Create virtual privacy groups for private profile member lists

Zotlabs/Module/Acl.php

@@ -104,6 +104,23 @@ class Acl extends \Zotlabs\Web\Controller {
 		
 		if($type == '' || $type == 'g') {
 
+			$r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d",
+				intval(local_channel())
+			);	
+			if($r) {
+				foreach($r as $rv) {
+					$groups[] = array(
+						"type"  => "g",
+						"photo" => "images/twopeople.png",
+						"name"  => t('Profile','acl') . ' ' . $rv['profile_name'],
+						"id"	=> 'vp' . $rv['id'],
+						"xid"   => 'vp.' . $rv['profile_guid'],
+						"uids"  => group_get_profile_members_xchan(local_channel(), $rv['id']),
+						"link"  => ''
+					);
+				}
+			}
+
 			$r = q("SELECT groups.id, groups.hash, groups.gname
 					FROM groups, group_member 
 					WHERE groups.deleted = 0 AND groups.uid = %d 

Zotlabs/Module/Connedit.php

@@ -245,14 +245,6 @@ class Connedit extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 	
-		if($orig_record[0]['abook_profile'] != $profile_id) {
-			//Update profile photo permissions
-	
-			logger('A new profile was assigned - updating profile photos');
-			profile_photo_set_profile_perms(local_channel(),$profile_id);
-	
-		}
-	
 		if($r)
 			info( t('Connection updated.') . EOL);
 		else

Zotlabs/Module/Profile_photo.php

@@ -180,6 +180,10 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 						dbesc(datetime_convert()),
 						dbesc($channel['xchan_hash'])
 					);
+
+					photo_profile_setperms(local_channel(),$base_image['resource_id'],$_REQUEST['profile']);
+
+
 					// Similarly, tell the nav bar to bypass the cache and update the avater image.
 					$_SESSION['reload_avatar'] = true;
 	
@@ -188,9 +192,6 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 					// Update directory in background
 					\Zotlabs\Daemon\Master::Summon(array('Directory',$channel['channel_id']));
 	
-					// Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
-	
-					profile_photo_set_profile_perms(local_channel(),$_REQUEST['profile']);	
 				}
 				else
 					notice( t('Unable to process image') . EOL);
@@ -338,7 +339,8 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 					dbesc($channel['xchan_hash'])
 				);
 	
-				profile_photo_set_profile_perms(local_channel()); // Reset default photo permissions to public
+				photo_profile_setperms(local_channel(),$resource_id,$_REQUEST['profile']);
+
 				\Zotlabs\Daemon\Master::Summon(array('Directory',local_channel()));
 				goaway(z_root() . '/profiles');
 			}

Zotlabs/Module/Profperm.php

@@ -94,12 +94,8 @@ class Profperm extends \Zotlabs\Web\Controller {
 	
 				}
 	
-	
-				//Time to update the permissions on the profile-pictures as well
-
-				profile_photo_set_profile_perms(local_channel(),$profile['id']);
-	
-				$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'",
+				$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash 
+					WHERE abook_channel = %d AND abook_profile = '%s'",
 					intval(local_channel()),
 					dbesc($profile['profile_guid'])
 				);

include/attach.php

@@ -33,6 +33,8 @@ function z_mime_content_type($filename) {
 	'html' => 'text/html',
 	'php'  => 'text/html',
 	'css'  => 'text/css',
+	'md'   => 'text/markdown',
+	'bb'   => 'text/bbcode',
 	'js'   => 'application/javascript',
 	'json' => 'application/json',
 	'xml'  => 'application/xml',

include/group.php

@@ -227,6 +227,26 @@ function group_get_members_xchan($gid) {
 	return $ret;
 }
 
+function group_get_profile_members_xchan($uid,$gid) {
+	$ret = [];
+
+	if(intval($gid)) {
+		$r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d",
+			intval($gid),
+			intval($uid)
+		);
+		if($r) {
+			foreach($r as $rr) {
+				$ret[] = $rr['xchan'];
+			}
+		}
+	}
+	return $ret;
+}
+
+
+
+
 function mini_group_select($uid,$group = '') {
 	
 	$grps = array();
@@ -320,20 +340,46 @@ function group_side($every="connections",$each="group",$edit = false, $group_id
 	return $o;
 }
 
