From d8225a97b1cf4ceeb95c387b271f5d9acbbb73be Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Thu, 12 May 2022 14:14:08 -0700 Subject: [PATCH 1/2] more issues with deliver_stream permission --- include/import.php | 1 + include/items.php | 8 ++++---- include/permissions.php | 24 ++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/include/import.php b/include/import.php index 720803180..c9e7cea09 100644 --- a/include/import.php +++ b/include/import.php @@ -176,6 +176,7 @@ function import_config($channel, $configs) } set_pconfig($channel['channel_id'], $config['cat'], $config['k'], $config['v']); } + set_pconfig($channel['channel_id'], 'perm_limits', 'deliver_stream', PERMS_SPECIFIC); load_pconfig($channel['channel_id']); $permissions_role = get_pconfig($channel['channel_id'], 'system', 'permissions_role'); diff --git a/include/items.php b/include/items.php index ad2fb39ec..caa69d89b 100644 --- a/include/items.php +++ b/include/items.php @@ -161,11 +161,11 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { // This is a somewhat expensive operation but important. // Don't send this item to anybody who doesn't have the deliver_stream permission +logger('recip1: ' . print_r($recipients,true)); + $recipients = check_deliver_permissions($item['uid'],$recipients); +logger('recip2: ' . print_r($recipients,true)); - $recipients = check_list_permissions($item['uid'],$recipients,'deliver_stream'); - - - // add ourself just in case we have nomadic clones that need to get a copy. + // Add both the author and owner (if different). $recipients[] = $item['author_xchan']; diff --git a/include/permissions.php b/include/permissions.php index 05d3a0834..e062e7916 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -532,6 +532,30 @@ function check_list_permissions($uid, $arr, $perm) return($result); } +function check_deliver_permissions($uid, $arr) +{ + $result = []; + // Find actors we are not delivering to. + $r = q("select * from abconfig where uid = %d and cat = 'system' and k = 'my_perms' and v not like '%%deliver_stream%%'", + intval($uid) + ); + $disallowed = ids_to_array($r,'xchan'); + + // Filter the recipient list accordingly. + if ($arr) { + foreach ($arr as $x) { + if (! in_array($x, $disallowed)) { + $result[] = $x; + } + } + } + return($result); +} + + + + + /** * @brief Sets site wide default permissions. * From 2fa086d3d0b2c85c546b67767c08bd179925a628 Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Thu, 12 May 2022 14:15:32 -0700 Subject: [PATCH 2/2] version --- version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.php b/version.php index 4a7ed09bf..62656052e 100644 --- a/version.php +++ b/version.php @@ -1,2 +1,2 @@