Implements a new permission level PERMS_PENDING

With this a user can allow some action to any user which connects to them, even before they've connected back. Ref. https://mobiliza.org.br/display/478d9e71eaf55748dc646d3990651d6d34cfb7db5c38360538ec730ca3ccf908@zothub.com Also some code cleanup and an alternative logic for handling notifications of permission changes in zot.php. This assumes that private posts are still restricted to people in your addressbook. Regardless of your global permissions, a pending channel won't get private posts, even if the post only has a deny clause not matching the pending channel.
2014-06-17 04:26:18 -03:00 · 2014-06-17 04:26:18 -03:00 · b20887995a
commit b20887995a
parent c012c648e0
7 changed files with 132 additions and 115 deletions
--- a/boot.php
+++ b/boot.php
@ -289,6 +289,7 @@ define ( 'PERMS_SITE'       , 0x0004 );
 define ( 'PERMS_CONTACTS'   , 0x0008 );
 define ( 'PERMS_SPECIFIC'   , 0x0080 );
 define ( 'PERMS_AUTHED'     , 0x0100 );
 define ( 'PERMS_PENDING'    , 0x0200 );
 // Address book flags
--- a/include/items.php
+++ b/include/items.php
@ -943,6 +943,8 @@ function map_scope($scope) {
 			return 'network: red';
 		case PERMS_SITE:
 			return 'site: ' . get_app()->get_hostname();
 		case PERMS_PENDING:
 			return 'any connections';
 		case PERMS_CONTACTS:
 		default:
 			return 'contacts';
--- a/include/permissions.php
+++ b/include/permissions.php
@ -177,8 +177,8 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
 			continue;
 		}	
-		// If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book
+		// From here on we require that the observer be a connection and
-		// $x is a valid address book entry
+		// handle whether we're allowing any, approved or specific ones
 		if(! $x) {
 			$ret[$perm_name] = false;
@ -187,22 +187,26 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
 		// They are in your address book, but haven't been approved
 		if($r[0][$channel_perm] & PERMS_PENDING) {
 			$ret[$perm_name] = true;
 			continue;
 		}
 		if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) {
 			$ret[$perm_name] = false;
 			continue;
 		}
 		if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) {
 		// They're a contact, so they have permission
 		if($r[0][$channel_perm] & PERMS_CONTACTS) {
 			$ret[$perm_name] = true;
 			continue;
 		}
 		// Permission granted to certain channels. Let's see if the observer is one of them
-		if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) {
+		if($r[0][$channel_perm] & PERMS_SPECIFIC) {
 			if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) {
 				$ret[$perm_name] = true;
 				continue;
@ -216,7 +220,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
 	}
 	$arr = array(
 		'channel_id'    => $uid,
 		'observer_hash' => $observer_xchan,
@ -229,7 +232,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
 function perm_is_allowed($uid,$observer_xchan,$permission) {
 	$arr = array(
 		'channel_id'    => $uid,
 		'observer_hash' => $observer_xchan,
@ -280,7 +282,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
 		}
 	}
 	// Check if this $uid is actually the $observer_xchan
 	if($r[0]['channel_hash'] === $observer_xchan)
@ -314,14 +315,25 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
 		return false;
 	}
 	// From here on we require that the observer be a connection and
 	// handle whether we're allowing any, approved or specific ones
 	if(! $x) {
 		return false;
 	}
 	// They are in your address book, but haven't been approved
 	if($r[0][$channel_perm] & PERMS_PENDING) {
 		return true;
 	}
 	if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) {
 		return false;
 	}
 	// They're a contact, so they have permission
 	if($r[0][$channel_perm] & PERMS_CONTACTS) {
 		return true;
 	}
@ -333,13 +345,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
 			return true;
 	}
 	// No permissions allowed.
 	return false;		
 }
@ -356,7 +364,6 @@ function check_list_permissions($uid,$arr,$perm) {
 }
 function site_default_perms() {
 	$typical = array(
@ -378,7 +385,6 @@ function site_default_perms() {
 		'delegate'      => 0,
 	);
 	$global_perms = get_perms();
 	$ret = array();
--- a/include/security.php
+++ b/include/security.php
@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) {
 // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the 
-// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. 
