tobias/friendica
1
0
Fork 0
Code Pull requests Activity

Tighten profile restriction feature

Browse source 
- Prevent feed access to restricted profiles
- Rework display of restricted profiles with a redirect to the profile/restricted route
- Normalize permission checking with IHandleUserSession->isAuthenticated
- Remove unusable "nocache" parameter in feed module because session isn't initialized
- Reword setting name and description
This commit is contained in:
Hypolite Petovan 2022-11-30 13:50:52 -05:00
commit b83526ad0b
16 changed files with 135 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

5
mod/photos.php
View file

@ -865,9 +865,8 @@ function photos_content(App $a)
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
}
if ($user['hidewall'] && (DI::userSession()->getLocalUserId() != $owner_uid) && !$remote_contact) {
DI::sysmsg()->addNotice(DI::l10n()->t('Access to this item is restricted.'));
return;
if ($user['hidewall'] && !DI::userSession()->isAuthenticated()) {
DI::baseUrl()->redirect('profile/' . $user['nickname'] . '/restricted');
}
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);