mirror of
https://github.com/friendica/friendica
synced 2025-05-08 21:44:10 +02:00
Tighten profile restriction feature
- Prevent feed access to restricted profiles - Rework display of restricted profiles with a redirect to the profile/restricted route - Normalize permission checking with IHandleUserSession->isAuthenticated - Remove unusable "nocache" parameter in feed module because session isn't initialized - Reword setting name and description
This commit is contained in:
Hypolite Petovan
parent
0d53c69610
commit
b83526ad0b
16 changed files with 135 additions and 84 deletions
|
|
@ -88,8 +88,8 @@ class Photos extends \Friendica\Module\BaseProfile
|
|||
$remote_contact = $contact && !$contact['blocked'] && !$contact['pending'];
|
||||
}
|
||||
|
||||
if ($owner['hidewall'] && !$is_owner && !$remote_contact) {
|
||||
throw new HttpException\ForbiddenException($this->t('Access to this item is restricted.'));
|
||||
if ($owner['hidewall'] && !$this->session->isAuthenticated()) {
|
||||
$this->baseUrl->redirect('profile/' . $owner['nickname'] . '/restricted');
|
||||
}
|
||||
|
||||
$this->session->set('photo_return', $this->args->getCommand());
|
||||
|
|
|
|||
|
|
@ -76,21 +76,19 @@ class Profile extends BaseProfile
|
|||
{
|
||||
$a = DI::app();
|
||||
|
||||
$profile = ProfileModel::load($a, $this->parameters['nickname']);
|
||||
$profile = ProfileModel::load($a, $this->parameters['nickname'] ?? '');
|
||||
if (!$profile) {
|
||||
throw new HTTPException\NotFoundException(DI::l10n()->t('Profile not found.'));
|
||||
}
|
||||
|
||||
$remote_contact_id = DI::userSession()->getRemoteContactID($profile['uid']);
|
||||
|
||||
if (DI::config()->get('system', 'block_public') && !DI::userSession()->getLocalUserId() && !$remote_contact_id) {
|
||||
if (DI::config()->get('system', 'block_public') && !DI::userSession()->isAuthenticated()) {
|
||||
return Login::form();
|
||||
}
|
||||
|
||||
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
|
||||
|
||||
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact_id) {
|
||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Access to this profile has been restricted.'));
|
||||
if (!empty($profile['hidewall']) && !DI::userSession()->isAuthenticated()) {
|
||||
$this->baseUrl->redirect('profile/' . $profile['nickname'] . '/restricted');
|
||||
}
|
||||
|
||||
if (!empty($profile['page-flags']) && $profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
|
||||
|
|
@ -104,11 +102,6 @@ class Profile extends BaseProfile
|
|||
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
|
||||
$o = self::getTabsHTML($a, 'profile', $is_owner, $profile['nickname'], $profile['hide-friends']);
|
||||
|
||||
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact_id) {
|
||||
DI::sysmsg()->addNotice(DI::l10n()->t('Access to this profile has been restricted.'));
|
||||
return '';
|
||||
}
|
||||
|
||||
$view_as_contacts = [];
|
||||
$view_as_contact_id = 0;
|
||||
$view_as_contact_alert = '';
|
||||
|
|
@ -307,8 +300,8 @@ class Profile extends BaseProfile
|
|||
}
|
||||
|
||||
// site block
|
||||
$blocked = !DI::userSession()->getLocalUserId() && !$remote_contact_id && DI::config()->get('system', 'block_public');
|
||||
$userblock = !DI::userSession()->getLocalUserId() && !$remote_contact_id && $profile['hidewall'];
|
||||
$blocked = !DI::userSession()->isAuthenticated() && DI::config()->get('system', 'block_public');
|
||||
$userblock = !DI::userSession()->isAuthenticated() && $profile['hidewall'];
|
||||
if (!$blocked && !$userblock) {
|
||||
$keywords = str_replace(['#', ',', ' ', ',,'], ['', ' ', ',', ','], $profile['pub_keywords'] ?? '');
|
||||
if (strlen($keywords)) {
|
||||
|
|
|
|||
63
src/Module/Profile/Restricted.php
Normal file
63
src/Module/Profile/Restricted.php
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (C) 2010-2022, the Friendica project
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace Friendica\Module\Profile;
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Model\Profile;
|
||||
use Friendica\Module\Response;
|
||||
use Friendica\Network\HTTPException;
|
||||
use Friendica\Util\Profiler;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
class Restricted extends BaseModule
|
||||
{
|
||||
/** @var App */
|
||||
private $app;
|
||||
|
||||
public function __construct(App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
|
||||
{
|
||||
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
|
||||
|
||||
$this->app = $app;
|
||||
}
|
||||
|
||||
protected function content(array $request = []): string
|
||||
{
|
||||
$profile = Profile::load($this->app, $this->parameters['nickname'] ?? '', false);
|
||||
if (!$profile) {
|
||||
throw new HTTPException\NotFoundException($this->t('Profile not found.'));
|
||||
}
|
||||
|
||||
if (empty($profile['hidewall'])) {
|
||||
$this->baseUrl->redirect('profile/' . $profile['nickname']);
|
||||
}
|
||||
|
||||
$tpl = Renderer::getMarkupTemplate('exception.tpl');
|
||||
return Renderer::replaceMacros($tpl, [
|
||||
'$title' => $this->t('Restricted profile'),
|
||||
'$message' => $this->t('This profile has been restricted which prevents access to their public content from anonymous visitors.'),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
@ -105,9 +105,8 @@ class Status extends BaseProfile
|
|||
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
|
||||
$last_updated_key = "profile:" . $profile['uid'] . ":" . DI::userSession()->getLocalUserId() . ":" . $remote_contact;
|
||||
|
||||
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact) {
|
||||
DI::sysmsg()->addNotice(DI::l10n()->t('Access to this profile has been restricted.'));
|
||||
return '';
|
||||
if (!empty($profile['hidewall']) && !DI::userSession()->isAuthenticated()) {
|
||||
$this->baseUrl->redirect('profile/' . $profile['nickname'] . '/restricted');
|
||||
}
|
||||
|
||||
$o .= self::getTabsHTML($a, 'status', $is_owner, $profile['nickname'], $profile['hide-friends']);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue