Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 04:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
29784 commits 7 branches 30 tags 160 MiB
Commit graph

185 commits

Author SHA1 Message Date
zotlabs
b106b53d05 don't translate 'guest:' since it is part of a url 2017-10-16 23:01:00 -07:00
zotlabs
a791809a84 ensure guests hve a unique (non-existent) url so that network discovery on remote servers doesn't come up mis-attributing the token. Future work should probably provide an actual page at this location describing it as a guest account of 'xyz'. 2017-10-16 22:31:38 -07:00
zotlabs
9d5b6858ea stream_perms_xchans wasn't working which has effects in mod_display and there are also issues with the oembed provider for mod_display. This is a first cut for the second but hasn't yet been tested 2017-08-21 02:01:41 -07:00
zotlabs
893ae17b99 provide ability to search webpages (either public or which contain the observer in the acl) in addition to conversations 2017-05-30 17:06:50 -07:00
zotlabs
c845d20352 ugly postgres fixes 2017-04-30 16:03:01 -07:00
zotlabs
ccdfbc721f Create virtual privacy groups for private profile member lists 2017-02-12 15:56:33 -08:00
zotlabs
5aa0017e91 provide lowlevel xchan storage function to ensure that all non-null rows are initialised 2017-01-28 15:01:19 -08:00
Klaus Weidenbach
7b41839ea8 [TASK] Update Doxyfile and fix Doxygen errors. 
Updated Doxyfile to include new folders.
Add a list for @hooks tags.
Fixed some parsing problems for Doxygen.
 2016-10-13 11:27:23 +02:00
zotlabs
e7233c0c94 more backquotes - this should take care of most except for the array import queries 2016-10-09 16:31:04 -07:00
redmatrix
b5d093e5ca finish the channel_reddress() conversion 2016-09-21 15:28:37 -07:00
redmatrix
3a7d3e3a54 This checkin should make all permission modes work correctly with atokens (they should be able to post content if allowed to). It also removes the strict linkage between permissions and connections so any individual permission can be set for any xchan; even those for which you have no connections. 2016-08-01 20:12:52 -07:00
redmatrix
86eb923f29 make guest access tokens work with PERMS_NETWORK, PERMS_SITE, PERMS_PENDING, and PERMS_CONTACTS; or everything but PERMS_SPECIFIC. PERMS_SITE could be contentious, but we're currently denying them as they are a guest and don't actually have a channel on this site. We can't easily make PERMS_SPECIFIC work without providing an abook entry for the guest since we would need to set specific permissions for the guest login, but unfortunately this could be the most desirable setting to use in many cases. There is also an update of hmessages.po in this commit. 2016-07-31 18:08:41 -07:00
redmatrix
6a56a509d3 Merge branch 'dev' into perms 2016-07-20 19:03:18 -07:00
redmatrix
3affb2e817 sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for. 2016-07-20 17:55:40 -07:00
redmatrix
de4f9d68bd Merge branch 'dev' into perms 2016-07-17 21:40:04 -07:00
redmatrix
397a23499d make the xchan_hash for the access token location independent 2016-07-14 21:28:17 -07:00
redmatrix
f3eb9af046 more ZAT work 2016-07-14 19:43:47 -07:00
redmatrix
e6c8614801 first cut at zot access tokens 2016-07-14 19:24:15 -07:00
redmatrix
f4e4e734de more work on perms 2016-07-12 21:47:24 -07:00
redmatrix
168d35747d use the get_hostname function rather than parse the url 2016-07-11 18:59:54 -07:00
redmatrix
833de9180e create change_channel hook 2016-07-11 13:46:06 -07:00
redmatrix
0cda431456 create miniApp to convert existing settings files to the static App class 2016-03-31 20:15:47 -07:00
redmatrix
9abd95fad3 static App 2016-03-31 16:06:03 -07:00
redmatrix
1cd3b41825 deprecate $a->get_baseurl() 2016-03-30 22:13:24 -07:00
redmatrix
32c23ef562 some minor cleanups 2016-03-10 15:43:59 -08:00
redmatrix
c95d7c69eb issue #216 - calendar sharing 2016-02-24 18:54:52 -08:00
redmatrix
a341c889b7 add oembed provider for photos 2016-01-31 15:55:27 -08:00
redmatrix
10ed334e8c various issues from the forums 2016-01-17 16:29:32 -08:00
redmatrix
f73c82632f some minor cleanup - change the default of the discover tab (public stream access) 2015-12-10 19:18:55 -08:00
redmatrix
8d5556764c add one more level of parentheses to ensure operator precedence is correctly evaluated 2015-09-28 20:03:11 -07:00
redmatrix
f965209eee check public scopes against visitor in item_permissions_sql() 2015-09-28 19:45:57 -07:00
redmatrix
2f52b6c164 Merge https://github.com/redmatrix/redmatrix into pending_merge 
Conflicts:
	util/messages.po
 2015-09-07 04:06:27 -07:00
redmatrix
1b09c64856 PRIVACY: item_private seems to have been removed from permissions_sql checking with an observer. 2015-09-07 03:59:38 -07:00
redmatrix
10406c6d15 Merge branch 'master' of https://github.com/redmatrix/redmatrix 2015-07-14 17:17:45 -07:00
redmatrix
46aacfe64d stream_perms_xchans() set to empty quoted string when no results rather than return an empty string 2015-07-14 17:15:53 -07:00
redmatrix
859a2ac8ef DB changes for some channel flags 2015-06-15 17:28:52 -07:00
redmatrix
6466774b6e PRIVACY: possible privacy leakage under a defined set of circumstances 2015-05-20 18:46:23 -07:00
friendica
c2acab21d4 improve performance of the zotfeed queries 2015-03-23 19:56:10 -07:00
Klaus Weidenbach
0d601563d0 Some cleanups and documentation. 
Fixed some wrong variable names.
Initialized some variables before using them.
Removed some checks for STATUSNET_PRIVACY_COMPATIBILITY in
include/security.php as it does not seem to be defined anywhere.
 2015-03-04 00:15:24 +01:00
friendica
e157371c39 remote_user => remote_channel 2015-01-28 20:58:59 -08:00
friendica
a496036066 local_user => local_channel 2015-01-28 20:56:04 -08:00
friendica
7f1a42340a Merge https://github.com/friendica/red into pending_merge 2014-12-10 16:26:36 -08:00
friendica
58067c24fc block adult channels from inclusion in public content feeds 2014-12-10 16:24:31 -08:00
Klaus Weidenbach
63646a1440 Some Doxygen comments and small cleanups. 2014-12-07 19:27:14 +01:00
Habeas Codice
1a5a5c7edb PostgreSQL support initial commit 
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.

