mod/acl.php

   1 <?php
   2
   3 /* ACL selector json backend */
   4
   5 use Friendica\App;
   6 use Friendica\Content\Widget;
   7 use Friendica\Core\ACL;
   8 use Friendica\Core\Hook;
   9 use Friendica\Core\Logger;
  10 use Friendica\Core\Protocol;
  11 use Friendica\Database\DBA;
  12 use Friendica\Model\Contact;
  13 use Friendica\Model\Item;
  14 use Friendica\Util\Proxy as ProxyUtils;
  15 use Friendica\Util\Strings;
  16
  17 function acl_content(App $a)
  18 {
  19         if (!local_user()) {
  20                 return '';
  21         }
  22
  23         $start   = defaults($_REQUEST, 'start'       , 0);
  24         $count   = defaults($_REQUEST, 'count'       , 100);
  25         $search  = defaults($_REQUEST, 'search'      , '');
  26         $type    = defaults($_REQUEST, 'type'        , '');
  27         $conv_id = defaults($_REQUEST, 'conversation', null);
  28
  29         // For use with jquery.textcomplete for private mail completion
  30         if (!empty($_REQUEST['query'])) {
  31                 if (!$type) {
  32                         $type = 'm';
  33                 }
  34                 $search = $_REQUEST['query'];
  35         }
  36
  37         Logger::info('ACL {action} - {subaction}', ['module' => 'acl', 'action' => 'content', 'subaction' => 'search', 'search' => $search, 'type' => $type, 'conversation' => $conv_id]);
  38
  39         if ($search != '') {
  40                 $sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'";
  41                 $sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')";
  42         } else {
  43                 /// @TODO Avoid these needless else blocks by putting variable-initialization atop of if()
  44                 $sql_extra = $sql_extra2 = '';
  45         }
  46
  47         // count groups and contacts
  48         $group_count = 0;
  49         if ($type == '' || $type == 'g') {
  50                 $r = q("SELECT COUNT(*) AS g FROM `group` WHERE NOT `deleted` AND `uid` = %d $sql_extra",
  51                         intval(local_user())
  52                 );
  53                 $group_count = (int) $r[0]['g'];
  54         }
  55
  56         $sql_extra2 .= ' ' . Widget::unavailableNetworks();
  57
  58         $contact_count = 0;
  59         if ($type == '' || $type == 'c') {
  60                 // autocomplete for editor mentions
  61                 $r = q("SELECT COUNT(*) AS c FROM `contact`
  62                                 WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
  63                                 AND NOT `blocked` AND NOT `pending` AND NOT `archive`
  64                                 AND `success_update` >= `failure_update`
  65                                 AND `notify` != '' $sql_extra2",
  66                         intval(local_user())
  67                 );
  68                 $contact_count = (int) $r[0]['c'];
  69         } elseif ($type == 'f') {
  70                 // autocomplete for editor mentions of forums
  71                 $r = q("SELECT COUNT(*) AS c FROM `contact`
  72                                 WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
  73                                 AND NOT `blocked` AND NOT `pending` AND NOT `archive`
  74                                 AND (`forum` OR `prv`)
  75                                 AND `success_update` >= `failure_update`
  76                                 AND `notify` != '' $sql_extra2",
  77                         intval(local_user())
  78                 );
  79                 $contact_count = (int) $r[0]['c'];
  80         } elseif ($type == 'm') {
  81                 // autocomplete for Private Messages
  82                 $r = q("SELECT COUNT(*) AS c FROM `contact`
  83                                 WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
  84                                 AND NOT `blocked` AND NOT `pending` AND NOT `archive`
  85                                 AND `success_update` >= `failure_update`
  86                                 AND `network` IN ('%s', '%s', '%s') $sql_extra2",
  87                         intval(local_user()),
  88                         DBA::escape(Protocol::ACTIVITYPUB),
  89                         DBA::escape(Protocol::DFRN),
  90                         DBA::escape(Protocol::DIASPORA)
  91                 );
  92                 $contact_count = (int) $r[0]['c'];
  93         } elseif ($type == 'a') {
  94                 // autocomplete for Contacts
  95                 $r = q("SELECT COUNT(*) AS c FROM `contact`
  96                                 WHERE `uid` = %d AND NOT `self`
  97                                 AND NOT `pending` AND NOT `deleted` $sql_extra2",
  98                         intval(local_user())
  99                 );
 100                 $contact_count = (int) $r[0]['c'];
 101         }
 102
 103         $tot = $group_count + $contact_count;
 104
 105         $groups = [];
 106         $contacts = [];
 107
 108         if ($type == '' || $type == 'g') {
 109                 /// @todo We should cache this query.
 110                 // This can be done when we can delete cache entries via wildcard
 111                 $r = q("SELECT `group`.`id`, `group`.`name`, GROUP_CONCAT(DISTINCT `group_member`.`contact-id` SEPARATOR ',') AS uids
 112                                 FROM `group`
 113                                 INNER JOIN `group_member` ON `group_member`.`gid`=`group`.`id`
 114                                 WHERE NOT `group`.`deleted` AND `group`.`uid` = %d
 115                                         $sql_extra
 116                                 GROUP BY `group`.`name`, `group`.`id`
 117                                 ORDER BY `group`.`name`
 118                                 LIMIT %d,%d",
 119                         intval(local_user()),
 120                         intval($start),
 121                         intval($count)
 122                 );
 123
 124                 foreach ($r as $g) {
 125                         $groups[] = [
 126                                 'type'  => 'g',
 127                                 'photo' => 'images/twopeople.png',
 128                                 'name'  => htmlspecialchars($g['name']),
 129                                 'id'    => intval($g['id']),
 130                                 'uids'  => array_map('intval', explode(',', $g['uids'])),
 131                                 'link'  => '',
 132                                 'forum' => '0'
 133                         ];
 134                 }
 135                 if ((count($groups) > 0) && ($search == '')) {
 136                         $groups[] = ['separator' => true];
 137                 }
 138         }
 139
 140         $r = [];
 141         if ($type == '') {
 142                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv`, (`prv` OR `forum`) AS `frm` FROM `contact`
 143                                 WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
 144                                 AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s', '%s'))
 145                                 $sql_extra2
 146                                 ORDER BY `name` ASC ",
 147                         intval(local_user()),
 148                         DBA::escape(Protocol::OSTATUS),
 149                         DBA::escape(Protocol::STATUSNET)
 150                 );
 151         } elseif ($type == 'c') {
 152                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
 153                                 WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
 154                                 AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s'))
 155                                 $sql_extra2
 156                                 ORDER BY `name` ASC ",
 157                         intval(local_user()),
 158                         DBA::escape(Protocol::STATUSNET)
 159                 );
 160         } elseif ($type == 'f') {
 161                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
 162                                 WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
 163                                 AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s'))
 164                                 AND (`forum` OR `prv`)
 165                                 $sql_extra2
 166                                 ORDER BY `name` ASC ",
 167                         intval(local_user()),
 168                         DBA::escape(Protocol::STATUSNET)
 169                 );
 170         } elseif ($type == 'm') {
 171                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact`
 172                                 WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive`
 173                                 AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s')
 174                                 $sql_extra2
 175                                 ORDER BY `name` ASC ",
 176                         intval(local_user()),
 177                         DBA::escape(Protocol::ACTIVITYPUB),
 178                         DBA::escape(Protocol::DFRN),
 179                         DBA::escape(Protocol::DIASPORA)
 180                 );
 181         } elseif ($type == 'a') {
 182                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
 183                                 WHERE `uid` = %d AND NOT `deleted` AND NOT `pending` AND `success_update` >= `failure_update`
 184                                 $sql_extra2
 185                                 ORDER BY `name` ASC ",
 186                         intval(local_user())
 187                 );
 188         } elseif ($type == 'x') {
 189                 // autocomplete for global contact search (e.g. navbar search)
 190                 $search = Strings::escapeTags(trim($_REQUEST['search']));
 191                 $mode = $_REQUEST['smode'];
 192
 193                 $r = ACL::contactAutocomplete($search, $mode);
 194
 195                 $contacts = [];
 196                 foreach ($r as $g) {
 197                         $contacts[] = [
 198                                 'photo'   => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO),
 199                                 'name'    => htmlspecialchars($g['name']),
 200                                 'nick'    => defaults($g, 'addr', $g['url']),
 201                                 'network' => $g['network'],
 202                                 'link'    => $g['url'],
