<?php /* ACL selector json backend */ use Friendica\App; use Friendica\Content\Widget; use Friendica\Core\ACL; use Friendica\Core\Hook; use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Item; use Friendica\Util\Proxy as ProxyUtils; use Friendica\Util\Strings; function acl_content(App $a) { if (!local_user()) { return ''; } $start = defaults($_REQUEST, 'start' , 0); $count = defaults($_REQUEST, 'count' , 100); $search = defaults($_REQUEST, 'search' , ''); $type = defaults($_REQUEST, 'type' , ''); $conv_id = defaults($_REQUEST, 'conversation', null); // For use with jquery.textcomplete for private mail completion if (!empty($_REQUEST['query'])) { if (!$type) { $type = 'm'; } $search = $_REQUEST['query']; } Logger::info('ACL {action} - {subaction}', ['module' => 'acl', 'action' => 'content', 'subaction' => 'search', 'search' => $search, 'type' => $type, 'conversation' => $conv_id]); if ($search != '') { $sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'"; $sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')"; } else { /// @TODO Avoid these needless else blocks by putting variable-initialization atop of if() $sql_extra = $sql_extra2 = ''; } // count groups and contacts $group_count = 0; if ($type == '' || $type == 'g') { $r = q("SELECT COUNT(*) AS g FROM `group` WHERE NOT `deleted` AND `uid` = %d $sql_extra", intval(local_user()) ); $group_count = (int) $r[0]['g']; } $sql_extra2 .= ' ' . Widget::unavailableNetworks(); $contact_count = 0; if ($type == '' || $type == 'c') { // autocomplete for editor mentions $r = q("SELECT COUNT(*) AS c FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `success_update` >= `failure_update` AND `notify` != '' $sql_extra2", intval(local_user()) ); $contact_count = (int) $r[0]['c']; } elseif ($type == 'f') { // autocomplete for editor mentions of forums $r = q("SELECT COUNT(*) AS c FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND (`forum` OR `prv`) AND `success_update` >= `failure_update` AND `notify` != '' $sql_extra2", intval(local_user()) ); $contact_count = (int) $r[0]['c']; } elseif ($type == 'm') { // autocomplete for Private Messages $r = q("SELECT COUNT(*) AS c FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s') $sql_extra2", intval(local_user()), DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape(Protocol::DIASPORA) ); $contact_count = (int) $r[0]['c']; } elseif ($type == 'a') { // autocomplete for Contacts $r = q("SELECT COUNT(*) AS c FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `pending` AND NOT `deleted` $sql_extra2", intval(local_user()) ); $contact_count = (int) $r[0]['c']; } $tot = $group_count + $contact_count; $groups = []; $contacts = []; if ($type == '' || $type == 'g') { /// @todo We should cache this query. // This can be done when we can delete cache entries via wildcard $r = q("SELECT `group`.`id`, `group`.`name`, GROUP_CONCAT(DISTINCT `group_member`.`contact-id` SEPARATOR ',') AS uids FROM `group` INNER JOIN `group_member` ON `group_member`.`gid`=`group`.`id` WHERE NOT `group`.`deleted` AND `group`.`uid` = %d $sql_extra GROUP BY `group`.`name`, `group`.`id` ORDER BY `group`.`name` LIMIT %d,%d", intval(local_user()), intval($start), intval($count) ); foreach ($r as $g) { $groups[] = [ 'type' => 'g', 'photo' => 'images/twopeople.png', 'name' => htmlspecialchars($g['name']), 'id' => intval($g['id']), 'uids' => array_map('intval', explode(',', $g['uids'])), 'link' => '', 'forum' => '0' ]; } if ((count($groups) > 0) && ($search == '')) { $groups[] = ['separator' => true]; } } $r = []; if ($type == '') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv`, (`prv` OR `forum`) AS `frm` FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s', '%s')) $sql_extra2 ORDER BY `name` ASC ", intval(local_user()), DBA::escape(Protocol::OSTATUS), DBA::escape(Protocol::STATUSNET) ); } elseif ($type == 'c') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) $sql_extra2 