Merge pull request #5144 from annando/deleted-item

Fix for not being able to delete items you don't own
This commit is contained in:
Hypolite Petovan 2018-05-29 15:14:51 -04:00 committed by GitHub
commit 2e97cbe728
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 123 additions and 78 deletions

View file

@ -41,7 +41,7 @@ define('FRIENDICA_PLATFORM', 'Friendica');
define('FRIENDICA_CODENAME', 'The Tazmans Flax-lily'); define('FRIENDICA_CODENAME', 'The Tazmans Flax-lily');
define('FRIENDICA_VERSION', '2018.05-rc'); define('FRIENDICA_VERSION', '2018.05-rc');
define('DFRN_PROTOCOL_VERSION', '2.23'); define('DFRN_PROTOCOL_VERSION', '2.23');
define('DB_UPDATE_VERSION', 1265); define('DB_UPDATE_VERSION', 1266);
define('NEW_UPDATE_ROUTINE_VERSION', 1170); define('NEW_UPDATE_ROUTINE_VERSION', 1170);
/** /**

View file

@ -1,6 +1,6 @@
-- ------------------------------------------ -- ------------------------------------------
-- Friendica 2018.05-rc (The Tazmans Flax-lily) -- Friendica 2018.05-rc (The Tazmans Flax-lily)
-- DB_UPDATE_VERSION 1265 -- DB_UPDATE_VERSION 1266
-- ------------------------------------------ -- ------------------------------------------
@ -1076,6 +1076,16 @@ CREATE TABLE IF NOT EXISTS `userd` (
INDEX `username` (`username`(32)) INDEX `username` (`username`(32))
) DEFAULT COLLATE utf8mb4_general_ci; ) DEFAULT COLLATE utf8mb4_general_ci;
--
-- TABLE user-item
--
CREATE TABLE IF NOT EXISTS `user-item` (
`iid` int unsigned NOT NULL DEFAULT 0 COMMENT 'Item id',
`uid` mediumint unsigned NOT NULL DEFAULT 0 COMMENT 'User id',
`hidden` boolean NOT NULL DEFAULT '0' COMMENT 'Hidden marker',
PRIMARY KEY(`uid`,`iid`)
) DEFAULT COLLATE utf8mb4_general_ci;
-- --
-- TABLE workerqueue -- TABLE workerqueue
-- --

View file

@ -1663,7 +1663,7 @@ function api_search($type)
$r = dba::p( $r = dba::p(
"SELECT ".item_fieldlists()." "SELECT ".item_fieldlists()."
FROM `item` ".item_joins()." FROM `item` ".item_joins(api_user())."
WHERE ".item_condition()." AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`)) WHERE ".item_condition()." AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`))
AND `item`.`body` LIKE CONCAT('%',?,'%') AND `item`.`body` LIKE CONCAT('%',?,'%')
$sql_extra $sql_extra
@ -1827,7 +1827,7 @@ function api_statuses_public_timeline($type)
"SELECT " . item_fieldlists() . " "SELECT " . item_fieldlists() . "
FROM `thread` FROM `thread`
STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid` STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid`
" . item_joins() . " " . item_joins(api_user()) . "
STRAIGHT_JOIN `user` ON `user`.`uid` = `thread`.`uid` STRAIGHT_JOIN `user` ON `user`.`uid` = `thread`.`uid`
AND NOT `user`.`hidewall` AND NOT `user`.`hidewall`
AND `verb` = ? AND `verb` = ?
@ -1856,7 +1856,7 @@ function api_statuses_public_timeline($type)
$r = dba::p( $r = dba::p(
"SELECT " . item_fieldlists() . " "SELECT " . item_fieldlists() . "
FROM `item` FROM `item`
" . item_joins() . " " . item_joins(api_user()) . "
STRAIGHT_JOIN `user` ON `user`.`uid` = `item`.`uid` STRAIGHT_JOIN `user` ON `user`.`uid` = `item`.`uid`
AND NOT `user`.`hidewall` AND NOT `user`.`hidewall`
AND `verb` = ? AND `verb` = ?
@ -1930,7 +1930,7 @@ function api_statuses_networkpublic_timeline($type)
"SELECT " . item_fieldlists() . " "SELECT " . item_fieldlists() . "
FROM `thread` FROM `thread`
STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid` STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid`
" . item_joins() . " " . item_joins(api_user()) . "
WHERE `thread`.`uid` = 0 WHERE `thread`.`uid` = 0
AND `verb` = ? AND `verb` = ?
AND NOT `thread`.`private` AND NOT `thread`.`private`
@ -2256,7 +2256,7 @@ function api_statuses_destroy($type)
$ret = api_statuses_show($type); $ret = api_statuses_show($type);
Item::deleteById($id); Item::deleteForUser(['id' => $id], api_user());
return $ret; return $ret;
} }
@ -4148,7 +4148,7 @@ function api_fr_photoalbum_delete($type)
if (!DBM::is_result($photo_item)) { if (!DBM::is_result($photo_item)) {
throw new InternalServerErrorException("problem with deleting items occured"); throw new InternalServerErrorException("problem with deleting items occured");
} }
Item::deleteById($photo_item[0]['id']); Item::deleteForUser(['id' => $photo_item[0]['id']], api_user());
} }
// now let's delete all photos from the album // now let's delete all photos from the album
@ -4441,7 +4441,7 @@ function api_fr_photo_delete($type)
} }
// function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore
// to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion) // to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion)
Item::deleteById($photo_item[0]['id']); Item::deleteForUser(['id' => $photo_item[0]['id']], api_user());
$answer = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.']; $answer = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.'];
return api_format_data("photo_delete", $type, ['$result' => $answer]); return api_format_data("photo_delete", $type, ['$result' => $answer]);

View file

@ -405,10 +405,12 @@ function visible_activity($item) {
/** /**
* @brief SQL query for items * @brief SQL query for items
*
* @param int $uid user id
*/ */
function item_query() { function item_query($uid = 0) {
return "SELECT " . item_fieldlists() . " FROM `item` " . return "SELECT " . item_fieldlists() . " FROM `item` " .
item_joins() . " WHERE " . item_condition(); item_joins($uid) . " WHERE " . item_condition();
} }
/** /**
@ -467,16 +469,19 @@ These Fields are not added below (yet). They are here to for bug search.
/** /**
* @brief SQL join for contacts that are needed for displaying items * @brief SQL join for contacts that are needed for displaying items
*
* @param int $uid user id
*/ */
function item_joins() { function item_joins($uid = 0) {
return sprintf("STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` return sprintf("STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
AND NOT `contact`.`blocked` AND NOT `contact`.`blocked`
AND ((NOT `contact`.`readonly` AND NOT `contact`.`pending` AND (`contact`.`rel` IN (%s, %s))) AND ((NOT `contact`.`readonly` AND NOT `contact`.`pending` AND (`contact`.`rel` IN (%s, %s)))
OR `contact`.`self` OR (`item`.`id` != `item`.`parent`) OR `contact`.`uid` = 0) OR `contact`.`self` OR (`item`.`id` != `item`.`parent`) OR `contact`.`uid` = 0)
INNER JOIN `contact` AS `author` ON `author`.`id`=`item`.`author-id` AND NOT `author`.`blocked` INNER JOIN `contact` AS `author` ON `author`.`id`=`item`.`author-id` AND NOT `author`.`blocked`
INNER JOIN `contact` AS `owner` ON `owner`.`id`=`item`.`owner-id` AND NOT `owner`.`blocked` INNER JOIN `contact` AS `owner` ON `owner`.`id`=`item`.`owner-id` AND NOT `owner`.`blocked`
LEFT JOIN `user-item` ON `user-item`.`iid` = `item`.`id` AND `user-item`.`uid` = %d
LEFT JOIN `event` ON `event-id` = `event`.`id`", LEFT JOIN `event` ON `event-id` = `event`.`id`",
CONTACT_IS_SHARING, CONTACT_IS_FRIEND CONTACT_IS_SHARING, CONTACT_IS_FRIEND, intval($uid)
); );
} }
@ -484,7 +489,7 @@ function item_joins() {
* @brief SQL condition for items that are needed for displaying items * @brief SQL condition for items that are needed for displaying items
*/ */
function item_condition() { function item_condition() {
return "`item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`"; return "`item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated` AND (`user-item`.`hidden` IS NULL OR NOT `user-item`.`hidden`) ";
} }
/** /**
@ -497,7 +502,7 @@ function item_condition() {
* that are based on unique features of the calling module. * that are based on unique features of the calling module.
* *
*/ */
function conversation(App $a, $items, $mode, $update, $preview = false, $order = 'commented') { function conversation(App $a, $items, $mode, $update, $preview = false, $order = 'commented', $uid = 0) {
require_once 'mod/proxy.php'; require_once 'mod/proxy.php';
$ssl_state = ((local_user()) ? true : false); $ssl_state = ((local_user()) ? true : false);
@ -521,7 +526,7 @@ function conversation(App $a, $items, $mode, $update, $preview = false, $order =
$previewing = (($preview) ? ' preview ' : ''); $previewing = (($preview) ? ' preview ' : '');
if ($mode === 'network') { if ($mode === 'network') {
$items = conversation_add_children($items, false, $order); $items = conversation_add_children($items, false, $order, $uid);
$profile_owner = local_user(); $profile_owner = local_user();
if (!$update) { if (!$update) {
/* /*
@ -582,7 +587,7 @@ function conversation(App $a, $items, $mode, $update, $preview = false, $order =
. " var profile_page = 1; </script>"; . " var profile_page = 1; </script>";
} }
} elseif ($mode === 'community') { } elseif ($mode === 'community') {
$items = conversation_add_children($items, true, $order); $items = conversation_add_children($items, true, $order, $uid);
$profile_owner = 0; $profile_owner = 0;
if (!$update) { if (!$update) {
$live_update_div = '<div id="live-community"></div>' . "\r\n" $live_update_div = '<div id="live-community"></div>' . "\r\n"
@ -885,7 +890,7 @@ function conversation(App $a, $items, $mode, $update, $preview = false, $order =
* *
* @return array items with parents and comments * @return array items with parents and comments
*/ */
function conversation_add_children($parents, $block_authors, $order) { function conversation_add_children($parents, $block_authors, $order, $uid) {
$max_comments = Config::get('system', 'max_comments', 100); $max_comments = Config::get('system', 'max_comments', 100);
if ($max_comments > 0) { if ($max_comments > 0) {
@ -899,7 +904,7 @@ function conversation_add_children($parents, $block_authors, $order) {
$block_sql = $block_authors ? "AND NOT `author`.`hidden` AND NOT `author`.`blocked`" : ""; $block_sql = $block_authors ? "AND NOT `author`.`hidden` AND NOT `author`.`blocked`" : "";
foreach ($parents AS $parent) { foreach ($parents AS $parent) {
$thread_items = dba::p(item_query()."AND `item`.`parent-uri` = ? $thread_items = dba::p(item_query(local_user())."AND `item`.`parent-uri` = ?
AND `item`.`uid` IN (0, ?) $block_sql AND `item`.`uid` IN (0, ?) $block_sql
ORDER BY `item`.`uid` ASC, `item`.`commented` DESC" . $limit, ORDER BY `item`.`uid` ASC, `item`.`commented` DESC" . $limit,
$parent['uri'], local_user()); $parent['uri'], local_user());

