mirror of
https://github.com/friendica/friendica
synced 2024-05-26 16:36:59 +02:00
Issue 11963: Set Permissions for attachments
This commit is contained in:
parent
ee9510e17d
commit
567292533e
|
|
@ -45,7 +45,8 @@ use Friendica\Model\Post;
|
|||
use Friendica\Network\HTTPException;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
|
||||
function item_post(App $a) {
|
||||
function item_post(App $a)
|
||||
{
|
||||
$uid = DI::userSession()->getLocalUserId();
|
||||
|
||||
if (!$uid) {
|
||||
|
|
@ -248,7 +249,7 @@ function item_process(array $post, array $request, bool $preview, string $return
|
|||
$post['body'] .= DI::contentItem()->storeAttachmentFromRequest($request);
|
||||
}
|
||||
|
||||
$post = DI::contentItem()->finalizePost($post);
|
||||
$post = DI::contentItem()->finalizePost($post, $preview);
|
||||
|
||||
if (!strlen($post['body'])) {
|
||||
if ($preview) {
|
||||
|
|
@ -286,7 +287,7 @@ function item_process(array $post, array $request, bool $preview, string $return
|
|||
System::jsonExit(['preview' => $o]);
|
||||
}
|
||||
|
||||
Hook::callAll('post_local',$post);
|
||||
Hook::callAll('post_local', $post);
|
||||
|
||||
unset($post['edit']);
|
||||
unset($post['self']);
|
||||
|
|
|
|||
|
|
@ -48,7 +48,6 @@ use Friendica\Model\User;
|
|||
use Friendica\Network\HTTPException;
|
||||
use Friendica\Object\EMail\ItemCCEMail;
|
||||
use Friendica\Protocol\Activity;
|
||||
use Friendica\Protocol\ActivityPub;
|
||||
use Friendica\Util\ACLFormatter;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use Friendica\Util\Emailer;
|
||||
|
|
@ -912,40 +911,6 @@ class Item
|
|||
return $post;
|
||||
}
|
||||
|
||||
public function moveAttachmentsFromBodyToAttach(array $post): array
|
||||
{
|
||||
if (!preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/', $post['body'], $match)) {
|
||||
return $post;
|
||||
}
|
||||
|
||||
foreach ($match[2] as $attachment_id) {
|
||||
$attachment = Attach::selectFirst(['id', 'uid', 'filename', 'filesize', 'filetype'], ['id' => $attachment_id, 'uid' => $post['uid']]);
|
||||
if (empty($attachment)) {
|
||||
continue;
|
||||
}
|
||||
if ($post['attach']) {
|
||||
$post['attach'] .= ',';
|
||||
}
|
||||
$post['attach'] .= Post\Media::getAttachElement(
|
||||
$this->baseURL . '/attach/' . $attachment['id'],
|
||||
$attachment['filesize'],
|
||||
$attachment['filetype'],
|
||||
$attachment['filename'] ?? ''
|
||||
);
|
||||
|
||||
$fields = [
|
||||
'allow_cid' => $post['allow_cid'], 'allow_gid' => $post['allow_gid'],
|
||||
'deny_cid' => $post['deny_cid'], 'deny_gid' => $post['deny_gid']
|
||||
];
|
||||
$condition = ['id' => $attachment_id];
|
||||
Attach::update($fields, $condition);
|
||||
}
|
||||
|
||||
$post['body'] = str_replace($match[1], '', $post['body']);
|
||||
|
||||
return $post;
|
||||
}
|
||||
|
||||
private function setObjectType(array $post): array
|
||||
{
|
||||
if (empty($post['post-type'])) {
|
||||
|
|
@ -1025,8 +990,13 @@ class Item
|
|||
return $post;
|
||||
}
|
||||
|
||||
public function finalizePost(array $post): array
|
||||
public function finalizePost(array $post, bool $preview): array
|
||||
{
|
||||
if ($preview) {
|
||||
$post['body'] = Attach::addAttachmentToBody($post['body'], $post['uid']);
|
||||
} else {
|
||||
Attach::setPermissionFromBody($post);
|
||||
}
|
||||
if (preg_match("/\[attachment\](.*?)\[\/attachment\]/ism", $post['body'], $matches)) {
|
||||
$post['body'] = preg_replace("/\[attachment].*?\[\/attachment\]/ism", PageInfo::getFooterFromUrl($matches[1]), $post['body']);
|
||||
}
|
||||
|
|
@ -1080,7 +1050,7 @@ class Item
|
|||
$to_author = DBA::selectFirst('account-view', ['ap-followers'], ['id' => $to['author-id']]);
|
||||
$parent = Post::selectFirstPost(['author-id'], ['uri-id' => $parentUriId]);
|
||||
$parent_author = DBA::selectFirst('account-view', ['ap-followers'], ['id' => $parent['author-id']]);
|
||||
|
||||
|
||||
$followers = '';
|
||||
foreach (array_column(Tag::getByURIId($parentUriId, [Tag::TO, Tag::CC, Tag::BCC]), 'url') as $url) {
|
||||
if ($url == $parent_author['ap-followers']) {
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ use Friendica\Object\Image;