 203                                 'forum'   => !empty($g['community']) ? 1 : 0,
 204                         ];
 205                 }
 206                 $o = [
 207                         'start' => $start,
 208                         'count' => $count,
 209                         'items' => $contacts,
 210                 ];
 211                 echo json_encode($o);
 212                 exit;
 213         }
 214
 215         if (DBA::isResult($r)) {
 216                 $forums = [];
 217                 foreach ($r as $g) {
 218                         $entry = [
 219                                 'type'    => 'c',
 220                                 'photo'   => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO),
 221                                 'name'    => htmlspecialchars($g['name']),
 222                                 'id'      => intval($g['id']),
 223                                 'network' => $g['network'],
 224                                 'link'    => $g['url'],
 225                                 'nick'    => htmlentities(defaults($g, 'attag', $g['nick'])),
 226                                 'addr'    => htmlentities(defaults($g, 'addr', $g['url'])),
 227                                 'forum'   => !empty($g['forum']) || !empty($g['prv']) ? 1 : 0,
 228                         ];
 229                         if ($entry['forum']) {
 230                                 $forums[] = $entry;
 231                         } else {
 232                                 $contacts[] = $entry;
 233                         }
 234                 }
 235                 if (count($forums) > 0) {
 236                         if ($search == '') {
 237                                 $forums[] = ['separator' => true];
 238                         }
 239                         $contacts = array_merge($forums, $contacts);
 240                 }
 241         }
 242
 243         $items = array_merge($groups, $contacts);
 244
 245         if ($conv_id) {
 246                 // In multi threaded posts the conv_id is not the parent of the whole thread
 247                 $parent_item = Item::selectFirst(['parent'], ['id' => $conv_id]);
 248                 if (DBA::isResult($parent_item)) {
 249                         $conv_id = $parent_item['parent'];
 250                 }
 251
 252                 /*
 253                  * if $conv_id is set, get unknown contacts in thread
 254                  * but first get known contacts url to filter them out
 255                  */
 256                 $known_contacts = array_map(function ($i) {
 257                         return $i['link'];
 258                 }, $contacts);
 259
 260                 $unknown_contacts = [];
 261
 262                 $condition = ["`parent` = ?", $conv_id];
 263                 $params = ['order' => ['author-name' => true]];
 264                 $authors = Item::selectForUser(local_user(), ['author-link'], $condition, $params);
 265                 $item_authors = [];
 266                 while ($author = Item::fetch($authors)) {
 267                         $item_authors[$author['author-link']] = $author['author-link'];
 268                 }
 269                 DBA::close($authors);
 270
 271                 foreach ($item_authors as $author) {
 272                         if (in_array($author, $known_contacts)) {
 273                                 continue;
 274                         }
 275
 276                         $contact = Contact::getDetailsByURL($author);
 277
 278                         if (count($contact) > 0) {
 279                                 $unknown_contacts[] = [
 280                                         'type'    => 'c',
 281                                         'photo'   => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO),
 282                                         'name'    => htmlspecialchars($contact['name']),
 283                                         'id'      => intval($contact['cid']),
 284                                         'network' => $contact['network'],
 285                                         'link'    => $contact['url'],
 286                                         'nick'    => htmlentities(defaults($contact, 'nick', $contact['addr'])),
 287                                         'addr'    => htmlentities(defaults($contact, 'addr', $contact['url'])),
 288                                         'forum'   => $contact['forum']
 289                                 ];
 290                         }
 291                 }
 292
 293                 $items = array_merge($items, $unknown_contacts);
 294                 $tot += count($unknown_contacts);
 295         }
 296
 297         $results = [
 298                 'tot'      => $tot,
 299                 'start'    => $start,
 300                 'count'    => $count,
 301                 'groups'   => $groups,
 302                 'contacts' => $contacts,
 303                 'items'    => $items,
 304                 'type'     => $type,
 305                 'search'   => $search,
 306         ];
 307
 308         Hook::callAll('acl_lookup_end', $results);
 309
 310         $o = [
 311                 'tot'   => $results['tot'],
 312                 'start' => $results['start'],
 313                 'count' => $results['count'],
 314                 'items' => $results['items'],
 315         ];
 316
 317         echo json_encode($o);
 318         exit;
 319 }