2014-12-07 18:27:14 +00:00
|
|
|
<?php
|
2016-08-01 01:08:41 +00:00
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
use Zotlabs\Access\Permissions;
|
|
|
|
|
use Zotlabs\Access\PermissionLimits;
|
|
|
|
|
|
2016-08-01 01:08:41 +00:00
|
|
|
require_once('include/security.php');
|
|
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
/**
|
2015-03-21 23:06:08 +00:00
|
|
|
* @file include/permissions.php
|
2014-12-07 18:27:14 +00:00
|
|
|
*
|
|
|
|
|
* This file conntains functions to check and work with permissions.
|
2016-09-01 03:29:32 +00:00
|
|
|
*
|
2014-12-07 18:27:14 +00:00
|
|
|
*/
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2016-09-01 03:29:32 +00:00
|
|
|
|
|
|
|
|
|
2012-10-29 05:08:08 +00:00
|
|
|
/**
|
2013-01-24 22:31:57 +00:00
|
|
|
* get_all_perms($uid,$observer_xchan)
|
2012-10-29 05:08:08 +00:00
|
|
|
*
|
2014-12-07 18:27:14 +00:00
|
|
|
* @param int $uid The channel_id associated with the resource owner
|
|
|
|
|
* @param string $observer_xchan The xchan_hash representing the observer
|
2018-07-31 00:41:37 +00:00
|
|
|
* @param bool $check_siteblock (default true)
|
|
|
|
|
* if false, bypass check for "Block Public" on the site
|
|
|
|
|
* @param bool $default_ignored (default true)
|
|
|
|
|
* if false, lie and pretend the ignored person has permissions you are ignoring (used in channel discovery)
|
2012-10-29 05:08:08 +00:00
|
|
|
*
|
2014-12-07 18:27:14 +00:00
|
|
|
* @returns array of all permissions, key is permission name, value is true or false
|
2012-10-29 05:08:08 +00:00
|
|
|
*/
|
2018-07-31 00:41:37 +00:00
|
|
|
function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ignored = true) {
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2016-03-31 23:06:03 +00:00
|
|
|
$api = App::get_oauth_key();
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($api) {
|
2015-05-18 01:14:50 +00:00
|
|
|
return get_all_api_perms($uid,$api);
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
|
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$global_perms = Permissions::Perms();
|
2012-10-29 01:50:35 +00:00
|
|
|
|
|
|
|
|
// Save lots of individual lookups
|
|
|
|
|
|
|
|
|
|
$r = null;
|
|
|
|
|
$c = null;
|
|
|
|
|
$x = null;
|
|
|
|
|
|
|
|
|
|
$channel_checked = false;
|
|
|
|
|
$onsite_checked = false;
|
|
|
|
|
$abook_checked = false;
|
|
|
|
|
|
2021-03-15 05:10:44 +00:00
|
|
|
$ret = [];
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2018-06-04 04:23:34 +00:00
|
|
|
$abperms = (($uid && $observer_xchan) ? get_abconfig($uid,$observer_xchan,'system','my_perms','') : '');
|
2016-07-10 04:08:02 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
foreach ($global_perms as $perm_name => $permission) {
|
2012-10-29 01:50:35 +00:00
|
|
|
|
|
|
|
|
// First find out what the channel owner declared permissions to be.
|
|
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$channel_perm = intval(PermissionLimits::Get($uid,$perm_name));
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (! $channel_checked) {
|
2012-11-02 03:47:32 +00:00
|
|
|
$r = q("select * from channel where channel_id = %d limit 1",
|
2012-10-29 01:50:35 +00:00
|
|
|
intval($uid)
|
|
|
|
|
);
|
|
|
|
|
$channel_checked = true;
|
|
|
|
|
}
|
|
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
// The uid provided doesn't exist. This would be a big fail.
|
|
|
|
|
|
2012-10-29 01:50:35 +00:00
|
|
|
if(! $r) {
|
2012-11-01 03:53:02 +00:00
|
|
|
$ret[$perm_name] = false;
|
2012-10-29 01:50:35 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
// Next we're going to check for blocked or ignored contacts.
|
|
|
|
|
// These take priority over all other settings.
