2014-12-07 18:27:14 +00:00
< ? php
/**
2015-03-21 23:06:08 +00:00
* @ file include / permissions . php
2014-12-07 18:27:14 +00:00
*
* This file conntains functions to check and work with permissions .
*/
2012-10-29 01:50:35 +00:00
2014-12-07 18:27:14 +00:00
/**
* @ brief Return an array with all available permissions .
*
* These are channel specific permissions .
* The list of available permissions can get manipulated by the < i > hook </ i >
* < b > global_permissions </ b >.
*
* @ return array associative array containing all permissions
*/
2012-11-02 05:23:13 +00:00
function get_perms () {
2012-11-16 21:57:55 +00:00
// thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections
// for any given permission. Currently we use the boolean to disallow write access to "everybody", but we also want to be
// able to handle troublesome settings such as allowing channel_w_stream to anybody in the network. You can allow it, but
// there's no way to implement sending it.
2012-10-29 01:50:35 +00:00
$global_perms = array (
// Read only permissions
2014-08-08 00:14:11 +00:00
'view_stream' => array ( 'channel_r_stream' , intval ( PERMS_R_STREAM ), true , t ( 'Can view my normal stream and posts' ), '' ),
'view_profile' => array ( 'channel_r_profile' , intval ( PERMS_R_PROFILE ), true , t ( 'Can view my default channel profile' ), '' ),
'view_photos' => array ( 'channel_r_photos' , intval ( PERMS_R_PHOTOS ), true , t ( 'Can view my photo albums' ), '' ),
'view_contacts' => array ( 'channel_r_abook' , intval ( PERMS_R_ABOOK ), true , t ( 'Can view my connections' ), '' ),
2014-12-07 18:27:14 +00:00
'view_storage' => array ( 'channel_r_storage' , intval ( PERMS_R_STORAGE ), true , t ( 'Can view my file storage' ), '' ),
'view_pages' => array ( 'channel_r_pages' , intval ( PERMS_R_PAGES ), true , t ( 'Can view my webpages' ), '' ),
2012-10-29 01:50:35 +00:00
// Write permissions
2012-11-09 01:33:38 +00:00
'send_stream' => array ( 'channel_w_stream' , intval ( PERMS_W_STREAM ), false , t ( 'Can send me their channel stream and posts' ), '' ),
'post_wall' => array ( 'channel_w_wall' , intval ( PERMS_W_WALL ), false , t ( 'Can post on my channel page ("wall")' ), '' ),
2014-07-18 03:54:30 +00:00
'post_comments' => array ( 'channel_w_comment' , intval ( PERMS_W_COMMENT ), false , t ( 'Can comment on or like my posts' ), '' ),
2012-11-09 01:33:38 +00:00
'post_mail' => array ( 'channel_w_mail' , intval ( PERMS_W_MAIL ), false , t ( 'Can send me private mail messages' ), '' ),
'post_photos' => array ( 'channel_w_photos' , intval ( PERMS_W_PHOTOS ), false , t ( 'Can post photos to my photo albums' ), '' ),
2014-12-07 18:27:14 +00:00
'post_like' => array ( 'channel_w_like' , intval ( PERMS_W_LIKE ), false , t ( 'Can like/dislike stuff' ), t ( 'Profiles and things other than posts/comments' )),
2014-07-18 03:54:30 +00:00
2013-07-15 10:12:51 +00:00
'tag_deliver' => array ( 'channel_w_tagwall' , intval ( PERMS_W_TAGWALL ), false , t ( 'Can forward to all my channel contacts via post @mentions' ), t ( 'Advanced - useful for creating group forum channels' )),
2014-02-03 00:02:04 +00:00
'chat' => array ( 'channel_w_chat' , intval ( PERMS_W_CHAT ), false , t ( 'Can chat with me (when available)' ), t ( '' )),
2014-12-07 18:27:14 +00:00
'write_storage' => array ( 'channel_w_storage' , intval ( PERMS_W_STORAGE ), false , t ( 'Can write to my file storage' ), '' ),
'write_pages' => array ( 'channel_w_pages' , intval ( PERMS_W_PAGES ), false , t ( 'Can edit my webpages' ), '' ),
2012-12-22 11:33:12 +00:00
2014-12-07 18:27:14 +00:00
'republish' => array ( 'channel_a_republish' , intval ( PERMS_A_REPUBLISH ), false , t ( 'Can source my public posts in derived channels' ), t ( 'Somewhat advanced - very useful in open communities' )),
2014-05-01 00:50:06 +00:00
2014-12-07 18:27:14 +00:00
'delegate' => array ( 'channel_a_delegate' , intval ( PERMS_A_DELEGATE ), false , t ( 'Can administer my channel resources' ), t ( 'Extremely advanced. Leave this alone unless you know what you are doing' )),
2012-10-29 01:50:35 +00:00
);
2013-02-19 22:22:10 +00:00
