friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-05-17 22:36:43 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity

Improve handling of the visibility parameter of the new ACL

Browse source 
- Add backward compatibility with old ACL parameters
This commit is contained in:
Hypolite Petovan 2020-12-21 22:23:13 -05:00
parent d9371d37ad
commit 49c1f5c55c
3 changed files with 42 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
mod/events.php
View file

@ -163,27 +163,26 @@ function events_post(App $a)
if ($share) { if ($share) {
$str_contact_allow = ''; $user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
$str_group_allow = ''; if (!DBA::isResult($user)) {
$str_contact_deny = ''; return;
$str_group_deny = ''; }
if (($_REQUEST['visibility'] ?? '') !== 'public') { $aclFormatter = DI::aclFormatter();
$user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']); $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
if (!DBA::isResult($user)) { $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
return; $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
} $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
$aclFormatter = DI::aclFormatter(); $visibility = $_REQUEST['visibility'] ?? '';
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? ''; if ($visibility === 'public') {
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? ''; // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? ''; $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; } else if ($visibility === 'custom') {
// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case // case that would make it public. So we always append the author's contact id to the allowed contacts.
// that would make the item public. So we always append the author's contact id to the allowed contacts.
// See https://github.com/friendica/friendica/issues/9672 // See https://github.com/friendica/friendica/issues/9672
$str_contact_allow .= $aclFormatter->toString(\Friendica\Model\Contact::getPublicIdByUserId($uid)); $str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
} }
} else { } else {
$str_contact_allow = '<' . $self . '>'; $str_contact_allow = '<' . $self . '>';

25
mod/item.php
View file

@ -261,20 +261,19 @@ function item_post(App $a) {
$guid = $orig_post['guid']; $guid = $orig_post['guid'];
$extid = $orig_post['extid']; $extid = $orig_post['extid'];
} else { } else {
$str_contact_allow = ''; $aclFormatter = DI::aclFormatter();
$str_group_allow = ''; $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
$str_contact_deny = ''; $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
$str_group_deny = ''; $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
if (($_REQUEST['visibility'] ?? '') !== 'public') { $visibility = $_REQUEST['visibility'] ?? '';
$aclFormatter = DI::aclFormatter(); if ($visibility === 'public') {
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? ''; // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? ''; $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? ''; } else if ($visibility === 'custom') {
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; // Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
// case that would make it public. So we always append the author's contact id to the allowed contacts.
// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
// that would make the item public. So we always append the author's contact id to the allowed contacts.
// See https://github.com/friendica/friendica/issues/9672 // See https://github.com/friendica/friendica/issues/9672
$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid)); $str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
} }

27
mod/photos.php
View file

@ -184,22 +184,21 @@ function photos_post(App $a)
exit(); exit();
} }
$str_contact_allow = ''; $aclFormatter = DI::aclFormatter();
$str_group_allow = ''; $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $owner_record['allow_cid'] ?? '';
$str_contact_deny = ''; $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $owner_record['allow_gid'] ?? '';
$str_group_deny = ''; $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $owner_record['deny_cid'] ?? '';
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $owner_record['deny_gid'] ?? '';
if (($_REQUEST['visibility'] ?? '') !== 'public') { $visibility = $_REQUEST['visibility'] ?? '';
$aclFormatter = DI::aclFormatter(); if ($visibility === 'public') {
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $owner_record['allow_cid'] ?? ''; // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $owner_record['allow_gid'] ?? ''; $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $owner_record['deny_cid'] ?? ''; } else if ($visibility === 'custom') {
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $owner_record['deny_gid'] ?? ''; // Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
// case that would make it public. So we always append the author's contact id to the allowed contacts.
// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
// that would make the item public. So we always append the author's contact id to the allowed contacts.
// See https://github.com/friendica/friendica/issues/9672 // See https://github.com/friendica/friendica/issues/9672
$str_contact_allow .= $aclFormatter->toString(\Friendica\Model\Contact::getPublicIdByUserId($page_owner_uid)); $str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($page_owner_uid));
} }
if ($a->argc > 3 && $a->argv[2] === 'album') { if ($a->argc > 3 && $a->argv[2] === 'album') {