src/Core/ACL.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2020, Friendica
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Core;
  23
  24 use Friendica\App\Page;
  25 use Friendica\Database\DBA;
  26 use Friendica\DI;
  27 use Friendica\Model\Contact;
  28 use Friendica\Model\Group;
  29
  30 /**
  31  * Handle ACL management and display
  32  */
  33 class ACL
  34 {
  35         /**
  36          * Returns a select input tag for private message recipient
  37          *
  38          * @param int  $selected Existing recipien contact ID
  39          * @return string
  40          * @throws \Exception
  41          */
  42         public static function getMessageContactSelectHTML(int $selected = null)
  43         {
  44                 $o = '';
  45
  46                 $page = DI::page();
  47
  48                 $page->registerFooterScript(Theme::getPathForFile('asset/typeahead.js/dist/typeahead.bundle.js'));
  49                 $page->registerFooterScript(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.js'));
  50                 $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.css'));
  51                 $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput-typeahead.css'));
  52
  53                 // When used for private messages, we limit correspondence to mutual DFRN/Friendica friends and the selector
  54                 // to one recipient. By default our selector allows multiple selects amongst all contacts.
  55                 $condition = [
  56                         'uid' => local_user(),
  57                         'self' => false,
  58                         'blocked' => false,
  59                         'pending' => false,
  60                         'archive' => false,
  61                         'deleted' => false,
  62                         'rel' => [Contact::FOLLOWER, Contact::SHARING, Contact::FRIEND],
  63                         'network' => Protocol::FEDERATED,
  64                 ];
  65
  66                 $contacts = Contact::selectToArray(
  67                         ['id', 'name', 'addr', 'micro'],
  68                         DBA::mergeConditions($condition, ["`notify` != ''"])
  69                 );
  70
  71                 $arr = ['contact' => $contacts, 'entry' => $o];
  72
  73                 Hook::callAll(DI::module()->getName() . '_pre_recipient', $arr);
  74
  75                 $tpl = Renderer::getMarkupTemplate('acl/message_recipient.tpl');
  76                 $o = Renderer::replaceMacros($tpl, [
  77                         '$contacts' => $contacts,
  78                         '$selected' => $selected,
  79                 ]);
  80
  81                 Hook::callAll(DI::module()->getName() . '_post_recipient', $o);
  82
  83                 return $o;
  84         }
  85
  86         /**
  87          * Return the default permission of the provided user array
  88          *
  89          * @param array $user
  90          * @return array Hash of contact id lists
  91          * @throws \Exception
  92          */
  93         public static function getDefaultUserPermissions(array $user = null)
  94         {
  95                 $aclFormatter = DI::aclFormatter();
  96
  97                 return [
  98                         'allow_cid' => Contact::pruneUnavailable($aclFormatter->expand($user['allow_cid'] ?? '')),
  99                         'allow_gid' => $aclFormatter->expand($user['allow_gid'] ?? ''),
 100                         'deny_cid'  => $aclFormatter->expand($user['deny_cid']  ?? ''),
 101                         'deny_gid'  => $aclFormatter->expand($user['deny_gid']  ?? ''),
 102                 ];
 103         }
 104
 105         /**
 106          * Returns the ACL list of contacts for a given user id
 107          *
 108          * @param int   $user_id
 109          * @param array $condition Additional contact lookup table conditions
 110          * @return array
 111          * @throws \Exception
 112          */
 113         public static function getContactListByUserId(int $user_id, array $condition = [])
 114         {
 115                 $fields = ['id', 'name', 'addr', 'micro'];
 116                 $params = ['order' => ['name']];
 117                 $acl_contacts = Contact::selectToArray(
 118                         $fields,
 119                         array_merge([
 120                                 'uid' => $user_id,
 121                                 'self' => false,
 122                                 'blocked' => false,
 123                                 'archive' => false,
 124                                 'deleted' => false,
 125                                 'pending' => false,
 126                                 'rel' => [Contact::FOLLOWER, Contact::FRIEND]
 127                         ], $condition),
 128                         $params
 129                 );
 130
 131                 $acl_yourself = Contact::selectFirst($fields, ['uid' => $user_id, 'self' => true]);
 132                 $acl_yourself['name'] = DI::l10n()->t('Yourself');
 133
 134                 $acl_contacts[] = $acl_yourself;
 135
 136                 $acl_forums = Contact::selectToArray($fields,
 137                         ['uid' => $user_id, 'self' => false, 'blocked' => false, 'archive' => false, 'deleted' => false,
 138                         'pending' => false, 'contact-type' => Contact::TYPE_COMMUNITY], $params
 139                 );
 140
 141                 $acl_contacts = array_merge($acl_forums, $acl_contacts);
 142
 143                 array_walk($acl_contacts, function (&$value) {
 144                         $value['type'] = 'contact';
 145                 });
 146
 147                 return $acl_contacts;
 148         }
 149
 150         /**
