Merge pull request #12227 from matthiasmoritz/public_calendar

Public calendar
This commit is contained in:
Philipp 2022-12-01 17:27:36 +01:00 committed by GitHub
commit 5ea22197ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 559 additions and 497 deletions

View File

@ -45,7 +45,7 @@ function notes_content(App $a, bool $update = false)
return;
}
$o = BaseProfile::getTabsHTML($a, 'notes', true, $a->getLoggedInUserNickname(), false);
$o = BaseProfile::getTabsHTML('notes', true, $a->getLoggedInUserNickname(), false);
if (!$update) {
$o .= '<h3>' . DI::l10n()->t('Personal Notes') . '</h3>';

View File

@ -865,9 +865,8 @@ function photos_content(App $a)
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
}
if ($user['hidewall'] && (DI::userSession()->getLocalUserId() != $owner_uid) && !$remote_contact) {
DI::sysmsg()->addNotice(DI::l10n()->t('Access to this item is restricted.'));
return;
if ($user['hidewall'] && !DI::userSession()->isAuthenticated()) {
DI::baseUrl()->redirect('profile/' . $user['nickname'] . '/restricted');
}
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
@ -876,7 +875,7 @@ function photos_content(App $a)
// tabs
$is_owner = (DI::userSession()->getLocalUserId() && (DI::userSession()->getLocalUserId() == $owner_uid));
$o .= BaseProfile::getTabsHTML($a, 'photos', $is_owner, $user['nickname'], $profile['hide-friends']);
$o .= BaseProfile::getTabsHTML('photos', $is_owner, $user['nickname'], $profile['hide-friends']);
// Display upload form
if ($datatype === 'upload') {

View File

@ -69,7 +69,6 @@ class App
private $theme_info = [
'videowidth' => 425,
'videoheight' => 350,
'events_in_profile' => true
];
private $user_id = 0;

View File

@ -120,6 +120,12 @@ class Feature
['tagadelic', DI::l10n()->t('Tag Cloud'), DI::l10n()->t('Provide a personal tag cloud on your profile page'), false, DI::config()->get('feature_lock', 'tagadelic', false)],
['profile_membersince', DI::l10n()->t('Display Membership Date'), DI::l10n()->t('Display membership date in profile'), false, DI::config()->get('feature_lock', 'profile_membersince', false)],
],
//Advanced Calendar Settings
'advanced_calendar' => [
DI::l10n()->t('Advanced Calendar Settings'),
['public_calendar', DI::l10n()->t('Allow anonymous access to your calendar'), DI::l10n()->t('Allows anonymous visitors to consult your calendar and your public events. Contact birthday events are private to you.'), false, DI::config()->get('feature_lock', 'public_calendar', false)],
]
];
// removed any locked features and remove the entire category if this makes it empty