ORDER BY `name` ASC ", intval(local_user()), DBA::escape(Protocol::STATUSNET) ); } elseif ($type == 'f') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) AND (`forum` OR `prv`) $sql_extra2 ORDER BY `name` ASC ", intval(local_user()), DBA::escape(Protocol::STATUSNET) ); } elseif ($type == 'm') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact` WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s') $sql_extra2 ORDER BY `name` ASC ", intval(local_user()), DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape(Protocol::DIASPORA) ); } elseif ($type == 'a') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` WHERE `uid` = %d AND NOT `deleted` AND NOT `pending` AND `success_update` >= `failure_update` $sql_extra2 ORDER BY `name` ASC ", intval(local_user()) ); } elseif ($type == 'x') { // autocomplete for global contact search (e.g. navbar search) $search = Strings::escapeTags(trim($_REQUEST['search'])); $mode = $_REQUEST['smode']; $r = ACL::contactAutocomplete($search, $mode); $contacts = []; foreach ($r as $g) { $contacts[] = [ 'photo' => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO), 'name' => htmlspecialchars($g['name']), 'nick' => defaults($g, 'addr', $g['url']), 'network' => $g['network'], 'link' => $g['url'], 'forum' => !empty($g['community']) ? 1 : 0, ]; } $o = [ 'start' => $start, 'count' => $count, 'items' => $contacts, ]; echo json_encode($o); exit; } if (DBA::isResult($r)) { $forums = []; foreach ($r as $g) { $entry = [ 'type' => 'c', 'photo' => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO), 'name' => htmlspecialchars($g['name']), 'id' => intval($g['id']), 'network' => $g['network'], 'link' => $g['url'], 'nick' => htmlentities(defaults($g, 'attag', $g['nick'])), 'addr' => htmlentities(defaults($g, 'addr', $g['url'])), 'forum' => !empty($g['forum']) || !empty($g['prv']) ? 1 : 0, ]; if ($entry['forum']) { $forums[] = $entry; } else { $contacts[] = $entry; } } if (count($forums) > 0) { if ($search == '') { $forums[] = ['separator' => true]; } $contacts = array_merge($forums, $contacts); } } $items = array_merge($groups, $contacts); if ($conv_id) { // In multi threaded posts the conv_id is not the parent of the whole thread $parent_item = Item::selectFirst(['parent'], ['id' => $conv_id]); if (DBA::isResult($parent_item)) { $conv_id = $parent_item['parent']; } /* * if $conv_id is set, get unknown contacts in thread * but first get known contacts url to filter them out */ $known_contacts = array_map(function ($i) { return $i['link']; }, $contacts); $unknown_contacts = []; $condition = ["`parent` = ?", $conv_id]; $params = ['order' => ['author-name' => true]]; $authors = Item::selectForUser(local_user(), ['author-link'], $condition, $params); $item_authors = []; while ($author = Item::fetch($authors)) { $item_authors[$author['author-link']] = $author['author-link']; } DBA::close($authors); foreach ($item_authors as $author) { if (in_array($author, $known_contacts)) { continue; } $contact = Contact::getDetailsByURL($author); if (count($contact) > 0) { $unknown_contacts[] = [ 'type' => 'c', 'photo' => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO), 'name' => htmlspecialchars($contact['name']), 'id' => intval($contact['cid']), 'network' => $contact['network'], 'link' => $contact['url'], 'nick' => htmlentities(defaults($contact, 'nick', $contact['addr'])), 'addr' => htmlentities(defaults($contact, 'addr', $contact['url'])), 'forum' => $contact['forum'] ]; } } $items = array_merge($items, $unknown_contacts); $tot += count($unknown_contacts); } $results = [ 'tot' => $tot, 'start' => $start, 'count' => $count, 'groups' => $groups, 'contacts' => $contacts, 'items' => $items, 'type' => $type, 'search' => $search, ]; Hook::callAll('acl_lookup_end', $results); $o = [ 'tot' => $results['tot'], 'start' => $results['start'], 'count' => $results['count'], 'items' => $results['items'], ]; echo json_encode($o); exit; }