$ret = array ( 'global_permissions' => $global_perms );
2014-12-07 18:27:14 +00:00
call_hooks ( 'global_permissions' , $ret );
2013-02-19 22:22:10 +00:00
return $ret [ 'global_permissions' ];
2012-11-02 05:23:13 +00:00
}
2012-10-29 01:50:35 +00:00
2012-10-29 05:08:08 +00:00
/**
2013-01-24 22:31:57 +00:00
* get_all_perms ( $uid , $observer_xchan )
2012-10-29 05:08:08 +00:00
*
2014-12-07 18:27:14 +00:00
* @ param int $uid The channel_id associated with the resource owner
* @ param string $observer_xchan The xchan_hash representing the observer
* @ param bool $internal_use ( default true )
2012-10-29 05:08:08 +00:00
*
2014-12-07 18:27:14 +00:00
* @ returns array of all permissions , key is permission name , value is true or false
2012-10-29 05:08:08 +00:00
*/
2014-12-07 18:27:14 +00:00
function get_all_perms ( $uid , $observer_xchan , $internal_use = true ) {
2012-10-29 01:50:35 +00:00
2015-05-18 01:14:50 +00:00
$api = get_app () -> get_oauth_key ();
if ( $api )
return get_all_api_perms ( $uid , $api );
2012-11-02 05:23:13 +00:00
$global_perms = get_perms ();
2012-10-29 01:50:35 +00:00
// Save lots of individual lookups
$r = null ;
$c = null ;
$x = null ;
$channel_checked = false ;
$onsite_checked = false ;
$abook_checked = false ;
$ret = array ();
foreach ( $global_perms as $perm_name => $permission ) {
// First find out what the channel owner declared permissions to be.
$channel_perm = $permission [ 0 ];
if ( ! $channel_checked ) {
2012-11-02 03:47:32 +00:00
$r = q ( " select * from channel where channel_id = %d limit 1 " ,
2012-10-29 01:50:35 +00:00
intval ( $uid )
);
$channel_checked = true ;
}
2012-12-11 04:09:19 +00:00
// The uid provided doesn't exist. This would be a big fail.
2012-10-29 01:50:35 +00:00
if ( ! $r ) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
2012-12-11 04:09:19 +00:00
// Next we're going to check for blocked or ignored contacts.
// These take priority over all other settings.
2013-01-24 22:31:57 +00:00
if ( $observer_xchan ) {
2014-02-19 04:59:25 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_AUTHED ) {
$ret [ $perm_name ] = true ;
continue ;
}
2014-12-07 18:27:14 +00:00
2012-12-11 04:09:19 +00:00
if ( ! $abook_checked ) {
2014-02-18 02:23:01 +00:00
$x = q ( " select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
where abook_channel = % d and abook_xchan = '%s' and not ( abook_flags & % d ) > 0 limit 1 " ,
2012-12-11 04:09:19 +00:00
intval ( $uid ),
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan ),
2013-01-24 05:15:40 +00:00
intval ( ABOOK_FLAG_SELF )
2012-12-11 04:09:19 +00:00
);
2014-04-09 23:30:03 +00:00
if ( ! $x ) {
// not in address book, see if they've got an xchan
$y = q ( " select xchan_network from xchan where xchan_hash = '%s' limit 1 " ,
2014-12-07 18:27:14 +00:00
dbesc ( $observer_xchan )
2014-04-09 23:30:03 +00:00
);
}
2012-12-11 04:09:19 +00:00
$abook_checked = true ;
}
// If they're blocked - they can't read or write
2014-12-07 18:27:14 +00:00
2013-06-15 22:45:54 +00:00
if (( $x ) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_BLOCKED )) {
2012-12-11 04:09:19 +00:00
$ret [ $perm_name ] = false ;
continue ;
}
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
if (( $x ) && ( $internal_use ) && ( ! $global_perms [ $perm_name ][ 2 ]) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_IGNORED )) {
$ret [ $perm_name ] = false ;
continue ;
}
}
2014-07-04 02:34:00 +00:00
// system is blocked to anybody who is not authenticated
2014-12-07 18:27:14 +00:00
if (( ! $observer_xchan ) && intval ( get_config ( 'system' , 'block_public' ))) {
2014-07-04 02:34:00 +00:00
$ret [ $perm_name ] = false ;
continue ;
}
2013-01-24 22:31:57 +00:00
// Check if this $uid is actually the $observer_xchan - if it's your content
2012-12-11 04:09:19 +00:00
// you always have permission to do anything
2013-01-24 22:31:57 +00:00
if (( $observer_xchan ) && ( $r [ 0 ][ 'channel_hash' ] === $observer_xchan )) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
continue ;
}
2012-12-11 04:09:19 +00:00
// Anybody at all (that wasn't blocked or ignored). They have permission.