|
|||
use Friendica\Util\DateTimeFormat;
|
||||
use Friendica\Util\Mimetype;
|
||||
use Friendica\Security\Security;
|
||||
use Friendica\Util\Network;
|
||||
|
||||
/**
|
||||
* Class to handle attach database table
|
||||
|
|
@ -109,16 +110,17 @@ class Attach
|
|||
/**
|
||||
* Retrieve a single record given the ID
|
||||
*
|
||||
* @param int $id Row id of the record
|
||||
* @param int $id Row id of the record
|
||||
* @param int $uid User-Id
|
||||
*
|
||||
* @return bool|array
|
||||
*
|
||||
* @throws \Exception
|
||||
* @see \Friendica\Database\DBA::select
|
||||
*/
|
||||
public static function getById(int $id)
|
||||
public static function getById(int $id, int $uid)
|
||||
{
|
||||
return self::selectFirst([], ['id' => $id]);
|
||||
return self::selectFirst([], ['id' => $id, 'uid' => $uid]);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -197,7 +199,7 @@ class Attach
|
|||
* @return boolean|integer Row id on success, False on errors
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public static function store(string $data, int $uid, string $filename, string $filetype = '' , int $filesize = null, string $allow_cid = '', string $allow_gid = '', string $deny_cid = '', string $deny_gid = '')
|
||||
public static function store(string $data, int $uid, string $filename, string $filetype = '', int $filesize = null, string $allow_cid = '', string $allow_gid = '', string $deny_cid = '', string $deny_gid = '')
|
||||
{
|
||||
if ($filetype === '') {
|
||||
$filetype = Mimetype::getContentType($filename);
|
||||
|
|
@ -279,9 +281,9 @@ class Attach
|
|||
{
|
||||
if (!is_null($img)) {
|
||||
// get items to update
|
||||
$items = self::selectToArray(['backend-class','backend-ref'], $conditions);
|
||||
$items = self::selectToArray(['backend-class', 'backend-ref'], $conditions);
|
||||
|
||||
foreach($items as $item) {
|
||||
foreach ($items as $item) {
|
||||
try {
|
||||
$backend_class = DI::storageManager()->getWritableStorageByName($item['backend-class'] ?? '');
|
||||
$fields['backend-ref'] = $backend_class->put($img->asString(), $item['backend-ref'] ?? '');
|
||||
|
|
@ -313,9 +315,9 @@ class Attach
|
|||
public static function delete(array $conditions, array $options = []): bool
|
||||
{
|
||||
// get items to delete data info
|
||||
$items = self::selectToArray(['backend-class','backend-ref'], $conditions);
|
||||
$items = self::selectToArray(['backend-class', 'backend-ref'], $conditions);
|
||||
|
||||
foreach($items as $item) {
|
||||
foreach ($items as $item) {
|
||||
try {
|
||||
$backend_class = DI::storageManager()->getWritableStorageByName($item['backend-class'] ?? '');
|
||||
$backend_class->delete($item['backend-ref'] ?? '');
|
||||
|
|
@ -328,4 +330,41 @@ class Attach
|
|||
|
||||
return DBA::delete('attach', $conditions, $options);
|
||||
}
|
||||
|
||||
public static function setPermissionFromBody(array $post)
|
||||
{
|
||||
preg_match_all("/\[attachment\](.*?)\[\/attachment\]/ism", $post['body'], $matches, PREG_SET_ORDER);
|
||||
foreach ($matches as $attachment) {
|
||||
if (Network::isLocalLink($attachment[1]) && preg_match('|.*?/attach/(\d+)|', $attachment[1], $match)) {
|
||||
$fields = [
|
||||
'allow_cid' => $post['allow_cid'], 'allow_gid' => $post['allow_gid'],
|
||||
'deny_cid' => $post['deny_cid'], 'deny_gid' => $post['deny_gid']
|
||||
];
|
||||
self::update($fields, ['id' => $match[1], 'uid' => $post['uid']]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function addAttachmentToBody(string $body, int $uid): string
|
||||
{
|
||||
preg_match_all("/\[attachment\](.*?)\[\/attachment\]/ism", $body, $matches, PREG_SET_ORDER);
|
||||
foreach ($matches as $attachment) {
|
||||
if (Network::isLocalLink($attachment[1]) && preg_match('|.*?/attach/(\d+)|', $attachment[1], $match)) {
|
||||
$attach = self::getById($match[1], $uid);
|
||||
if (empty($attach)) {
|
||||
return $body;
|
||||
}
|
||||
$media = [
|
||||
'type' => Post\Media::DOCUMENT,
|
||||
'url' => $attachment[1],
|
||||
'size' => $attach['filesize'],
|
||||
'mimetype' => $attach['filetype'],
|
||||
