2013-02-26 01:09:40 +00:00
< ? php /** @file */
2012-10-29 01:50:35 +00:00
2012-11-02 05:23:13 +00:00
function get_perms () {
2012-11-16 21:57:55 +00:00
// thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections
// for any given permission. Currently we use the boolean to disallow write access to "everybody", but we also want to be
// able to handle troublesome settings such as allowing channel_w_stream to anybody in the network. You can allow it, but
// there's no way to implement sending it.
2012-10-29 01:50:35 +00:00
$global_perms = array (
// Read only permissions
2012-11-09 01:33:38 +00:00
'view_stream' => array ( 'channel_r_stream' , intval ( PERMS_R_STREAM ), true , t ( 'Can view my "public" stream and posts' ), '' ),
'view_profile' => array ( 'channel_r_profile' , intval ( PERMS_R_PROFILE ), true , t ( 'Can view my "public" channel profile' ), '' ),
'view_photos' => array ( 'channel_r_photos' , intval ( PERMS_R_PHOTOS ), true , t ( 'Can view my "public" photo albums' ), '' ),
'view_contacts' => array ( 'channel_r_abook' , intval ( PERMS_R_ABOOK ), true , t ( 'Can view my "public" address book' ), '' ),
2012-12-22 11:33:12 +00:00
'view_storage' => array ( 'channel_r_storage' , intval ( PERMS_R_STORAGE ), true , t ( 'Can view my "public" file storage' ), '' ),
2013-01-15 00:17:57 +00:00
'view_pages' => array ( 'channel_r_pages' , intval ( PERMS_R_PAGES ), true , t ( 'Can view my "public" pages' ), '' ),
2012-10-29 01:50:35 +00:00
// Write permissions
2012-11-09 01:33:38 +00:00
'send_stream' => array ( 'channel_w_stream' , intval ( PERMS_W_STREAM ), false , t ( 'Can send me their channel stream and posts' ), '' ),
'post_wall' => array ( 'channel_w_wall' , intval ( PERMS_W_WALL ), false , t ( 'Can post on my channel page ("wall")' ), '' ),
'post_comments' => array ( 'channel_w_comment' , intval ( PERMS_W_COMMENT ), false , t ( 'Can comment on my posts' ), '' ),
'post_mail' => array ( 'channel_w_mail' , intval ( PERMS_W_MAIL ), false , t ( 'Can send me private mail messages' ), '' ),
'post_photos' => array ( 'channel_w_photos' , intval ( PERMS_W_PHOTOS ), false , t ( 'Can post photos to my photo albums' ), '' ),
2013-07-15 10:12:51 +00:00
'tag_deliver' => array ( 'channel_w_tagwall' , intval ( PERMS_W_TAGWALL ), false , t ( 'Can forward to all my channel contacts via post @mentions' ), t ( 'Advanced - useful for creating group forum channels' )),
2012-11-09 01:33:38 +00:00
'chat' => array ( 'channel_w_chat' , intval ( PERMS_W_CHAT ), false , t ( 'Can chat with me (when available)' ), t ( 'Requires compatible chat plugin' )),
2012-12-22 11:33:12 +00:00
'write_storage' => array ( 'channel_w_storage' , intval ( PERMS_W_STORAGE ), false , t ( 'Can write to my "public" file storage' ), '' ),
2013-01-15 00:17:57 +00:00
'write_pages' => array ( 'channel_w_pages' , intval ( PERMS_W_PAGES ), false , t ( 'Can edit my "public" pages' ), '' ),
2012-12-22 11:33:12 +00:00
2013-10-01 04:49:26 +00:00
'republish' => array ( 'channel_a_republish' , intval ( PERMS_A_REPUBLISH ), false , t ( 'Can source my "public" posts in derived channels' ), t ( 'Somewhat advanced - very useful in open communities' )),
2012-12-10 21:44:54 +00:00
'delegate' => array ( 'channel_a_delegate' , intval ( PERMS_A_DELEGATE ), false , t ( 'Can administer my channel resources' ), t ( 'Extremely advanced. Leave this alone unless you know what you are doing' )),
2012-10-29 01:50:35 +00:00
);
2013-02-19 22:22:10 +00:00
$ret = array ( 'global_permissions' => $global_perms );
call_hooks ( 'global_permissions' , $ret );
return $ret [ 'global_permissions' ];
2012-11-02 05:23:13 +00:00
}
2012-10-29 01:50:35 +00:00
2012-10-29 05:08:08 +00:00
/**
2013-01-24 22:31:57 +00:00
* get_all_perms ( $uid , $observer_xchan )
2012-10-29 05:08:08 +00:00
*
* @ param $uid : The channel_id associated with the resource owner
2013-01-24 22:31:57 +00:00
* @ param $observer_xchan : The xchan_hash representing the observer
2012-10-29 05:08:08 +00:00
*
2012-11-02 03:47:32 +00:00
* @ returns : array of all permissions , key is permission name , value is true or false
2012-10-29 05:08:08 +00:00
*/
2012-10-29 01:50:35 +00:00
2013-01-24 22:31:57 +00:00
function get_all_perms ( $uid , $observer_xchan , $internal_use = true ) {
2012-10-29 01:50:35 +00:00
2012-11-02 05:23:13 +00:00
$global_perms = get_perms ();
2012-10-29 01:50:35 +00:00
// Save lots of individual lookups
$r = null ;
$c = null ;
$x = null ;
$channel_checked = false ;
$onsite_checked = false ;
$abook_checked = false ;
$ret = array ();
foreach ( $global_perms as $perm_name => $permission ) {
// First find out what the channel owner declared permissions to be.
$channel_perm = $permission [ 0 ];
if ( ! $channel_checked ) {
2012-11-02 03:47:32 +00:00
$r = q ( " select * from channel where channel_id = %d limit 1 " ,
2012-10-29 01:50:35 +00:00
intval ( $uid )
);
$channel_checked = true ;
}
2012-12-11 04:09:19 +00:00
// The uid provided doesn't exist. This would be a big fail.
2012-10-29 01:50:35 +00:00
if ( ! $r ) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
2012-12-11 04:09:19 +00:00
// Next we're going to check for blocked or ignored contacts.
// These take priority over all other settings.
2013-01-24 22:31:57 +00:00
if ( $observer_xchan ) {
2012-12-11 04:09:19 +00:00
if ( ! $abook_checked ) {
$x = q ( " select abook_my_perms, abook_flags from abook
2013-01-24 05:15:40 +00:00
where abook_channel = % d and abook_xchan = '%s' and not ( abook_flags & % d ) limit 1 " ,
2012-12-11 04:09:19 +00:00
intval ( $uid ),
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan ),
2013-01-24 05:15:40 +00:00
intval ( ABOOK_FLAG_SELF )
2012-12-11 04:09:19 +00:00
);
$abook_checked = true ;
}
// If they're blocked - they can't read or write
2013-06-15 22:45:54 +00:00
if (( $x ) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_BLOCKED )) {
2012-12-11 04:09:19 +00:00
$ret [ $perm_name ] = false ;
continue ;
}
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
if (( $x ) && ( $internal_use ) && ( ! $global_perms [ $perm_name ][ 2 ]) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_IGNORED )) {
$ret [ $perm_name ] = false ;
continue ;
}
}
2013-01-24 22:31:57 +00:00
// Check if this $uid is actually the $observer_xchan - if it's your content
2012-12-11 04:09:19 +00:00
// you always have permission to do anything
2013-01-24 22:31:57 +00:00
if (( $observer_xchan ) && ( $r [ 0 ][ 'channel_hash' ] === $observer_xchan )) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
continue ;
}
2012-12-11 04:09:19 +00:00
// Anybody at all (that wasn't blocked or ignored). They have permission.
2012-11-02 05:23:13 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_PUBLIC ) {
$ret [ $perm_name ] = true ;
continue ;
}
2012-10-29 01:50:35 +00:00
2012-12-11 04:09:19 +00:00
// From here on out, we need to know who they are. If we can't figure it
// out, permission is denied.
2013-01-24 22:31:57 +00:00
if ( ! $observer_xchan ) {
2012-11-02 05:23:13 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
// If we're still here, we have an observer, which means they're in the network.
if ( $r [ 0 ][ $channel_perm ] & PERMS_NETWORK ) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
continue ;
}
// If PERMS_SITE is specified, find out if they've got an account on this hub
if ( $r [ 0 ][ $channel_perm ] & PERMS_SITE ) {
if ( ! $onsite_checked ) {
$c = q ( " select channel_hash from channel where channel_hash = '%s' limit 1 " ,
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan )
2012-10-29 01:50:35 +00:00
);
$onsite_checked = true ;
}
if ( $c )
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
else
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
// If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book
2012-12-11 04:09:19 +00:00
// $x is a valid address book entry
2012-10-29 01:50:35 +00:00
2012-12-11 04:09:19 +00:00
if ( ! $x ) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
2013-05-18 08:25:54 +00:00
2013-06-15 22:45:54 +00:00
// They are in your address book, but haven't been approved
if ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_PENDING ) {
$ret [ $perm_name ] = false ;
continue ;
}
2012-10-29 01:50:35 +00:00
2012-12-11 04:09:19 +00:00
if (( $r ) && ( $r [ 0 ][ $channel_perm ] & PERMS_CONTACTS )) {
2012-10-29 01:50:35 +00:00
2012-12-11 04:09:19 +00:00
// They're a contact, so they have permission
2012-10-29 01:50:35 +00:00
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
continue ;
}
// Permission granted to certain channels. Let's see if the observer is one of them
if (( $r ) && ( $r [ 0 ][ $channel_perm ] & PERMS_SPECIFIC )) {
2012-12-11 04:09:19 +00:00
if (( $x [ 0 ][ 'abook_my_perms' ] & $global_perms [ $perm_name ][ 1 ])) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
continue ;
}
}
// No permissions allowed.
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
2013-05-18 08:25:54 +00:00
2013-02-19 22:22:10 +00:00
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permissions' => $ret );
2012-10-29 01:50:35 +00:00
2013-02-19 22:22:10 +00:00
call_hooks ( 'get_all_perms' , $arr );
return $arr [ 'permissions' ];
2012-10-29 01:50:35 +00:00
}
2013-01-24 22:31:57 +00:00
function perm_is_allowed ( $uid , $observer_xchan , $permission ) {
2012-10-29 01:50:35 +00:00
2013-02-19 22:22:10 +00:00
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permission' => $permission ,
'result' => false );
call_hooks ( 'perm_is_allowed' , $arr );
if ( $arr [ 'result' ])
return true ;
2012-11-02 05:23:13 +00:00
$global_perms = get_perms ();
2012-10-29 01:50:35 +00:00
// First find out what the channel owner declared permissions to be.
$channel_perm = $global_perms [ $permission ][ 0 ];
$r = q ( " select %s, channel_hash from channel where channel_id = %d limit 1 " ,
dbesc ( $channel_perm ),
intval ( $uid )
);
if ( ! $r )
return false ;
2013-01-24 22:31:57 +00:00
if ( $observer_xchan ) {
2013-01-24 05:15:40 +00:00
$x = q ( " select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1 " ,
2012-12-11 04:09:19 +00:00
intval ( $uid ),
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan ),
2013-01-24 05:15:40 +00:00
intval ( ABOOK_FLAG_SELF )
2012-12-11 04:09:19 +00:00
);
// If they're blocked - they can't read or write
2013-06-15 22:45:54 +00:00
if (( $x ) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_BLOCKED ))
2012-12-11 04:09:19 +00:00
return false ;
if (( $x ) && ( ! $global_perms [ $permission ][ 2 ]) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_IGNORED ))
return false ;
}
2013-01-24 22:31:57 +00:00
// Check if this $uid is actually the $observer_xchan
2012-10-29 01:50:35 +00:00
2013-01-24 22:31:57 +00:00
if ( $r [ 0 ][ 'channel_hash' ] === $observer_xchan )
2012-10-29 01:50:35 +00:00
return true ;
2012-11-02 05:23:13 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_PUBLIC )
return true ;
2012-10-29 01:50:35 +00:00
// If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set
2013-01-24 22:31:57 +00:00
if ( ! $observer_xchan ) {
2012-11-02 05:23:13 +00:00
return false ;
2012-10-29 01:50:35 +00:00
}
// If we're still here, we have an observer, which means they're in the network.
if ( $r [ 0 ][ $channel_perm ] & PERMS_NETWORK )
return true ;
// If PERMS_SITE is specified, find out if they've got an account on this hub
if ( $r [ 0 ][ $channel_perm ] & PERMS_SITE ) {
$c = q ( " select channel_hash from channel where channel_hash = '%s' limit 1 " ,
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan )
2012-10-29 01:50:35 +00:00
);
if ( $c )
return true ;
return false ;
}
2012-12-11 04:09:19 +00:00
if ( ! $x ) {
2012-10-29 01:50:35 +00:00
return false ;
2012-12-11 04:09:19 +00:00
}
2012-10-29 01:50:35 +00:00
2013-06-15 22:45:54 +00:00
if ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_PENDING ) {
return false ;
}
2012-10-29 01:50:35 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_CONTACTS ) {
return true ;
}
// Permission granted to certain channels. Let's see if the observer is one of them
2012-12-11 04:09:19 +00:00
if (( $r ) && $r [ 0 ][ $channel_perm ] & PERMS_SPECIFIC ) {
2012-10-29 01:50:35 +00:00
if ( $x [ 0 ][ 'abook_my_perms' ] & $global_perms [ $permission ][ 1 ])
return true ;
}
2013-02-19 22:22:10 +00:00
2012-10-29 01:50:35 +00:00
// No permissions allowed.
return false ;
}
2013-01-14 02:35:12 +00:00
// Check a simple array of observers against a permissions
// return a simple array of those with permission
function check_list_permissions ( $uid , $arr , $perm ) {
$result = array ();
if ( $arr )
foreach ( $arr as $x )
2013-01-14 07:16:04 +00:00
if ( perm_is_allowed ( $uid , $x , $perm ))
2013-01-14 02:35:12 +00:00
$result [] = $x ;
return ( $result );
}
2012-10-29 01:50:35 +00:00
2013-08-19 03:20:03 +00:00
function site_default_perms () {
$typical = array (
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_photos' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_photos' => 0 ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => 0 ,
'write_pages' => 0 ,
'delegate' => 0 ,
);
$global_perms = get_perms ();
$ret = array ();
foreach ( $global_perms as $perm => $v ) {
$x = get_config ( 'default_perms' , $perm );
if ( $x === false )
$x = $typical [ $perm ];
$ret [ $perm ] = $x ;
}
return $ret ;
}