|
|
|
|
|
|
2013-01-24 22:31:57 +00:00
|
|
|
if($observer_xchan) {
|
2016-07-05 00:55:13 +00:00
|
|
|
if($channel_perm & PERMS_AUTHED) {
|
2014-02-19 04:59:25 +00:00
|
|
|
$ret[$perm_name] = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
if(! $abook_checked) {
|
2019-04-06 23:33:49 +00:00
|
|
|
$x = q("select abook_blocked, abook_ignored, abook_pending, xchan_network from abook
|
|
|
|
|
left join xchan on abook_xchan = xchan_hash
|
2015-06-15 04:08:00 +00:00
|
|
|
where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1",
|
2012-12-11 04:09:19 +00:00
|
|
|
intval($uid),
|
2015-06-15 04:08:00 +00:00
|
|
|
dbesc($observer_xchan)
|
2012-12-11 04:09:19 +00:00
|
|
|
);
|
2016-07-10 04:08:02 +00:00
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
$abook_checked = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If they're blocked - they can't read or write
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2015-06-15 04:08:00 +00:00
|
|
|
if(($x) && intval($x[0]['abook_blocked'])) {
|
2012-12-11 04:09:19 +00:00
|
|
|
$ret[$perm_name] = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if this is a write permission and they are being ignored
|
|
|
|
|
// This flag is only visible internally.
|
|
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$blocked_anon_perms = Permissions::BlockedAnonPerms();
|
2016-07-05 00:55:13 +00:00
|
|
|
|
|
|
|
|
|
2018-07-31 00:41:37 +00:00
|
|
|
if(($x) && ($default_ignored) && in_array($perm_name,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
|
2012-12-11 04:09:19 +00:00
|
|
|
$ret[$perm_name] = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-04 02:34:00 +00:00
|
|
|
// system is blocked to anybody who is not authenticated
|
|
|
|
|
|
2018-07-31 00:41:37 +00:00
|
|
|
if(($check_siteblock) && (! $observer_xchan) && intval(get_config('system', 'block_public'))) {
|
2014-07-04 02:34:00 +00:00
|
|
|
$ret[$perm_name] = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-24 22:31:57 +00:00
|
|
|
// Check if this $uid is actually the $observer_xchan - if it's your content
|
2012-12-11 04:09:19 +00:00
|
|
|
// you always have permission to do anything
|
2016-03-09 08:46:17 +00:00
|
|
|
// if you've moved elsewhere, you will only have read only access
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2013-01-24 22:31:57 +00:00
|
|
|
if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) {
|
2019-06-08 23:53:05 +00:00
|
|
|
|
2016-07-05 00:55:13 +00:00
|
|
|
if($r[0]['channel_moved'] && (in_array($perm_name,$blocked_anon_perms)))
|
2016-03-09 08:46:17 +00:00
|
|
|
$ret[$perm_name] = false;
|
|
|
|
|
else
|
|
|
|
|
$ret[$perm_name] = true;
|
2019-06-08 23:53:05 +00:00
|
|
|
// moderated is a negative permission, don't moderate your own posts
|
|
|
|
|
if($perm_name === 'moderated')
|
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
|
|
2012-10-29 01:50:35 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
// Anybody at all (that wasn't blocked or ignored). They have permission.
|
|
|
|
|
|
2016-07-05 00:55:13 +00:00
|
|
|
if($channel_perm & PERMS_PUBLIC) {
|
2012-11-02 05:23:13 +00:00
|
|
|
$ret[$perm_name] = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
// From here on out, we need to know who they are. If we can't figure it
|
|
|
|
|
// out, permission is denied.
|
|
|
|
|
|
2013-01-24 22:31:57 +00:00
|
|
|
if(! $observer_xchan) {
|
2012-11-02 05:23:13 +00:00
|
|
|
$ret[$perm_name] = false;
|
2012-10-29 01:50:35 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-18 02:23:01 +00:00
|
|
|
// If we're still here, we have an observer, check the network.
