Create virtual privacy groups for private profile member lists

2017-02-12 15:56:33 -08:00 · 2017-02-12 15:56:33 -08:00 · ccdfbc721f
commit ccdfbc721f
parent bc3605a502
9 changed files with 1346 additions and 1213 deletions
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@ -104,6 +104,23 @@ class Acl extends \Zotlabs\Web\Controller {
 		if($type == '' || $type == 'g') {
 			$r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d",
 				intval(local_channel())
 			);	
 			if($r) {
 				foreach($r as $rv) {
 					$groups[] = array(
 						"type"  => "g",
 						"photo" => "images/twopeople.png",
 						"name"  => t('Profile','acl') . ' ' . $rv['profile_name'],
 						"id"	=> 'vp' . $rv['id'],
 						"xid"   => 'vp.' . $rv['profile_guid'],
 						"uids"  => group_get_profile_members_xchan(local_channel(), $rv['id']),
 						"link"  => ''
 					);
 				}
 			}
 			$r = q("SELECT groups.id, groups.hash, groups.gname
 					FROM groups, group_member 
 					WHERE groups.deleted = 0 AND groups.uid = %d 
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@ -245,14 +245,6 @@ class Connedit extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 		if($orig_record[0]['abook_profile'] != $profile_id) {
 			//Update profile photo permissions
 			logger('A new profile was assigned - updating profile photos');
 			profile_photo_set_profile_perms(local_channel(),$profile_id);
 		}
 		if($r)
 			info( t('Connection updated.') . EOL);
 		else
--- a/Zotlabs/Module/Profile_photo.php
+++ b/Zotlabs/Module/Profile_photo.php
@ -180,6 +180,10 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 						dbesc(datetime_convert()),
 						dbesc($channel['xchan_hash'])
 					);
 					photo_profile_setperms(local_channel(),$base_image['resource_id'],$_REQUEST['profile']);
 					// Similarly, tell the nav bar to bypass the cache and update the avater image.
 					$_SESSION['reload_avatar'] = true;
@ -188,9 +192,6 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 					// Update directory in background
 					\Zotlabs\Daemon\Master::Summon(array('Directory',$channel['channel_id']));
 					// Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
 					profile_photo_set_profile_perms(local_channel(),$_REQUEST['profile']);	
 				}
 				else
 					notice( t('Unable to process image') . EOL);
@ -338,7 +339,8 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 					dbesc($channel['xchan_hash'])
 				);
-				profile_photo_set_profile_perms(local_channel()); // Reset default photo permissions to public
+				photo_profile_setperms(local_channel(),$resource_id,$_REQUEST['profile']);
 				\Zotlabs\Daemon\Master::Summon(array('Directory',local_channel()));
 				goaway(z_root() . '/profiles');
 			}
--- a/Zotlabs/Module/Profperm.php
+++ b/Zotlabs/Module/Profperm.php
@ -94,12 +94,8 @@ class Profperm extends \Zotlabs\Web\Controller {
 				}
-	
+				$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash 
-				//Time to update the permissions on the profile-pictures as well
+					WHERE abook_channel = %d AND abook_profile = '%s'",
 				profile_photo_set_profile_perms(local_channel(),$profile['id']);
 				$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'",
 					intval(local_channel()),
 					dbesc($profile['profile_guid'])
 				);
--- a/include/attach.php
+++ b/include/attach.php
@ -33,6 +33,8 @@ function z_mime_content_type($filename) {
 	'html' => 'text/html',
 	'php'  => 'text/html',
 	'css'  => 'text/css',
 	'md'   => 'text/markdown',
 	'bb'   => 'text/bbcode',
 	'js'   => 'application/javascript',
 	'json' => 'application/json',
 	'xml'  => 'application/xml',
--- a/include/group.php
+++ b/include/group.php
@ -227,6 +227,26 @@ function group_get_members_xchan($gid) {
 	return $ret;
 }
 function group_get_profile_members_xchan($uid,$gid) {
 	$ret = [];