View File

@ -21,6 +21,7 @@
namespace Friendica\Model;
use Friendica\Content\Feature;
use Friendica\Content\Text\BBCode;
use Friendica\Core\Hook;
use Friendica\Core\Logger;
@ -28,8 +29,7 @@ use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Network\HTTPException\NotFoundException;
use Friendica\Network\HTTPException\UnauthorizedException;
use Friendica\Network\HTTPException;
use Friendica\Protocol\Activity;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
@ -501,36 +501,32 @@ class Event
* Additionally, it can check if the owner array is selectable
*
* @param string $nickname
* @param bool $check
*
* @return array the owner array
* @throws NotFoundException The given nickname does not exist
* @throws UnauthorizedException The access for the given nickname is restricted
* @throws HTTPException\InternalServerErrorException
* @throws HTTPException\NotFoundException The given nickname does not exist
* @throws HTTPException\UnauthorizedException The access for the given nickname is restricted
*/
public static function getOwnerForNickname(string $nickname, bool $check = true): array
public static function getOwnerForNickname(string $nickname): array
{
$owner = User::getOwnerDataByNick($nickname);
if (empty($owner)) {
throw new NotFoundException(DI::l10n()->t('User not found.'));
if (empty($owner) || $owner['account_removed'] || $owner['account_expired']) {
throw new HTTPException\NotFoundException(DI::l10n()->t('User not found.'));
}
if ($check) {
$contact_id = DI::userSession()->getRemoteContactID($owner['uid']);
$remote_contact = $contact_id && DBA::exists('contact', ['id' => $contact_id, 'uid' => $owner['uid']]);
$is_owner = DI::userSession()->getLocalUserId() == $owner['uid'];
if ($owner['hidewall'] && !$is_owner && !$remote_contact) {
throw new UnauthorizedException(DI::l10n()->t('Access to this profile has been restricted.'));
if (!DI::userSession()->isAuthenticated() && $owner['hidewall']) {
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Access to this profile has been restricted.'));
}
if (!DI::userSession()->isAuthenticated() && !Feature::isEnabled($owner['uid'], 'public_calendar')) {
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
}
return $owner;
}
/**
* Get an event by its event ID.
* Get an event by its event ID. Checks permissions.
*
* @param int $owner_uid The User ID of the owner of the event
* @param int $event_id The ID of the event in the event table
@ -538,37 +534,32 @@ class Event
* @return array Query result
* @throws \Exception
*/
public static function getByIdAndUid(int $owner_uid, int $event_id, string $nickname = null): array
public static function getByIdAndUid(int $owner_uid, int $event_id): array
{
if (!empty($nickname)) {
$owner = static::getOwnerForNickname($nickname, true);
$owner_uid = $owner['uid'];
// get the permissions
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
// we only want to have the events of the profile owner
$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;
} else {
$sql_extra = "";
}
// Only allow events if there is a valid owner_id.
if ($owner_uid == 0) {
return [];
}
// Query for the event by event id
$events = DBA::toArray(DBA::p("SELECT `event`.*, `post-user`.`id` AS `itemid` FROM `event`
LEFT JOIN `post-user` ON `post-user`.`event-id` = `event`.`id` AND `post-user`.`uid` = `event`.`uid`
WHERE `event`.`uid` = ? AND `event`.`id` = ? $sql_extra",
$owner_uid, $event_id));
// get the permissions
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
// Query for the event by event id
$events = DBA::toArray(DBA::p(
"SELECT `event`.*, `post-user`.`id` AS `itemid` FROM `event`
LEFT JOIN `post-user`
ON `post-user`.`event-id` = `event`.`id`
AND `post-user`.`uid` = `event`.`uid`
WHERE `event`.`id` = ?
AND `event`.`uid` = ?
$sql_perms",
$event_id, $owner_uid
));
if (empty($events)) {
throw new NotFoundException(DI::l10n()->t('Event not found.'));
} else {
$events = self::removeDuplicates($events);
return $events[0];
throw new HTTPException\NotFoundException(DI::l10n()->t('Event not found.'));
}
return $events[0];
}
/**
@ -577,34 +568,23 @@ class Event
* @param int $owner_uid The User ID of the owner of the events.
* @param string|null $start Start time of the timeframe.
* @param string|null $finish Finish time of the timeframe.
* @param bool $ignore
* @param string|null $nickname
* @param bool|null $ignore Filters ignored events (false: unignored events, true: ignored events, null: all events)
*
* @return array Query results.
* @throws NotFoundException
* @throws UnauthorizedException
* @throws HTTPException\NotFoundException
* @throws HTTPException\UnauthorizedException
*/
public static function getListByDate(int $owner_uid, string $start = null, string $finish = null, bool $ignore = false, string $nickname = null): array
public static function getListByDate(int $owner_uid, string $start = null, string $finish = null, ?bool $ignore = false): array
{
if (!empty($nickname)) {
$owner = static::getOwnerForNickname($nickname);
$owner_uid = $owner['uid'];
// get the permissions
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
// we only want to have the events of the profile owner
$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;
} else {
$sql_extra = "";
}
// Only allow events if there is a valid owner_id.
if ($owner_uid == 0) {
return [];
}
if (empty($start) || empty($finish)) {
// get the permissions
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
if (empty($start) || empty($finish)) {
$y = intval(DateTimeFormat::localNow('Y'));
$m = intval(DateTimeFormat::localNow('m'));
@ -616,41 +596,36 @@ class Event
}
}
if ($ignore === true) {
$sql_ignore = " AND `event`.`ignore` = 1";
} elseif ($ignore === false) {
$sql_ignore = " AND `event`.`ignore` = 0";
} else {
$sql_ignore = "";
}
// Query for the event by date.
$events = DBA::toArray(DBA::p("SELECT `event`.*, `post-user`.`id` AS `itemid` FROM `event`
LEFT JOIN `post-user` ON `post-user`.`event-id` = `event`.`id` AND `post-user`.`uid` = `event`.`uid`
WHERE `event`.`uid` = ? AND `event`.`ignore` = ?
AND (`finish` >= ? OR (`nofinish` AND `start` >= ?)) AND `start` <= ?
" . $sql_extra,
$owner_uid, $ignore,
$start, $start, $finish
$events = DBA::toArray(DBA::p(
"SELECT `event`.*, `post-user`.`id` AS `itemid` FROM `event`
LEFT JOIN `post-user`
ON `post-user`.`event-id` = `event`.`id`
AND `post-user`.`uid` = `event`.`uid`
WHERE `event`.`uid` = ?
$sql_ignore
AND (`finish` >= ? OR (`nofinish` AND `start` >= ?))
AND `start` <= ?
$sql_perms",
$owner_uid,
$start, $start,
$finish
));
$events = self::removeDuplicates($events ?? []);
$events = self::removeDuplicates($events);
return self::sortByDate($events);
}
/**
* Convert an array query results in an array which could be used by the events template.
*
* @param array $event_result Event query array.
* @return array Event array for the template.
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException
*/
public static function prepareListForTemplate(array $event_result): array
{
$event_list = [];
foreach ($event_result as $event) {
$event_list[] = static::prepareForItem($event);
}
return $event_list;
}
/**
* Convert an one event in an array which could be used by the events template.
* Convert an event in an array which could be used by the event template.
*
* @param array $event Event query array.
* @return array Event array for the template.
@ -696,11 +671,7 @@ class Event
[$title, $_trash] = explode("<br", BBCode::convertForUriId($event['uri-id'], Strings::escapeHtml($event['desc'])), BBCode::TWITTER_API);
}
$author_link = $event['author-link'];
$event['author-link'] = Contact::magicLink($author_link);
$html = self::getHTML($event);
$event['author-link'] = Contact::magicLink($event['author-link']);
$event['summary'] = BBCode::convertForUriId($event['uri-id'], Strings::escapeHtml($event['summary']));
$event['desc'] = BBCode::convertForUriId($event['uri-id'], Strings::escapeHtml($event['desc']));
$event['location'] = BBCode::convertForUriId($event['uri-id'], Strings::escapeHtml($event['location']));
@ -717,7 +688,7 @@ class Event
'drop' => $drop,
'copy' => $copy,
'item' => $event,
'html' => $html,
'html' => self::getHTML($event),
'plink' => Item::getPlink($event),
];
}
@ -727,8 +698,6 @@ class Event
*
* @param array $events Query result for events.
* @param string $format The output format (ical/csv).
*
* @param string $timezone Timezone (missing parameter!)
* @return string Content according to selected export format.
*
* @todo Implement timezone support

View File

@ -461,7 +461,7 @@ class Profile
'$unfollow' => DI::l10n()->t('Unfollow'),
'$unfollow_link' => $unfollow_link,
'$subscribe_feed' => DI::l10n()->t('Atom feed'),
'$subscribe_feed_link' => $profile['poll'],
'$subscribe_feed_link' => $profile['hidewall'] ? '' : $profile['poll'],
'$wallmessage' => DI::l10n()->t('Message'),
'$wallmessage_link' => $wallmessage_link,
'$account_type' => $account_type,

View File

@ -29,6 +29,7 @@ use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Model\Item;
use Friendica\Model\Post;
use Friendica\Model\User;
use Friendica\Network\HTTPException;
use Friendica\Protocol\ActivityPub;
use Friendica\Util\HTTPSignature;
@ -74,7 +75,9 @@ class Objects extends BaseModule
throw new HTTPException\NotFoundException();
}
$validated = in_array($item['private'], [Item::PUBLIC, Item::UNLISTED]);
$owner = User::getById($item['uid'], ['hidewall']);
$validated = empty($owner['hidewall']) && in_array($item['private'], [Item::PUBLIC, Item::UNLISTED]);
if (!$validated) {
$requester = HTTPSignature::getSigner('', $_SERVER);

View File

@ -23,23 +23,24 @@ namespace Friendica\Module;
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Content\Feature;
use Friendica\Core\Hook;
use Friendica\Core\Renderer;
use Friendica\DI;
use Friendica\Model\User;
class BaseProfile extends BaseModule
{
/**
* Returns the HTML for the profile pages tabs
*
* @param App $a
* @param string $current
* @param bool $is_owner
* @param string $nickname
* @return string
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function getTabsHTML(App $a, string $current, bool $is_owner, string $nickname, bool $hide_friends)
public static function getTabsHTML(string $current, bool $is_owner, string $nickname, bool $hide_friends)
{
$baseProfileUrl = DI::baseUrl() . '/profile/' . $nickname;
@ -79,7 +80,7 @@ class BaseProfile extends BaseModule
];
// the calendar link for the full-featured events calendar
if ($is_owner && $a->getThemeInfoValue('events_in_profile')) {
if ($is_owner) {
$tabs[] = [
'label' => DI::l10n()->t('Calendar'),
'url' => DI::baseUrl() . '/calendar',
@ -88,9 +89,9 @@ class BaseProfile extends BaseModule
'id' => 'calendar-tab',
'accesskey' => 'c',
];
// if the user is not the owner of the calendar we only show a calendar
// with the public events of the calendar owner
} elseif (!$is_owner) {
} else {
$owner = User::getByNickname($nickname, ['uid']);
if(DI::userSession()->isAuthenticated() || $owner && Feature::isEnabled($owner['uid'], 'public_calendar')) {
$tabs[] = [
'label' => DI::l10n()->t('Calendar'),
'url' => DI::baseUrl() . '/calendar/show/' . $nickname,
@ -100,6 +101,7 @@ class BaseProfile extends BaseModule
'accesskey' => 'c',
];
}
}
if ($is_owner) {
$tabs[] = [

View File

@ -22,12 +22,14 @@
namespace Friendica\Module\Calendar\Event;
use Friendica\App;
use Friendica\Content\Feature;
use Friendica\Core\L10n;
use Friendica\Core\Session\Capability\IHandleUserSessions;
use Friendica\Core\System;
use Friendica\Model\Event;
use Friendica\Model\Item;
use Friendica\Model\Post;
use Friendica\Model\User;
use Friendica\Module\Response;
use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat;
@ -43,24 +45,27 @@ class Get extends \Friendica\BaseModule
/** @var IHandleUserSessions */
protected $session;
public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IHandleUserSessions $session, array $server, array $parameters = [])
public function __construct(App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IHandleUserSessions $session, array $server, array $parameters = [])
{
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->session = $session;
$this->app = $app;
}
protected function rawContent(array $request = [])
{
if (!$this->session->getLocalUserId()) {
$nickname = $this->parameters['nickname'] ?? $this->app->getLoggedInUserNickname();
if (!$nickname) {
throw new HTTPException\UnauthorizedException();
}
// get events by id or by date
$owner = Event::getOwnerForNickname($nickname);
if (!empty($request['id'])) {
$events = [Event::getByIdAndUid($this->session->getLocalUserId(), $request['id'], $this->parameters['nickname'] ?? null)];
$events = [Event::getByIdAndUid($owner['uid'], $request['id'])];
} else {
$events = Event::getListByDate($this->session->getLocalUserId(), $request['start'] ?? '', $request['end'] ?? '', false, $this->parameters['nickname'] ?? null);
$events = Event::getListByDate($owner['uid'], $request['start'] ?? '', $request['end'] ?? '');
}
System::jsonExit($events ? self::map($events) : []);