-function expand_groups($a) {
-	if(! (is_array($a) && count($a)))
+function expand_groups($g) {
+	if(! (is_array($g) && count($g)))
 		return array();
-	$x = $a;
+
+	$ret = [];
+	$x   = [];
+
+	// private profile linked virtual groups
+
+	foreach($g as $gv) {
+		if(substr($gv,0,3) === 'vp.') {
+			$profile_hash = substr($gv,3);
+			if($profile_hash) {
+				$r = q("select abook_xchan from abook where abook_profile = '%s'",
+					dbesc($profile_hash)
+				);
+				if($r) {
+					foreach($r as $rv) {
+						$ret[] = $rv['abook_xchan'];
+					}
+				}
+			}
+		}
+		else {
+			$x[] = $gv;
+		}
+	}								 
+
+	if($x) {
 		stringify_array_elms($x,true);
 		$groups = implode(',', $x);
-
-	if($groups)
+		if($groups) {
 			$r = q("SELECT xchan FROM group_member WHERE gid IN ( select id from groups where hash in ( $groups ))");
-	$ret = array();
-
-	if($r)
-		foreach($r as $rr)
+			if($r) {
+				foreach($r as $rr) {
 					$ret[] = $rr['xchan'];
+				}
+			}
+		}
+	}
 	return $ret;
 }
 

include/photos.php

@@ -718,10 +718,59 @@ function gps2Num($coordPart) {
     return floatval($parts[0]) / floatval($parts[1]);
 }
 
+
+function photo_profile_setperms($channel_id,$resource_id,$profile_id) {
+
+	if(! $profile_id)
+		return;
+
+	$r = q("select profile_guid, is_default from profile where id = %d and uid = %d limit 1",
+		dbesc($profile_id),
+		intval($channel_id)
+	); 
+
+	if(! $r)
+		return;
+
+	$is_default   = $r[0]['is_default'];
+	$profile_guid = $r[0]['profile_guid'];
+
+	if($is_default) {
+		$r = q("update photo set allow_cid = '', allow_gid = '', deny_cid = '', deny_gid = '' 
+			where resource_id = '%s' and uid = %d",
+			dbesc($resource_id),
+			intval($channel_id)
+		);
+		$r = q("update attach set allow_cid = '', allow_gid = '', deny_cid = '', deny_gid = '' 
+			where hash = '%s' and uid = %d",
+			dbesc($resource_id),
+			intval($channel_id)
+		);
+	}
+	else {
+		$r = q("update photo set allow_cid = '', allow_gid = '%s', deny_cid = '', deny_gid = '' 
+			where resource_id = '%s' and uid = %d",
+			dbesc('vp.' . $profile_guid),
+			dbesc($resource_id),
+			intval($channel_id)
+		);
+
+		$r = q("update attach set allow_cid = '', allow_gid = '%s', deny_cid = '', deny_gid = '' 
+			where hash = '%s' and uid = %d",
+			dbesc('vp.' . $profile_guid),
+			dbesc($resource_id),
+			intval($channel_id)
+		);
+	}
+}
+
 function profile_photo_set_profile_perms($uid, $profileid = 0) {
 
 	$allowcid = '';
+
+
 	if($profileid) {
+
 			$r = q("SELECT photo, profile_guid, id, is_default, uid
 				FROM profile WHERE uid = %d and ( profile.id = %d OR profile.profile_guid = '%s') LIMIT 1",
 				intval($uid),

include/security.php

@@ -553,7 +553,21 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
 // var $contact_id = xchan_hash of connection
 
 function init_groups_visitor($contact_id) {
-	$groups = array();
+	$groups = [];
+
+	// private profiles are treated as a virtual group
+
+	$r = q("SELECT abook_profile from abook where abook_xchan = '%s' and abook_profile != '' ",
+		dbesc($contact_id)
+	);
+	if($r) {
+		foreach($r as $rv) {
+			$groups[] = 'vp.' . $rv['abook_profile'];
+		}
+	}
+
+	// physical groups this channel is a member of
+
 	$r = q("SELECT hash FROM groups left join group_member on groups.id = group_member.gid WHERE xchan = '%s' ",
 		dbesc($contact_id)
 	);