Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-29 19:44:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

Removed obsolete code

Browse source
This commit is contained in:
Michael 2019-09-28 05:37:24 +00:00
parent 3dd94355b7
commit 1ddd2df4b8
9 changed files with 28 additions and 219 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Model/Item.php
View file

@ -3260,15 +3260,11 @@ class Item extends BaseObject
}
}
public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null)
public static function getPermissionsSQLByUserId($owner_id)
{
$local_user = local_user();
$remote_user = remote_user($owner_id);
if (is_null($remote_cid)) {
$remote_cid = $remote_user;
}
/*
* Construct permissions
*
@ -3287,7 +3283,7 @@ class Item extends BaseObject
* If pre-verified, the caller is expected to have already
* done this and passed the groups into this function.
*/
$set = PermissionSet::get($owner_id, $remote_cid, $groups);
$set = PermissionSet::get($owner_id, $remote_user);
if (!empty($set)) {
$sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))";

7
src/Model/PermissionSet.php
View file

@ -67,21 +67,20 @@ class PermissionSet extends BaseObject
*
* @param integer $uid User id whom the items belong
* @param integer $contact_id Contact id of the visitor
* @param array $groups Possibly previously fetched group ids for that contact
*
* @return array of permission set ids.
* @throws \Exception
*/
static public function get($uid, $contact_id, $groups = null)
static public function get($uid, $contact_id)
{
if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
$groups = Group::getIdsByContactId($contact_id);
}
if (empty($groups) || !is_array($groups)) {
return [];
}
$group_str = '<<>>'; // should be impossible to match
foreach ($groups as $g) {

22
src/Model/Photo.php
View file

@ -131,31 +131,17 @@ class Photo extends BaseObject
*/
public static function getPhoto($resourceid, $scale = 0)
{
$r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]);
if ($r === false) {
$r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
if (!DBA::isResult($r)) {
return false;
}
$uid = $r["uid"];
// This is the first place, when retrieving just a photo, that we know who owns the photo.
// Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
// make sure that the requester's session is appropriately authenticated to that user
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
// this will either just return (if auth all ok) or will redirect and exit (starting over)
DFRN::autoRedir(self::getApp(), $r["nickname"]);
}
$uid = $r["uid"];
$sql_acl = Security::getPermissionsSQLByUserId($uid);
$conditions = [
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,
$resourceid, $scale
];
$conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
$params = ["order" => ["scale" => true]];
$photo = self::selectFirst([], $conditions, $params);
return $photo;