harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'dev' into perms

Browse Source
This commit is contained in:
redmatrix
2016-07-17 21:40:04 -07:00
parent 191cd21028 571b8cc85b
commit de4f9d68bd
43 changed files with 2703 additions and 2707 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Zotlabs/Module/Acl.php
View File

@@ -146,13 +146,40 @@ class Acl extends \Zotlabs\Web\Controller {
if(local_channel()) {
if($extra_channels_sql != '')
$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
$r2 = null;
$r1 = q("select * from atoken where atoken_uid = %d",
intval(local_channel())
);
if($r1) {
require_once('include/security.php');
$r2 = array();
foreach($r1 as $rr) {
$x = atoken_xchan($rr);
$r2[] = [
'id' => 'a' . $rr['atoken_id'] ,
'hash' => $x['xchan_hash'],
'name' => $x['xchan_name'],
'micro' => $x['xchan_photo_m'],
'url' => z_root(),
'nick' => $x['xchan_addr'],
'abook_their_perms' => 0,
'abook_flags' => 0,
'abook_self' => 0
];
}
}
$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
intval(local_channel())
);
if($r2)
$r = array_merge($r2,$r);
}
else { // Visitors
$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self

3
Zotlabs/Module/Cloud.php
View File

@@ -13,6 +13,9 @@ use \Zotlabs\Storage;
// composer autoloader for SabreDAV
require_once('vendor/autoload.php');
require_once('include/attach.php');
/**
* @brief Fires up the SabreDAV server.
*

1
Zotlabs/Module/Dav.php
View File

@@ -14,6 +14,7 @@ use \Zotlabs\Storage;
// composer autoloader for SabreDAV
require_once('vendor/autoload.php');
require_once('include/attach.php');
/**
* @brief Fires up the SabreDAV server.

2
Zotlabs/Module/Embedphotos.php
View File

@@ -159,7 +159,7 @@ function embedphotos_widget_album($args) {
'$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$profile['channel_address'] . '/upload/' . bin2hex($album)),
'$order' => false,
'$upload_form' => $upload_form,
'$usage' => $usage_message
'$no_fullscreen_btn' => true
));
return $o;

13
Zotlabs/Module/Home.php
View File

@@ -28,6 +28,19 @@ class Home extends \Zotlabs\Web\Controller {
goaway($dest);
}
if(remote_channel() && (! $splash) && $_SESSION['atoken']) {
$r = q("select * from atoken where atoken_id = %d",
intval($_SESSION['atoken'])
);
if($r) {
$x = channelx_by_n($r[0]['atoken_uid']);
if($x) {
goaway(z_root() . '/channel/' . $x['channel_address']);
}
}
}
if(get_account_id() && ! $splash) {
goaway(z_root() . '/new_channel');

35
Zotlabs/Module/Lockview.php
View File

@@ -1,17 +1,31 @@
<?php
namespace Zotlabs\Module;
require_once('include/security.php');
class Lockview extends \Zotlabs\Web\Controller {
function get() {
$atokens = array();
if(local_channel()) {
$at = q("select * from atoken where atoken_uid = %d",
intval(local_channel())
);
if($at) {
foreach($at as $t) {
$atokens[] = atoken_xchan($t);
}
}
}
$type = ((argc() > 1) ? argv(1) : 0);
if (is_numeric($type)) {
$item_id = intval($type);
$type='item';
} else {
}
else {
$item_id = ((argc() > 2) ? intval(argv(2)) : 0);
}
@@ -98,6 +112,13 @@ class Lockview extends \Zotlabs\Web\Controller {
if($r)
foreach($r as $rr)
$l[] = '<li>' . $rr['xchan_name'] . '</li>';
if($atokens) {
foreach($atokens as $at) {
if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) {
$l[] = '<li>' . $at['xchan_name'] . '</li>';
}
}
}
}
if(count($deny_groups)) {
$r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
@@ -110,6 +131,16 @@ class Lockview extends \Zotlabs\Web\Controller {
if($r)
foreach($r as $rr)
$l[] = '<li><strike>' . $rr['xchan_name'] . '</strike></li>';
if($atokens) {
foreach($atokens as $at) {
if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) {
$l[] = '<li><strike>' . $at['xchan_name'] . '</strike></li>';
}
}
}
}
echo $o . implode($l);

101
Zotlabs/Module/Settings.php
View File

@@ -117,6 +117,60 @@ class Settings extends \Zotlabs\Web\Controller {
build_sync_packet();
return;
}
if((argc() > 1) && (argv(1) == 'tokens')) {
check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
$token_errs = 0;
if(array_key_exists('token',$_POST)) {
$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
$name = trim(escape_tags($_POST['name']));
$token = trim($_POST['token']);
if((! $name) || (! $token))
$token_errs ++;
if(trim($_POST['expires']))
$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
else
$expires = NULL_DATE;
$max_atokens = service_class_fetch(local_channel(),'access_tokens');
if($max_atokens) {
$r = q("select count(atoken_id) as total where atoken_uid = %d",
intval(local_channel())
);
if($r && intval($r[0]['total']) >= $max_tokens) {
notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL);
return;
}
}
}
if($token_errs) {
notice( t('Name and Password are required.') . EOL);
return;
}
if($atoken_id) {
$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s'
where atoken_id = %d and atoken_uid = %d",
dbesc($name),
dbesc($token),
dbesc($expires),
intval($atoken_id),
intval($channel['channel_id'])
);
}
else {
$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
values ( %d, %d, '%s', '%s', '%s' ) ",
intval($channel['channel_account_id']),
intval($channel['channel_id']),
dbesc($name),
dbesc($token),
dbesc($expires)
);
}
info( t('Token saved.') . EOL);
return;
}
@@ -706,6 +760,53 @@ class Settings extends \Zotlabs\Web\Controller {
));
return $o;
}
if((argc() > 1) && (argv(1) === 'tokens')) {
$atoken = null;
if(argc() > 2) {
$id = argv(2);
$atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d",
intval($id),
intval(local_channel())
);
if($atoken)
$atoken = $atoken[0];
if($atoken && argc() > 3 && argv(3) === 'drop') {
$r = q("delete from atoken where atoken_id = %d",
intval($id)
);
}
}
$t = q("select * from atoken where atoken_uid = %d",
intval(local_channel())
);
$desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access the private content.');
$desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');
$tpl = get_markup_template("settings_tokens.tpl");
$o .= replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("settings_tokens"),
'$title' => t('Guest Access Tokens'),
'$desc' => $desc,
'$desc2' => $desc2,
'$tokens' => $t,
'$atoken' => $atoken,
'$url1' => z_root() . '/channel/' . $channel['channel_address'],
'$url2' => z_root() . '/photos/' . $channel['channel_address'],
'$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''),
'$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''),
'$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] != NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''),
'$submit' => t('Submit')
));
return $o;
}