View File

@ -23,11 +23,13 @@ namespace Friendica\Module\Calendar\Event;
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Content\Feature;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\Session\Capability\IHandleUserSessions;
use Friendica\Core\System;
use Friendica\Model\Event;
use Friendica\Model\User;
use Friendica\Module\Response;
use Friendica\Network\HTTPException;
use Friendica\Util\Profiler;
@ -40,22 +42,27 @@ class Show extends BaseModule
{
/** @var IHandleUserSessions */
protected $session;
/** @var App */
private $app;
public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IHandleUserSessions $session, array $server, array $parameters = [])
public function __construct(App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IHandleUserSessions $session, array $server, array $parameters = [])
{
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->session = $session;
$this->app = $app;
}
protected function rawContent(array $request = [])
{
if (!$this->session->getLocalUserId()) {
throw new HTTPException\UnauthorizedException($this->t('Permission denied.'));
$nickname = $this->parameters['nickname'] ?? $this->app->getLoggedInUserNickname();
if (!$nickname) {
throw new HTTPException\UnauthorizedException();
}
$event = Event::getByIdAndUid($this->session->getLocalUserId(), (int)$this->parameters['id'] ?? 0, $this->parameters['nickname'] ?? '');
$owner = Event::getOwnerForNickname($nickname);
$event = Event::getByIdAndUid($owner['uid'], (int)$this->parameters['id'] ?? 0);
if (empty($event)) {
throw new HTTPException\NotFoundException($this->t('Event not found.'));
}

View File

@ -23,6 +23,7 @@ namespace Friendica\Module\Calendar;
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Content\Feature;
use Friendica\Content\Nav;
use Friendica\Content\Widget;
use Friendica\Core\L10n;
@ -30,9 +31,11 @@ use Friendica\Core\Renderer;
use Friendica\Core\Session\Capability\IHandleUserSessions;
use Friendica\Core\Theme;
use Friendica\Model\Event;
use Friendica\Model\User;
use Friendica\Module\BaseProfile;
use Friendica\Module\Response;
use Friendica\Module\Security\Login;
use Friendica\Network\HTTPException;
use Friendica\Navigation\SystemMessages;
use Friendica\Util\Profiler;
use Psr\Log\LoggerInterface;
@ -60,7 +63,21 @@ class Show extends BaseModule
protected function content(array $request = []): string
{
if (!$this->session->getLocalUserId()) {
$nickname = $this->parameters['nickname'] ?? $this->app->getLoggedInUserNickname();
if (!$nickname) {
throw new HTTPException\UnauthorizedException();
}
$owner = User::getOwnerDataByNick($nickname);
if (!$owner || $owner['account_expired'] || $owner['account_removed']) {
throw new HTTPException\NotFoundException($this->t('User not found.'));
}
if (!$this->session->isAuthenticated() && $owner['hidewall']) {
$this->baseUrl->redirect('profile/' . $nickname . '/restricted');
}
if (!$this->session->isAuthenticated() && !Feature::isEnabled($owner['uid'], 'public_calendar')) {
$this->sysMessages->addNotice($this->t('Permission denied.'));
return Login::form();
}
@ -73,42 +90,26 @@ class Show extends BaseModule
$this->page->registerFooterScript('view/asset/moment/min/moment-with-locales.min.js');
$this->page->registerFooterScript('view/asset/fullcalendar/dist/fullcalendar.min.js');
$htpl = Renderer::getMarkupTemplate('calendar/calendar_head.tpl');
$is_owner = $nickname == $this->app->getLoggedInUserNickname();
$htpl = Renderer::getMarkupTemplate('calendar/calendar_head.tpl');
$this->page['htmlhead'] .= Renderer::replaceMacros($htpl, [
'$calendar_api' => 'calendar/api/get' . (!empty($this->parameters['nickname']) ? '/' . $this->parameters['nickname'] : ''),
'$event_api' => 'calendar/event/show' . (!empty($this->parameters['nickname']) ? '/' . $this->parameters['nickname'] : ''),
'$calendar_api' => 'calendar/api/get' . ($is_owner ? '' : '/' . $nickname),
'$event_api' => 'calendar/event/show' . ($is_owner ? '' : '/' . $nickname),
'$modparams' => 2,
'$i18n' => $i18n,
]);
$tabs = '';
if (empty($this->parameters['nickname'])) {
if ($this->app->getThemeInfoValue('events_in_profile')) {
Nav::setSelected('home');
} else {
Nav::setSelected('calendar');
}
// tabs
if ($this->app->getThemeInfoValue('events_in_profile')) {
$tabs = BaseProfile::getTabsHTML($this->app, 'calendar', true, $this->app->getLoggedInUserNickname(), false);
}
$this->page['aside'] .= Widget\CalendarExport::getHTML($this->session->getLocalUserId());
} else {
$owner = Event::getOwnerForNickname($this->parameters['nickname'], true);
Nav::setSelected('calendar');
// get the tab navigation bar
$tabs = BaseProfile::getTabsHTML($this->app, 'calendar', false, $owner['nickname'], $owner['hide-friends']);
Nav::setSelected($is_owner ? 'home' : 'calendar');
if (!$is_owner) {
$this->page['aside'] .= Widget\VCard::getHTML($owner);
$this->page['aside'] .= Widget\CalendarExport::getHTML($owner['uid']);
}
$this->page['aside'] .= Widget\CalendarExport::getHTML($owner['uid']);
$tabs = BaseProfile::getTabsHTML('calendar', $is_owner, $nickname, !$is_owner && $owner['hide-friends']);
// ACL blocks are loaded in modals in frio
$this->page->registerFooterScript(Theme::getPathForFile('asset/typeahead.js/dist/typeahead.bundle.js'));
$this->page->registerFooterScript(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.js'));

View File

@ -23,7 +23,9 @@ namespace Friendica\Module\DFRN;
use Friendica\BaseModule;
use Friendica\Core\System;
use Friendica\Model\User;
use Friendica\Module\Response;
use Friendica\Network\HTTPException;
use Friendica\Protocol\OStatus;
/**
@ -33,7 +35,19 @@ class Poll extends BaseModule
{
protected function rawContent(array $request = [])
{
$owner = User::getByNickname(
$this->parameters['nickname'] ?? '',
['nickname', 'blocked', 'account_expired', 'account_removed', 'hidewall']
);
if (!$owner || $owner['account_expired'] || $owner['account_removed']) {
throw new HTTPException\NotFoundException($this->t('User not found.'));
}
if ($owner['blocked'] || $owner['hidewall']) {
throw new HTTPException\UnauthorizedException($this->t('Access to this profile has been restricted.'));
}
$last_update = $request['last_update'] ?? '';
System::httpExit(OStatus::feed($this->parameters['nickname'], $last_update, 10) ?? '', Response::TYPE_ATOM);
System::httpExit(OStatus::feed($owner['nickname'], $last_update, 10) ?? '', Response::TYPE_ATOM);
}
}

View File

@ -23,9 +23,9 @@ namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Core\System;
use Friendica\DI;
use Friendica\Protocol\Feed as ProtocolFeed;
use Friendica\Model\User;
use Friendica\Network\HTTPException;
use Friendica\Protocol\Feed as ProtocolFeed;
/**
* Provides public Atom feeds
@ -37,23 +37,14 @@ use Friendica\Network\HTTPException;
* - /feed/[nickname]/replies => comments
* - /feed/[nickname]/activity => activity
*
* The nocache GET parameter is provided mainly for debug purposes, requires auth
*
* @author Hypolite Petovan <hypolite@mrpetovan.com>
*/
class Feed extends BaseModule
{
protected function rawContent(array $request = [])
{
$last_update = $this->getRequestValue($request, 'last_update', '');
$nocache = !empty($request['nocache']) && DI::userSession()->getLocalUserId();
$type = null;
// @TODO: Replace with parameter from router
if (DI::args()->getArgc() > 2) {
$type = DI::args()->getArgv()[2];
}
$nick = $this->parameters['nickname'] ?? '';
$type = $this->parameters['type'] ?? null;
switch ($type) {
case 'posts':
case 'comments':
@ -67,11 +58,19 @@ class Feed extends BaseModule
$type = 'posts';
}
$feed = ProtocolFeed::atom($this->parameters['nickname'], $last_update, 10, $type, $nocache, true);
if (empty($feed)) {
throw new HTTPException\NotFoundException(DI::l10n()->t('User not found.'));
$last_update = $this->getRequestValue($request, 'last_update', '');
$owner = User::getOwnerDataByNick($nick);
if (!$owner || $owner['account_expired'] || $owner['account_removed']) {
throw new HTTPException\NotFoundException($this->t('User not found.'));
}
if ($owner['blocked'] || $owner['hidewall']) {
throw new HTTPException\UnauthorizedException($this->t('Access to this profile has been restricted.'));
}
$feed = ProtocolFeed::atom($owner, $last_update, 10, $type);
System::httpExit($feed, Response::TYPE_ATOM);
}
}

