bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Issue 8371: Improvements for picture permissions

Browse source
This commit is contained in:
Michael 2020-03-08 13:16:59 +00:00
commit 37376fa715
8 changed files with 54 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/Util/Security.php
View file

@ -87,20 +87,32 @@ class Security
return false;
}
public static function getPermissionsSQLByUserId($owner_id)
/**
* Create a permission string for an element based on the visitor
*
* @param integer $owner_id User ID of the owner of the element
* @param boolean $accessible Should the element be accessible anyway?
* @return string SQL permissions
*/
public static function getPermissionsSQLByUserId(int $owner_id, bool $accessible = false)
{
$local_user = local_user();
$remote_contact = Session::getRemoteContactID($owner_id);
$acc_sql = '';
if ($accessible) {
$acc_sql = ' OR `accessible`';
}
/*
* Construct permissions
*
* default permissions - anonymous user
*/
$sql = " AND allow_cid = ''
$sql = " AND (allow_cid = ''
AND allow_gid = ''
AND deny_cid = ''
AND deny_gid = '' ";
AND deny_gid = ''" . $acc_sql . ") ";
/*
* Profile owner - everything is visible
@ -123,7 +135,8 @@ class Security
$sql = sprintf(
" AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ",
AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s'
OR (allow_cid = '' AND allow_gid = ''))" . $acc_sql . ") ",
intval($remote_contact),
DBA::escape($gs),
intval($remote_contact),