diff --git a/include/conversation.php b/include/conversation.php index 6adc00d0c..cfe500b87 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -711,13 +711,28 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o * * @param mixed $thread_items Database statement with thread posts * @param boolean $pinned Is the item pinned? + * @param integer $causer Contact ID of the resharer * * @return array items with parents and comments */ -function conversation_fetch_comments($thread_items, $pinned) { +function conversation_fetch_comments($thread_items, $pinned, $causer) { $comments = []; while ($row = Item::fetch($thread_items)) { + if (!empty($causer)) { + if (($row['gravity'] == GRAVITY_PARENT)) { + $row['post-type'] = Item::PT_ANNOUNCEMENT; + $row['causer-id'] = $causer; + $contact = Contact::getById($causer, ['url', 'name', 'thumb']); + $row['causer-link'] = $contact['url']; + $row['causer-avatar'] = $contact['thumb']; + $row['causer-name'] = $contact['name']; + } elseif (($row['gravity'] == GRAVITY_ACTIVITY) && ($row['verb'] == Activity::ANNOUNCE) && + ($row['author-id'] == $causer)) { + continue; + } + } + $name = $row['causer-contact-type'] == Contact::TYPE_RELAY ? $row['causer-link'] : $row['causer-name']; switch ($row['post-type']) { @@ -810,9 +825,16 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid) $items = []; foreach ($parents AS $parent) { - $condition = ["`item`.`parent-uri` = ? AND `item`.`uid` IN (0, ?) AND (`vid` != ? OR `vid` IS NULL)", - $parent['uri'], $uid, Verb::getID(Activity::FOLLOW)]; - $items = conversation_fetch_items($parent, $items, $condition, $block_authors, $params); + if (!empty($parent['thr-parent-id']) && !empty($parent['gravity']) && ($parent['gravity'] == GRAVITY_ACTIVITY)) { + $condition = ["`item`.`parent-uri-id` = ? AND `item`.`uid` IN (0, ?) AND (`vid` != ? OR `vid` IS NULL)", + $parent['thr-parent-id'], $uid, Verb::getID(Activity::FOLLOW)]; + $causer = $parent['author-id'] ?? 0; + } else { + $condition = ["`item`.`parent-uri` = ? AND `item`.`uid` IN (0, ?) AND (`vid` != ? OR `vid` IS NULL)", + $parent['uri'], $uid, Verb::getID(Activity::FOLLOW)]; + $causer = 0; + } + $items = conversation_fetch_items($parent, $items, $condition, $block_authors, $params, $causer); } foreach ($items as $index => $item) { @@ -829,21 +851,22 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid) /** * Fetch conversation items * - * @param array $parent - * @param array $items - * @param array $condition - * @param boolean $block_authors - * @param array $params + * @param array $parent Parent Item array + * @param array $items Item array + * @param array $condition SQL condition + * @param boolean $block_authors Don't show posts from contacts that are hidden (used on the community page) + * @param array $params SQL parameters + * @param integer $causer Contact ID of the resharer * @return array */ -function conversation_fetch_items(array $parent, array $items, array $condition, bool $block_authors, array $params) { +function conversation_fetch_items(array $parent, array $items, array $condition, bool $block_authors, array $params, int $causer) { if ($block_authors) { $condition[0] .= " AND NOT `author`.`hidden`"; } $thread_items = Item::selectForUser(local_user(), array_merge(Item::DISPLAY_FIELDLIST, ['contact-uid', 'gravity', 'post-type']), $condition, $params); - $comments = conversation_fetch_comments($thread_items, $parent['pinned'] ?? false); + $comments = conversation_fetch_comments($thread_items, $parent['pinned'] ?? false, $causer); if (count($comments) != 0) { $items = array_merge($items, $comments); diff --git a/src/Core/Session.php b/src/Core/Session.php index b15b53c4e..c4fbb3f8c 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -74,11 +74,19 @@ class Session { $session = DI::session(); - if (empty($session->get('remote')[$uid])) { - return 0; + if (!empty($session->get('remote')[$uid])) { + $remote = $session->get('remote')[$uid]; + } else { + $remote = 0; } - return $session->get('remote')[$uid]; + $local_user = !empty($session->get('authenticated')) ? $session->get('uid') : 0; + + if (empty($remote) && ($local_user != $uid) && !empty($my_address = $session->get('my_address'))) { + $remote = Contact::getIdForURL($my_address, $uid, false); + } + + return $remote; } /** diff --git a/src/Model/Item.php b/src/Model/Item.php index 3b1a58cc8..088f783d6 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -3400,6 +3400,37 @@ class Item } } + /** + * Fetch the SQL condition for the given user id + * + * @param integer $owner_id User ID for which the permissions should be fetched + * @return array condition + */ + public static function getPermissionsConditionArrayByUserId(int $owner_id) + { + $local_user = local_user(); + $remote_user = Session::getRemoteContactID($owner_id); + + // default permissions - anonymous user + $condition = ["`private` != ?", self::PRIVATE]; + + if ($local_user && ($local_user == $owner_id)) { + // Profile owner - everything is visible + $condition = []; + } elseif ($remote_user) { + // Authenticated visitor - fetch the matching permissionsets + $set = PermissionSet::get($owner_id, $remote_user); + if (!empty($set)) { + $condition = ["(`private` != ? OR (`private` = ? AND `wall` + AND `psid` IN (" . implode(', ', array_fill(0, count($set), '?')) . ")))", + Item::PRIVATE, Item::PRIVATE]; + $condition = array_merge($condition, $set); + } + } + + return $condition; + } + public static function getPermissionsSQLByUserId($owner_id) { $local_user = local_user(); diff --git a/src/Module/Profile/Status.php b/src/Module/Profile/Status.php index ccb1d9eef..65f3a5cd7 100644 --- a/src/Module/Profile/Status.php +++ b/src/Module/Profile/Status.php @@ -25,6 +25,7 @@ use Friendica\Content\Nav; use Friendica\Content\Pager; use Friendica\Content\Widget; use Friendica\Core\ACL; +use Friendica\Core\Protocol; use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\DI; @@ -32,9 +33,11 @@ use Friendica\Model\Item; use Friendica\Model\Post\Category; use Friendica\Model\Profile as ProfileModel; use Friendica\Model\User; +use Friendica\Model\Verb; use Friendica\Module\BaseProfile; use Friendica\Module\Security\Login; use Friendica\Network\HTTPException; +use Friendica\Protocol\Activity; use Friendica\Util\DateTimeFormat; use Friendica\Security\Security; use Friendica\Util\Strings; @@ -139,37 +142,32 @@ class Status extends BaseProfile } // Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups - $sql_extra = Item::getPermissionsSQLByUserId($a->profile['uid']); - $sql_extra2 = ''; + $condition = Item::getPermissionsConditionArrayByUserId($a->profile['uid']); $last_updated_array = Session::get('last_updated', []); - $sql_post_table = ""; - if (!empty($category)) { - $sql_post_table = sprintf("INNER JOIN (SELECT `uri-id` FROM `category-view` WHERE `name` = '%s' AND `type` = %d AND `uid` = %d ORDER BY `uri-id` DESC) AS `category` ON `item`.`uri-id` = `category`.`uri-id` ", - DBA::escape(Strings::protectSprintf($category)), intval(Category::CATEGORY), intval($a->profile['uid'])); + $condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `category-view` WHERE `name` = ? AND `type` = ? AND `uid` = ?)", + $category, Category::CATEGORY, $a->profile['uid']]); } if (!empty($hashtags)) { - $sql_post_table .= sprintf("INNER JOIN (SELECT `uri-id` FROM `tag-search-view` WHERE `name` = '%s' AND `uid` = %d ORDER BY `uri-id` DESC) AS `tag-search` ON `item`.`uri-id` = `tag-search`.