mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 01:15:13 +00:00
photos linked item visibility issue
This commit is contained in:
parent
1f5818cec8
commit
848e3f6c5d
2 changed files with 15 additions and 1 deletions
|
@ -4792,7 +4792,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
|
|||
if($arr['mid'])
|
||||
$sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' ";
|
||||
|
||||
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) ";
|
||||
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options $item_normal ) ";
|
||||
|
||||
if($arr['since_id'])
|
||||
$sql_extra .= " and item.id > " . $since_id . " ";
|
||||
|
|
|
@ -379,6 +379,20 @@ function photo_upload($channel, $observer, $args) {
|
|||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
$arr['body'] = (($object) ? $args['body'] : $body . "\r\n" . $args['body']);
|
||||
|
||||
|
||||
// this one is tricky because the item and the photo have the same permissions, those of the photo.
|
||||
// Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the
|
||||
// private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use
|
||||
// public policy when federating items to other sites, but should probably ignore them when accessing the item
|
||||
// in the photos pages - using the photos permissions instead. We need the public policy to keep the photo
|
||||
// linked item from leaking into the feed when somebody has a channel with read_stream restrictions.
|
||||
|
||||
$arr['public_policy'] = map_scope($channel['channel_r_stream'],true));
|
||||
if($arr['public_policy'])
|
||||
$arr['item_private'] = 1;
|
||||
|
||||
|
||||
|
||||
$result = item_store($arr);
|
||||
$item_id = $result['item_id'];
|
||||
|
||||
|
|
Loading…
Reference in a new issue