groups and acls

10 years ago · 7e16f8cdae
--- a/include/group.php
+++ b/include/group.php
@ -2,7 +2,7 @@


 function group_add($uid,$name) {
 dbg(2);

 	$ret = false;
 	if(x($uid) && x($name)) {
 		$r = group_byname($uid,$name); // check for dups
@ -104,6 +104,21 @@ function group_add_member($uid,$name,$member) {
 	return $r;
 }

 function group_get_members($gid) {
 	$ret = array();
 	if(intval($gid)) {
 		$r = q("SELECT `group_member`.`contact-id`, `contact`.* FROM `group_member` 
 			LEFT JOIN `contact` ON `contact`.`id` = `group_member`.`contact-id` 
 			WHERE `gid` = %d AND `group_member`.`uid` = %d",
 			intval($gid),
 			intval($_SESSION['uid'])
 		);
 		if(count($r))
 			$ret = $r;
 	}
 	return $ret;
 }



 function group_side() {
--- a/mod/group.php
+++ b/mod/group.php
@ -4,6 +4,7 @@

 function group_init(&$a) {
 	require_once('include/group.php');
 	$a->page['aside'] .= group_side();

 }

@ -46,11 +47,33 @@ function group_content(&$a) {

 		));

 	}
 		
 dbg(2);
 	if(($a->argc == 2) && (intval($a->argv[1]))) {
 		require_once('view/acl_selectors.php');
 		$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
 			intval($a->argv[1]),
 			intval($_SESSION['uid'])
 		);
 		if(! count($r)) {
 			notice("Group not found." . EOL );
 			goaway($a->get_baseurl() . '/contacts');
 		}
 		$ret = group_get_members($r[0]['id']);
 		$preselected = array();
 		if(count($ret))	{
 			foreach($ret as $p)
 				$preselected[] = $p['id'];
 		}
 		$sel = contact_select('group_members_select','group_members_select',$preselected);
 	$o .= $sel;	
 	}





 	}
 		
 	return $o;

 }
--- a/mod/item.php
+++ b/mod/item.php
@ -1,5 +1,13 @@
 <?php

 function sanitise_intacl(&$item) {
 	$item = '<' . intval(notags(trim($item))) . '>';
 }


 function sanitise_acl(&$item) {
 	$item = '<' . notags(trim($item)) . '>';
 }

 function item_post(&$a) {

@ -16,8 +24,38 @@ function item_post(&$a) {
 		notice("Permission denied." . EOL) ;
 		return;
 	}
 	
 	$str_group_allow = '';
 	$group_allow = $_POST['group_allow'];
 	if(is_array($group_allow)) {
 		array_walk($group_allow,'sanitise_acl');
 		$str_group_allow = implode('',$group_allow);
 	}

 	$str_contact_allow = '';
 	$contact_allow = $_POST['contact_allow'];
 	if(is_array($contact_allow)) {
 		array_walk($contact_allow,'sanitise_intacl');
 		$str_contact_allow = implode('',$contact_allow);
 	}

 	$str_group_deny = '';
 	$group_deny = $_POST['group_deny'];
 	if(is_array($group_deny)) {
 		array_walk($group_deny,'sanitise_acl');
 		$str_group_deny = implode('',$group_deny);
 	}

 	$str_contact_deny = '';
 	$contact_deny = $_POST['contact_deny'];
 	if(is_array($contact_deny)) {
 		array_walk($contact_deny,'sanitise_intacl');
 		$str_contact_deny = implode('',$contact_deny);
 	}


 	$body = escape_tags(trim($_POST['body']));

 	if(! strlen($body)) {
 		notice("Empty post discarded." . EOL );
 		goaway($a->get_baseurl() . "/profile/$profile_uid");
@ -46,15 +84,21 @@ function item_post(&$a) {
 		} while($dups == true);


 		$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`created`,`edited`,`hash`,`body`)
 			VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s' )",
 		$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`created`,`edited`,`hash`,`body`,
 			`allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
 			VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
 			intval($profile_uid),
 			"jot",
 			intval($contact_id),
 			datetime_convert(),
 			datetime_convert(),
 			dbesc($hash),
 			dbesc(escape_tags(trim($_POST['body'])))
 			dbesc(escape_tags(trim($_POST['body']))),
 			dbesc($str_contact_allow),
 			dbesc($str_group_allow),
 			dbesc($str_contact_deny),
 			dbesc($str_group_deny)

 		);
 		$r = q("SELECT `id` FROM `item` WHERE `hash` = '%s' LIMIT 1",
 			dbesc($hash));
--- a/mod/profile.php
+++ b/mod/profile.php
@ -141,8 +141,9 @@ function profile_content(&$a) {

 		$o .= replace_macros($tpl,array(
 			'$baseurl' => $a->get_baseurl(),
 			'$visitor' => (($_SESSION['uid'] == $a->profile['profile_uid']) ? 'block' : 'none'),
 			'$lockstate' => 'unlock',
 			'$acl' => populate_acl(),
 			'$acl' => (($_SESSION['uid'] == $a->profile['profile_uid']) ? populate_acl() : ''),
 			'$profile_uid' => $a->profile['profile_uid']
 		));
 	}
@ -165,7 +166,6 @@ function profile_content(&$a) {
 		$sql_extra = ''; 

 	// authenticated visitor - here lie dragons

 	elseif(remote_user()) {
 		$gs = '<<>>'; // should be impossible to match
 		if(count($groups)) {
@ -178,8 +178,8 @@ function profile_content(&$a) {
 			AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
 			AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",

 			intval($visitor_id),
 			intval($visitor_id),
 			intval($_SESSION['visitor_id']),
 			intval($_SESSION['visitor_id']),
 			$gs,
 			$gs
 		);
--- a/view/acl_selectors.php
+++ b/view/acl_selectors.php
@ -7,16 +7,17 @@ function group_select($selname,$selclass,$preselected = false) {

 	$o .= "<select name=\"{$selname}[]\" class=\"$selclass\" multiple=\"multiple\" size=\"4\" />\r\n";

 	$r = q("SELECT * FROM `group` WHERE `uid` = %d",
 	$r = q("SELECT * FROM `group` WHERE `uid` = %d ORDER BY `name` ASC",
 		$_SESSION['uid']
 	);

 	if(count($r)) {
 		foreach($r as $rr) {
 			if((is_array($preselected)) && $in_array($rr['name'], $preselected))
 			if((is_array($preselected)) && in_array($rr['name'], $preselected))
 				$selected = " selected=\"selected\" ";
 			else
 				$selected = '';

 			$o .= "<option value=\"{$rr['name']}\" $selected >{$rr['name']}</option>\r\n";
 		}
 	
@ -35,17 +36,17 @@ function contact_select($selname,$selclass,$preselected = false) {

 	$o .= "<select name=\"{$selname}[]\" class=\"$selclass\" multiple=\"multiple\" size=\"4\" />\r\n";

 	$r = q("SELECT `name` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 ",
 	$r = q("SELECT `id`, `name` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 ORDER BY `name` ASC ",
 		$_SESSION['uid']
 	);

 	if(count($r)) {
 		foreach($r as $rr) {
 			if((is_array($preselected)) && $in_array($rr['name'], $preselected))
 			if((is_array($preselected)) && in_array($rr['id'], $preselected))
 				$selected = " selected=\"selected\" ";
 			else
 				$selected = '';
 			$o .= "<option value=\"{$rr['name']}\" $selected >{$rr['name']}</option>\r\n";
 			$o .= "<option value=\"{$rr['id']}\" $selected >{$rr['name']}</option>\r\n";
 		}
 	
 	}
--- a/view/jot.tpl
+++ b/view/jot.tpl
@ -12,7 +12,7 @@ What's on your mind?
 </div>
 <div id="profile-jot-submit-wrapper" >
 <input type="submit" id="profile-jot-submit" name="submit" value="Submit" />
 	<div id="profile-jot-perms" class="profile-jot-perms" ><img src="images/$lockstate_icon.gif" alt="Permission Settings" title="Permission Settings" onClick="openClose('profile-jot-acl-wrapper');" /></div>
 	<div id="profile-jot-perms" class="profile-jot-perms" style="display: $visitor;" ><img src="images/$lockstate_icon.gif" alt="Permission Settings" title="Permission Settings" onClick="openClose('profile-jot-acl-wrapper');" /></div>
 	<div id="profile-jot-perms-end"></div>
 	<div id="profile-jot-acl-wrapper" style="display: none;" >$acl</div>
 </div>
--- a/wip/todo
+++ b/wip/todo
@ -7,6 +7,8 @@ profile photo to self contact page? - resolve profile photo inconsistency
 	use photo hash to notify of changes?


 no ACL block for visitors wall-wall !!

 contact editor
 	block photo