Migrate PermissionSet to Depository paradigm
This commit is contained in:
parent
430e6c3285
commit
62eb16e9ad
GPG key ID:
24A7501396EB5432
21 changed files with 437 additions and 387 deletions
|
|
@ -1,197 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (C) 2010-2021, the Friendica project
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace Friendica\Repository;
|
||||
|
||||
use Friendica\BaseRepository;
|
||||
use Friendica\Collection;
|
||||
use Friendica\Database\Database;
|
||||
use Friendica\Model;
|
||||
use Friendica\Network\HTTPException;
|
||||
use Friendica\Util\ACLFormatter;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
class PermissionSet extends BaseRepository
|
||||
{
|
||||
/** @var int Virtual permission set id for public permission */
|
||||
const PUBLIC = 0;
|
||||
|
||||
protected static $table_name = 'permissionset';
|
||||
|
||||
protected static $model_class = Model\PermissionSet::class;
|
||||
|
||||
protected static $collection_class = Collection\PermissionSets::class;
|
||||
|
||||
/** @var ACLFormatter */
|
||||
private $aclFormatter;
|
||||
|
||||
public function __construct(Database $dba, LoggerInterface $logger, ACLFormatter $aclFormatter)
|
||||
{
|
||||
parent::__construct($dba, $logger);
|
||||
|
||||
$this->aclFormatter = $aclFormatter;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return Model\PermissionSet
|
||||
*/
|
||||
protected function create(array $data)
|
||||
{
|
||||
return new Model\PermissionSet($this->dba, $this->logger, $data);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $condition
|
||||
* @return Model\PermissionSet
|
||||
* @throws \Friendica\Network\HTTPException\NotFoundException
|
||||
*/
|
||||
public function selectFirst(array $condition)
|
||||
{
|
||||
if (isset($condition['id']) && !$condition['id']) {
|
||||
return $this->create([
|
||||
'id' => self::PUBLIC,
|
||||
'uid' => $condition['uid'] ?? 0,
|
||||
'allow_cid' => '',
|
||||
'allow_gid' => '',
|
||||
'deny_cid' => '',
|
||||
'deny_gid' => '',
|
||||
]);
|
||||
}
|
||||
|
||||
return parent::selectFirst($condition);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $condition
|
||||
* @param array $params
|
||||
* @return Collection\PermissionSets
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function select(array $condition = [], array $params = [])
|
||||
{
|
||||
return parent::select($condition, $params);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $condition
|
||||
* @param array $params
|
||||
* @param int|null $min_id
|
||||
* @param int|null $max_id
|
||||
* @param int $limit
|
||||
* @return Collection\PermissionSets
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function selectByBoundaries(array $condition = [], array $params = [], int $min_id = null, int $max_id = null, int $limit = self::LIMIT)
|
||||
{
|
||||
return parent::selectByBoundaries($condition, $params, $min_id, $max_id, $limit);
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch the id of a given permission set. Generate a new one when needed
|
||||
*
|
||||
* @param int $uid
|
||||
* @param string|null $allow_cid Allowed contact IDs - empty = everyone
|
||||
* @param string|null $allow_gid Allowed group IDs - empty = everyone
|
||||
* @param string|null $deny_cid Disallowed contact IDs - empty = no one
|
||||
* @param string|null $deny_gid Disallowed group IDs - empty = no one
|
||||
* @return int id
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function getIdFromACL(
|
||||
int $uid,
|
||||
string $allow_cid = null,
|
||||
string $allow_gid = null,
|
||||
string $deny_cid = null,
|
||||
string $deny_gid = null
|
||||
) {
|
||||
$allow_cid = $this->aclFormatter->sanitize($allow_cid);
|
||||
$allow_gid = $this->aclFormatter->sanitize($allow_gid);
|
||||
$deny_cid = $this->aclFormatter->sanitize($deny_cid);
|
||||
$deny_gid = $this->aclFormatter->sanitize($deny_gid);
|
||||
|
||||
// Public permission
|
||||
if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
|
||||
return self::PUBLIC;
|
||||
}
|
||||
|
||||
$condition = [
|
||||
'uid' => $uid,
|
||||
'allow_cid' => $allow_cid,
|
||||
'allow_gid' => $allow_gid,
|
||||
'deny_cid' => $deny_cid,
|
||||
'deny_gid' => $deny_gid
|
||||
];
|
||||
|
||||
try {
|
||||
$permissionset = $this->selectFirst($condition);
|
||||
} catch(HTTPException\NotFoundException $exception) {
|
||||
$permissionset = $this->insert($condition);
|
||||
}
|
||||
|
||||
return $permissionset->id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a permission set collection for a given contact
|
||||
*
|
||||
* @param integer $contact_id Contact id of the visitor
|
||||
* @param integer $uid User id whom the items belong, used for ownership check.
|
||||
*
|
||||
* @return Collection\PermissionSets
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function selectByContactId($contact_id, $uid)
|
||||
{
|
||||
$cdata = Model\Contact::getPublicAndUserContactID($contact_id, $uid);
|
||||
if (!empty($cdata)) {
|
||||
$public_contact_str = '<' . $cdata['public'] . '>';
|
||||
$user_contact_str = '<' . $cdata['user'] . '>';
|
||||
$contact_id = $cdata['user'];
|
||||
} else {
|
||||
$public_contact_str = '<' . $contact_id . '>';
|
||||
$user_contact_str = '';
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
if (!empty($user_contact_str) && $this->dba->exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
|
||||
$groups = Model\Group::getIdsByContactId($contact_id);
|
||||
}
|
||||
|
||||
$group_str = '<<>>'; // should be impossible to match
|
||||
foreach ($groups as $group_id) {
|
||||
$group_str .= '|<' . preg_quote($group_id) . '>';
|
||||
}
|
||||
|
||||
if (!empty($user_contact_str)) {
|
||||
$condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR `deny_cid` REGEXP ? OR deny_gid REGEXP ?)
|
||||
AND (allow_cid REGEXP ? OR allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
|
||||
$uid, $user_contact_str, $public_contact_str, $group_str,
|
||||
$user_contact_str, $public_contact_str, $group_str];
|
||||
} else {
|
||||
$condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
|
||||
AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
|
||||
$uid, $public_contact_str, $group_str, $public_contact_str, $group_str];
|
||||
}
|
||||
|
||||
return $this->select($condition);
|
||||
}
|
||||
}
|
||||
|
|
@ -28,7 +28,7 @@ use Friendica\Core\L10n;
|
|||
use Friendica\Database\Database;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model;
|
||||
use Friendica\Util\ACLFormatter;
|
||||
use Friendica\Security\PermissionSet\Depository\PermissionSet;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
|
|
@ -42,18 +42,18 @@ class ProfileField extends BaseRepository
|
|||
|
||||
/** @var PermissionSet */
|
||||
private $permissionSet;
|
||||
/** @var ACLFormatter */
|
||||
private $aclFormatter;
|
||||
/** @var \Friendica\Security\PermissionSet\Factory\PermissionSet */
|
||||
private $permissionSetFactory;
|
||||
/** @var L10n */
|
||||
private $l10n;
|
||||
|
||||
public function __construct(Database $dba, LoggerInterface $logger, PermissionSet $permissionSet, ACLFormatter $aclFormatter, L10n $l10n)
|
||||
public function __construct(Database $dba, LoggerInterface $logger, PermissionSet $permissionSet, \Friendica\Security\PermissionSet\Factory\PermissionSet $permissionSetFactory, L10n $l10n)
|
||||
{
|
||||
parent::__construct($dba, $logger);
|
||||
|
||||
$this->permissionSet = $permissionSet;
|
||||
$this->aclFormatter = $aclFormatter;
|
||||
$this->l10n = $l10n;
|
||||
$this->permissionSet = $permissionSet;
|
||||
$this->permissionSetFactory = $permissionSetFactory;
|
||||
$this->l10n = $l10n;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -160,7 +160,7 @@ class ProfileField extends BaseRepository
|
|||
|
||||
return parent::update($model);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param int $uid User Id
|
||||
* @param Collection\ProfileFields $profileFields Collection of existing profile fields
|
||||
|
|
@ -176,24 +176,24 @@ class ProfileField extends BaseRepository
|
|||
|
||||
// Creation of the new field
|
||||
if (!empty($profileFieldInputs['new']['label'])) {
|
||||
$psid = $this->permissionSet->getIdFromACL(
|
||||
$psid = $this->permissionSet->selectOrCreate($this->permissionSetFactory->createFromString(
|
||||
$uid,
|
||||
$this->aclFormatter->toString($profileFieldInputs['new']['contact_allow'] ?? ''),
|
||||
$this->aclFormatter->toString($profileFieldInputs['new']['group_allow'] ?? ''),
|
||||
$this->aclFormatter->toString($profileFieldInputs['new']['contact_deny'] ?? ''),
|
||||
$this->aclFormatter->toString($profileFieldInputs['new']['group_deny'] ?? '')
|
||||
);
|
||||
$profileFieldInputs['new']['contact_allow'] ?? '',
|
||||
$profileFieldInputs['new']['group_allow'] ?? '',
|
||||
$profileFieldInputs['new']['contact_deny'] ?? '',