2012-11-02 05:23:13 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_PUBLIC ) {
$ret [ $perm_name ] = true ;
continue ;
}
2012-10-29 01:50:35 +00:00
2012-12-11 04:09:19 +00:00
// From here on out, we need to know who they are. If we can't figure it
// out, permission is denied.
2013-01-24 22:31:57 +00:00
if ( ! $observer_xchan ) {
2012-11-02 05:23:13 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
2014-02-18 02:23:01 +00:00
// If we're still here, we have an observer, check the network.
2012-10-29 01:50:35 +00:00
2014-04-09 23:30:03 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_NETWORK ) {
if (( $x && $x [ 0 ][ 'xchan_network' ] === 'zot' ) || ( $y && $y [ 0 ][ 'xchan_network' ] === 'zot' )) {
$ret [ $perm_name ] = true ;
continue ;
}
2012-10-29 01:50:35 +00:00
}
// If PERMS_SITE is specified, find out if they've got an account on this hub
if ( $r [ 0 ][ $channel_perm ] & PERMS_SITE ) {
if ( ! $onsite_checked ) {
$c = q ( " select channel_hash from channel where channel_hash = '%s' limit 1 " ,
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan )
2012-10-29 01:50:35 +00:00
);
$onsite_checked = true ;
}
2014-12-07 18:27:14 +00:00
2012-10-29 01:50:35 +00:00
if ( $c )
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
else
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
2014-12-07 18:27:14 +00:00
}
2012-10-29 01:50:35 +00:00
2014-06-17 07:26:18 +00:00
// From here on we require that the observer be a connection and
// handle whether we're allowing any, approved or specific ones
2012-10-29 01:50:35 +00:00
2012-12-11 04:09:19 +00:00
if ( ! $x ) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
2014-06-17 07:26:18 +00:00
2013-06-15 22:45:54 +00:00
// They are in your address book, but haven't been approved
2014-06-17 07:26:18 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_PENDING ) {
$ret [ $perm_name ] = true ;
continue ;
}
2013-06-15 22:45:54 +00:00
if ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_PENDING ) {
$ret [ $perm_name ] = false ;
continue ;
}
2012-10-29 01:50:35 +00:00
2014-06-17 07:26:18 +00:00
// They're a contact, so they have permission
2012-10-29 01:50:35 +00:00
2014-06-17 07:26:18 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_CONTACTS ) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
continue ;
}
// Permission granted to certain channels. Let's see if the observer is one of them
2014-06-17 07:26:18 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_SPECIFIC ) {
2012-12-11 04:09:19 +00:00
if (( $x [ 0 ][ 'abook_my_perms' ] & $global_perms [ $perm_name ][ 1 ])) {
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = true ;
2012-10-29 01:50:35 +00:00
continue ;
}
}
// No permissions allowed.
2012-11-01 03:53:02 +00:00
$ret [ $perm_name ] = false ;
2012-10-29 01:50:35 +00:00
continue ;
}
2013-05-18 08:25:54 +00:00
2013-02-19 22:22:10 +00:00
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permissions' => $ret );
2012-10-29 01:50:35 +00:00
2013-02-19 22:22:10 +00:00
call_hooks ( 'get_all_perms' , $arr );
2014-12-07 18:27:14 +00:00
2013-02-19 22:22:10 +00:00
return $arr [ 'permissions' ];
2012-10-29 01:50:35 +00:00
}
2014-12-07 18:27:14 +00:00
/**
* @ brief Checks if given permission is allowed for given observer on a channel .
