Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-28 03:50:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #10836 from nupplaphil/feat/depository_permissionset

Browse source 
Migrate PermissionSet to Depository paradigm
This commit is contained in:
Hypolite Petovan 2021-10-08 09:39:39 -04:00 committed by GitHub
commit 80a8cd86c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 634 additions and 394 deletions
Download patch file Download diff file Expand all files Collapse all files

40
src/Model/Item.php
View file

@ -980,13 +980,14 @@ class Item
}
// Creates or assigns the permission set
$item['psid'] = PermissionSet::getIdFromACL(
$item['uid'],
$item['allow_cid'],
$item['allow_gid'],
$item['deny_cid'],
$item['deny_gid']
);
$item['psid'] = DI::permissionSet()->selectOrCreate(
DI::permissionSetFactory()->createFromString(
$item['uid'],
$item['allow_cid'],
$item['allow_gid'],
$item['deny_cid'],
$item['deny_gid']
))->id;
if (!empty($item['extid'])) {
$item['external-id'] = ItemURI::getIdByURI($item['extid']);
@ -1952,18 +1953,19 @@ class Item
$private = self::PUBLIC;
}
$psid = PermissionSet::getIdFromACL(
$user['uid'],
$user['allow_cid'],
$user['allow_gid'],
$user['deny_cid'],
$user['deny_gid']
);
$permissionSet = DI::permissionSet()->selectOrCreate(
DI::permissionSetFactory()->createFromString(
$user['uid'],
$user['allow_cid'],
$user['allow_gid'],
$user['deny_cid'],
$user['deny_gid']
));
$forum_mode = ($prvgroup ? 2 : 1);
$fields = ['wall' => true, 'origin' => true, 'forum_mode' => $forum_mode, 'contact-id' => $self['id'],
'owner-id' => $owner_id, 'private' => $private, 'psid' => $psid];
'owner-id' => $owner_id, 'private' => $private, 'psid' => $permissionSet->id];
self::update($fields, ['id' => $item['id']]);
Worker::add(['priority' => PRIORITY_HIGH, 'dont_fork' => true], 'Notifier', Delivery::POST, (int)$item['uri-id'], (int)$item['uid']);
@ -2549,12 +2551,12 @@ class Item
$condition = [];
} elseif ($remote_user) {
// Authenticated visitor - fetch the matching permissionsets
$set = PermissionSet::get($owner_id, $remote_user);
$permissionSets = DI::permissionSet()->selectByContactId($remote_user, $owner_id);
if (!empty($set)) {
$condition = ["(`private` != ? OR (`private` = ? AND `wall`
AND `psid` IN (" . implode(', ', array_fill(0, count($set), '?')) . ")))",
self::PRIVATE, self::PRIVATE];
$condition = array_merge($condition, $set);
$condition = array_merge($condition, $permissionSets->column('id'));
}
}
@ -2595,10 +2597,10 @@ class Item
* If pre-verified, the caller is expected to have already
* done this and passed the groups into this function.
*/
$set = PermissionSet::get($owner_id, $remote_user);
$permissionSets = DI::permissionSet()->selectByContactId($remote_user, $owner_id);
if (!empty($set)) {
$sql_set = sprintf(" OR (" . $table . "`private` = %d AND " . $table . "`wall` AND " . $table . "`psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
$sql_set = sprintf(" OR (" . $table . "`private` = %d AND " . $table . "`wall` AND " . $table . "`psid` IN (", self::PRIVATE) . implode(',', $permissionSets->column('id')) . "))";
} else {
$sql_set = '';
}

78
src/Model/PermissionSet.php
View file

@ -1,78 +0,0 @@
<?php
/**
* @copyright Copyright (C) 2010-2021, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Model;
use Friendica\BaseModel;
use Friendica\DI;
/**
* functions for interacting with the permission set of an object (item, photo, event, ...)
*
* @property int uid
* @property string allow_cid
* @property string allow_gid
* @property string deny_cid
* @property string deny_gid
*/
class PermissionSet extends BaseModel
{
/**
* Fetch the id of a given permission set. Generate a new one when needed
*
* @param int $uid
* @param string|null $allow_cid Allowed contact IDs - empty = everyone
* @param string|null $allow_gid Allowed group IDs - empty = everyone
* @param string|null $deny_cid Disallowed contact IDs - empty = no one
* @param string|null $deny_gid Disallowed group IDs - empty = no one
* @return int id
* @throws \Exception
* @deprecated since 2020.03, use Repository\PermissionSet instead
* @see \Friendica\Repository\PermissionSet->getIdFromACL
*/
public static function getIdFromACL(
int $uid,
string $allow_cid = null,
string $allow_gid = null,
string $deny_cid = null,
string $deny_gid = null
) {
return DI::permissionSet()->getIdFromACL($uid, $allow_cid, $allow_gid, $deny_cid, $deny_gid);
}
/**
* Returns a permission set for a given contact
*
* @param integer $uid User id whom the items belong
* @param integer $contact_id Contact id of the visitor
*
* @return array of permission set ids.
* @throws \Exception
* @deprecated since 2020.03, use Repository\PermissionSet instead
* @see \Friendica\Repository\PermissionSet->selectByContactId
*/
public static function get($uid, $contact_id)
{
$permissionSets = DI::permissionSet()->selectByContactId($contact_id, $uid);
return $permissionSets->column('id');
}
}

31
src/Model/ProfileField.php
View file

@ -23,7 +23,9 @@ namespace Friendica\Model;
use Friendica\BaseModel;
use Friendica\Database\Database;
use Friendica\Network\HTTPException;
use Friendica\Network\HTTPException\NotFoundException;
use Friendica\Security\PermissionSet\Depository\PermissionSet as PermissionSetDepository;
use Friendica\Security\PermissionSet\Entity\PermissionSet;
use Psr\Log\LoggerInterface;
/**
@ -39,21 +41,21 @@ use Psr\Log\LoggerInterface;
* @property string value
* @property string created
* @property string edited
* @property PermissionSet permissionset
* @property PermissionSet permissionSet
*/
class ProfileField extends BaseModel
{
/** @var PermissionSet */
private $permissionset;
private $permissionSet;
/** @var \Friendica\Repository\PermissionSet */
private $permissionSetRepository;
/** @var PermissionSetDepository */
private $permissionSetDepository;
public function __construct(Database $dba, LoggerInterface $logger, \Friendica\Repository\PermissionSet $permissionSetRepository, array $data = [])
public function __construct(Database $dba, LoggerInterface $logger, PermissionSetDepository $permissionSetDepository, array $data = [])
{
parent::__construct($dba, $logger, $data);
$this->permissionSetRepository = $permissionSetRepository;
$this->permissionSetDepository = $permissionSetDepository;
}
public function __get($name)
@ -61,12 +63,17 @@ class ProfileField extends BaseModel
$this->checkValid();
switch ($name) {
case 'permissionset':
$this->permissionset =
$this->permissionset ??
$this->permissionSetRepository->selectFirst(['id' => $this->psid, 'uid' => $this->uid]);
case 'permissionSet':
if (empty($this->permissionSet)) {
$permissionSet = $this->permissionSetDepository->selectOneById($this->psid);
if ($permissionSet->uid !== $this->uid) {
throw new NotFoundException(sprintf('PermissionSet %d (user-id: %d) for ProfileField %d (user-id: %d) is invalid.', $permissionSet->id, $permissionSet->uid, $this->id, $this->uid));
}
$return = $this->permissionset;
$this->permissionSet = $permissionSet;
}
$return = $this->permissionSet;
break;
default:
$return = parent::__get($name);