`uri-id` ", - DBA::escape(Strings::protectSprintf($hashtags)), intval($a->profile['uid'])); + $condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `tag-search-view` WHERE `name` = ? AND `uid` = ?)", + $hashtags, $a->profile['uid']]); } if (!empty($datequery)) { - $sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`received` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get())))); + $condition = DBA::mergeConditions($condition, ["`received` <= ?", DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get())]); } if (!empty($datequery2)) { - $sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`received` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get())))); + $condition = DBA::mergeConditions($condition, ["`received` >= ?", DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get())]); } // Does the profile page belong to a forum? // If not then we can improve the performance with an additional condition - $condition = ['uid' => $a->profile['uid'], 'page-flags' => [User::PAGE_FLAGS_COMMUNITY, User::PAGE_FLAGS_PRVGROUP]]; - if (!DBA::exists('user', $condition)) { - $sql_extra3 = sprintf(" AND `thread`.`contact-id` = %d ", intval(intval($a->profile['id']))); - } else { - $sql_extra3 = ""; + $condition2 = ['uid' => $a->profile['uid'], 'page-flags' => [User::PAGE_FLAGS_COMMUNITY, User::PAGE_FLAGS_PRVGROUP]]; + if (!DBA::exists('user', $condition2)) { + $condition = DBA::mergeConditions($condition, ['contact-id' => $a->profile['id']]); } if (DI::mode()->isMobile()) { @@ -180,31 +178,22 @@ class Status extends BaseProfile DI::config()->get('system', 'itemspage_network')); } + $condition = DBA::mergeConditions($condition, ["((`gravity` = ? AND `wall`) OR + (`gravity` = ? AND `vid` = ? AND `origin` AND `thr-parent-id` IN + (SELECT `uri-id` FROM `item` AS `i` + WHERE `gravity` = ? AND `network` IN (?, ?, ?, ?) AND `uid` IN (?, ?) + AND `i`.`uri-id` = `item`.`thr-parent-id`)))", + GRAVITY_PARENT, GRAVITY_ACTIVITY, Verb::getID(Activity::ANNOUNCE), GRAVITY_PARENT, + Protocol::DFRN, Protocol::ACTIVITYPUB, Protocol::DIASPORA, Protocol::OSTATUS, + 0, $a->profile['uid']]); + + $condition = DBA::mergeConditions($condition, ['uid' => $a->profile['uid'], 'network' => Protocol::FEDERATED, + 'visible' => true, 'deleted' => false, 'moderated' => false]); + $pager = new Pager(DI::l10n(), $args->getQueryString(), $itemspage_network); + $params = ['limit' => [$pager->getStart(), $pager->getItemsPerPage()], 'order' => ['received' => true]]; - $pager_sql = sprintf(" LIMIT %d, %d ", $pager->getStart(), $pager->getItemsPerPage()); - - $items_stmt = DBA::p( - "SELECT `item`.`uri` - FROM `thread` - STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid` - $sql_post_table - STRAIGHT_JOIN `contact` - ON `contact`.`id` = `thread`.`contact-id` - AND NOT `contact`.`blocked` - AND NOT `contact`.`pending` - WHERE `thread`.`uid` = ? - AND `thread`.`visible` - AND NOT `thread`.`deleted` - AND NOT `thread`.`moderated` - AND `thread`.`wall` - $sql_extra3 - $sql_extra - $sql_extra2 - ORDER BY `thread`.`received` DESC - $pager_sql", - $a->profile['uid'] - ); + $items_stmt = DBA::select('item', ['uri', 'thr-parent-id', 'gravity', 'author-id'], $condition, $params); // Set a time stamp for this page. We will make use of it when we // search for new items (update routine) @@ -227,8 +216,9 @@ class Status extends BaseProfile if ($pager->getStart() == 0 && !empty($a->profile['uid'])) { $condition = ['private' => [Item::PUBLIC, Item::UNLISTED]]; - if (remote_user()) { - $permissionSets = DI::permissionSet()->selectByContactId(remote_user(), $a->profile['uid']); + $remote_user = Session::getRemoteContactID($a->profile['uid']); + if (!empty($remote_user)) { + $permissionSets = DI::permissionSet()->selectByContactId($remote_user, $a->profile['uid']); if (!empty($permissionSets)) { $condition = ['psid' => array_merge($permissionSets->column('id'), [DI::permissionSet()->getIdFromACL($a->profile['uid'], '', '', '', '')])];