Issue 11963: Set Permissions for attachments

src/Model/Attach.php

@@ -30,6 +30,7 @@ use Friendica\Object\Image;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Mimetype;
 use Friendica\Security\Security;
+use Friendica\Util\Network;
 
 /**
  * Class to handle attach database table
@@ -109,16 +110,17 @@ class Attach
 	/**
 	 * Retrieve a single record given the ID
 	 *
-	 * @param int $id Row id of the record
+	 * @param int $id  Row id of the record
+	 * @param int $uid User-Id
 	 *
 	 * @return bool|array
 	 *
 	 * @throws \Exception
 	 * @see   \Friendica\Database\DBA::select
 	 */
-	public static function getById(int $id)
+	public static function getById(int $id, int $uid)
 	{
-		return self::selectFirst([], ['id' => $id]);
+		return self::selectFirst([], ['id' => $id, 'uid' => $uid]);
 	}
 
 	/**
@@ -197,7 +199,7 @@ class Attach
 	 * @return boolean|integer Row id on success, False on errors
 	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
-	public static function store(string $data, int $uid, string $filename, string $filetype = '' , int $filesize = null, string $allow_cid = '', string $allow_gid = '', string $deny_cid = '', string $deny_gid = '')
+	public static function store(string $data, int $uid, string $filename, string $filetype = '', int $filesize = null, string $allow_cid = '', string $allow_gid = '', string $deny_cid = '', string $deny_gid = '')
 	{
 		if ($filetype === '') {
 			$filetype = Mimetype::getContentType($filename);
@@ -279,9 +281,9 @@ class Attach
 	{
 		if (!is_null($img)) {
 			// get items to update
-			$items = self::selectToArray(['backend-class','backend-ref'], $conditions);
+			$items = self::selectToArray(['backend-class', 'backend-ref'], $conditions);
 
-			foreach($items as $item) {
+			foreach ($items as $item) {
 				try {
 					$backend_class         = DI::storageManager()->getWritableStorageByName($item['backend-class'] ?? '');
 					$fields['backend-ref'] = $backend_class->put($img->asString(), $item['backend-ref'] ?? '');
@@ -313,9 +315,9 @@ class Attach
 	public static function delete(array $conditions, array $options = []): bool
 	{
 		// get items to delete data info
-		$items = self::selectToArray(['backend-class','backend-ref'], $conditions);
+		$items = self::selectToArray(['backend-class', 'backend-ref'], $conditions);
 
-		foreach($items as $item) {
+		foreach ($items as $item) {
 			try {
 				$backend_class = DI::storageManager()->getWritableStorageByName($item['backend-class'] ?? '');
 				$backend_class->delete($item['backend-ref'] ?? '');
@@ -328,4 +330,41 @@ class Attach
 
 		return DBA::delete('attach', $conditions, $options);
 	}
+
+	public static function setPermissionFromBody(array $post)
+	{
+		preg_match_all("/\[attachment\](.*?)\[\/attachment\]/ism", $post['body'], $matches, PREG_SET_ORDER);
+		foreach ($matches as $attachment) {
+			if (Network::isLocalLink($attachment[1]) && preg_match('|.*?/attach/(\d+)|', $attachment[1], $match)) {
+				$fields = [
+					'allow_cid' => $post['allow_cid'], 'allow_gid' => $post['allow_gid'],
+					'deny_cid' => $post['deny_cid'], 'deny_gid' => $post['deny_gid']
+				];
+				self::update($fields, ['id' => $match[1], 'uid' => $post['uid']]);
+			}
+		}
+	}
+
+	public static function addAttachmentToBody(string $body, int $uid): string
+	{
+		preg_match_all("/\[attachment\](.*?)\[\/attachment\]/ism", $body, $matches, PREG_SET_ORDER);
+		foreach ($matches as $attachment) {
+			if (Network::isLocalLink($attachment[1]) && preg_match('|.*?/attach/(\d+)|', $attachment[1], $match)) {
+				$attach = self::getById($match[1], $uid);
+				if (empty($attach)) {
+					return $body;
+				}
+				$media = [
+					'type'        => Post\Media::DOCUMENT,
+					'url'         => $attachment[1],
+					'size'        => $attach['filesize'],
+					'mimetype'    => $attach['filetype'],
+					'description' => $attach['filename']
+				];
+				$media = Post\Media::addType($media);
+				$body = str_replace($attachment[0], Post\Media::addAttachmentToBody($media, ''), $body);
+			}
+		}
+		return $body;
+	}
 }