mirror of
https://github.com/friendica/friendica
synced 2025-04-26 08:30:10 +00:00
Item storage: Permissions aren't stored in the items anymore (#5495)
* The permission set is now used for item permissions * Check for allow_cid, ... is superfluous. Checking for "private" is enough * We query the permissionset * Permissions are displayed correctly * Changed index * We don't store the permissions in the item table anymore * Permission fields are now deprecated * Reversed ...
This commit is contained in:
Michael Vogel
Hypolite Petovan
parent
830b2edc35
commit
986106a8f7
9 changed files with 117 additions and 96 deletions
|
|
@ -514,9 +514,8 @@ class Item extends BaseObject
|
|||
|
||||
$fields['item'] = ['id', 'uid', 'parent', 'uri', 'parent-uri', 'thr-parent', 'guid',
|
||||
'contact-id', 'owner-id', 'author-id', 'type', 'wall', 'gravity', 'extid',
|
||||
'created', 'edited', 'commented', 'received', 'changed',
|
||||
'resource-id', 'event-id', 'tag', 'attach', 'post-type',
|
||||
'file', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid', 'psid',
|
||||
'created', 'edited', 'commented', 'received', 'changed', 'psid',
|
||||
'resource-id', 'event-id', 'tag', 'attach', 'post-type', 'file',
|
||||
'private', 'pubmail', 'moderated', 'visible', 'starred', 'bookmark',
|
||||
'unseen', 'deleted', 'origin', 'forum_mode', 'mention', 'global',
|
||||
'id' => 'item_id', 'network', 'icid', 'iaid', 'id' => 'internal-iid',
|
||||
|
|
@ -529,6 +528,8 @@ class Item extends BaseObject
|
|||
|
||||
$fields['item-delivery-data'] = self::DELIVERY_DATA_FIELDLIST;
|
||||
|
||||
$fields['permissionset'] = ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'];
|
||||
|
||||
$fields['author'] = ['url' => 'author-link', 'name' => 'author-name',
|
||||
'thumb' => 'author-avatar', 'nick' => 'author-nick', 'network' => 'author-network'];
|
||||
|
||||
|
|
@ -642,6 +643,10 @@ class Item extends BaseObject
|
|||
$joins .= " LEFT JOIN `item-delivery-data` ON `item-delivery-data`.`iid` = `item`.`id`";
|
||||
}
|
||||
|
||||
if (strpos($sql_commands, "`permissionset`.") !== false) {
|
||||
$joins .= " LEFT JOIN `permissionset` ON `permissionset`.`id` = `item`.`psid`";
|
||||
}
|
||||
|
||||
if ((strpos($sql_commands, "`parent-item`.") !== false) || (strpos($sql_commands, "`parent-author`.") !== false)) {
|
||||
$joins .= " STRAIGHT_JOIN `item` AS `parent-item` ON `parent-item`.`id` = `item`.`parent`";
|
||||
}
|
||||
|
|
@ -1648,8 +1653,7 @@ class Item extends BaseObject
|
|||
$files = '';
|
||||
}
|
||||
|
||||
// Creates the permission set
|
||||
// Currently we only store the data but don't using it
|
||||
// Creates or assigns the permission set
|
||||
$item['psid'] = PermissionSet::fetchIDForPost($item);
|
||||
|
||||
// We are doing this outside of the transaction to avoid timing problems
|
||||
|
|
|
|||
|
|
@ -20,8 +20,13 @@ class PermissionSet extends BaseObject
|
|||
* @param array $postarray The array from an item, picture or event post
|
||||
* @return id
|
||||
*/
|
||||
public static function fetchIDForPost($postarray)
|
||||
public static function fetchIDForPost(&$postarray)
|
||||
{
|
||||
if (is_null($postarray['allow_cid']) || is_null($postarray['allow_gid'])
|
||||
|| is_null($postarray['deny_cid']) || is_null($postarray['deny_gid'])) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$condition = ['uid' => $postarray['uid'],
|
||||
'allow_cid' => self::sortPermissions(defaults($postarray, 'allow_cid', '')),
|
||||
'allow_gid' => self::sortPermissions(defaults($postarray, 'allow_gid', '')),
|
||||
|
|
@ -35,6 +40,13 @@ class PermissionSet extends BaseObject
|
|||
|
||||
$set = DBA::selectFirst('permissionset', ['id'], $condition);
|
||||
}
|
||||
|
||||
|
||||
$postarray['allow_cid'] = null;
|
||||
$postarray['allow_gid'] = null;
|
||||
$postarray['deny_cid'] = null;
|
||||
$postarray['deny_gid'] = null;
|
||||
|
||||
return $set['id'];
|
||||
}
|
||||
|
||||
|
|
@ -56,4 +68,48 @@ class PermissionSet extends BaseObject
|
|||
|
||||
return '<' . implode('><', $elements) . '>';
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Returns a permission set for a given contact
|
||||
*
|
||||
* @param integer $uid User id whom the items belong
|
||||
* @param integer $contact_id Contact id of the visitor
|
||||
* @param array $groups Possibly previously fetched group ids for that contact
|
||||
*
|
||||
* @return array of permission set ids.
|
||||
*/
|
||||
|
||||
static public function get($uid, $contact_id, $groups = null)
|
||||
{
|
||||
if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
}
|
||||
|
||||
if (empty($groups) || !is_array($groups)) {
|
||||
return [];
|
||||
}
|
||||
$group_str = '<<>>'; // should be impossible to match
|
||||
|
||||
foreach ($groups as $g) {
|
||||
$group_str .= '|<' . intval($g) . '>';
|
||||
}
|
||||
|
||||
$contact_str = '<' . $contact_id . '>';
|
||||
|
||||
$condition = ["`uid` = ? AND (`allow_cid` = '' OR`allow_cid` REGEXP ?)
|
||||
AND (`deny_cid` = '' OR NOT `deny_cid` REGEXP ?)
|
||||
AND (`allow_gid` = '' OR `allow_gid` REGEXP ?)
|
||||
AND (`deny_gid` = '' OR NOT `deny_gid` REGEXP ?)",
|
||||
$uid, $contact_str, $contact_str, $group_str, $group_str];
|
||||
|
||||
$ret = DBA::select('permissionset', ['id'], $condition);
|
||||
$set = [];
|
||||
while ($permission = DBA::fetch($ret)) {
|
||||
$set[] = $permission['id'];
|
||||
}
|
||||
DBA::close($ret);
|
||||
logger('Blubb: '.$uid.' - '.$contact_id.': '.implode(', ', $set));
|
||||
|
||||
return $set;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue