource
|
||||
// being observed. App::$channel is referring to the current logged-in channel
|
||||
// member (if this is a local channel) e.g. the observer. We only show the ACL
|
||||
// widget to the page owner (observer and observed are the same) so in that case
|
||||
// I believe either may be safely used here.
|
||||
$channelPerm = \App::$channel[$permDetails[0]];
|
||||
$result = new PermissionDescription($permDetails[1], $channelPerm);
|
||||
$result = new PermissionDescription('', $channelPerm);
|
||||
} else {
|
||||
// The acl dialog can handle null arguments, but it shouldn't happen
|
||||
logger('null PermissionDescription from unknown global permission: ' . $permname ,LOGGER_DEBUG, LOG_ERROR);
|
||||
|
||||
@ -317,8 +317,10 @@ class Item extends \Zotlabs\Web\Controller {
|
||||
|
||||
$acl = new \Zotlabs\Access\AccessList($channel);
|
||||
|
||||
$view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream');
|
||||
$comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments');
|
||||
|
||||
$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
|
||||
$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($view_policy,true));
|
||||
if($webpage)
|
||||
$public_policy = '';
|
||||
if($public_policy)
|
||||
@ -810,7 +812,7 @@ class Item extends \Zotlabs\Web\Controller {
|
||||
|
||||
$datarray['layout_mid'] = $layout_mid;
|
||||
$datarray['public_policy'] = $public_policy;
|
||||
$datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
|
||||
$datarray['comment_policy'] = map_scope($comment_policy);
|
||||
$datarray['term'] = $post_tags;
|
||||
$datarray['plink'] = $plink;
|
||||
$datarray['route'] = $route;
|
||||
|
||||
@ -708,7 +708,7 @@ class Profiles extends \Zotlabs\Web\Controller {
|
||||
'$profile_id' => $r[0]['id'],
|
||||
'$profile_name' => array('profile_name', t('Profile name'), $r[0]['profile_name'], t('Required'), '*'),
|
||||
'$is_default' => $is_default,
|
||||
'$default' => t('This is your default profile.') . EOL . translate_scope(map_scope($channel['channel_r_profile'])),
|
||||
'$default' => t('This is your default profile.') . EOL . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))),
|
||||
'$advanced' => $advanced,
|
||||
'$name' => array('name', t('Your full name'), $r[0]['fullname'], t('Required'), '*'),
|
||||
'$pdesc' => array('pdesc', t('Title/Description'), $r[0]['pdesc']),
|
||||
@ -767,7 +767,7 @@ class Profiles extends \Zotlabs\Web\Controller {
|
||||
'$alt' => t('Profile Image'),
|
||||
'$profile_name' => $rr['profile_name'],
|
||||
'$visible' => (($rr['is_default'])
|
||||
? '<strong>' . translate_scope(map_scope($channel['channel_r_profile'])) . '</strong>'
|
||||
? '<strong>' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '</strong>'
|
||||
: '<a href="' . z_root() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
|
||||
));
|
||||
}
|
||||
|
||||
1
boot.php
1
boot.php
@ -2449,6 +2449,7 @@ function check_cron_broken() {
|
||||
|
||||
if((! $d) || ($d < datetime_convert('UTC','UTC','now - 4 hours'))) {
|
||||
Zotlabs\Daemon\Master::Summon(array('Cron'));
|
||||
set_config('system','lastcron',datetime_convert());
|
||||
}
|
||||
|
||||
$t = get_config('system','lastcroncheck');
|
||||
|
||||
@ -385,7 +385,7 @@ function post_activity_item($arr) {
|
||||
return $ret;
|
||||
}
|
||||
|
||||
$arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
|
||||
$arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true));
|
||||
if($arr['public_policy'])
|
||||
$arr['item_private'] = 1;
|
||||
|
||||
@ -421,7 +421,7 @@ function post_activity_item($arr) {
|
||||
$arr['deny_cid'] = ((x($arr,'deny_cid')) ? $arr['deny_cid'] : $channel['channel_deny_cid']);
|
||||
$arr['deny_gid'] = ((x($arr,'deny_gid')) ? $arr['deny_gid'] : $channel['channel_deny_gid']);
|
||||
|
||||
$arr['comment_policy'] = map_scope($channel['channel_w_comment']);
|
||||
$arr['comment_policy'] = map_scope(\Zotlabs\Access/PermissionLimits::Get($channel['channel_id'],'post_comments'));
|
||||
|
||||
if ((! $arr['plink']) && (intval($arr['item_thread_top']))) {
|
||||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
@ -970,12 +970,12 @@ function encode_item($item,$mirror = false) {
|
||||
|
||||
// logger('encode_item: ' . print_r($item,true));
|
||||
|
||||
$r = q("select channel_r_stream, channel_w_comment from channel where channel_id = %d limit 1",
|
||||
$r = q("select channel_id from channel where channel_id = %d limit 1",
|
||||
intval($item['uid'])
|
||||
);
|
||||
|
||||
if($r)
|
||||
$comment_scope = $r[0]['channel_w_comment'];
|
||||
$comment_scope = \Zotlabs\Access\PermissionLimits::Get($item['uid'],'post_comments');
|
||||
else
|
||||
$comment_scope = 0;
|
||||
|
||||
@ -2761,7 +2761,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent) {
|
||||
$private = (($channel['channel_allow_cid'] || $channel['channel_allow_gid']
|
||||
|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 1 : 0);
|
||||
|
||||
$new_public_policy = map_scope($channel['channel_r_stream'],true);
|
||||
$new_public_policy = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true);
|
||||
|
||||
if((! $private) && $new_public_policy)
|
||||
$private = 1;
|
||||
@ -2806,7 +2806,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent) {
|
||||
dbesc($channel['channel_deny_gid']),
|
||||
intval($private),
|
||||
dbesc($new_public_policy),
|
||||
dbesc(map_scope($channel['channel_w_comment'])),
|
||||
dbesc(map_scope(\Zotlabs\Access\PermissionLimits($channel['channel_id'],'post_comments'))),
|
||||
dbesc($title),
|
||||
dbesc($body),
|
||||
intval($item_wall),
|
||||
|
||||
@ -412,7 +412,7 @@ function photo_upload($channel, $observer, $args) {
|
||||
// in the photos pages - using the photos permissions instead. We need the public policy to keep the photo
|
||||
// linked item from leaking into the feed when somebody has a channel with read_stream restrictions.
|
||||
|
||||
$arr['public_policy'] = map_scope($channel['channel_r_stream'],true);
|
||||
$arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true);
|
||||
if($arr['public_policy'])
|
||||
$arr['item_private'] = 1;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user