*
* Checks if the given observer with the hash $observer_xchan has permission
* $permission on channel_id $uid .
* $permission is one defined in get_perms ();
*
* @ param int $uid The channel_id associated with the resource owner
* @ param string $observer_xchan The xchan_hash representing the observer
* @ param string $permission
* @ return bool true if permission is allowed for observer on channel
*/
function perm_is_allowed ( $uid , $observer_xchan , $permission ) {
2012-10-29 01:50:35 +00:00
2015-05-18 01:14:50 +00:00
$api = get_app () -> get_oauth_key ();
if ( $api )
return api_perm_is_allowed ( $uid , $api , $permission );
2013-02-19 22:22:10 +00:00
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permission' => $permission ,
'result' => false );
2014-12-07 18:27:14 +00:00
call_hooks ( 'perm_is_allowed' , $arr );
2013-02-19 22:22:10 +00:00
if ( $arr [ 'result' ])
return true ;
2012-11-02 05:23:13 +00:00
$global_perms = get_perms ();
2012-10-29 01:50:35 +00:00
// First find out what the channel owner declared permissions to be.
$channel_perm = $global_perms [ $permission ][ 0 ];
2014-11-20 00:29:35 +00:00
$r = q ( " select %s, channel_pageflags, channel_hash from channel where channel_id = %d limit 1 " ,
2012-10-29 01:50:35 +00:00
dbesc ( $channel_perm ),
intval ( $uid )
);
if ( ! $r )
return false ;
2013-01-24 22:31:57 +00:00
if ( $observer_xchan ) {
2014-02-19 04:59:25 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_AUTHED )
return true ;
2014-02-18 02:23:01 +00:00
$x = q ( " select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
where abook_channel = % d and abook_xchan = '%s' and not ( abook_flags & % d ) > 0 limit 1 " ,
2012-12-11 04:09:19 +00:00
intval ( $uid ),
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan ),
2013-01-24 05:15:40 +00:00
intval ( ABOOK_FLAG_SELF )
2012-12-11 04:09:19 +00:00
);
// If they're blocked - they can't read or write
2013-06-15 22:45:54 +00:00
if (( $x ) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_BLOCKED ))
2012-12-11 04:09:19 +00:00
return false ;
2014-12-07 18:27:14 +00:00
2012-12-11 04:09:19 +00:00
if (( $x ) && ( ! $global_perms [ $permission ][ 2 ]) && ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_IGNORED ))
return false ;
2014-04-09 23:30:03 +00:00
if ( ! $x ) {
// not in address book, see if they've got an xchan
$y = q ( " select xchan_network from xchan where xchan_hash = '%s' limit 1 " ,
2014-12-07 18:27:14 +00:00
dbesc ( $observer_xchan )
2014-04-09 23:30:03 +00:00
);
}
2012-12-11 04:09:19 +00:00
}
2014-07-04 02:34:00 +00:00
// system is blocked to anybody who is not authenticated
2014-12-07 18:27:14 +00:00
if (( ! $observer_xchan ) && intval ( get_config ( 'system' , 'block_public' )))
2014-07-04 02:34:00 +00:00
return false ;
2013-01-24 22:31:57 +00:00
// Check if this $uid is actually the $observer_xchan
2012-10-29 01:50:35 +00:00
2013-01-24 22:31:57 +00:00
if ( $r [ 0 ][ 'channel_hash' ] === $observer_xchan )
2012-10-29 01:50:35 +00:00
return true ;
2012-11-02 05:23:13 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_PUBLIC )
return true ;
2012-10-29 01:50:35 +00:00
// If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set
2013-01-24 22:31:57 +00:00
if ( ! $observer_xchan ) {
2012-11-02 05:23:13 +00:00
return false ;
2012-10-29 01:50:35 +00:00
}
2014-02-18 02:23:01 +00:00
// If we're still here, we have an observer, check the network.
