4 * @file src/Core/Acl.php
7 namespace Friendica\Core;
9 use Friendica\App\Page;
10 use Friendica\BaseObject;
11 use Friendica\Database\DBA;
12 use Friendica\Model\Contact;
13 use Friendica\Model\Group;
16 * Handle ACL management and display
18 * @author Hypolite Petovan <hypolite@mrpetovan.com>
20 class ACL extends BaseObject
23 * Returns a select input tag with all the contact of the local user
25 * @param string $selname Name attribute of the select input tag
26 * @param string $selclass Class attribute of the select input tag
27 * @param array $options Available options:
28 * - size: length of the select box
29 * - mutual_friends: Only used for the hook
30 * - single: Only used for the hook
31 * - exclude: Only used for the hook
32 * @param array $preselected Contact ID that should be already selected
36 public static function getSuggestContactSelectHTML($selname, $selclass, array $options = [], array $preselected = [])
42 $size = ($options['size'] ?? 0) ?: 4;
43 $mutual = !empty($options['mutual_friends']);
44 $single = !empty($options['single']) && empty($options['multiple']);
45 $exclude = $options['exclude'] ?? false;
47 switch (($options['networks'] ?? '') ?: Protocol::PHANTOM) {
49 $networks = [Protocol::DFRN];
53 $networks = [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::MAIL, Protocol::DIASPORA];
57 if (!empty($a->user['prvnets'])) {
58 $networks = [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::MAIL, Protocol::DIASPORA];
60 $networks = [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::MAIL, Protocol::DIASPORA, Protocol::OSTATUS];
64 default: /// @TODO Maybe log this call?
68 $x = ['options' => $options, 'size' => $size, 'single' => $single, 'mutual' => $mutual, 'exclude' => $exclude, 'networks' => $networks];
70 Hook::callAll('contact_select_options', $x);
76 if (!empty($x['mutual'])) {
77 $sql_extra .= sprintf(" AND `rel` = %d ", intval(Contact::FRIEND));
80 if (!empty($x['exclude'])) {
81 $sql_extra .= sprintf(" AND `id` != %d ", intval($x['exclude']));
84 if (!empty($x['networks'])) {
85 /// @TODO rewrite to foreach()
86 array_walk($x['networks'], function (&$value) {
87 $value = "'" . DBA::escape($value) . "'";
89 $str_nets = implode(',', $x['networks']);
90 $sql_extra .= " AND `network` IN ( $str_nets ) ";
93 $tabindex = (!empty($options['tabindex']) ? 'tabindex="' . $options["tabindex"] . '"' : '');
95 if (!empty($x['single'])) {
96 $o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"" . $x['size'] . "\" $tabindex >\r\n";
98 $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"" . $x['size'] . "$\" $tabindex >\r\n";
101 $stmt = DBA::p("SELECT `id`, `name`, `url`, `network` FROM `contact`
102 WHERE `uid` = ? AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND NOT `deleted` AND `notify` != ''
104 ORDER BY `name` ASC ", intval(local_user())
107 $contacts = DBA::toArray($stmt);
109 $arr = ['contact' => $contacts, 'entry' => $o];
111 // e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'
112 Hook::callAll($a->module . '_pre_' . $selname, $arr);
114 if (DBA::isResult($contacts)) {
115 foreach ($contacts as $contact) {
116 if (in_array($contact['id'], $preselected)) {
117 $selected = ' selected="selected" ';
122 $trimmed = mb_substr($contact['name'], 0, 20);
124 $o .= "<option value=\"{$contact['id']}\" $selected title=\"{$contact['name']}|{$contact['url']}\" >$trimmed</option>\r\n";
128 $o .= '</select>' . PHP_EOL;
130 Hook::callAll($a->module . '_post_' . $selname, $o);
136 * Returns a select input tag with all the contact of the local user
138 * @param string $selname Name attribute of the select input tag
139 * @param string $selclass Class attribute of the select input tag
140 * @param array $preselected Contact IDs that should be already selected
141 * @param int $size Length of the select box
142 * @param int $tabindex Select input tag tabindex attribute
146 public static function getMessageContactSelectHTML($selname, $selclass, array $preselected = [], $size = 4, $tabindex = null)
152 // When used for private messages, we limit correspondence to mutual DFRN/Friendica friends and the selector
153 // to one recipient. By default our selector allows multiple selects amongst all contacts.