+// public_timeline, and we can use this in a community page by making
 // $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. 
 // Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
 // We always include yourself if logged in because you can always see your own posts
 // resolving granular permissions for the observer against every person and every post on the site
 // will likely be too expensive. 
 // Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
-function stream_perms_api_uids($perms_min = PERMS_SITE) {
+function stream_perms_api_uids($perms = NULL ) {
 	$perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
 	$ret = array();
 	if(local_user())
 		$ret[] = local_user();
-	$r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
+	$r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
-		intval($perms_min),
+		intval($perms),
 		intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
 	);
 	if($r)
@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) {
 	return $str;
 }
-function stream_perms_xchans($perms_min = PERMS_SITE) {
+function stream_perms_xchans($perms = NULL ) {
 	$perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
 	$ret = array();
 	if(local_user())
 		$ret[] = get_observer_hash();
-	$r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
+	$r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
-		intval($perms_min),
+		intval($perms),
 		intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED)
 	);
 	if($r)
--- a/include/zot.php
+++ b/include/zot.php
@ -314,11 +314,8 @@ function zot_refresh($them,$channel = null, $force = false) {
 		if(! $x['success'])
 			return false;
 		$xchan_hash = $x['hash'];
 		$their_perms = 0;
 		if($channel) {
 			$global_perms = get_perms();
 			if($j['permissions']['data']) {
@ -417,6 +414,9 @@ function zot_refresh($them,$channel = null, $force = false) {
 				if($z)
 					$default_perms = intval($z[0]['abook_my_perms']);		
 				// Keep original perms to check if we need to notify them
 				$previous_perms = get_all_perms($channel['channel_id'],$x['hash']);
 				$y = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_flags ) values ( %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )",
 					intval($channel['channel_account_id']),
 					intval($channel['channel_id']),
@ -431,8 +431,9 @@ function zot_refresh($them,$channel = null, $force = false) {
 				if($y) {
 					logger("New introduction received for {$channel['channel_name']}");
-					if($default_perms) {
+					$new_perms = get_all_perms($channel['channel_id'],$x['hash']);
-						// send back a permissions update for auto-friend/auto-permissions
+					if($new_perms != $previous_perms) {
 						// Send back a permissions update if permissions have changed
 						$z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1",
 							dbesc($x['hash']),
 							intval($channel['channel_id']),
@ -455,8 +456,11 @@ function zot_refresh($them,$channel = null, $force = false) {
 						));
 					}
-					if($new_connection && (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) && ($their_perms & PERMS_R_STREAM))
+					if($new_connection && ($their_perms & PERMS_R_STREAM)) {
 						if(($channel['channel_w_stream'] & PERMS_PENDING)
 							|| (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) )
 							proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']); 
 					}
 				}
 			}
@ -1329,7 +1333,7 @@ function public_recips($msg) {
 	if(! $r)
 		$r = array();
-	$x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " )  and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_CONTACTS . " ) ",
+	$x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " )  and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ",
 		dbesc($msg['notify']['sender']['hash'])
 	); 
--- a/mod/settings.php
+++ b/mod/settings.php
@ -792,7 +792,8 @@ function settings_content(&$a) {
 		$perm_opts = array(
 			array( t('Nobody except yourself'), 0),
