Browse Source

Fix bug with ACL and contact network page

- Require user array parameter in ACL::getFullSelectorHTML
- Change all wrong uses where user array was replaced by default
permissions array
pull/5617/head
Hypolite Petovan 3 years ago
parent
commit
ea17370211
  1. 2
      mod/events.php
  2. 10
      mod/network.php
  3. 2
      mod/photos.php
  4. 23
      src/Core/ACL.php

2
mod/events.php

@ -483,7 +483,7 @@ function events_content(App $a) {
$perms = ACL::getDefaultUserPermissions($orig_event);
if ($mode === 'new' || $mode === 'copy') {
$acl = ($cid ? '' : ACL::getFullSelectorHTML(x($orig_event) ? $orig_event : $a->user));
$acl = ($cid ? '' : ACL::getFullSelectorHTML($a->user, false, $orig_event));
}
// If we copy an old event, we need to remove the ID and URI

10
mod/network.php

@ -496,6 +496,8 @@ function networkThreadedView(App $a, $update, $parent)
$gid = 0;
$default_permissions = [];
if ($a->argc > 1) {
for ($x = 1; $x < $a->argc; $x ++) {
if (is_a_date_arg($a->argv[$x])) {
@ -507,7 +509,7 @@ function networkThreadedView(App $a, $update, $parent)
}
} elseif (intval($a->argv[$x])) {
$gid = intval($a->argv[$x]);
$def_acl = ['allow_gid' => '<' . $gid . '>'];
$default_permissions = ['allow_gid' => '<' . $gid . '>'];
}
}
}
@ -522,7 +524,7 @@ function networkThreadedView(App $a, $update, $parent)
$nets = defaults($_GET, 'nets' , '');
if ($cid) {
$def_acl = ['allow_cid' => '<' . intval($cid) . '>'];
$default_permissions = ['allow_cid' => '<' . intval($cid) . '>'];
}
if ($nets) {
@ -533,7 +535,7 @@ function networkThreadedView(App $a, $update, $parent)
$str .= '<' . $rr['id'] . '>';
}
if (strlen($str)) {
$def_acl = ['allow_cid' => $str];
$default_permissions = ['allow_cid' => $str];
}
}
@ -576,7 +578,7 @@ function networkThreadedView(App $a, $update, $parent)
((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) ||
(strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))))) ? 'lock' : 'unlock'),
'default_perms' => ACL::getDefaultUserPermissions($a->user),
'acl' => ACL::getFullSelectorHTML((($gid || $cid || $nets) ? $def_acl : $a->user), true),
'acl' => ACL::getFullSelectorHTML($a->user, true, $default_permissions),
'bang' => (($gid || $cid || $nets) ? '!' : ''),
'visitor' => 'block',
'profile_uid' => local_user(),

2
mod/photos.php

@ -1408,7 +1408,7 @@ function photos_content(App $a)
$album_e = $ph[0]['album'];
$caption_e = $ph[0]['desc'];
$aclselect_e = ACL::getFullSelectorHTML($ph[0]);
$aclselect_e = ACL::getFullSelectorHTML($a->user, false, $ph[0]);
$edit = replace_macros($edit_tpl, [
'$id' => $ph[0]['id'],

23
src/Core/ACL.php

@ -251,19 +251,18 @@ class ACL extends BaseObject
/**
* Return the full jot ACL selector HTML
*
* @param array $user
* @param array $user User array
* @param array $default_permissions Static defaults permission array: ['allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '']
* @param bool $show_jotnets
* @return string
*/
public static function getFullSelectorHTML(array $user = null, $show_jotnets = false)
public static function getFullSelectorHTML(array $user, $show_jotnets = false, array $default_permissions = [])
{
if (empty($user['uid'])) {
return '';
// Defaults user permissions
if (empty($default_permissions)) {
$default_permissions = self::getDefaultUserPermissions($user);
}
$perms = self::getDefaultUserPermissions($user);
$jotnets = '';
if ($show_jotnets) {
$imap_disabled = !function_exists('imap_open') || Config::get('system', 'imap_disabled');
@ -279,7 +278,7 @@ class ACL extends BaseObject
}
}
if (empty($user['hidewall'])) {
if (empty($default_permissions['hidewall'])) {
if ($mail_enabled) {
$selected = $pubmail_enabled ? ' checked="checked"' : '';
$jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . ' value="1" /> ' . L10n::t("Post to Email") . '</div>';
@ -297,10 +296,10 @@ class ACL extends BaseObject
'$showall' => L10n::t('Visible to everybody'),
'$show' => L10n::t('show'),
'$hide' => L10n::t('don\'t show'),
'$allowcid' => json_encode($perms['allow_cid']),
'$allowgid' => json_encode($perms['allow_gid']),
'$denycid' => json_encode($perms['deny_cid']),
'$denygid' => json_encode($perms['deny_gid']),
'$allowcid' => json_encode($default_permissions['allow_cid']),
'$allowgid' => json_encode($default_permissions['allow_gid']),
'$denycid' => json_encode($default_permissions['deny_cid']),
'$denygid' => json_encode($default_permissions['deny_gid']),
'$networks' => $show_jotnets,
'$emailcc' => L10n::t('CC: email addresses'),
'$emtitle' => L10n::t('Example: bob@example.com, mary@example.com'),

Loading…
Cancel
Save