2012-10-29 01:50:35 +00:00
2014-04-09 23:30:03 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_NETWORK ) {
if (( $x && $x [ 0 ][ 'xchan_network' ] === 'zot' ) || ( $y && $y [ 0 ][ 'xchan_network' ] === 'zot' ))
return true ;
}
2012-10-29 01:50:35 +00:00
// If PERMS_SITE is specified, find out if they've got an account on this hub
if ( $r [ 0 ][ $channel_perm ] & PERMS_SITE ) {
$c = q ( " select channel_hash from channel where channel_hash = '%s' limit 1 " ,
2013-01-24 22:31:57 +00:00
dbesc ( $observer_xchan )
2012-10-29 01:50:35 +00:00
);
if ( $c )
return true ;
2014-12-07 18:27:14 +00:00
2012-10-29 01:50:35 +00:00
return false ;
2014-06-17 07:26:18 +00:00
}
// From here on we require that the observer be a connection and
// handle whether we're allowing any, approved or specific ones
2012-10-29 01:50:35 +00:00
2012-12-11 04:09:19 +00:00
if ( ! $x ) {
2012-10-29 01:50:35 +00:00
return false ;
2012-12-11 04:09:19 +00:00
}
2012-10-29 01:50:35 +00:00
2014-06-17 07:26:18 +00:00
// They are in your address book, but haven't been approved
if ( $r [ 0 ][ $channel_perm ] & PERMS_PENDING ) {
return true ;
}
2013-06-15 22:45:54 +00:00
if ( $x [ 0 ][ 'abook_flags' ] & ABOOK_FLAG_PENDING ) {
return false ;
}
2014-06-17 07:26:18 +00:00
// They're a contact, so they have permission
2012-10-29 01:50:35 +00:00
if ( $r [ 0 ][ $channel_perm ] & PERMS_CONTACTS ) {
return true ;
}
// Permission granted to certain channels. Let's see if the observer is one of them
2012-12-11 04:09:19 +00:00
if (( $r ) && $r [ 0 ][ $channel_perm ] & PERMS_SPECIFIC ) {
2012-10-29 01:50:35 +00:00
if ( $x [ 0 ][ 'abook_my_perms' ] & $global_perms [ $permission ][ 1 ])
return true ;
}
// No permissions allowed.
2014-12-07 18:27:14 +00:00
return false ;
2012-10-29 01:50:35 +00:00
}
2015-05-18 01:14:50 +00:00
function get_all_api_perms ( $uid , $api ) {
$global_perms = get_perms ();
$ret = array ();
$r = q ( " select * from xperm where xp_client = '%s' and xp_channel = %d " ,
dbesc ( $api ),
intval ( $uid )
);
if ( ! $r )
return false ;
$allow_all = false ;
$allowed = array ();
foreach ( $r as $rr ) {
if ( $rr [ 'xp_perm' ] === 'all' )
$allow_all = true ;
if ( ! in_array ( $rr [ 'xp_perm' ], $allowed ))
$allowed [] = $rr [ 'xp_perm' ];
}
foreach ( $global_perms as $perm_name => $permission ) {
if ( $allow_all || in_array ( $perm_name , $allowed ))
$ret [ $perm_name ] = true ;
else
$ret [ $perm_name ] = false ;
}
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permissions' => $ret );
call_hooks ( 'get_all_api_perms' , $arr );
return $arr [ 'permissions' ];
}
function api_perm_is_allowed ( $uid , $api , $permission ) {
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permission' => $permission ,
'result' => false
);
call_hooks ( 'api_perm_is_allowed' , $arr );
if ( $arr [ 'result' ])
return true ;
$r = q ( " select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' ) " ,
dbesc ( $api ),
intval ( $uid ),
dbesc ( $permission )
);
if ( ! $r )
return false ;
foreach ( $r as $rr ) {
if ( $rr [ 'xp_perm' ] === 'all' || $rr [ 'xp_perm' ] === $permission )
return true ;
}
return false ;
}
2012-10-29 01:50:35 +00:00
2013-01-14 02:35:12 +00:00
// Check a simple array of observers against a permissions
// return a simple array of those with permission
2014-12-07 18:27:14 +00:00
function check_list_permissions ( $uid , $arr , $perm ) {
2013-01-14 02:35:12 +00:00
$result = array ();
if ( $arr )
foreach ( $arr as $x )
2014-12-07 18:27:14 +00:00
if ( perm_is_allowed ( $uid , $x , $perm ))
2013-01-14 02:35:12 +00:00
$result [] = $x ;
2014-12-07 18:27:14 +00:00
2013-01-14 02:35:12 +00:00
return ( $result );
}
2012-10-29 01:50:35 +00:00
2014-12-07 18:27:14 +00:00
/**
* @ brief Sets site wide default permissions .
