Rename PermissionSet::fetchIDForPost to PermissionSet::getIdFromACL
- Allow creating/retrieving a permission set id with arbitrary parameters - Rename ACLformatter->sanitize to ACLFormatter->sanitizeItem - Move PermissionSet::sortPermissions to ACLformatter->sanitize
This commit is contained in:
parent
f97a358a9b
commit
353dab166e
|
@ -204,13 +204,19 @@ class PostUpdate
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($item['psid'])) {
|
if (empty($item['psid'])) {
|
||||||
$item['psid'] = PermissionSet::fetchIDForPost($item);
|
$item['psid'] = PermissionSet::getIdFromACL(
|
||||||
} else {
|
$item['uid'],
|
||||||
|
$item['allow_cid'],
|
||||||
|
$item['allow_gid'],
|
||||||
|
$item['deny_cid'],
|
||||||
|
$item['deny_gid']
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
$item['allow_cid'] = null;
|
$item['allow_cid'] = null;
|
||||||
$item['allow_gid'] = null;
|
$item['allow_gid'] = null;
|
||||||
$item['deny_cid'] = null;
|
$item['deny_cid'] = null;
|
||||||
$item['deny_gid'] = null;
|
$item['deny_gid'] = null;
|
||||||
}
|
|
||||||
|
|
||||||
if ($item['post-type'] == 0) {
|
if ($item['post-type'] == 0) {
|
||||||
if (!empty($item['type']) && ($item['type'] == 'note')) {
|
if (!empty($item['type']) && ($item['type'] == 'note')) {
|
||||||
|
|
|
@ -1856,7 +1856,18 @@ class Item
|
||||||
}
|
}
|
||||||
|
|
||||||
// Creates or assigns the permission set
|
// Creates or assigns the permission set
|
||||||
$item['psid'] = PermissionSet::fetchIDForPost($item);
|
$item['psid'] = PermissionSet::getIdFromACL(
|
||||||
|
$item['uid'],
|
||||||
|
$item['allow_cid'],
|
||||||
|
$item['allow_gid'],
|
||||||
|
$item['deny_cid'],
|
||||||
|
$item['deny_gid']
|
||||||
|
);
|
||||||
|
|
||||||
|
$item['allow_cid'] = null;
|
||||||
|
$item['allow_gid'] = null;
|
||||||
|
$item['deny_cid'] = null;
|
||||||
|
$item['deny_gid'] = null;
|
||||||
|
|
||||||
// We are doing this outside of the transaction to avoid timing problems
|
// We are doing this outside of the transaction to avoid timing problems
|
||||||
if (!self::insertActivity($item)) {
|
if (!self::insertActivity($item)) {
|
||||||
|
@ -2729,7 +2740,13 @@ class Item
|
||||||
|
|
||||||
$private = ($user['allow_cid'] || $user['allow_gid'] || $user['deny_cid'] || $user['deny_gid']) ? 1 : 0;
|
$private = ($user['allow_cid'] || $user['allow_gid'] || $user['deny_cid'] || $user['deny_gid']) ? 1 : 0;
|
||||||
|
|
||||||
$psid = PermissionSet::fetchIDForPost($user);
|
$psid = PermissionSet::getIdFromACL(
|
||||||
|
$user['uid'],
|
||||||
|
$user['allow_cid'],
|
||||||
|
$user['allow_gid'],
|
||||||
|
$user['deny_cid'],
|
||||||
|
$user['deny_gid']
|
||||||
|
);
|
||||||
|
|
||||||
$forum_mode = ($prvgroup ? 2 : 1);
|
$forum_mode = ($prvgroup ? 2 : 1);
|
||||||
|
|
||||||
|
|
|
@ -2,9 +2,13 @@
|
||||||
/**
|
/**
|
||||||
* @file src/Model/PermissionSet.php
|
* @file src/Model/PermissionSet.php
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace Friendica\Model;
|
namespace Friendica\Model;
|
||||||
|
|
||||||
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\DI;
|
||||||
|
use Friendica\Network\HTTPException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* functions for interacting with the permission set of an object (item, photo, event, ...)