'description' => $attach['filename']
|
||||
];
|
||||
$media = Post\Media::addType($media);
|
||||
$body = str_replace($attachment[0], Post\Media::addAttachmentToBody($media, ''), $body);
|
||||
}
|
||||
}
|
||||
return $body;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -848,7 +848,7 @@ class Item
|
|||
private static function prepareOriginPost(array $item): array
|
||||
{
|
||||
$item = DI::contentItem()->initializePost($item);
|
||||
$item = DI::contentItem()->finalizePost($item);
|
||||
$item = DI::contentItem()->finalizePost($item, false);
|
||||
|
||||
return $item;
|
||||
}
|
||||
|
|
@ -1044,7 +1044,7 @@ class Item
|
|||
$item['deny_gid'] = $store_permissions ? $toplevel_parent['deny_gid'] : '';
|
||||
}
|
||||
|
||||
$parent_origin = $toplevel_parent['origin'];
|
||||
$parent_origin = $toplevel_parent['origin'];
|
||||
|
||||
// Don't federate received participation messages
|
||||
if ($item['verb'] != Activity::FOLLOW) {
|
||||
|
|
@ -1088,8 +1088,6 @@ class Item
|
|||
) {
|
||||
$item['object-type'] = Activity\ObjectType::IMAGE;
|
||||
}
|
||||
|
||||
$item = DI::contentItem()->moveAttachmentsFromBodyToAttach($item);
|
||||
}
|
||||
|
||||
$item['parent-uri-id'] = ItemURI::getIdByURI($item['parent-uri']);
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ use Friendica\Core\Protocol;
|
|||
use Friendica\Database\Database;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\DI;
|
||||
use Friendica\Model\Attach;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Item;
|
||||
use Friendica\Model\ItemURI;
|
||||
|
|
@ -389,6 +390,16 @@ class Media
|
|||
*/
|
||||
private static function fetchLocalData(array $media): array
|
||||
{
|
||||
if (preg_match('|.*?/attach/(\d+)|', $media['url'] ?? '', $matches)) {
|
||||
$attachment = Attach::selectFirst(['filename', 'filetype', 'filesize'], ['id' => $matches[1]]);
|
||||
if (!empty($attachment)) {
|
||||
$media['name'] = $attachment['filename'];
|
||||
$media['mimetype'] = $attachment['filetype'];
|
||||
$media['size'] = $attachment['filesize'];
|
||||
}
|
||||
return $media;
|
||||
}
|
||||
|
||||
if (!preg_match('|.*?/photo/(.*[a-fA-F0-9])\-(.*[0-9])\..*[\w]|', $media['url'] ?? '', $matches)) {
|
||||
return $media;
|
||||
}
|
||||
|
|
@ -902,19 +913,7 @@ class Media
|
|||
$body = BBCode::removeAttachment($body);
|
||||
|
||||
foreach (self::getByURIId($uriid, $types) as $media) {
|
||||
if (Item::containsLink($body, $media['preview'] ?? $media['url'], $media['type'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($media['type'] == self::IMAGE) {
|
||||
$body .= "\n" . Images::getBBCodeByUrl($media['url'], $media['preview'], $media['description'] ?? '');
|
||||
} elseif ($media['type'] == self::AUDIO) {
|
||||
$body .= "\n[audio]" . $media['url'] . "[/audio]\n";
|
||||
} elseif ($media['type'] == self::VIDEO) {
|
||||
$body .= "\n[video]" . $media['url'] . "[/video]\n";
|
||||
} else {
|
||||
$body .= "\n[url]" . $media['url'] . "[/url]\n";
|
||||
}
|
||||
$body = self::addAttachmentToBody($media, $body);
|
||||
}
|
||||
|
||||
if (preg_match("/.*(\[attachment.*?\].*?\[\/attachment\]).*/ism", $original_body, $match)) {
|
||||
|
|
@ -924,6 +923,24 @@ class Media
|
|||
return $body;
|
||||
}
|
||||
|
||||
public static function addAttachmentToBody(array $media, string $body): string
|
||||
{
|
||||
if (Item::containsLink($body, $media['preview'] ?? $media['url'], $media['type'])) {
|
||||
return $body;
|
||||
}
|
||||
|
||||
if ($media['type'] == self::IMAGE) {
|
||||
$body .= "\n" . Images::getBBCodeByUrl($media['url'], $media['preview'], $media['description'] ?? '');
|
||||
} elseif ($media['type'] == self::AUDIO) {
|
||||
$body .= "\n[audio]" . $media['url'] . "[/audio]\n";
|
||||
} elseif ($media['type'] == self::VIDEO) {
|
||||
$body .= "\n[video]" . $media['url'] . "[/video]\n";
|
||||
} else {
|
||||
$body .= "\n[url]" . $media['url'] . "[/url]\n";
|
||||
}
|
||||
return $body;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an [attachment] element to the body for a given uri-id with a HTML media element
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in a new issue