View File

@ -196,7 +196,6 @@ class Display extends BaseModule
protected function getDisplayData(array $item, bool $update = false, int $updateUid = 0, bool $force = false): string
{
$isRemoteContact = false;
$itemUid = $this->session->getLocalUserId();
$parent = null;
@ -206,8 +205,7 @@ class Display extends BaseModule
if (!empty($parent)) {
$pageUid = $parent['uid'];
$isRemoteContact = $this->session->getRemoteContactID($pageUid);
if ($isRemoteContact) {
if ($this->session->getRemoteContactID($pageUid)) {
$itemUid = $parent['uid'];
}
} else {
@ -215,13 +213,11 @@ class Display extends BaseModule
}
if (!empty($pageUid) && ($pageUid != $this->session->getLocalUserId())) {
$page_user = User::getById($pageUid, ['hidewall']);
$page_user = User::getById($pageUid, ['nickname', 'hidewall']);
}
$is_owner = $this->session->getLocalUserId() && (in_array($pageUid, [$this->session->getLocalUserId(), 0]));
if (!empty($page_user['hidewall']) && !$is_owner && !$isRemoteContact) {
throw new HTTPException\ForbiddenException($this->t('Access to this profile has been restricted.'));
if (!empty($page_user['hidewall']) && !$this->session->isAuthenticated()) {
$this->baseUrl->redirect('profile/' . $page_user['nickname'] . '/restricted');
}
$sql_extra = Item::getPermissionsSQLByUserId($pageUid);
@ -275,6 +271,8 @@ class Display extends BaseModule
$output = '';
$is_owner = $this->session->getLocalUserId() && (in_array($pageUid, [$this->session->getLocalUserId(), 0]));
// We need the editor here to be able to reshare an item.
if ($is_owner && !$update) {
$output .= $this->conversation->statusEditor([], 0, true);

View File

@ -61,7 +61,7 @@ class Common extends BaseProfile
$a->redirect('profile/' . $nickname . '/contacts');
};
$o = self::getTabsHTML($a, 'contacts', false, $profile['nickname'], $profile['hide-friends']);
$o = self::getTabsHTML('contacts', false, $profile['nickname'], $profile['hide-friends']);
$tabs = self::getContactFilterTabs('profile/' . $nickname, 'common', $displayCommonTab);

View File

@ -57,7 +57,7 @@ class Contacts extends Module\BaseProfile
Nav::setSelected('home');
$o = self::getTabsHTML($a, 'contacts', $is_owner, $profile['nickname'], $profile['hide-friends']);
$o = self::getTabsHTML('contacts', $is_owner, $profile['nickname'], $profile['hide-friends']);
$tabs = self::getContactFilterTabs('profile/' . $nickname, $type, DI::userSession()->isAuthenticated() && $profile['uid'] != DI::userSession()->getLocalUserId());

View File

@ -44,7 +44,7 @@ class Media extends BaseProfile
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
$o = self::getTabsHTML($a, 'media', $is_owner, $profile['nickname'], $profile['hide-friends']);
$o = self::getTabsHTML('media', $is_owner, $profile['nickname'], $profile['hide-friends']);
$o .= Contact::getPostsFromUrl($profile['url'], false, 0, 0, true);

View File

@ -72,8 +72,8 @@ class Photos extends \Friendica\Module\BaseProfile
throw new HttpException\ForbiddenException($this->t('Public access denied.'));
}
$owner = User::getOwnerDataByNick($this->parameters['nickname']);
if (!isset($owner['account_removed']) || $owner['account_removed']) {
$owner = Profile::load($this->app, $this->parameters['nickname'] ?? '');
if (!$owner || $owner['account_removed'] || $owner['account_expired']) {
throw new HTTPException\NotFoundException($this->t('User not found.'));
}
@ -88,8 +88,8 @@ class Photos extends \Friendica\Module\BaseProfile
$remote_contact = $contact && !$contact['blocked'] && !$contact['pending'];
}
if ($owner['hidewall'] && !$is_owner && !$remote_contact) {
throw new HttpException\ForbiddenException($this->t('Access to this item is restricted.'));
if ($owner['hidewall'] && !$this->session->isAuthenticated()) {
$this->baseUrl->redirect('profile/' . $owner['nickname'] . '/restricted');
}
$this->session->set('photo_return', $this->args->getCommand());
@ -174,13 +174,11 @@ class Photos extends \Friendica\Module\BaseProfile
]);
}
$this->page['aside'] .= Widget\VCard::getHTML($owner);
if (!empty($photo_albums_widget)) {
$this->page['aside'] .= $photo_albums_widget;
}
$o = self::getTabsHTML($this->app, 'photos', $is_owner, $owner['nickname'], Profile::getByUID($owner['uid'])['hide-friends'] ?? false);
$o = self::getTabsHTML('photos', $is_owner, $owner['nickname'], Profile::getByUID($owner['uid'])['hide-friends'] ?? false);
$tpl = Renderer::getMarkupTemplate('photos_recent.tpl');
$o .= Renderer::replaceMacros($tpl, [

View File

@ -76,21 +76,19 @@ class Profile extends BaseProfile
{
$a = DI::app();
$profile = ProfileModel::load($a, $this->parameters['nickname']);
$profile = ProfileModel::load($a, $this->parameters['nickname'] ?? '');
if (!$profile) {
throw new HTTPException\NotFoundException(DI::l10n()->t('Profile not found.'));
}
$remote_contact_id = DI::userSession()->getRemoteContactID($profile['uid']);
if (DI::config()->get('system', 'block_public') && !DI::userSession()->getLocalUserId() && !$remote_contact_id) {
if (DI::config()->get('system', 'block_public') && !DI::userSession()->isAuthenticated()) {
return Login::form();
}
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact_id) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Access to this profile has been restricted.'));
if (!empty($profile['hidewall']) && !DI::userSession()->isAuthenticated()) {
$this->baseUrl->redirect('profile/' . $profile['nickname'] . '/restricted');
}
if (!empty($profile['page-flags']) && $profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
@ -102,12 +100,7 @@ class Profile extends BaseProfile
Nav::setSelected('home');
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
$o = self::getTabsHTML($a, 'profile', $is_owner, $profile['nickname'], $profile['hide-friends']);
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact_id) {
DI::sysmsg()->addNotice(DI::l10n()->t('Access to this profile has been restricted.'));
return '';
}
$o = self::getTabsHTML('profile', $is_owner, $profile['nickname'], $profile['hide-friends']);
$view_as_contacts = [];
$view_as_contact_id = 0;
@ -307,8 +300,8 @@ class Profile extends BaseProfile
}
// site block
$blocked = !DI::userSession()->getLocalUserId() && !$remote_contact_id && DI::config()->get('system', 'block_public');
$userblock = !DI::userSession()->getLocalUserId() && !$remote_contact_id && $profile['hidewall'];
$blocked = !DI::userSession()->isAuthenticated() && DI::config()->get('system', 'block_public');
$userblock = !DI::userSession()->isAuthenticated() && $profile['hidewall'];
if (!$blocked && !$userblock) {
$keywords = str_replace(['#', ',', ' ', ',,'], ['', ' ', ',', ','], $profile['pub_keywords'] ?? '');
if (strlen($keywords)) {

View File

@ -0,0 +1,63 @@
<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Module\Profile;
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Model\Profile;
use Friendica\Module\Response;
use Friendica\Network\HTTPException;
use Friendica\Util\Profiler;
use Psr\Log\LoggerInterface;
class Restricted extends BaseModule
{
/** @var App */
private $app;
public function __construct(App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
{
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->app = $app;
}
protected function content(array $request = []): string
{
$profile = Profile::load($this->app, $this->parameters['nickname'] ?? '', false);
if (!$profile) {
throw new HTTPException\NotFoundException($this->t('Profile not found.'));
}
if (empty($profile['hidewall'])) {
$this->baseUrl->redirect('profile/' . $profile['nickname']);
}
$tpl = Renderer::getMarkupTemplate('exception.tpl');
return Renderer::replaceMacros($tpl, [
'$title' => $this->t('Restricted profile'),
'$message' => $this->t('This profile has been restricted which prevents access to their public content from anonymous visitors.'),
]);
}
}

View File

@ -58,7 +58,7 @@ class Schedule extends BaseProfile
$a = DI::app();
$o = self::getTabsHTML($a, 'schedule', true, $a->getLoggedInUserNickname(), false);
$o = self::getTabsHTML('schedule', true, $a->getLoggedInUserNickname(), false);
$schedule = [];
$delayed = DBA::select('delayed-post', [], ['uid' => DI::userSession()->getLocalUserId()]);

View File

@ -105,12 +105,11 @@ class Status extends BaseProfile
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
$last_updated_key = "profile:" . $profile['uid'] . ":" . DI::userSession()->getLocalUserId() . ":" . $remote_contact;
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact) {
DI::sysmsg()->addNotice(DI::l10n()->t('Access to this profile has been restricted.'));
return '';
if (!empty($profile['hidewall']) && !DI::userSession()->isAuthenticated()) {
$this->baseUrl->redirect('profile/' . $profile['nickname'] . '/restricted');
}
$o .= self::getTabsHTML($a, 'status', $is_owner, $profile['nickname'], $profile['hide-friends']);
$o .= self::getTabsHTML('status', $is_owner, $profile['nickname'], $profile['hide-friends']);
$o .= Widget::commonFriendsVisitor($profile['uid'], $profile['nickname']);

View File

@ -586,7 +586,7 @@ class Account extends BaseSettings
'$profile_in_dir' => $profile_in_dir,
'$profile_in_net_dir' => ['profile_in_netdirectory', DI::l10n()->t('Allow your profile to be searchable globally?'), $profile['net-publish'], DI::l10n()->t("Activate this setting if you want others to easily find and follow you. Your profile will be searchable on remote systems. This setting also determines whether Friendica will inform search engines that your profile should be indexed or not.") . $net_pub_desc],
'$hide_friends' => ['hide-friends', DI::l10n()->t('Hide your contact/friend list from viewers of your profile?'), $profile['hide-friends'], DI::l10n()->t('A list of your contacts is displayed on your profile page. Activate this option to disable the display of your contact list.')],
'$hide_wall' => ['hidewall', DI::l10n()->t('Hide your profile details from anonymous viewers?'), $user['hidewall'], DI::l10n()->t('Anonymous visitors will only see your profile picture, your display name and the nickname you are using on your profile page. Your public posts and replies will still be accessible by other means.')],
'$hide_wall' => ['hidewall', $this->t('Hide your public content from anonymous viewers'), $user['hidewall'], $this->t('Anonymous visitors will only see your basic profile details. Your public posts and replies will still be freely accessible on the remote servers of your followers and through relays.')],
'$unlisted' => ['unlisted', DI::l10n()->t('Make public posts unlisted'), DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'system', 'unlisted'), DI::l10n()->t('Your public posts will not appear on the community pages or in search results, nor be sent to relay servers. However they can still appear on public feeds on remote servers.')],
'$accessiblephotos' => ['accessible-photos', DI::l10n()->t('Make all posted pictures accessible'), DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'system', 'accessible-photos'), DI::l10n()->t("This option makes every posted picture accessible via the direct link. This is a workaround for the problem that most other networks can't handle permissions on pictures. Non public pictures still won't be visible for the public on your photo albums though.")],
'$blockwall' => ['blockwall', DI::l10n()->t('Allow friends to post to your profile page?'), (intval($user['blockwall']) ? '0' : '1'), DI::l10n()->t('Your contacts may write posts on your profile wall. These posts will be distributed to your contacts')],

View File

@ -49,7 +49,7 @@ class Profile extends BaseModule
$is_owner = DI::userSession()->getLocalUserId() == $a->getProfileOwner();
$last_updated_key = "profile:" . $a->getProfileOwner() . ":" . DI::userSession()->getLocalUserId() . ":" . $remote_contact;
if (!$is_owner && !$remote_contact) {
if (!DI::userSession()->isAuthenticated()) {
$user = User::getById($a->getProfileOwner(), ['hidewall']);
if ($user['hidewall']) {
throw new ForbiddenException(DI::l10n()->t('Access to this profile has been restricted.'));

View File

@ -40,6 +40,7 @@ use Friendica\Model\Item;
use Friendica\Model\Post;
use Friendica\Model\Tag;
use Friendica\Model\User;
use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\ParseUrl;
@ -915,28 +916,23 @@ class Feed
* Updates the provided last_update parameter if the result comes from the
* cache or it is empty
*
* @param string $owner_nick Nickname of the feed owner
* @param array $owner owner-view record of the feed owner
* @param string $last_update Date of the last update
* @param integer $max_items Number of maximum items to fetch
* @param string $filter Feed items filter (activity, posts or comments)
* @param boolean $nocache Wether to bypass caching
*
* @return string Atom feed
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws HTTPException\InternalServerErrorException
* @throws \ImagickException
*/
public static function atom(string $owner_nick, string $last_update, int $max_items = 300, string $filter = 'activity', bool $nocache = false)
public static function atom(array $owner, string $last_update, int $max_items = 300, string $filter = 'activity', bool $nocache = false)
{
$stamp = microtime(true);
$owner = User::getOwnerDataByNick($owner_nick);
if (!$owner) {
return;
}
$cachekey = 'feed:feed:' . $owner['nickname'] . ':' . $filter . ':' . $last_update;
$cachekey = 'feed:feed:' . $owner_nick . ':' . $filter . ':' . $last_update;
// Display events in the users's timezone
// Display events in the user's timezone
if (strlen($owner['timezone'])) {
DI::app()->setTimeZone($owner['timezone']);
}

View File

@ -38,6 +38,7 @@ $profileRoutes = [
'/photos' => [Module\Profile\Photos::class, [R::GET ]],
'/profile' => [Module\Profile\Profile::class, [R::GET]],
'/remote_follow' => [Module\Profile\RemoteFollow::class, [R::GET, R::POST]],
'/restricted' => [Module\Profile\Restricted::class, [R::GET ]],
'/schedule' => [Module\Profile\Schedule::class, [R::GET, R::POST]],
'/status[/{category}[/{date1}[/{date2}]]]' => [Module\Profile\Status::class, [R::GET]],
'/unkmail' => [Module\Profile\UnkMail::class, [R::GET, R::POST]],
@ -416,13 +417,8 @@ return [
'/featured/{nickname}' => [Module\ActivityPub\Featured::class, [R::GET]],
'/feed' => [
'/{nickname}' => [Module\Feed::class, [R::GET]],
'/{nickname}/posts' => [Module\Feed::class, [R::GET]],
'/{nickname}/comments' => [Module\Feed::class, [R::GET]],
'/{nickname}/replies' => [Module\Feed::class, [R::GET]],
'/{nickname}/activity' => [Module\Feed::class, [R::GET]],
],
'/feed/{nickname}[/{type:posts|comments|replies|activity}]' => [Module\Feed::class, [R::GET]],
'/feedtest' => [Module\Debug\Feed::class, [R::GET]],
'/fetch' => [

File diff suppressed because it is too large Load Diff

View File

@ -53,8 +53,6 @@ function frio_init(App $a)
global $frio;
$frio = 'view/theme/frio';
// disable the events module link in the profile tab
$a->setThemeInfoValue('events_in_profile', false);
$a->setThemeInfoValue('videowidth', 622);
Renderer::setActiveTemplateEngine('smarty3');

View File

@ -42,8 +42,6 @@ use Friendica\Util\Strings;
function vier_init(App $a)
{
$a->setThemeInfoValue('events_in_profile', false);
Renderer::setActiveTemplateEngine('smarty3');
$args = DI::args();