From 4e40156607aede8d1ed9bd63b18bc6c83ea572d7 Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Sun, 11 Jul 2010 23:10:52 -0700 Subject: [PATCH] sort out some permissions, comments, fetch --- mod/profile.php | 112 ++++++++++++++++++++++++++++++------------ update.sql | 2 + view/comment_item.tpl | 2 +- view/style.css | 4 ++ view/wall_item.tpl | 4 +- 5 files changed, 90 insertions(+), 34 deletions(-) create mode 100644 update.sql diff --git a/mod/profile.php b/mod/profile.php index 0e9bb6f..832618c 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -84,6 +84,7 @@ function item_display(&$a, $item,$template,$comment) { '$thumb' => $thumb, '$body' => bbcode($item['body']), '$ago' => relative_date($item['created']), + '$indent' => (($item['parent'] != $item['item_id']) ? 'comment-' : ''), '$comment' => $comment )); @@ -92,12 +93,13 @@ function item_display(&$a, $item,$template,$comment) { } - function profile_content(&$a) { require_once("include/bbcode.php"); require_once('include/security.php'); + $groups = array(); + $tab = 'posts'; if(x($_GET,'tab')) @@ -110,8 +112,10 @@ function profile_content(&$a) { )); - if(remote_user()) + if(remote_user()) { $contact_id = $_SESSION['visitor_id']; + $groups = init_groups_visitor($contact_id); + } if(local_user()) { $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", $_SESSION['uid'] @@ -139,50 +143,96 @@ function profile_content(&$a) { } - if($a->profile['is-default']) { +dbg(2); - // TODO left join with contact which will carry names and photos. (done)Store local users in contact as well as user.(done) - // Alter registration and settings - // and profile to update contact table when names and photos change. - // work on item_display and can_write_wall + // TODO + // Alter registration and settings + // and profile to update contact table when names and photos change. + // work on item_display and can_write_wall - // Add comments. + // Add comments. - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `cid`, - `contact`.`uid` AS `contact-uid` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 - AND `contact`.`blocked` = 0 - AND `allow_uid` = '' AND `allow_gid` = '' AND `deny_uid` = '' AND `deny_gid` = '' - GROUP BY `item`.`parent`, `item`.`id` - ORDER BY `created` DESC LIMIT 0,30 ", - intval($a->profile['uid']) + // default - anonymous user + + $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + + // Profile owner - everything is visible + + if(local_user() && ($_SESSION['uid'] == $a->profile['profile_uid'])) + $sql_extra = ''; + + // authenticated visitor - here lie dragons + + elseif(remote_user()) { + $gs = '<<>>'; // should be impossible to match + if(count($groups)) { + foreach($groups as $g) + $gs .= '|<' . dbesc($g) . '>'; + } + $sql_extra = sprintf( + " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", + + intval($visitor_id), + intval($visitor_id), + $gs, + $gs ); + } - $template = file_get_contents('view/comment_item.tpl'); + $r = q("SELECT COUNT(*) AS `total` + FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `contact`.`blocked` = 0 + $sql_extra ", + intval($a->profile['uid']) + + ); + + if(count($r)) + $a->set_pager_total($r[0]['total']); + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, + `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, + `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` + FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `contact`.`blocked` = 0 + $sql_extra + ORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", + intval($a->profile['uid']), + intval($a->pager['start']), + intval($a->pager['itemspage']) + + ); - $tpl = file_get_contents('view/wall_item.tpl'); + $template = file_get_contents('view/comment_item.tpl'); - if(count($r)) { - foreach($r as $rr) { - if(can_write_wall($a,$a->profile['profile_uid'])) { - $comment = replace_macros($template,array( - '$id' => $rr['item_id'], - '$profile_uid' => $a->profile['profile_uid'] - )); - } - else { - $comment = ''; - } - $o .= item_display($a,$rr,$tpl,$comment); + $tpl = file_get_contents('view/wall_item.tpl'); + if(count($r)) { + foreach($r as $rr) { + if(can_write_wall($a,$a->profile['profile_uid'])) { + $comment = replace_macros($template,array( + '$id' => $rr['item_id'], + '$parent' => $rr['parent'], + '$profile_uid' => $a->profile['profile_uid'] + )); } + else { + $comment = ''; + } + $o .= item_display($a,$rr,$tpl,$comment); } } + $o .= paginate($a); + return $o; diff --git a/update.sql b/update.sql new file mode 100644 index 0000000..9b5a881 --- /dev/null +++ b/update.sql @@ -0,0 +1,2 @@ + ALTER TABLE `item` CHANGE `allow_uid` `allow_cid` MEDIUMTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL , +CHANGE `deny_uid` `deny_cid` MEDIUMTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ; diff --git a/view/comment_item.tpl b/view/comment_item.tpl index ed788ad..3ca190b 100644 --- a/view/comment_item.tpl +++ b/view/comment_item.tpl @@ -4,7 +4,7 @@
- + diff --git a/view/style.css b/view/style.css index ccf58c7..a2089aa 100644 --- a/view/style.css +++ b/view/style.css @@ -416,6 +416,10 @@ input#dfrn-url { clear: both; } +.wall-item-comment-outside-wrapper { + margin-left: 50px; +} + .wall-item-photo-wrapper { margin-top: 20px; width: 100px; diff --git a/view/wall_item.tpl b/view/wall_item.tpl index ece149c..e483d74 100644 --- a/view/wall_item.tpl +++ b/view/wall_item.tpl @@ -1,4 +1,4 @@ -
+
$name @@ -13,5 +13,5 @@ $comment
-
+