From ea17370211f400c0438e3d5b06268d63e7da743c Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 15 Aug 2018 00:43:27 +0200 Subject: [PATCH] Fix bug with ACL and contact network page - Require user array parameter in ACL::getFullSelectorHTML - Change all wrong uses where user array was replaced by default permissions array --- mod/events.php | 2 +- mod/network.php | 10 ++++++---- mod/photos.php | 2 +- src/Core/ACL.php | 23 +++++++++++------------ 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/mod/events.php b/mod/events.php index 27e9069df..b4516cded 100644 --- a/mod/events.php +++ b/mod/events.php @@ -483,7 +483,7 @@ function events_content(App $a) { $perms = ACL::getDefaultUserPermissions($orig_event); if ($mode === 'new' || $mode === 'copy') { - $acl = ($cid ? '' : ACL::getFullSelectorHTML(x($orig_event) ? $orig_event : $a->user)); + $acl = ($cid ? '' : ACL::getFullSelectorHTML($a->user, false, $orig_event)); } // If we copy an old event, we need to remove the ID and URI diff --git a/mod/network.php b/mod/network.php index 49f9c7cb1..b66bb663b 100644 --- a/mod/network.php +++ b/mod/network.php @@ -496,6 +496,8 @@ function networkThreadedView(App $a, $update, $parent) $gid = 0; + $default_permissions = []; + if ($a->argc > 1) { for ($x = 1; $x < $a->argc; $x ++) { if (is_a_date_arg($a->argv[$x])) { @@ -507,7 +509,7 @@ function networkThreadedView(App $a, $update, $parent) } } elseif (intval($a->argv[$x])) { $gid = intval($a->argv[$x]); - $def_acl = ['allow_gid' => '<' . $gid . '>']; + $default_permissions = ['allow_gid' => '<' . $gid . '>']; } } } @@ -522,7 +524,7 @@ function networkThreadedView(App $a, $update, $parent) $nets = defaults($_GET, 'nets' , ''); if ($cid) { - $def_acl = ['allow_cid' => '<' . intval($cid) . '>']; + $default_permissions = ['allow_cid' => '<' . intval($cid) . '>']; } if ($nets) { @@ -533,7 +535,7 @@ function networkThreadedView(App $a, $update, $parent) $str .= '<' . $rr['id'] . '>'; } if (strlen($str)) { - $def_acl = ['allow_cid' => $str]; + $default_permissions = ['allow_cid' => $str]; } } @@ -576,7 +578,7 @@ function networkThreadedView(App $a, $update, $parent) ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))))) ? 'lock' : 'unlock'), 'default_perms' => ACL::getDefaultUserPermissions($a->user), - 'acl' => ACL::getFullSelectorHTML((($gid || $cid || $nets) ? $def_acl : $a->user), true), + 'acl' => ACL::getFullSelectorHTML($a->user, true, $default_permissions), 'bang' => (($gid || $cid || $nets) ? '!' : ''), 'visitor' => 'block', 'profile_uid' => local_user(), diff --git a/mod/photos.php b/mod/photos.php index b908234ab..e2682498b 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -1408,7 +1408,7 @@ function photos_content(App $a) $album_e = $ph[0]['album']; $caption_e = $ph[0]['desc']; - $aclselect_e = ACL::getFullSelectorHTML($ph[0]); + $aclselect_e = ACL::getFullSelectorHTML($a->user, false, $ph[0]); $edit = replace_macros($edit_tpl, [ '$id' => $ph[0]['id'], diff --git a/src/Core/ACL.php b/src/Core/ACL.php index 0b996bfe9..20db29087 100644 --- a/src/Core/ACL.php +++ b/src/Core/ACL.php @@ -251,19 +251,18 @@ class ACL extends BaseObject /** * Return the full jot ACL selector HTML * - * @param array $user + * @param array $user User array + * @param array $default_permissions Static defaults permission array: ['allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => ''] * @param bool $show_jotnets * @return string */ - public static function getFullSelectorHTML(array $user = null, $show_jotnets = false) + public static function getFullSelectorHTML(array $user, $show_jotnets = false, array $default_permissions = []) { - - if (empty($user['uid'])) { - return ''; + // Defaults user permissions + if (empty($default_permissions)) { + $default_permissions = self::getDefaultUserPermissions($user); } - $perms = self::getDefaultUserPermissions($user); - $jotnets = ''; if ($show_jotnets) { $imap_disabled = !function_exists('imap_open') || Config::get('system', 'imap_disabled'); @@ -279,7 +278,7 @@ class ACL extends BaseObject } } - if (empty($user['hidewall'])) { + if (empty($default_permissions['hidewall'])) { if ($mail_enabled) { $selected = $pubmail_enabled ? ' checked="checked"' : ''; $jotnets .= '
' . L10n::t("Post to Email") . '
'; @@ -297,10 +296,10 @@ class ACL extends BaseObject '$showall' => L10n::t('Visible to everybody'), '$show' => L10n::t('show'), '$hide' => L10n::t('don\'t show'), - '$allowcid' => json_encode($perms['allow_cid']), - '$allowgid' => json_encode($perms['allow_gid']), - '$denycid' => json_encode($perms['deny_cid']), - '$denygid' => json_encode($perms['deny_gid']), + '$allowcid' => json_encode($default_permissions['allow_cid']), + '$allowgid' => json_encode($default_permissions['allow_gid']), + '$denycid' => json_encode($default_permissions['deny_cid']), + '$denygid' => json_encode($default_permissions['deny_gid']), '$networks' => $show_jotnets, '$emailcc' => L10n::t('CC: email addresses'), '$emtitle' => L10n::t('Example: bob@example.com, mary@example.com'),