 	if(intval($gid)) {
 		$r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d",
 			intval($gid),
 			intval($uid)
 		);
 		if($r) {
 			foreach($r as $rr) {
 				$ret[] = $rr['xchan'];
 			}
 		}
 	}
 	return $ret;
 }
 function mini_group_select($uid,$group = '') {
 	$grps = array();
@ -320,20 +340,46 @@ function group_side($every="connections",$each="group",$edit = false, $group_id
 	return $o;
 }
-function expand_groups($a) {
+function expand_groups($g) {
-	if(! (is_array($a) && count($a)))
+	if(! (is_array($g) && count($g)))
 		return array();
-	$x = $a;
+
 	$ret = [];
 	$x   = [];
 	// private profile linked virtual groups
 	foreach($g as $gv) {
 		if(substr($gv,0,3) === 'vp.') {
 			$profile_hash = substr($gv,3);
 			if($profile_hash) {
 				$r = q("select abook_xchan from abook where abook_profile = '%s'",
 					dbesc($profile_hash)
 				);
 				if($r) {
 					foreach($r as $rv) {
 						$ret[] = $rv['abook_xchan'];
 					}
 				}
 			}
 		}
 		else {
 			$x[] = $gv;
 		}
 	}								 
 	if($x) {
 		stringify_array_elms($x,true);
 		$groups = implode(',', $x);
-
+		if($groups) {
 	if($groups)
 			$r = q("SELECT xchan FROM group_member WHERE gid IN ( select id from groups where hash in ( $groups ))");
-	$ret = array();
+			if($r) {
-
+				foreach($r as $rr) {
 	if($r)
 		foreach($r as $rr)
 					$ret[] = $rr['xchan'];
 				}
 			}
 		}
 	}
 	return $ret;
 }
--- a/include/photos.php
+++ b/include/photos.php
@ -718,10 +718,59 @@ function gps2Num($coordPart) {
    return floatval($parts[0]) / floatval($parts[1]);
 }
 function photo_profile_setperms($channel_id,$resource_id,$profile_id) {
 	if(! $profile_id)
 		return;
 	$r = q("select profile_guid, is_default from profile where id = %d and uid = %d limit 1",
 		dbesc($profile_id),
 		intval($channel_id)
 	); 
 	if(! $r)
 		return;
 	$is_default   = $r[0]['is_default'];
 	$profile_guid = $r[0]['profile_guid'];
 	if($is_default) {
 		$r = q("update photo set allow_cid = '', allow_gid = '', deny_cid = '', deny_gid = '' 
 			where resource_id = '%s' and uid = %d",
 			dbesc($resource_id),
 			intval($channel_id)
 		);
 		$r = q("update attach set allow_cid = '', allow_gid = '', deny_cid = '', deny_gid = '' 
 			where hash = '%s' and uid = %d",
 			dbesc($resource_id),
 			intval($channel_id)
 		);
 	}
 	else {
 		$r = q("update photo set allow_cid = '', allow_gid = '%s', deny_cid = '', deny_gid = '' 
 			where resource_id = '%s' and uid = %d",
 			dbesc('vp.' . $profile_guid),
 			dbesc($resource_id),
 			intval($channel_id)
 		);
 		$r = q("update attach set allow_cid = '', allow_gid = '%s', deny_cid = '', deny_gid = '' 
 			where hash = '%s' and uid = %d",
 			dbesc('vp.' . $profile_guid),
 			dbesc($resource_id),
 			intval($channel_id)
 		);
 	}
 }
 function profile_photo_set_profile_perms($uid, $profileid = 0) {
 	$allowcid = '';
 	if($profileid) {
 			$r = q("SELECT photo, profile_guid, id, is_default, uid
 				FROM profile WHERE uid = %d and ( profile.id = %d OR profile.profile_guid = '%s') LIMIT 1",
 				intval($uid),
--- a/include/security.php
+++ b/include/security.php
@ -553,7 +553,21 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
 // var $contact_id = xchan_hash of connection
 function init_groups_visitor($contact_id) {
-	$groups = array();
+	$groups = [];
 	// private profiles are treated as a virtual group
 	$r = q("SELECT abook_profile from abook where abook_xchan = '%s' and abook_profile != '' ",
 		dbesc($contact_id)
 	);
 	if($r) {
 		foreach($r as $rv) {
 			$groups[] = 'vp.' . $rv['abook_profile'];
 		}
 	}
 	// physical groups this channel is a member of
 	$r = q("SELECT hash FROM groups left join group_member on groups.id = group_member.gid WHERE xchan = '%s' ",
 		dbesc($contact_id)
 	);
--- a/util/hmessages.po
+++ b/util/hmessages.po