View file

@ -321,7 +321,7 @@ function drop_items($items) {
if (count($items)) { if (count($items)) {
foreach ($items as $item) { foreach ($items as $item) {
$owner = Item::deleteById($item); $owner = Item::deleteForUser(['id' => $item], local_user());
if ($owner && !$uid) if ($owner && !$uid)
$uid = $owner; $uid = $owner;
} }
@ -393,7 +393,7 @@ function drop_item($id) {
} }
// delete the item // delete the item
Item::deleteById($item['id']); Item::deleteForUser(['id' => $item['id']], local_user());
goaway(System::baseUrl() . '/' . $_SESSION['return_url']); goaway(System::baseUrl() . '/' . $_SESSION['return_url']);
//NOTREACHED //NOTREACHED

View file

@ -555,14 +555,9 @@ function admin_page_deleteitem_post(App $a)
if (strpos($guid, '/')) { if (strpos($guid, '/')) {
$guid = substr($guid, strrpos($guid, '/') + 1); $guid = substr($guid, strrpos($guid, '/') + 1);
} }
// Now that we have the GUID get all IDs of the associated entries in the // Now that we have the GUID, drop those items, which will also delete the
// item table of the DB and drop those items, which will also delete the
// associated threads. // associated threads.
$r = dba::select('item', ['id'], ['guid' => $guid]); Item::delete(['guid' => $guid]);
while ($row = dba::fetch($r)) {
Item::deleteById($row['id']);
}
dba::close($r);
} }
info(L10n::t('Item marked for deletion.') . EOL); info(L10n::t('Item marked for deletion.') . EOL);

View file

@ -171,7 +171,7 @@ function community_content(App $a, $update = 0)
$s = $r; $s = $r;
} }
$o .= conversation($a, $s, 'community', $update); $o .= conversation($a, $s, 'community', $update, false, 'commented', local_user());
if (!$update) { if (!$update) {
$o .= alt_pager($a, count($r)); $o .= alt_pager($a, count($r));

View file

@ -346,7 +346,7 @@ function display_content(App $a, $update = false, $update_uid = 0) {
return ''; return '';
} }
$r = dba::p(item_query()."AND `item`.`parent-uri` = (SELECT `parent-uri` FROM `item` WHERE `id` = ?) $r = dba::p(item_query(local_user())."AND `item`.`parent-uri` = (SELECT `parent-uri` FROM `item` WHERE `id` = ?)
AND `item`.`uid` IN (0, ?) $sql_extra AND `item`.`uid` IN (0, ?) $sql_extra
ORDER BY `item`.`uid` ASC, `parent` DESC, `gravity` ASC, `id` ASC", ORDER BY `item`.`uid` ASC, `parent` DESC, `gravity` ASC, `id` ASC",
$item_id, local_user() $item_id, local_user()
@ -369,7 +369,7 @@ function display_content(App $a, $update = false, $update_uid = 0) {
if (!$update) { if (!$update) {
$o .= "<script> var netargs = '?f=&item_id=" . $item_id . "'; </script>"; $o .= "<script> var netargs = '?f=&item_id=" . $item_id . "'; </script>";
} }
$o .= conversation($a, $items, 'display', $update_uid); $o .= conversation($a, $items, 'display', $update_uid, false, 'commented', local_user());
// Preparing the meta header // Preparing the meta header
$description = trim(HTML::toPlaintext(BBCode::convert($s[0]["body"], false), 0, true)); $description = trim(HTML::toPlaintext(BBCode::convert($s[0]["body"], false), 0, true));

View file

@ -545,7 +545,7 @@ function events_content(App $a) {
// Delete only real events (no birthdays) // Delete only real events (no birthdays)
if (DBM::is_result($ev) && $ev[0]['type'] == 'event') { if (DBM::is_result($ev) && $ev[0]['type'] == 'event') {
$del = Item::deleteById($ev[0]['itemid']); $del = Item::deleteForUser(['id' => $ev[0]['itemid']], local_user());
} }
if ($del == 0) { if ($del == 0) {

View file

@ -877,7 +877,7 @@ function item_content(App $a) {
$o = ''; $o = '';
if (($a->argc == 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) { if (($a->argc == 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) {
if (is_ajax()) { if (is_ajax()) {
$o = Item::deleteById($a->argv[2]); $o = Item::deleteForUser(['id' => $a->argv[2]], local_user());
} else { } else {
$o = drop_item($a->argv[2]); $o = drop_item($a->argv[2]);
} }

View file

@ -345,7 +345,7 @@ function networkConversation($a, $items, $mode, $update, $ordering = '')
// Set this so that the conversation function can find out contact info for our wall-wall items // Set this so that the conversation function can find out contact info for our wall-wall items
$a->page_contact = $a->contact; $a->page_contact = $a->contact;
$o = conversation($a, $items, $mode, $update, false, $ordering); $o = conversation($a, $items, $mode, $update, false, $ordering, local_user());
if (!$update) { if (!$update) {
if (PConfig::get(local_user(), 'system', 'infinite_scroll')) { if (PConfig::get(local_user(), 'system', 'infinite_scroll')) {
@ -456,8 +456,8 @@ function networkFlatView(App $a, $update = 0)
$items = q("SELECT %s FROM `item` $sql_post_table %s $items = q("SELECT %s FROM `item` $sql_post_table %s
WHERE %s AND `item`.`uid` = %d WHERE %s AND `item`.`uid` = %d
ORDER BY `item`.`id` DESC $pager_sql ", ORDER BY `item`.`id` DESC $pager_sql ",
item_fieldlists(), item_joins(), item_condition(), item_fieldlists(), item_joins(local_user()), item_condition(),
intval($_SESSION['uid']) intval(local_user())
); );
$condition = ['unseen' => true, 'uid' => local_user()]; $condition = ['unseen' => true, 'uid' => local_user()];
@ -610,7 +610,7 @@ function networkThreadedView(App $a, $update, $parent)
$sql_tag_nets = (($nets) ? sprintf(" AND `item`.`network` = '%s' ", dbesc($nets)) : ''); $sql_tag_nets = (($nets) ? sprintf(" AND `item`.`network` = '%s' ", dbesc($nets)) : '');
if ($gid) { if ($gid) {
$group = dba::selectFirst('group', ['name'], ['id' => $gid, 'uid' => $_SESSION['uid']]); $group = dba::selectFirst('group', ['name'], ['id' => $gid, 'uid' => local_user()]);
if (!DBM::is_result($group)) { if (!DBM::is_result($group)) {
if ($update) { if ($update) {
killme(); killme();
@ -626,7 +626,7 @@ function networkThreadedView(App $a, $update, $parent)
$contact_str_self = ''; $contact_str_self = '';
$contact_str = implode(',', $contacts); $contact_str = implode(',', $contacts);
$self = dba::selectFirst('contact', ['id'], ['uid' => $_SESSION['uid'], 'self' => true]); $self = dba::selectFirst('contact', ['id'], ['uid' => local_user(), 'self' => true]);
if (DBM::is_result($self)) { if (DBM::is_result($self)) {
$contact_str_self = $self['id']; $contact_str_self = $self['id'];
} }
@ -774,12 +774,15 @@ function networkThreadedView(App $a, $update, $parent)
AND (`item`.`parent-uri` != `item`.`uri` AND (`item`.`parent-uri` != `item`.`uri`
OR `contact`.`uid` = `item`.`uid` AND `contact`.`self` OR `contact`.`uid` = `item`.`uid` AND `contact`.`self`
OR `contact`.`rel` IN (%d, %d) AND NOT `contact`.`readonly`) OR `contact`.`rel` IN (%d, %d) AND NOT `contact`.`readonly`)
LEFT JOIN `user-item` ON `user-item`.`iid` = `item`.`id` AND `user-item`.`uid` = %d
WHERE `item`.`uid` = %d AND `item`.`visible` AND NOT `item`.`deleted` WHERE `item`.`uid` = %d AND `item`.`visible` AND NOT `item`.`deleted`
AND (`user-item`.`hidden` IS NULL OR NOT `user-item`.`hidden`)
AND NOT `item`.`moderated` AND $sql_extra4 AND NOT `item`.`moderated` AND $sql_extra4
$sql_extra3 $sql_extra $sql_range $sql_nets $sql_extra3 $sql_extra $sql_range $sql_nets
ORDER BY `order_date` DESC LIMIT 100", ORDER BY `order_date` DESC LIMIT 100",
intval(CONTACT_IS_SHARING), intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_FRIEND),
intval(local_user()),
intval(local_user()) intval(local_user())
); );
} else { } else {
@ -791,12 +794,15 @@ function networkThreadedView(App $a, $update, $parent)
AND (`item`.`parent-uri` != `item`.`uri` AND (`item`.`parent-uri` != `item`.`uri`
OR `contact`.`uid` = `item`.`uid` AND `contact`.`self` OR `contact`.`uid` = `item`.`uid` AND `contact`.`self`
OR `contact`.`rel` IN (%d, %d) AND NOT `contact`.`readonly`) OR `contact`.`rel` IN (%d, %d) AND NOT `contact`.`readonly`)
LEFT JOIN `user-item` ON `user-item`.`iid` = `item`.`id` AND `user-item`.`uid` = %d
WHERE `thread`.`uid` = %d AND `thread`.`visible` AND NOT `thread`.`deleted` WHERE `thread`.`uid` = %d AND `thread`.`visible` AND NOT `thread`.`deleted`
AND NOT `thread`.`moderated` AND NOT `thread`.`moderated`
AND (`user-item`.`hidden` IS NULL OR NOT `user-item`.`hidden`)
$sql_extra2 $sql_extra3 $sql_range $sql_extra $sql_nets $sql_extra2 $sql_extra3 $sql_range $sql_extra $sql_nets
ORDER BY `order_date` DESC $pager_sql", ORDER BY `order_date` DESC $pager_sql",
intval(CONTACT_IS_SHARING), intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_FRIEND),
intval(local_user()),
intval(local_user()) intval(local_user())
); );
} }

View file

@ -82,7 +82,7 @@ function notes_content(App $a, $update = false)
WHERE %s AND `item`.`uid` = %d AND `item`.`type` = 'note' WHERE %s AND `item`.`uid` = %d AND `item`.`type` = 'note'
AND `contact`.`self` AND `item`.`id` = `item`.`parent` AND NOT `item`.`wall` AND `contact`.`self` AND `item`.`id` = `item`.`parent` AND NOT `item`.`wall`
$sql_extra ", $sql_extra ",
item_joins(), item_joins(local_user()),
item_condition(), item_condition(),
intval(local_user()) intval(local_user())
); );
@ -97,7 +97,7 @@ function notes_content(App $a, $update = false)
AND `item`.`id` = `item`.`parent` AND NOT `item`.`wall` AND `item`.`id` = `item`.`parent` AND NOT `item`.`wall`
$sql_extra $sql_extra
ORDER BY `item`.`created` DESC LIMIT %d ,%d ", ORDER BY `item`.`created` DESC LIMIT %d ,%d ",
item_joins(), item_joins(local_user()),
item_condition(), item_condition(),
intval(local_user()), intval(local_user()),
intval($a->pager['start']), intval($a->pager['start']),
@ -119,7 +119,7 @@ function notes_content(App $a, $update = false)
$sql_extra $sql_extra
ORDER BY `parent` DESC, `gravity` ASC, `item`.`id` ASC ", ORDER BY `parent` DESC, `gravity` ASC, `item`.`id` ASC ",
item_fieldlists(), item_fieldlists(),
item_joins(), item_joins(local_user()),
item_condition(), item_condition(),
intval(local_user()), intval(local_user()),
dbesc($parents_str) dbesc($parents_str)

View file

@ -284,14 +284,7 @@ function photos_post(App $a)
); );
// find and delete the corresponding item with all the comments and likes/dislikes // find and delete the corresponding item with all the comments and likes/dislikes
$r = q("SELECT `id` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d", Item::deleteForUser(['resource-id' => $res, 'uid' => $page_owner_uid], $page_owner_uid);
intval($page_owner_uid)
);
if (DBM::is_result($r)) {
foreach ($r as $rr) {
Item::deleteById($rr['id']);
}
}
// Update the photo albums cache // Update the photo albums cache
Photo::clearAlbumCache($page_owner_uid); Photo::clearAlbumCache($page_owner_uid);
@ -344,17 +337,12 @@ function photos_post(App $a)
intval($page_owner_uid), intval($page_owner_uid),
dbesc($r[0]['resource-id']) dbesc($r[0]['resource-id'])
); );
$i = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['resource-id']), Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid);
intval($page_owner_uid)
);
if (DBM::is_result($i)) {
Item::deleteById($i[0]['id']);
// Update the photo albums cache // Update the photo albums cache
Photo::clearAlbumCache($page_owner_uid); Photo::clearAlbumCache($page_owner_uid);
} }
}
goaway('photos/' . $a->data['user']['nickname']); goaway('photos/' . $a->data['user']['nickname']);
return; // NOTREACHED return; // NOTREACHED

View file

@ -339,7 +339,7 @@ function profile_content(App $a, $update = 0)
$parents_str = implode(', ', $parents_arr); $parents_str = implode(', ', $parents_arr);
$items = q(item_query() . " AND `item`.`uid` = %d $items = q(item_query($a->profile['profile_uid']) . " AND `item`.`uid` = %d
AND `item`.`parent` IN (%s) AND `item`.`parent` IN (%s)
$sql_extra ", $sql_extra ",
intval($a->profile['profile_uid']), intval($a->profile['profile_uid']),
@ -365,7 +365,7 @@ function profile_content(App $a, $update = 0)
} }
} }
$o .= conversation($a, $items, 'profile', $update); $o .= conversation($a, $items, 'profile', $update, false, 'commented', local_user());
if (!$update) { if (!$update) {
$o .= alt_pager($a, count($items)); $o .= alt_pager($a, count($items));

View file

@ -204,7 +204,7 @@ function search_content(App $a) {
AND `term`.`otype` = %d AND `term`.`type` = %d AND `term`.`term` = '%s' AND `item`.`verb` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d AND `term`.`term` = '%s' AND `item`.`verb` = '%s'
AND NOT `author`.`blocked` AND NOT `author`.`hidden` AND NOT `author`.`blocked` AND NOT `author`.`hidden`
ORDER BY term.created DESC LIMIT %d , %d ", ORDER BY term.created DESC LIMIT %d , %d ",
item_fieldlists(), item_joins(), item_condition(), item_fieldlists(), item_joins(local_user()), item_condition(),
intval(local_user()), intval(local_user()),
intval(TERM_OBJ_POST), intval(TERM_HASHTAG), dbesc(protect_sprintf($search)), dbesc(ACTIVITY_POST), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), dbesc(protect_sprintf($search)), dbesc(ACTIVITY_POST),
intval($a->pager['start']), intval($a->pager['itemspage'])); intval($a->pager['start']), intval($a->pager['itemspage']));
@ -219,7 +219,7 @@ function search_content(App $a) {
AND NOT `author`.`blocked` AND NOT `author`.`hidden` AND NOT `author`.`blocked` AND NOT `author`.`hidden`
$sql_extra $sql_extra
GROUP BY `item`.`uri`, `item`.`id` ORDER BY `item`.`id` DESC LIMIT %d , %d", GROUP BY `item`.`uri`, `item`.`id` ORDER BY `item`.`id` DESC LIMIT %d , %d",
item_fieldlists(), item_joins(), item_condition(), item_fieldlists(), item_joins(local_user()), item_condition(),
intval(local_user()), intval(local_user()),
intval($a->pager['start']), intval($a->pager['itemspage'])); intval($a->pager['start']), intval($a->pager['itemspage']));
} }
@ -241,7 +241,7 @@ function search_content(App $a) {
]); ]);
logger("Start Conversation for '".$search."'", LOGGER_DEBUG); logger("Start Conversation for '".$search."'", LOGGER_DEBUG);
$o .= conversation($a,$r,'search',false); $o .= conversation($a, $r, 'search', false, false, 'commented', local_user());
$o .= alt_pager($a,count($r)); $o .= alt_pager($a,count($r));

View file

@ -169,7 +169,7 @@ function videos_post(App $a) {
); );
if (DBM::is_result($i)) { if (DBM::is_result($i)) {
Item::deleteById($i[0]['id']); Item::deleteForUser(['id' => $i[0]['id']], local_user());
} }
} }

View file

@ -1786,6 +1786,17 @@ class DBStructure
"username" => ["username(32)"], "username" => ["username(32)"],
] ]
]; ];
$database["user-item"] = [
"comment" => "User specific item data",
"fields" => [
"iid" => ["type" => "int unsigned", "not null" => "1", "default" => "0", "primary" => "1", "relation" => ["item" => "id"], "comment" => "Item id"],
"uid" => ["type" => "mediumint unsigned", "not null" => "1", "default" => "0", "primary" => "1", "relation" => ["user" => "uid"], "comment" => "User id"],
"hidden" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "Marker to hide an item from the user"],
],
"indexes" => [
"PRIMARY" => ["uid", "iid"],
]
];
$database["workerqueue"] = [ $database["workerqueue"] = [
"comment" => "Background tasks queue entries", "comment" => "Background tasks queue entries",
"fields" => [ "fields" => [

View file

@ -1049,7 +1049,7 @@ class Contact extends BaseObject
$contact = ($r[0]["contact-type"] == ACCOUNT_TYPE_COMMUNITY ? 'owner-id' : 'author-id'); $contact = ($r[0]["contact-type"] == ACCOUNT_TYPE_COMMUNITY ? 'owner-id' : 'author-id');
$r = q(item_query() . " AND `item`.`" . $contact . "` = %d AND " . $sql . $r = q(item_query(local_user()) . " AND `item`.`" . $contact . "` = %d AND " . $sql .
" AND `item`.`verb` = '%s' ORDER BY `item`.`created` DESC LIMIT %d, %d", " AND `item`.`verb` = '%s' ORDER BY `item`.`created` DESC LIMIT %d, %d",
intval($author_id), intval(local_user()), dbesc(ACTIVITY_POST), intval($author_id), intval(local_user()), dbesc(ACTIVITY_POST),
intval($a->pager['start']), intval($a->pager['itemspage']) intval($a->pager['start']), intval($a->pager['itemspage'])

View file

@ -102,6 +102,32 @@ class Item extends BaseObject
dba::close($items); dba::close($items);
} }
/**
* @brief Delete an item for an user and notify others about it - if it was ours
*
* @param array $condition The condition for finding the item entries
* @param integer $uid User who wants to delete this item
*/
public static function deleteForUser($condition, $uid)
{
if ($uid == 0) {
return;
}
$items = dba::select('item', ['id', 'uid'], $condition);
while ($item = dba::fetch($items)) {
// "Deleting" global items just means hiding them
if ($item['uid'] == 0) {
dba::update('user-item', ['hidden' => true], ['iid' => $item['id'], 'uid' => $uid], true);
} elseif ($item['uid'] == $uid) {
self::deleteById($item['id'], PRIORITY_HIGH);
} else {
logger('Wrong ownership. Not deleting item ' . $item['id']);
}
}
dba::close($items);
}
/** /**
* @brief Delete an item and notify others about it - if it was ours * @brief Delete an item and notify others about it - if it was ours
* *
@ -110,7 +136,7 @@ class Item extends BaseObject
* *
* @return boolean success * @return boolean success
*/ */
public static function deleteById($item_id, $priority = PRIORITY_HIGH) private static function deleteById($item_id, $priority = PRIORITY_HIGH)
{ {
// locate item to be deleted // locate item to be deleted
$fields = ['id', 'uri', 'uid', 'parent', 'parent-uri', 'origin', $fields = ['id', 'uri', 'uid', 'parent', 'parent-uri', 'origin',
@ -201,6 +227,13 @@ class Item extends BaseObject
// send the notification upstream/downstream // send the notification upstream/downstream
Worker::add(['priority' => $priority, 'dont_fork' => true], "Notifier", "drop", intval($item['id'])); Worker::add(['priority' => $priority, 'dont_fork' => true], "Notifier", "drop", intval($item['id']));
} elseif ($item['uid'] != 0) {
// When we delete just our local user copy of an item, we have to set a marker to hide it
$global_item = dba::selectFirst('item', ['id'], ['uri' => $item['uri'], 'uid' => 0, 'deleted' => false]);
if (DBM::is_result($global_item)) {
dba::update('user-item', ['hidden' => true], ['iid' => $global_item['id'], 'uid' => $item['uid']], true);
}
} }
logger('Item with ID ' . $item_id . " has been deleted.", LOGGER_DEBUG); logger('Item with ID ' . $item_id . " has been deleted.", LOGGER_DEBUG);

View file

@ -2807,15 +2807,13 @@ class DFRN
} }
} }
$entrytype = self::getEntryType($importer, $item); if ($item["deleted"]) {
if (!$item["deleted"]) {
logger('deleting item '.$item["id"].' uri='.$uri, LOGGER_DEBUG);
} else {
return; return;
} }
Item::deleteById($item["id"]); logger('deleting item '.$item['id'].' uri='.$uri, LOGGER_DEBUG);
Item::delete(['id' => $item['id']]);
} }
/** /**

View file

@ -2785,7 +2785,7 @@ class Diaspora
while ($item = dba::fetch($r)) { while ($item = dba::fetch($r)) {
// Fetch the parent item // Fetch the parent item
$parent = dba::selectFirst('item', ['author-link', 'origin'], ['id' => $item["parent"]]); $parent = dba::selectFirst('item', ['author-link'], ['id' => $item["parent"]]);
// Only delete it if the parent author really fits // Only delete it if the parent author really fits
if (!link_compare($parent["author-link"], $contact["url"]) && !link_compare($item["author-link"], $contact["url"])) { if (!link_compare($parent["author-link"], $contact["url"]) && !link_compare($item["author-link"], $contact["url"])) {
@ -2793,7 +2793,7 @@ class Diaspora
continue; continue;
} }
Item::deleteById($item["id"]); Item::delete(['id' => $item['id']]);
logger("Deleted target ".$target_guid." (".$item["id"].") from user ".$item["uid"]." parent: ".$item["parent"], LOGGER_DEBUG); logger("Deleted target ".$target_guid." (".$item["id"].") from user ".$item["uid"]." parent: ".$item["parent"], LOGGER_DEBUG);
} }

View file

@ -537,13 +537,12 @@ class OStatus
private static function deleteNotice($item) private static function deleteNotice($item)
{ {
$condition = ['uid' => $item['uid'], 'author-link' => $item['author-link'], 'uri' => $item['uri']]; $condition = ['uid' => $item['uid'], 'author-link' => $item['author-link'], 'uri' => $item['uri']];
$deleted = dba::selectFirst('item', ['id', 'parent-uri'], $condition); if (!dba::exists('item', $condition)) {
if (!DBM::is_result($deleted)) {
logger('Item from '.$item['author-link'].' with uri '.$item['uri'].' for user '.$item['uid']." wasn't found. We don't delete it."); logger('Item from '.$item['author-link'].' with uri '.$item['uri'].' for user '.$item['uid']." wasn't found. We don't delete it.");
return; return;
} }
Item::deleteById($deleted["id"]); Item::delete($condition);
logger('Deleted item with uri '.$item['uri'].' for user '.$item['uid']); logger('Deleted item with uri '.$item['uri'].' for user '.$item['uid']);
} }