|
* functions for interacting with the permission set of an object (item, photo, event, ...)
|
||||||
|
@ -14,51 +18,53 @@ class PermissionSet
|
||||||
/**
|
/**
|
||||||
* Fetch the id of a given permission set. Generate a new one when needed
|
* Fetch the id of a given permission set. Generate a new one when needed
|
||||||
*
|
*
|
||||||
* @param array $postarray The array from an item, picture or event post
|
* @param int $uid
|
||||||
|
* @param string|null $allow_cid Allowed contact IDs - empty = everyone
|
||||||
|
* @param string|null $allow_gid Allowed group IDs - empty = everyone
|
||||||
|
* @param string|null $deny_cid Disallowed contact IDs - empty = no one
|
||||||
|
* @param string|null $deny_gid Disallowed group IDs - empty = no one
|
||||||
* @return int id
|
* @return int id
|
||||||
* @throws \Exception
|
* @throws HTTPException\InternalServerErrorException
|
||||||
*/
|
*/
|
||||||
public static function fetchIDForPost(&$postarray)
|
public static function getIdFromACL(
|
||||||
{
|
int $uid,
|
||||||
$condition = ['uid' => $postarray['uid'],
|
string $allow_cid = null,
|
||||||
'allow_cid' => self::sortPermissions($postarray['allow_cid'] ?? ''),
|
string $allow_gid = null,
|
||||||
'allow_gid' => self::sortPermissions($postarray['allow_gid'] ?? ''),
|
string $deny_cid = null,
|
||||||
'deny_cid' => self::sortPermissions($postarray['deny_cid'] ?? ''),
|
string $deny_gid = null
|
||||||
'deny_gid' => self::sortPermissions($postarray['deny_gid'] ?? '')];
|
) {
|
||||||
|
$ACLFormatter = DI::aclFormatter();
|
||||||
|
|
||||||
$set = DBA::selectFirst('permissionset', ['id'], $condition);
|
$allow_cid = $ACLFormatter->sanitize($allow_cid);
|
||||||
|
$allow_gid = $ACLFormatter->sanitize($allow_gid);
|
||||||
|
$deny_cid = $ACLFormatter->sanitize($deny_cid);
|
||||||
|
$deny_gid = $ACLFormatter->sanitize($deny_gid);
|
||||||
|
|
||||||
if (!DBA::isResult($set)) {
|
// Public permission
|
||||||
DBA::insert('permissionset', $condition, true);
|
if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
|
||||||
|
return 0;
|
||||||
$set = DBA::selectFirst('permissionset', ['id'], $condition);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$postarray['allow_cid'] = null;
|
$condition = [
|
||||||
$postarray['allow_gid'] = null;
|
'uid' => $uid,
|
||||||
$postarray['deny_cid'] = null;
|
'allow_cid' => $allow_cid,
|
||||||
$postarray['deny_gid'] = null;
|
'allow_gid' => $allow_gid,
|
||||||
|
'deny_cid' => $deny_cid,
|
||||||
|
'deny_gid' => $deny_gid
|
||||||
|
];
|
||||||
|
$permissionset = DBA::selectFirst('permissionset', ['id'], $condition);
|
||||||
|
|
||||||
return $set['id'];
|
if (DBA::isResult($permissionset)) {
|
||||||
|
$psid = $permissionset['id'];
|
||||||
|
} else {
|
||||||
|
if (DBA::insert('permissionset', $condition, true)) {
|
||||||
|
$psid = DBA::lastInsertId();
|
||||||
|
} else {
|
||||||
|
throw new HTTPException\InternalServerErrorException(L10n::t('Unable to create a new permission set.'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function sortPermissions($permissionlist)
|
return $psid;
|
||||||
{
|
|
||||||
$cleaned_list = trim($permissionlist, '<>');
|
|
||||||
|
|
||||||
if (empty($cleaned_list)) {
|
|
||||||
return $permissionlist;
|
|
||||||
}
|
|
||||||
|
|
||||||
$elements = explode('><', $cleaned_list);
|
|
||||||
|
|
||||||
if (count($elements) <= 1) {
|
|
||||||
return $permissionlist;