154 $sql_extra = sprintf(" AND `rel` = %d ", intval(Contact::FRIEND));
155 $sql_extra .= sprintf(" AND `network` IN ('%s' , '%s') ", Protocol::DFRN, Protocol::DIASPORA);
157 $tabindex_attr = !empty($tabindex) ? ' tabindex="' . intval($tabindex) . '"' : '';
159 $hidepreselected = '';
161 $sql_extra .= " AND `id` IN (" . implode(",", $preselected) . ")";
162 $hidepreselected = ' style="display: none;"';
165 $o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"$size\"$tabindex_attr$hidepreselected>\r\n";
167 $stmt = DBA::p("SELECT `id`, `name`, `url`, `network` FROM `contact`
168 WHERE `uid` = ? AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND NOT `deleted` AND `notify` != ''
170 ORDER BY `name` ASC ", intval(local_user())
173 $contacts = DBA::toArray($stmt);
175 $arr = ['contact' => $contacts, 'entry' => $o];
177 // e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'
178 Hook::callAll($a->module . '_pre_' . $selname, $arr);
182 if (DBA::isResult($contacts)) {
183 foreach ($contacts as $contact) {
184 if (in_array($contact['id'], $preselected)) {
185 $selected = ' selected="selected"';
190 $trimmed = Protocol::formatMention($contact['url'], $contact['name']);
192 $receiverlist[] = $trimmed;
194 $o .= "<option value=\"{$contact['id']}\"$selected title=\"{$contact['name']}|{$contact['url']}\" >$trimmed</option>\r\n";
198 $o .= '</select>' . PHP_EOL;
201 $o .= implode(', ', $receiverlist);
204 Hook::callAll($a->module . '_post_' . $selname, $o);
209 private static function fixACL(&$item)
211 $item = intval(str_replace(['<', '>'], ['', ''], $item));
215 * Return the default permission of the provided user array
218 * @return array Hash of contact id lists
221 public static function getDefaultUserPermissions(array $user = null)
225 $acl_regex = '/<([0-9]+)>/i';
227 preg_match_all($acl_regex, $user['allow_cid'] ?? '', $matches);
228 $allow_cid = $matches[1];
229 preg_match_all($acl_regex, $user['allow_gid'] ?? '', $matches);
230 $allow_gid = $matches[1];
231 preg_match_all($acl_regex, $user['deny_cid'] ?? '', $matches);
232 $deny_cid = $matches[1];
233 preg_match_all($acl_regex, $user['deny_gid'] ?? '', $matches);
234 $deny_gid = $matches[1];
236 // Reformats the ACL data so that it is accepted by the JS frontend
237 array_walk($allow_cid, 'self::fixACL');
238 array_walk($allow_gid, 'self::fixACL');
239 array_walk($deny_cid, 'self::fixACL');
240 array_walk($deny_gid, 'self::fixACL');
242 Contact::pruneUnavailable($allow_cid);
245 'allow_cid' => $allow_cid,
246 'allow_gid' => $allow_gid,
247 'deny_cid' => $deny_cid,
248 'deny_gid' => $deny_gid,
253 * Returns the ACL list of contacts for a given user id
255 * @param int $user_id
259 public static function getContactListByUserId(int $user_id)
261 $acl_contacts = Contact::selectToArray(
262 ['id', 'name', 'addr', 'micro'],
263 ['uid' => $user_id, 'pending' => false, 'rel' => [Contact::FOLLOWER, Contact::FRIEND]]
265 array_walk($acl_contacts, function (&$value) {
266 $value['type'] = 'contact';
269 return $acl_contacts;
273 * Returns the ACL list of groups (including meta-groups) for a given user id
275 * @param int $user_id
278 public static function getGroupListByUserId(int $user_id)
282 'id' => Group::FOLLOWERS,
283 'name' => L10n::t('Followers'),
285 'micro' => 'images/twopeople.png',
289 'id' => Group::MUTUALS,
290 'name' => L10n::t('Mutuals'),
292 'micro' => 'images/twopeople.png',
296 foreach (Group::getByUserId($user_id) as $group) {
298 'id' => $group['id'],
299 'name' => $group['name'],
301 'micro' => 'images/twopeople.png',
310 * Return the full jot ACL selector HTML
313 * @param array $user User array
314 * @param bool $for_federation
315 * @param array $default_permissions Static defaults permission array:
321 * 'hidewall' => true/false
324 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
326 public static function getFullSelectorHTML(Page $page, array $user = null, bool $for_federation = false, array $default_permissions = [])
328 $page->registerFooterScript(Theme::getPathForFile('asset/typeahead.js/dist/typeahead.bundle.js'));
329 $page->registerFooterScript(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.js'));
330 $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.css'));
331 $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput-typeahead.css'));
333 // Defaults user permissions
334 if (empty($default_permissions)) {
335 $default_permissions = self::getDefaultUserPermissions($user);
338 $default_permissions = [
339 'allow_cid' => $default_permissions['allow_cid'] ?? [],
340 'allow_gid' => $default_permissions['allow_gid'] ?? [],
341 'deny_cid' => $default_permissions['deny_cid'] ?? [],
342 'deny_gid' => $default_permissions['deny_gid'] ?? [],
343 'hidewall' => $default_permissions['hidewall'] ?? false,
346 if (count($default_permissions['allow_cid'])
347 + count($default_permissions['allow_gid'])
348 + count($default_permissions['deny_cid'])
349 + count($default_permissions['deny_gid'])) {
350 $visibility = 'custom';
352 $visibility = 'public';
353 // Default permission display for custom panel
354 $default_permissions['allow_gid'] = [Group::FOLLOWERS];
357 $jotnets_fields = [];
358 if ($for_federation) {
359 $mail_enabled = false;
360 $pubmail_enabled = false;
362 if (function_exists('imap_open') && !Config::get('system', 'imap_disabled')) {
363 $mailacct = DBA::selectFirst('mailacct', ['pubmail'], ['`uid` = ? AND `server` != ""', $user['uid']]);
364 if (DBA::isResult($mailacct)) {
365 $mail_enabled = true;
366 $pubmail_enabled = !empty($mailacct['pubmail']);
370 if (!$default_permissions['hidewall']) {
372 $jotnets_fields[] = [
373 'type' => 'checkbox',
376 L10n::t('Post to Email'),
382 Hook::callAll('jot_networks', $jotnets_fields);
386 $acl_contacts = self::getContactListByUserId($user['uid']);
388 $acl_groups = self::getGroupListByUserId($user['uid']);
390 $acl_list = array_merge($acl_groups, $acl_contacts);
392 $tpl = Renderer::getMarkupTemplate('acl_selector.tpl');
393 $o = Renderer::replaceMacros($tpl, [
394 '$public_title' => L10n::t('Public'),
395 '$public_desc' => L10n::t('This content will be shown to all your followers and can be seen in the community pages and by anyone with its link.'),
396 '$custom_title' => L10n::t('Limited/Private'),
397 '$custom_desc' => L10n::t('This content will be shown only to the people in the first box, to the exception of the people mentioned in the second box. It won\'t appear anywhere public.'),
398 '$allow_label' => L10n::t('Show to:'),
399 '$deny_label' => L10n::t('Except to:'),
400 '$emailcc' => L10n::t('CC: email addresses'),
401 '$emtitle' => L10n::t('Example: bob@example.com, mary@example.com'),
402 '$jotnets_summary' => L10n::t('Connectors'),
403 '$jotnets_disabled_label' => L10n::t('Connectors disabled, since "%s" is enabled.', L10n::t('Hide your profile details from unknown viewers?')),
404 '$visibility' => $visibility,
405 '$acl_contacts' => $acl_contacts,
406 '$acl_groups' => $acl_groups,
407 '$acl_list' => $acl_list,
408 '$contact_allow' => implode(',', $default_permissions['allow_cid']),
409 '$group_allow' => implode(',', $default_permissions['allow_gid']),
410 '$contact_deny' => implode(',', $default_permissions['deny_cid']),
411 '$group_deny' => implode(',', $default_permissions['deny_gid']),
412 '$for_federation' => $for_federation,
413 '$jotnets_fields' => $jotnets_fields,
414 '$user_hidewall' => $default_permissions['hidewall'],