*
* @ return array
*/
2013-08-19 03:20:03 +00:00
function site_default_perms () {
2014-12-07 18:27:14 +00:00
$ret = array ();
2013-08-19 03:20:03 +00:00
$typical = array (
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_photos' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
2015-04-22 04:41:39 +00:00
'post_photos' => PERMS_SPECIFIC ,
2013-08-19 03:20:03 +00:00
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
2015-04-22 04:41:39 +00:00
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC ,
2014-07-18 03:54:30 +00:00
'post_like' => PERMS_NETWORK
2013-08-19 03:20:03 +00:00
);
$global_perms = get_perms ();
foreach ( $global_perms as $perm => $v ) {
2014-12-07 18:27:14 +00:00
$x = get_config ( 'default_perms' , $perm );
2013-08-19 03:20:03 +00:00
if ( $x === false )
$x = $typical [ $perm ];
$ret [ $perm ] = $x ;
}
2014-12-07 18:27:14 +00:00
2013-08-19 03:20:03 +00:00
return $ret ;
}
2014-08-18 05:53:00 +00:00
/**
2015-03-21 23:06:08 +00:00
* @ brief Return an array of all permissions for this role .
*
* Given a string for the channel role ( 'social' , 'forum' , etc )
2014-08-18 05:53:00 +00:00
* return an array of all permission fields pre - filled for this role .
2014-09-18 00:59:46 +00:00
* This includes the channel permission scope indicators ( anything beginning with 'channel_' ) as well as
2015-03-21 23:06:08 +00:00
* * perms_auto : true or false to create auto - permissions for this channel
* * perms_follow : The permissions to apply when initiating a connection request to another channel
* * perms_accept : The permissions to apply when accepting a connection request from another channel ( not automatic )
* * default_collection : true or false to make the default ACL include the channel ' s default collection
* * directory_publish : true or false to publish this channel in the directory
2014-08-18 05:53:00 +00:00
* Any attributes may be extended ( new roles defined ) and modified ( specific permissions altered ) by plugins
*
2015-03-21 23:06:08 +00:00
* @ param string $role
* @ return array
2014-08-18 05:53:00 +00:00
*/
function get_role_perms ( $role ) {
$ret = array ();
$ret [ 'role' ] = $role ;
switch ( $role ) {
case 'social' :
2014-09-18 00:59:46 +00:00
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = true ;
2014-08-18 05:53:00 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-08-18 05:53:00 +00:00
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
2014-08-18 05:53:00 +00:00
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-08-18 05:53:00 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-08-18 05:53:00 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-08-18 05:53:00 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_like' ] = PERMS_NETWORK ;
2014-09-18 02:46:55 +00:00
2014-12-07 18:27:14 +00:00
break ;
2014-09-18 02:46:55 +00:00
case 'social_restricted' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = true ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = true ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_like' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
2014-12-07 18:27:14 +00:00
break ;
2014-09-18 02:46:55 +00:00
case 'social_private' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = false ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = false ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_r_abook' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_like' ] = PERMS_SPECIFIC ;
2014-12-07 18:27:14 +00:00
2014-09-18 02:46:55 +00:00
break ;
2014-09-18 04:16:15 +00:00
case 'forum' :
2014-09-18 02:46:55 +00:00
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = false ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE | PERMS_W_TAGWALL ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE | PERMS_W_TAGWALL ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_like' ] = PERMS_NETWORK ;
2014-12-07 18:27:14 +00:00
2014-09-18 02:46:55 +00:00
break ;
case 'forum_restricted' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = true ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = false ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE | PERMS_W_TAGWALL ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE | PERMS_W_TAGWALL ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_like' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
2014-12-07 18:27:14 +00:00
break ;
2014-09-18 02:46:55 +00:00
case 'forum_private' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = false ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = false ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_r_profile' ] = PERMS_SPECIFIC ;
$ret [ 'channel_r_photos' ] = PERMS_SPECIFIC ;