These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.

Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
 2014-11-13 12:21:58 -08:00
Thomas Willingham
e3b967f475 Very, very cautiously let a developer switch to the sys chan if 
they're also an administrator.
 2014-09-15 03:59:04 +01:00
Thomas Willingham
b6612693b6 Bugger, revert - not only a dodgy cut and paste between terminals, but 
also pushed to the wrong repo
 2014-09-15 03:55:49 +01:00
Thomas Willingham
e3783dfdd4 Very, very cautiously, let a developer switch to the sys chan, if 
they're also an admin.
 2014-09-15 03:51:41 +01:00
friendica
20be358ec2 bad redirects 2014-09-11 23:01:58 -07:00
friendica
3a31ddea2b provide os_mkdir to workaround permission issues with php mkdir 2014-07-16 01:07:00 -07:00
Alexandre Hannud Abdo
b20887995a Implements a new permission level PERMS_PENDING 
With this a user can allow some action to any user which connects
to them, even before they've connected back.

Ref.
https://mobiliza.org.br/display/478d9e71eaf55748dc646d3990651d6d34cfb7db5c38360538ec730ca3ccf908@zothub.com

Also some code cleanup and an alternative logic for handling
notifications of permission changes in zot.php.

This assumes that private posts are still restricted to people in
your addressbook. Regardless of your global permissions, a
pending channel won't get private posts, even if the post
only has a deny clause not matching the pending channel.
 2014-06-19 15:13:32 -03:00
friendica
35d42f8626 access control modification functions (item specific - we may need these for several data types) 2014-06-17 19:21:46 -07:00
friendica
5d623f3a08 more easter eggs 2014-05-03 01:14:28 -07:00
friendica
30e2e32f19 improve zotfeed for discover channel so it will send updates to posts you've already received. Incidentally I discovered why we had the meltdown replying to discover channel items the other day - but can't fix it easily. 2014-04-17 20:03:28 -07:00
Thomas Willingham
81b06754a4 Don't count deleted channels when figuring out where to send a user on login. 2014-04-11 15:11:22 +01:00
friendica
ed14c1f224 more work on firehose 2014-03-26 18:45:01 -07:00
friendica
9a3a2819c1 add admin/channels 2014-03-26 17:05:45 -07:00
friendica
79f5fd8e2a allow zotfeed to create a firehose of a site. 2014-03-26 16:09:07 -07:00
friendica
075b7fa9c8 This should resolve the dav authentication loop (correctly) 2014-02-22 13:33:18 -08:00
friendica
8367a92214 fix login weirdness for accounts that need to be approved 2014-02-20 18:38:52 -08:00
friendica
f90b3b60cb don't prompt guests for a password if they're accessing an embedded public file. 2014-01-26 02:58:03 -08:00
root
8b399b2fb8 Typo 2014-01-25 23:06:44 +00:00
friendica
e68c01cc48 set session['my_address'] to current site in change channel, not primary hub location. Also remove all the old Friendica-style authentication code. 2014-01-25 14:39:09 -08:00
Michael Meer
a13593590b added buttons to perform later hubloc actions 2014-01-20 12:12:40 +01:00
friendica
cff7056f8f mod_attach: output stream wasn't working 2014-01-11 12:58:00 -08:00
friendica
1a42580ad4 remove a couple of mysql reserved words from being used as table or row names. For this round we're getting 'group' and 'desc'. Warning: potentially destabilising as this touches a lot of code. 2013-12-22 18:37:39 -08:00
friendica
34f8b21511 init_groups_visitor() was still using old array of id output (not the newer array of hash which we need for permission queries) 2013-11-22 11:52:38 -08:00
friendica
a2b20bd58f one more edge case in the public perms - don't match perms = 0 which is private, this and prior checkin are for issue #114 2013-09-22 23:00:55 -07:00
friendica
956d275693 fixes for display and search privacy enforcement 2013-09-22 22:52:48 -07:00
friendica
a8dd7280b3 get rid of more variables with dashes in the names - use underscore *except* in CSS. These were probably already here, but if you see any - please keep them out of PHP and MySQL where they sometimes get interpreted as a subtraction operation and are a bugger to find. 2013-08-15 22:52:19 -07:00
Christian Vogeley
bdfd0aa917 Fix Load mobile theme 2013-08-16 02:30:55 +02:00
friendica
41c411739f attachment permissions not right 2013-07-30 19:43:46 -07:00
friendica
ea3940c4b0 start formatting for Doxygen 2013-02-25 17:09:40 -08:00
friendica
a21e6cffa1 start on channel_remove(), add some generic channel queries to the API layers 2013-02-16 15:51:55 -08:00
friendica
99c5f88963 mod_display - no fun. Not working at all. But a bit of progress. 2013-02-10 04:55:29 -08:00
friendica
70aa8421b3 further baby steps on the photos API 2013-01-25 23:32:44 -08:00
friendica
fb76675a28 now we're into the minor nitty fixes 2013-01-21 19:56:39 -08:00
friendica
45be26dd81 more heavy lifting on API - though need to re-visit events and give them all message_ids from the origination site. 2013-01-19 22:21:00 -08:00
friendica
c74bf006cc begin the hard slog on the api 2013-01-16 15:51:21 -08:00
friendica
490867ebf7 port "remember me" from Friendica 2013-01-04 21:34:36 -08:00
friendica
5d008a6923 fixing permissions_sql - may need more tweaks 2012-12-16 03:38:04 -08:00
friendica
f8c33243bf start to whip the permissions into shape, also got rid of the mce drop shadow until we can figure out how to do it without the ugly black bars. I tend to prefer "outy" shadows over "inny" shadows anyway, but maybe that's just me. 2012-12-09 18:07:36 -08:00
friendica
c70777e19c a bit of e_all cleanup 2012-12-08 14:18:02 -08:00
friendica
22841e1566 start implementing zot-id 2012-11-08 19:07:19 -08:00
friendica
e3c2e58979 "profile url" e.g. the wall/stream is now "channel url". "Profile URL" goes to the profile details. 2012-10-29 17:14:02 -07:00
friendica
4bcf19632b Now have a solid permissions model. Create a few functions to enumerate them and then we're off to the races. 2012-10-28 18:50:35 -07:00
friendica
87c171030c upstream fixes 2012-10-21 17:23:21 -07:00
friendica
112e4e6c9c more work on profile changes - the notify activity is still stuffed as we finalise the json structure for activitystream meta-data 2012-10-19 15:40:13 -07:00
friendica
7bee460df2 provide auto admin registration as before, but allow the current admin to create other admins 2012-10-04 23:05:45 -07:00
friendica
e124c9fa5c Can't see any posts currently - after the big shakeup, but we can now post top level activities and store them. 2012-10-03 22:28:19 -07:00
friendica
dc8a46477b use hash for channel id 2012-10-01 19:04:21 -07:00
friendica
846a9813b2 here's where the heavy lifting begins - everything is likely to be broken for quite some time as we add location and db independence to items and conversations and work through the rest of the permissions and how to federate the buggers. 2012-10-01 18:02:11 -07:00
friendica
fbafd92f7f moving a lot of structure around. 'entity' is now 'channel' 2012-09-25 17:57:20 -07:00
friendica
3ebb4a3dc7 updates 2012-09-09 21:17:06 -07:00
friendica
cf9a6454b0 bring back "this is you" comment photo 2012-09-04 04:28:38 -07:00
friendica
f6d198ce5d trim a bit of fat 2012-08-29 23:03:03 -07:00
friendica
9cd1dabe73 have to do something about that return_url - but let's just plunge forward without it. 2012-08-28 03:02:45 -07:00
friendica
a13c196032 solve endless redirect 2012-08-27 21:56:13 -07:00
friendica
7fad83cea4 Now logging in with Red zaccount/zentity instead of Friendica user. Yay. Most existing Friendica functionality is now stuffed since the Red structures are quite different. 2012-08-27 21:17:46 -07:00
Vasudev Kamath
12474e3c2e Merge branch 'master' of git://github.com/friendica/friendica 2012-06-04 12:04:17 +05:30