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2016-07-05 00:55:13 +00:00
|
|
|
if($channel_perm & PERMS_NETWORK) {
|
2021-10-28 08:55:09 +00:00
|
|
|
if($x && in_array($x[0]['xchan_network'],['nomad','zot6'])) {
|
2014-04-09 23:30:03 +00:00
|
|
|
$ret[$perm_name] = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If PERMS_SITE is specified, find out if they've got an account on this hub
|
|
|
|
|
|
2016-07-05 00:55:13 +00:00
|
|
|
if($channel_perm & PERMS_SITE) {
|
2012-10-29 01:50:35 +00:00
|
|
|
if(! $onsite_checked) {
|
|
|
|
|
$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
|
2013-01-24 22:31:57 +00:00
|
|
|
dbesc($observer_xchan)
|
2012-10-29 01:50:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$onsite_checked = true;
|
|
|
|
|
}
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2012-10-29 01:50:35 +00:00
|
|
|
if($c)
|
2012-11-01 03:53:02 +00:00
|
|
|
$ret[$perm_name] = true;
|
2012-10-29 01:50:35 +00:00
|
|
|
else
|
2012-11-01 03:53:02 +00:00
|
|
|
$ret[$perm_name] = false;
|
2012-10-29 01:50:35 +00:00
|
|
|
|
|
|
|
|
continue;
|
2014-12-07 18:27:14 +00:00
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2014-06-17 07:26:18 +00:00
|
|
|
// From here on we require that the observer be a connection and
|
|
|
|
|
// handle whether we're allowing any, approved or specific ones
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
if(! $x) {
|
2012-11-01 03:53:02 +00:00
|
|
|
$ret[$perm_name] = false;
|
2012-10-29 01:50:35 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2014-06-17 07:26:18 +00:00
|
|
|
|
2013-06-15 22:45:54 +00:00
|
|
|
// They are in your address book, but haven't been approved
|
|
|
|
|
|
2019-04-06 23:33:49 +00:00
|
|
|
if($channel_perm & PERMS_PENDING) {
|
2014-06-17 07:26:18 +00:00
|
|
|
$ret[$perm_name] = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-15 04:08:00 +00:00
|
|
|
if(intval($x[0]['abook_pending'])) {
|
2013-06-15 22:45:54 +00:00
|
|
|
$ret[$perm_name] = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2014-06-17 07:26:18 +00:00
|
|
|
// They're a contact, so they have permission
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2019-04-06 23:33:49 +00:00
|
|
|
if($channel_perm & PERMS_CONTACTS) {
|
2012-11-01 03:53:02 +00:00
|
|
|
$ret[$perm_name] = true;
|
2012-10-29 01:50:35 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Permission granted to certain channels. Let's see if the observer is one of them
|
|
|
|
|
|
2016-07-05 00:55:13 +00:00
|
|
|
if($channel_perm & PERMS_SPECIFIC) {
|
2016-07-14 02:53:28 +00:00
|
|
|
if($abperms) {
|
2018-06-04 04:23:34 +00:00
|
|
|
$arr = explode(',',$abperms);
|
|
|
|
|
if($arr) {
|
2018-06-04 05:57:02 +00:00
|
|
|
if (in_array($perm_name,$arr)) {
|
2018-06-04 04:23:34 +00:00
|
|
|
$ret[$perm_name] = true;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$ret[$perm_name] = false;
|
2016-07-14 02:53:28 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-06-04 04:23:34 +00:00
|
|
|
continue;
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// No permissions allowed.
|
|
|
|
|
|
2012-11-01 03:53:02 +00:00
|
|
|
$ret[$perm_name] = false;
|
2012-10-29 01:50:35 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2013-05-18 08:25:54 +00:00
|
|
|
|
2013-02-19 22:22:10 +00:00
|
|
|
$arr = array(
|
|
|
|
|
'channel_id' => $uid,
|
|
|
|
|
'observer_hash' => $observer_xchan,
|
|
|
|
|
'permissions' => $ret);
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2013-02-19 22:22:10 +00:00
|
|
|
call_hooks('get_all_perms',$arr);
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2013-02-19 22:22:10 +00:00
|
|
|
return $arr['permissions'];
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Checks if given permission is allowed for given observer on a channel.
|
|
|
|
|
*
|
|
|
|
|
* Checks if the given observer with the hash $observer_xchan has permission
|
|
|
|
|
* $permission on channel_id $uid.
