mirror of
https://github.com/friendica/friendica
synced 2025-05-03 11:44:09 +02:00
Renaming functions + moving functions from security to Model/Item and BaseModule + fix multiline comments
This commit is contained in:
Jonny Tischbein
parent
ce2b1f5715
commit
f3fc1f36ca
29 changed files with 233 additions and 222 deletions
|
|
@ -4,6 +4,7 @@
|
|||
*/
|
||||
namespace Friendica\Model;
|
||||
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\BaseObject;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Database\DBA;
|
||||
|
|
@ -410,7 +411,7 @@ class Group extends BaseObject
|
|||
'$createtext' => L10n::t('Create a new group'),
|
||||
'$creategroup' => L10n::t('Group Name: '),
|
||||
'$editgroupstext' => L10n::t('Edit groups'),
|
||||
'$form_security_token' => Security::get_form_security_token('group_edit'),
|
||||
'$form_security_token' => BaseModule::getFormSecurityToken('group_edit'),
|
||||
]);
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -3246,4 +3246,41 @@ class Item extends BaseObject
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null)
|
||||
{
|
||||
$local_user = local_user();
|
||||
$remote_user = remote_user();
|
||||
|
||||
/*
|
||||
* Construct permissions
|
||||
*
|
||||
* default permissions - anonymous user
|
||||
*/
|
||||
$sql = " AND NOT `item`.`private`";
|
||||
|
||||
// Profile owner - everything is visible
|
||||
if ($local_user && ($local_user == $owner_id)) {
|
||||
$sql = '';
|
||||
} elseif ($remote_user) {
|
||||
/*
|
||||
* Authenticated visitor. Unless pre-verified,
|
||||
* check that the contact belongs to this $owner_id
|
||||
* and load the groups the visitor belongs to.
|
||||
* If pre-verified, the caller is expected to have already
|
||||
* done this and passed the groups into this function.
|
||||
*/
|
||||
$set = PermissionSet::get($owner_id, $remote_user, $groups);
|
||||
|
||||
if (!empty($set)) {
|
||||
$sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))";
|
||||
} else {
|
||||
$sql_set = '';
|
||||
}
|
||||
|
||||
$sql = " AND (NOT `item`.`private`" . $sql_set . ")";
|
||||
}
|
||||
|
||||
return $sql;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -227,7 +227,7 @@ class Photo
|
|||
*/
|
||||
public static function getAlbums($uid, $update = false)
|
||||
{
|
||||
$sql_extra = Security::permissions_sql($uid);
|
||||
$sql_extra = Security::getPermissionsSQLByUserId($uid);
|
||||
|
||||
$key = "photo_albums:".$uid.":".local_user().":".remote_user();
|
||||
$albums = Cache::get($key);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue