harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

start to whip the permissions into shape, also got rid of the mce drop shadow until we can figure out how to do it without the ugly black bars. I tend to prefer "outy" shadows over "inny" shadows anyway, but maybe that's just me.

Browse Source
This commit is contained in:
friendica
2012-12-09 18:07:36 -08:00
parent 7f77670649
commit f8c33243bf
8 changed files with 45 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/ConversationObject.php
View File

@@ -33,6 +33,9 @@ class Conversation extends BaseObject {
$a = $this->get_app();
$observer = $a->get_observer();
$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
switch($mode) {
case 'network':
$this->profile_owner = local_user();
@@ -40,11 +43,11 @@ class Conversation extends BaseObject {
break;
case 'channel':
$this->profile_owner = $a->profile['profile_uid'];
$this->writable = can_write_wall($a,$this->profile_owner);
$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
break;
case 'display':
$this->profile_owner = $a->profile['uid'];
$this->writable = can_write_wall($a,$this->profile_owner);
$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
break;
default:
logger('[ERROR] Conversation::set_mode : Unhandled mode ('. $mode .').', LOGGER_DEBUG);

14
include/conversation.php
View File

@@ -406,7 +406,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
elseif($mode === 'channel') {
$profile_owner = $a->profile['profile_uid'];
$page_writeable = can_write_wall($a,$profile_owner);
$page_writeable = ($profile_owner == local_user());
if(!$update) {
$tab = notags(trim($_GET['tab']));
@@ -427,22 +427,12 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
elseif($mode === 'display') {
$profile_owner = $a->profile['uid'];
$page_writeable = can_write_wall($a,$profile_owner);
$page_writeable = ($profile_owner == local_user());
$live_update_div = '<div id="live-display"></div>' . "\r\n";
}
elseif($mode === 'community') {
$profile_owner = 0;
$page_writeable = false;
if(!$update) {
$live_update_div = '<div id="live-community"></div>' . "\r\n"
. "<script> var profile_uid = -1; var netargs = '/?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
}
}
else if($mode === 'search') {
$live_update_div = '<div id="live-search"></div>' . "\r\n";
}

66
include/security.php
View File

@@ -135,72 +135,6 @@ function authenticate_success($user_record, $login_initial = false, $interactive
}
function can_write_wall(&$a,$owner) {
static $verified = 0;
if((! (local_user())) && (! (remote_user())))
return false;
$uid = local_user();
if(($uid) && ($uid == $owner)) {
return true;
}
if(remote_user()) {
// use remembered decision and avoid a DB lookup for each and every display item
// DO NOT use this function if there are going to be multiple owners
// We have a contact-id for an authenticated remote user, this block determines if the contact
// belongs to this page owner, and has the necessary permissions to post content
if($verified === 2)
return true;
elseif($verified === 1)
return false;
else {
$cid = 0;
if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $visitor) {
if($visitor['uid'] == $owner) {
$cid = $visitor['cid'];
break;
}
}
}
if(! $cid)
return false;
$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
intval($owner),
intval($cid),
intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND),
intval(PAGE_COMMUNITY)
);
if(count($r)) {
$verified = 2;
return true;
}
else {
$verified = 1;
}
}
}
return false;
}
function change_channel($change_channel) {
$ret = false;