|
|
|
|
|
*
|
|
|
|
|
* @param int $uid The channel_id associated with the resource owner
|
|
|
|
|
* @param string $observer_xchan The xchan_hash representing the observer
|
|
|
|
|
* @param string $permission
|
2018-07-31 00:41:37 +00:00
|
|
|
* @param boolean $check_siteblock (default true)
|
|
|
|
|
* if false bypass check for "Block Public" at the site level
|
2014-12-07 18:27:14 +00:00
|
|
|
* @return bool true if permission is allowed for observer on channel
|
|
|
|
|
*/
|
2018-07-31 00:41:37 +00:00
|
|
|
function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = true) {
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2016-03-31 23:06:03 +00:00
|
|
|
$api = App::get_oauth_key();
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($api) {
|
2015-05-18 01:14:50 +00:00
|
|
|
return api_perm_is_allowed($uid,$api,$permission);
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
$arr = [
|
2013-02-19 22:22:10 +00:00
|
|
|
'channel_id' => $uid,
|
|
|
|
|
'observer_hash' => $observer_xchan,
|
|
|
|
|
'permission' => $permission,
|
2021-03-17 01:59:56 +00:00
|
|
|
'result' => 'unset'
|
|
|
|
|
];
|
2013-02-19 22:22:10 +00:00
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
call_hooks('perm_is_allowed', $arr);
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($arr['result'] !== 'unset') {
|
2017-04-03 03:03:27 +00:00
|
|
|
return $arr['result'];
|
|
|
|
|
}
|
2013-02-19 22:22:10 +00:00
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$global_perms = Permissions::Perms();
|
2012-10-29 01:50:35 +00:00
|
|
|
|
|
|
|
|
// First find out what the channel owner declared permissions to be.
|
|
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$channel_perm = PermissionLimits::Get($uid,$permission);
|
2020-06-09 23:33:50 +00:00
|
|
|
if ($channel_perm === false) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2016-07-05 04:33:25 +00:00
|
|
|
$r = q("select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1",
|
2012-10-29 01:50:35 +00:00
|
|
|
intval($uid)
|
|
|
|
|
);
|
2021-03-17 01:59:56 +00:00
|
|
|
if (! $r) {
|
2012-10-29 01:50:35 +00:00
|
|
|
return false;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2016-07-10 02:03:29 +00:00
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$blocked_anon_perms = Permissions::BlockedAnonPerms();
|
2016-07-10 02:03:29 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($observer_xchan) {
|
|
|
|
|
if ($channel_perm & PERMS_AUTHED) {
|
2014-02-19 04:59:25 +00:00
|
|
|
return true;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2014-02-19 04:59:25 +00:00
|
|
|
|
2018-08-20 03:39:23 +00:00
|
|
|
$x = q("select abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
|
2015-06-15 04:08:00 +00:00
|
|
|
where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1",
|
2012-12-11 04:09:19 +00:00
|
|
|
intval($uid),
|
2015-06-15 04:08:00 +00:00
|
|
|
dbesc($observer_xchan)
|
2012-12-11 04:09:19 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// If they're blocked - they can't read or write
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (($x) && intval($x[0]['abook_blocked'])) {
|
2012-12-11 04:09:19 +00:00
|
|
|
return false;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
|
2012-12-11 04:09:19 +00:00
|
|
|
return false;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2018-06-04 04:23:34 +00:00
|
|
|
$abperms = get_abconfig($uid,$observer_xchan,'system','my_perms','');
|
2012-12-11 04:09:19 +00:00
|
|
|
}
|
2016-07-05 04:33:25 +00:00
|
|
|
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2014-07-04 02:34:00 +00:00
|
|
|
// system is blocked to anybody who is not authenticated
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (($check_siteblock) && (! $observer_xchan) && intval(get_config('system', 'block_public'))) {
|
2014-07-04 02:34:00 +00:00
|
|
|
return false;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2014-07-04 02:34:00 +00:00
|
|
|
|
2013-01-24 22:31:57 +00:00
|
|
|
// Check if this $uid is actually the $observer_xchan
|
2016-03-09 08:46:17 +00:00
|
|
|
// you will have full access unless the channel was moved -
|
|
|
|
|
// in which case you will have read_only access
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($r[0]['channel_hash'] === $observer_xchan) {
|
2019-06-08 23:53:05 +00:00
|
|
|
// moderated is a negative permission
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($permission === 'moderated') {
|
2019-06-08 23:53:05 +00:00
|
|
|
return false;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
|
|
|
|
if ($r[0]['channel_moved'] && (in_array($permission,$blocked_anon_perms))) {
|
2016-03-09 08:46:17 +00:00
|
|
|
return false;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
|
|
|
|
else {
|
2016-03-09 08:46:17 +00:00
|
|
|
return true;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2016-03-09 08:46:17 +00:00
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($channel_perm & PERMS_PUBLIC) {
|
2012-11-02 05:23:13 +00:00
|
|
|
return true;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2012-11-02 05:23:13 +00:00
|
|
|
|
2012-10-29 01:50:35 +00:00
|
|
|
// If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (! $observer_xchan) {
|
2012-11-02 05:23:13 +00:00
|
|
|
return false;
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-18 02:23:01 +00:00
|
|
|
// If we're still here, we have an observer, check the network.
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($channel_perm & PERMS_NETWORK) {
|
2021-10-28 08:55:09 +00:00
|
|
|
if ($x && in_array($x[0]['xchan_network'],['nomad','zot6'])) {
|
2014-04-09 23:30:03 +00:00
|
|
|
return true;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2014-04-09 23:30:03 +00:00
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
|
|
|
|
// If PERMS_SITE is specified, find out if they've got an account on this hub
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($channel_perm & PERMS_SITE) {
|
2012-10-29 01:50:35 +00:00
|
|
|
$c = q("select channel_hash from channel where channel_hash = '%s' limit 1",
|
2013-01-24 22:31:57 +00:00
|
|
|
dbesc($observer_xchan)
|
2012-10-29 01:50:35 +00:00
|
|
|
);
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($c) {
|
2012-10-29 01:50:35 +00:00
|
|
|
return true;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
return false;
|
2014-06-17 07:26:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// From here on we require that the observer be a connection and
|
|
|
|
|
// handle whether we're allowing any, approved or specific ones
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (! $x) {
|
2012-10-29 01:50:35 +00:00
|
|
|
return false;
|
2012-12-11 04:09:19 +00:00
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2014-06-17 07:26:18 +00:00
|
|
|
// They are in your address book, but haven't been approved
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($channel_perm & PERMS_PENDING) {
|
2014-06-17 07:26:18 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (intval($x[0]['abook_pending'])) {
|
2013-06-15 22:45:54 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-17 07:26:18 +00:00
|
|
|
// They're a contact, so they have permission
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($channel_perm & PERMS_CONTACTS) {
|
2012-10-29 01:50:35 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Permission granted to certain channels. Let's see if the observer is one of them
|
|
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if (($r) && ($channel_perm & PERMS_SPECIFIC)) {
|
|
|
|
|
if ($abperms) {
|
2018-06-04 04:23:34 +00:00
|
|
|
$arr = explode(',',$abperms);
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($arr) {
|
2018-06-05 06:19:16 +00:00
|
|
|
if (in_array($permission,$arr)) {
|
2018-06-04 04:23:34 +00:00
|
|
|
return true;
|
2016-07-14 03:23:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-07-05 04:33:25 +00:00
|
|
|
}
|
2018-06-04 04:23:34 +00:00
|
|
|
return false;
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// No permissions allowed.
|
|
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
return false;
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
|
2015-05-18 01:14:50 +00:00
|
|
|
function get_all_api_perms($uid,$api) {
|
|
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$global_perms = Permissions::Perms();
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2021-03-15 05:10:44 +00:00
|
|
|
$ret = [];
|
2015-05-18 01:14:50 +00:00
|
|
|
|
|
|
|
|
$r = q("select * from xperm where xp_client = '%s' and xp_channel = %d",
|
|
|
|
|
dbesc($api),
|
|
|
|
|
intval($uid)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if(! $r)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
$allow_all = false;
|
2021-03-15 05:10:44 +00:00
|
|
|
$allowed = [];
|
2015-05-18 01:14:50 +00:00
|
|
|
foreach($r as $rr) {
|
|
|
|
|
if($rr['xp_perm'] === 'all')
|
|
|
|
|
$allow_all = true;
|
|
|
|
|
if(! in_array($rr['xp_perm'],$allowed))
|
|
|
|
|
$allowed[] = $rr['xp_perm'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach($global_perms as $perm_name => $permission) {
|
|
|
|
|
if($allow_all || in_array($perm_name,$allowed))
|
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
|
else
|
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arr = array(
|
|
|
|
|
'channel_id' => $uid,
|
|
|
|
|
'observer_hash' => $observer_xchan,
|
|
|
|
|
'permissions' => $ret);
|
|
|
|
|
|
|
|
|
|
call_hooks('get_all_api_perms',$arr);
|
|
|
|
|
|
|
|
|
|
return $arr['permissions'];
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function api_perm_is_allowed($uid,$api,$permission) {
|
|
|
|
|
|
|
|
|
|
$arr = array(
|
|
|
|
|
'channel_id' => $uid,
|
|
|
|
|
'observer_hash' => $observer_xchan,
|
|
|
|
|
'permission' => $permission,
|
|
|
|
|
'result' => false
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
call_hooks('api_perm_is_allowed', $arr);
|
|
|
|
|
if($arr['result'])
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
$r = q("select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )",
|
|
|
|
|
dbesc($api),
|
|
|
|
|
intval($uid),
|
|
|
|
|
dbesc($permission)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if(! $r)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
foreach($r as $rr) {
|
|
|
|
|
if($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2013-01-14 02:35:12 +00:00
|
|
|
// Check a simple array of observers against a permissions
|
|
|
|
|
// return a simple array of those with permission
|
|
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
function check_list_permissions($uid, $arr, $perm) {
|
2021-03-15 05:10:44 +00:00
|
|
|
$result = [];
|
2013-01-14 02:35:12 +00:00
|
|
|
if($arr)
|
|
|
|
|
foreach($arr as $x)
|
2014-12-07 18:27:14 +00:00
|
|
|
if(perm_is_allowed($uid, $x, $perm))
|
2013-01-14 02:35:12 +00:00
|
|
|
$result[] = $x;
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2013-01-14 02:35:12 +00:00
|
|
|
return($result);
|
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Sets site wide default permissions.