 			array( t('Only those you specifically allow'), PERMS_SPECIFIC), 
-			array( t('Anybody in your address book'), PERMS_CONTACTS),
+			array( t('Approved connections'), PERMS_CONTACTS),
 			array( t('Any connections'), PERMS_PENDING),
 			array( t('Anybody on this website'), PERMS_SITE),
 			array( t('Anybody in this network'), PERMS_NETWORK),
 			array( t('Anybody authenticated'), PERMS_AUTHED),
--- a/view/js/mod_settings.js
+++ b/view/js/mod_settings.js
@ -72,12 +72,12 @@ function channel_privacy_macro(n) {
 		$('#id_profile_in_directory').val(0);
 	}
 	if(n == 2) {
-        $('#id_view_stream option').eq(6).attr('selected','selected');
+		$('#id_view_stream option').eq(7).attr('selected','selected');
-        $('#id_view_profile option').eq(6).attr('selected','selected');
+		$('#id_view_profile option').eq(7).attr('selected','selected');
-        $('#id_view_photos option').eq(6).attr('selected','selected');
+		$('#id_view_photos option').eq(7).attr('selected','selected');
-        $('#id_view_contacts option').eq(6).attr('selected','selected');
+		$('#id_view_contacts option').eq(7).attr('selected','selected');
-        $('#id_view_storage option').eq(6).attr('selected','selected');
+		$('#id_view_storage option').eq(7).attr('selected','selected');
-        $('#id_view_pages option').eq(6).attr('selected','selected');
+		$('#id_view_pages option').eq(7).attr('selected','selected');
 		$('#id_send_stream option').eq(2).attr('selected','selected');
 		$('#id_post_wall option').eq(1).attr('selected','selected');
 		$('#id_post_comments option').eq(2).attr('selected','selected');
@ -95,30 +95,28 @@ function channel_privacy_macro(n) {
 		$('#id_profile_in_directory').val(1);
 	}
 	if(n == 3) {
-        $('#id_view_stream option').eq(6).attr('selected','selected');
+		$('#id_view_stream option').eq(7).attr('selected','selected');
-        $('#id_view_profile option').eq(6).attr('selected','selected');
+		$('#id_view_profile option').eq(7).attr('selected','selected');
-        $('#id_view_photos option').eq(6).attr('selected','selected');
+		$('#id_view_photos option').eq(7).attr('selected','selected');
-        $('#id_view_contacts option').eq(6).attr('selected','selected');
+		$('#id_view_contacts option').eq(7).attr('selected','selected');
-        $('#id_view_storage option').eq(6).attr('selected','selected');
+		$('#id_view_storage option').eq(7).attr('selected','selected');
-        $('#id_view_pages option').eq(6).attr('selected','selected');
+		$('#id_view_pages option').eq(7).attr('selected','selected');
-        $('#id_send_stream option').eq(4).attr('selected','selected');
+		$('#id_send_stream option').eq(5).attr('selected','selected');
-        $('#id_post_wall option').eq(4).attr('selected','selected');
+		$('#id_post_wall option').eq(5).attr('selected','selected');
-        $('#id_post_comments option').eq(4).attr('selected','selected');
+		$('#id_post_comments option').eq(5).attr('selected','selected');
-        $('#id_post_mail option').eq(4).attr('selected','selected');
+		$('#id_post_mail option').eq(5).attr('selected','selected');
 		$('#id_post_photos option').eq(2).attr('selected','selected');
 		$('#id_tag_deliver option').eq(1).attr('selected','selected');
-        $('#id_chat option').eq(4).attr('selected','selected');
+		$('#id_chat option').eq(5).attr('selected','selected');
 		$('#id_write_storage option').eq(2).attr('selected','selected');
 		$('#id_write_pages option').eq(2).attr('selected','selected');
 		$('#id_delegate option').eq(0).attr('selected','selected');
-		$('#id_republish option').eq(4).attr('selected','selected');
+		$('#id_republish option').eq(5).attr('selected','selected');
-		$('#id_bookmark option').eq(4).attr('selected','selected');
+		$('#id_bookmark option').eq(5).attr('selected','selected');
 		$('#id_profile_in_directory_onoff .on').removeClass('hidden');
 		$('#id_profile_in_directory_onoff .off').addClass('hidden');
 		$('#id_profile_in_directory').val(1);
 	}
 }