|
||||
$profileFieldInputs['new']['group_deny'] ?? ''
|
||||
))->id;
|
||||
|
||||
$newProfileField = $this->insert([
|
||||
'uid' => $uid,
|
||||
'uid' => $uid,
|
||||
'label' => $profileFieldInputs['new']['label'],
|
||||
'value' => $profileFieldInputs['new']['value'],
|
||||
'psid' => $psid,
|
||||
'psid' => $psid,
|
||||
'order' => $profileFieldOrder['new'],
|
||||
]);
|
||||
|
||||
$profileFieldInputs[$newProfileField->id] = $profileFieldInputs['new'];
|
||||
$profileFieldOrder[$newProfileField->id] = $profileFieldOrder['new'];
|
||||
$profileFieldOrder[$newProfileField->id] = $profileFieldOrder['new'];
|
||||
|
||||
$profileFields[] = $newProfileField;
|
||||
}
|
||||
|
|
@ -220,15 +220,15 @@ class ProfileField extends BaseRepository
|
|||
// Update existing profile fields from form values
|
||||
$profileFields = $profileFields->map(function (Model\ProfileField $profileField) use ($uid, &$profileFieldInputs, &$profileFieldOrder) {
|
||||
if (isset($profileFieldInputs[$profileField->id]) && isset($profileFieldOrder[$profileField->id])) {
|
||||
$psid = $this->permissionSet->getIdFromACL(
|
||||
$psid = $this->permissionSet->selectOrCreate($this->permissionSetFactory->createFromString(
|
||||
$uid,
|
||||
$this->aclFormatter->toString($profileFieldInputs[$profileField->id]['contact_allow'] ?? ''),
|
||||
$this->aclFormatter->toString($profileFieldInputs[$profileField->id]['group_allow'] ?? ''),
|
||||
$this->aclFormatter->toString($profileFieldInputs[$profileField->id]['contact_deny'] ?? ''),
|
||||
$this->aclFormatter->toString($profileFieldInputs[$profileField->id]['group_deny'] ?? '')
|
||||
);
|
||||
$profileFieldInputs[$profileField->id]['contact_allow'] ?? '',
|
||||
$profileFieldInputs[$profileField->id]['group_allow'] ?? '',
|
||||
$profileFieldInputs[$profileField->id]['contact_deny'] ?? '',
|
||||
$profileFieldInputs[$profileField->id]['group_deny'] ?? ''
|
||||
))->id;
|
||||
|
||||
$profileField->psid = $psid;
|
||||
$profileField->psid = $psid;
|
||||
$profileField->label = $profileFieldInputs[$profileField->id]['label'];
|
||||
$profileField->value = $profileFieldInputs[$profileField->id]['value'];
|
||||
$profileField->order = $profileFieldOrder[$profileField->id];
|
||||
|
|
@ -257,17 +257,22 @@ class ProfileField extends BaseRepository
|
|||
return;
|
||||
}
|
||||
|
||||
$contacts = [];
|
||||
|
||||
if (!$profile['is-default']) {
|
||||
$contacts = Model\Contact::selectToArray(['id'], ['uid' => $profile['uid'], 'profile-id' => $profile['id']]);
|
||||
if (!count($contacts)) {
|
||||
// No contact visibility selected defaults to user-only permission
|
||||
$contacts = Model\Contact::selectToArray(['id'], ['uid' => $profile['uid'], 'self' => true]);
|
||||
}
|
||||
|
||||
$allow_cid = $this->aclFormatter->toString(array_column($contacts, 'id'));
|
||||
}
|
||||
|
||||
$psid = $this->permissionSet->getIdFromACL($profile['uid'], $allow_cid ?? '');
|
||||
$psid = $this->permissionSet->selectOrCreate(
|
||||
new \Friendica\Security\PermissionSet\Entity\PermissionSet(
|
||||
$profile['uid'],
|
||||
array_column($contacts, 'id') ?? []
|
||||
)
|
||||
)->id;
|
||||
|
||||
$order = 1;
|
||||
|
||||
|
|
@ -297,8 +302,8 @@ class ProfileField extends BaseRepository
|
|||
foreach ($custom_fields as $field => $label) {
|
||||
if (!empty($profile[$field]) && $profile[$field] > DBA::NULL_DATE && $profile[$field] > DBA::NULL_DATETIME) {
|
||||
$this->insert([
|
||||
'uid' => $profile['uid'],
|
||||
'psid' => $psid,
|
||||
'uid' => $profile['uid'],
|
||||
'psid' => $psid,
|
||||
'order' => $order++,
|
||||
'label' => trim($label, ':'),
|
||||
'value' => $profile[$field],
|
||||
|
|
@ -310,7 +315,7 @@ class ProfileField extends BaseRepository
|
|||
|
||||
if ($profile['is-default']) {
|
||||
$profile['profile-name'] = null;
|
||||
$profile['is-default'] = null;
|
||||
$profile['is-default'] = null;
|
||||
$this->dba->update('profile', $profile, ['id' => $profile['id']]);
|
||||
} elseif (!empty($profile['id'])) {
|
||||
$this->dba->delete('profile', ['id' => $profile['id']]);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue