Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-28 00:30:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'upstream/master' into contact-discovery

Browse source
This commit is contained in:
Michael 2019-06-24 03:23:57 +00:00
commit 037cf01a15
9 changed files with 88 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Model/Event.php
View file

@ -226,7 +226,7 @@ class Event extends BaseObject
return;
}
DBA::delete('event', ['id' => $event_id]);
DBA::delete('event', ['id' => $event_id], ['cascade' => false]);
Logger::log("Deleted event ".$event_id, Logger::DEBUG);
}

8
src/Model/Item.php
View file

@ -1080,9 +1080,11 @@ class Item extends BaseObject
}
// When the permission set will be used in photo and events as well,
// this query here needs to be extended.
if (!empty($item['psid']) && !self::exists(['psid' => $item['psid'], 'deleted' => false])) {
DBA::delete('permissionset', ['id' => $item['psid']], ['cascade' => false]);
}
// @todo Currently deactivated. We need the permission set in the deletion process.
// This is a reminder to add the removal somewhere else.
//if (!empty($item['psid']) && !self::exists(['psid' => $item['psid'], 'deleted' => false])) {
// DBA::delete('permissionset', ['id' => $item['psid']], ['cascade' => false]);
//}
// If it's the parent of a comment thread, kill all the kids
if ($item['id'] == $item['parent']) {

11
src/Model/Photo.php
View file

@ -16,6 +16,7 @@ use Friendica\Database\DBA;
use Friendica\Database\DBStructure;
use Friendica\Model\Storage\IStorage;
use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Security;
@ -133,8 +134,16 @@ class Photo extends BaseObject
if ($r === false) {
return false;
}
$uid = $r["uid"];
$sql_acl = Security::getPermissionsSQLByUserId($r["uid"]);
// This is the first place, when retrieving just a photo, that we know who owns the photo.
// Make sure that the requester's session is appropriately authenticated to that user
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
// this will either just return (if auth all ok) or will redirect and exit (starting over)
DFRN::autoRedir(self::getApp(), $r["nickname"]);
$sql_acl = Security::getPermissionsSQLByUserId($uid);
$conditions = [
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,