|
|
||||||
}
|
|
||||||
|
|
||||||
asort($elements);
|
|
||||||
|
|
||||||
return '<' . implode('><', $elements) . '>';
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -12,30 +12,57 @@ final class ACLFormatter
|
||||||
/**
|
/**
|
||||||
* Turn user/group ACLs stored as angle bracketed text into arrays
|
* Turn user/group ACLs stored as angle bracketed text into arrays
|
||||||
*
|
*
|
||||||
* @param string|null $ids A angle-bracketed list of IDs
|
* @param string|null $acl_string A angle-bracketed list of IDs
|
||||||
*
|
*
|
||||||
* @return array The array based on the IDs (empty in case there is no list)
|
* @return array The array based on the IDs (empty in case there is no list)
|
||||||
*/
|
*/
|
||||||
public function expand(string $ids = null)
|
public function expand(string $acl_string = null)
|
||||||
{
|
{
|
||||||
// In case there is no ID list, return empty array (=> no ACL set)
|
// In case there is no ID list, return empty array (=> no ACL set)
|
||||||
if (!isset($ids)) {
|
if (!isset($acl_string)) {
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
// turn string array of angle-bracketed elements into numeric array
|
// turn string array of angle-bracketed elements into numeric array
|
||||||
// e.g. "<1><2><3>" => array(1,2,3);
|
// e.g. "<1><2><3>" => array(1,2,3);
|
||||||
preg_match_all('/<(' . Group::FOLLOWERS . '|'. Group::MUTUALS . '|[0-9]+)>/', $ids, $matches, PREG_PATTERN_ORDER);
|
preg_match_all('/<(' . Group::FOLLOWERS . '|'. Group::MUTUALS . '|[0-9]+)>/', $acl_string, $matches, PREG_PATTERN_ORDER);
|
||||||
|
|
||||||
return $matches[1];
|
return $matches[1];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Takes an arbitrary ACL string and sanitizes it for storage
|
||||||
|
*
|
||||||
|
* @param string|null $acl_string
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function sanitize(string $acl_string = null)
|
||||||
|
{
|
||||||
|
if (empty($acl_string)) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
|
||||||
|
$cleaned_list = trim($acl_string, '<>');
|
||||||
|
|
||||||
|
if (empty($cleaned_list)) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
|
||||||
|
$elements = explode('><', $cleaned_list);
|
||||||
|
|
||||||
|
sort($elements);
|
||||||
|
|
||||||
|
array_walk($elements, [$this, 'sanitizeItem']);
|
||||||
|
|
||||||
|
return implode('', $elements);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Wrap ACL elements in angle brackets for storage
|
* Wrap ACL elements in angle brackets for storage
|
||||||
*
|
*
|
||||||
* @param string $item The item to sanitise
|
* @param string $item The item to sanitise
|
||||||
*/
|
*/
|
||||||
private function sanitize(string &$item) {
|
private function sanitizeItem(string &$item) {
|
||||||
// The item is an ACL int value
|
// The item is an ACL int value
|
||||||
if (intval($item)) {
|
if (intval($item)) {
|
||||||
$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
|
$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
|
||||||
|
@ -70,7 +97,7 @@ final class ACLFormatter
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_array($item)) {
|
if (is_array($item)) {
|
||||||
array_walk($item, [$this, 'sanitize']);
|
array_walk($item, [$this, 'sanitizeItem']);
|
||||||
$return = implode('', $item);
|
$return = implode('', $item);
|
||||||
}
|
}
|
||||||
return $return;
|
return $return;
|
||||||
|
|
Loading…
Reference in a new issue