$ret [ 'channel_r_abook' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_r_storage' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_r_pages' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_like' ] = PERMS_SPECIFIC ;
2014-12-07 18:27:14 +00:00
2014-09-18 02:46:55 +00:00
break ;
case 'feed' :
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = false ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_NETWORK ;
$ret [ 'channel_w_like' ] = PERMS_NETWORK ;
2014-12-07 18:27:14 +00:00
2014-09-18 02:46:55 +00:00
break ;
case 'feed_restricted' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = false ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = false ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_W_LIKE ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-04-22 04:41:39 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_like' ] = PERMS_NETWORK ;
2014-12-07 18:27:14 +00:00
2014-09-18 02:46:55 +00:00
break ;
case 'soapbox' :
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
2014-09-18 04:52:30 +00:00
$ret [ 'online' ] = false ;
2014-09-18 02:46:55 +00:00
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_R_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
2014-12-07 18:27:14 +00:00
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-09-18 02:46:55 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_like' ] = PERMS_NETWORK ;
2014-12-07 18:27:14 +00:00
2014-09-18 02:46:55 +00:00
break ;
2014-10-27 23:19:30 +00:00
case 'repository' :
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = false ;
$ret [ 'perms_follow' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_W_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE | PERMS_W_TAGWALL ;
$ret [ 'perms_accept' ] = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK
| PERMS_W_STREAM | PERMS_W_WALL | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT
| PERMS_R_STORAGE | PERMS_W_STORAGE | PERMS_R_PAGES | PERMS_A_REPUBLISH | PERMS_W_LIKE | PERMS_W_TAGWALL ;
$ret [ 'channel_r_stream' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_profile' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_photos' ] = PERMS_PUBLIC ;
$ret [ 'channel_r_abook' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_stream' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_wall' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_tagwall' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_comment' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_mail' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_photos' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_chat' ] = PERMS_SPECIFIC ;
2015-03-21 01:50:45 +00:00
$ret [ 'channel_a_delegate' ] = PERMS_SPECIFIC ;
2014-10-27 23:19:30 +00:00
$ret [ 'channel_r_storage' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_storage' ] = PERMS_SPECIFIC ;
2014-10-27 23:19:30 +00:00
$ret [ 'channel_r_pages' ] = PERMS_PUBLIC ;
2014-12-26 08:09:34 +00:00
$ret [ 'channel_w_pages' ] = PERMS_SPECIFIC ;
2014-10-27 23:19:30 +00:00
$ret [ 'channel_a_republish' ] = PERMS_SPECIFIC ;
$ret [ 'channel_w_like' ] = PERMS_NETWORK ;
2014-12-07 18:27:14 +00:00
break ;
2014-10-27 23:19:30 +00:00
2014-09-18 02:46:55 +00:00
default :
break ;
2014-08-18 05:53:00 +00:00
}
2014-09-30 06:36:41 +00:00
$x = get_config ( 'system' , 'role_perms' );
// let system settings over-ride any or all
if ( $x && is_array ( $x ) && array_key_exists ( $role , $x ))
$ret = array_merge ( $ret , $x [ $role ]);
2014-08-18 05:53:00 +00:00
call_hooks ( 'get_role_perms' , $ret );
return $ret ;
}
2014-12-07 18:27:14 +00:00
/**
2015-03-21 23:06:08 +00:00
* @ brief Returns a list or roles , grouped by type .
2014-12-07 18:27:14 +00:00
*
2015-01-01 14:54:16 +00:00
* @ return string Returns an array of roles , grouped by type
2014-12-07 18:27:14 +00:00
*/
2015-01-01 14:54:16 +00:00
function get_roles () {
2014-09-18 04:16:15 +00:00
$roles = array (
2015-01-01 14:54:16 +00:00
t ( 'Social Networking' ) => array ( 'social' => t ( 'Mostly Public' ), 'social_restricted' => t ( 'Restricted' ), 'social_private' => t ( 'Private' )),
t ( 'Community Forum' ) => array ( 'forum' => t ( 'Mostly Public' ), 'forum_restricted' => t ( 'Restricted' ), 'forum_private' => t ( 'Private' )),
t ( 'Feed Republish' ) => array ( 'feed' => t ( 'Mostly Public' ), 'feed_restricted' => t ( 'Restricted' )),
t ( 'Special Purpose' ) => array ( 'soapbox' => t ( 'Celebrity/Soapbox' ), 'repository' => t ( 'Group Repository' )),
2015-03-21 23:06:08 +00:00
t ( 'Other' ) => array ( 'custom' => t ( 'Custom/Expert Mode' ))
);
2014-09-18 04:16:15 +00:00
2015-01-01 14:54:16 +00:00
return $roles ;
2014-12-07 18:27:14 +00:00
}
