Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 13:35:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dev' of https://framagit.org/hubzilla/core into dev

Browse source
This commit is contained in:
Mario Vavti 2018-09-05 12:20:06 +02:00
commit 6667ba4172
2 changed files with 28 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Zotlabs/Module/Item.php
View file

@ -29,7 +29,7 @@ use \Zotlabs\Lib as Zlib;
class Item extends \Zotlabs\Web\Controller {
function post() {
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
@ -237,10 +237,12 @@ class Item extends \Zotlabs\Web\Controller {
if($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self']))
$can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
else
$can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
$can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
if (!$can_comment) {
if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])==1 )
$can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
}
if(! $can_comment) {
notice( t('Permission denied.') . EOL) ;

27
include/zot.php
View file

@ -1808,13 +1808,28 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
else {
$arr['item_wall'] = 0;
}
if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) {
logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
$DR->update('permission denied');
$result[] = $DR->get();
continue;
}
if ((! $tag_delivery) && (! $local_public)) {
$allowed = (perm_is_allowed($channel['channel_id'],$sender['hash'],$perm));
if((! $allowed) && $perm == 'post_comments') {
$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
dbesc($arr['parent_mid']),
intval($channel['channel_id'])
);
if ($parent) {
$allowed = can_comment_on_post($d['hash'],$parent[0]);
}
}
if (! $allowed) {
logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
$DR->update('permission denied');
$result[] = $DR->get();
continue;
}
}
if($arr['mid'] != $arr['parent_mid']) {