|
|
|
|
|
*
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
2013-08-19 03:20:03 +00:00
|
|
|
function site_default_perms() {
|
|
|
|
|
|
2021-03-15 05:10:44 +00:00
|
|
|
$ret = [];
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2013-08-19 03:20:03 +00:00
|
|
|
$typical = array(
|
|
|
|
|
'view_stream' => PERMS_PUBLIC,
|
|
|
|
|
'view_profile' => PERMS_PUBLIC,
|
|
|
|
|
'view_contacts' => PERMS_PUBLIC,
|
|
|
|
|
'view_storage' => PERMS_PUBLIC,
|
|
|
|
|
'view_pages' => PERMS_PUBLIC,
|
2017-04-03 03:51:40 +00:00
|
|
|
'view_wiki' => PERMS_PUBLIC,
|
2013-08-19 03:20:03 +00:00
|
|
|
'send_stream' => PERMS_SPECIFIC,
|
|
|
|
|
'post_wall' => PERMS_SPECIFIC,
|
|
|
|
|
'post_comments' => PERMS_SPECIFIC,
|
|
|
|
|
'post_mail' => PERMS_SPECIFIC,
|
|
|
|
|
'tag_deliver' => PERMS_SPECIFIC,
|
|
|
|
|
'chat' => PERMS_SPECIFIC,
|
2015-04-22 04:41:39 +00:00
|
|
|
'write_storage' => PERMS_SPECIFIC,
|
|
|
|
|
'write_pages' => PERMS_SPECIFIC,
|
2017-04-03 03:51:40 +00:00
|
|
|
'write_wiki' => PERMS_SPECIFIC,
|
2015-04-22 04:41:39 +00:00
|
|
|
'delegate' => PERMS_SPECIFIC,
|
2014-07-18 03:54:30 +00:00
|
|
|
'post_like' => PERMS_NETWORK
|
2013-08-19 03:20:03 +00:00
|
|
|
);
|
|
|
|
|
|
2019-08-06 22:24:30 +00:00
|
|
|
$global_perms = Permissions::Perms();
|
2013-08-19 03:20:03 +00:00
|
|
|
|
|
|
|
|
foreach($global_perms as $perm => $v) {
|
2017-04-03 03:51:40 +00:00
|
|
|
$x = get_config('default_perms', $perm, $typical[$perm]);
|
2013-08-19 03:20:03 +00:00
|
|
|
$ret[$perm] = $x;
|
|
|
|
|
}
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2013-08-19 03:20:03 +00:00
|
|
|
return $ret;
|
|
|
|
|
}
|
2014-08-18 05:53:00 +00:00
|
|
|
|
|
|
|
|
|
2018-05-24 05:50:33 +00:00
|
|
|
function their_perms_contains($channel_id,$xchan_hash,$perm) {
|
|
|
|
|
$x = get_abconfig($channel_id,$xchan_hash,'system','their_perms');
|
|
|
|
|
if($x) {
|
|
|
|
|
$y = explode(',',$x);
|
|
|
|
|
if(in_array($perm,$y)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2018-10-25 06:00:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function my_perms_contains($channel_id,$xchan_hash,$perm) {
|
|
|
|
|
$x = get_abconfig($channel_id,$xchan_hash,'system','my_perms');
|
|
|
|
|
if($x) {
|
|
|
|
|
$y = explode(',',$x);
|
|
|
|
|
if(in_array($perm,$y)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2018-05-24 05:50:33 +00:00
|
|
|
}
|