 151          * Returns the ACL list of groups (including meta-groups) for a given user id
 152          *
 153          * @param int $user_id
 154          * @return array
 155          */
 156         public static function getGroupListByUserId(int $user_id)
 157         {
 158                 $acl_groups = [
 159                         [
 160                                 'id' => Group::FOLLOWERS,
 161                                 'name' => DI::l10n()->t('Followers'),
 162                                 'addr' => '',
 163                                 'micro' => 'images/twopeople.png',
 164                                 'type' => 'group',
 165                         ],
 166                         [
 167                                 'id' => Group::MUTUALS,
 168                                 'name' => DI::l10n()->t('Mutuals'),
 169                                 'addr' => '',
 170                                 'micro' => 'images/twopeople.png',
 171                                 'type' => 'group',
 172                         ]
 173                 ];
 174                 foreach (Group::getByUserId($user_id) as $group) {
 175                         $acl_groups[] = [
 176                                 'id' => $group['id'],
 177                                 'name' => $group['name'],
 178                                 'addr' => '',
 179                                 'micro' => 'images/twopeople.png',
 180                                 'type' => 'group',
 181                         ];
 182                 }
 183
 184                 return $acl_groups;
 185         }
 186
 187         /**
 188          * Return the full jot ACL selector HTML
 189          *
 190          * @param Page   $page
 191          * @param array  $user                  User array
 192          * @param bool   $for_federation
 193          * @param array  $default_permissions   Static defaults permission array:
 194          *                                      [
 195          *                                      'allow_cid' => [],
 196          *                                      'allow_gid' => [],
 197          *                                      'deny_cid' => [],
 198          *                                      'deny_gid' => []
 199          *                                      ]
 200          * @param array  $condition
 201          * @param string $form_prefix
 202          * @return string
 203          * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 204          */
 205         public static function getFullSelectorHTML(
 206                 Page $page,
 207                 array $user = null,
 208                 bool $for_federation = false,
 209                 array $default_permissions = [],
 210                 array $condition = [],
 211                 $form_prefix = ''
 212         ) {
 213                 if (empty($user['uid'])) {
 214                         return '';
 215                 }
 216
 217                 static $input_group_id = 0;
 218
 219                 $input_group_id++;
 220
 221                 $page->registerFooterScript(Theme::getPathForFile('asset/typeahead.js/dist/typeahead.bundle.js'));
 222                 $page->registerFooterScript(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.js'));
 223                 $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.css'));
 224                 $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput-typeahead.css'));
 225
 226                 // Defaults user permissions
 227                 if (empty($default_permissions)) {
 228                         $default_permissions = self::getDefaultUserPermissions($user);
 229                 }
 230
 231                 $default_permissions = [
 232                         'allow_cid' => $default_permissions['allow_cid'] ?? [],
 233                         'allow_gid' => $default_permissions['allow_gid'] ?? [],
 234                         'deny_cid'  => $default_permissions['deny_cid']  ?? [],
 235                         'deny_gid'  => $default_permissions['deny_gid']  ?? [],
 236                 ];
 237
 238                 if (count($default_permissions['allow_cid'])
 239                         + count($default_permissions['allow_gid'])
 240                         + count($default_permissions['deny_cid'])
 241                         + count($default_permissions['deny_gid'])) {
 242                         $visibility = 'custom';
 243                 } else {
 244                         $visibility = 'public';
 245                         // Default permission display for custom panel
 246                         $default_permissions['allow_gid'] = [Group::FOLLOWERS];
 247                 }
 248
 249                 $jotnets_fields = [];
 250                 if ($for_federation) {
 251                         if (function_exists('imap_open') && !DI::config()->get('system', 'imap_disabled')) {
 252                                 $mailacct = DBA::selectFirst('mailacct', ['pubmail'], ['`uid` = ? AND `server` != ""', $user['uid']]);
 253                                 if (DBA::isResult($mailacct)) {
 254                                         $jotnets_fields[] = [
 255                                                 'type' => 'checkbox',
 256                                                 'field' => [
 257                                                         'pubmail_enable',
 258                                                         DI::l10n()->t('Post to Email'),
 259                                                         !empty($mailacct['pubmail'])
 260                                                 ]
 261                                         ];
 262
 263                                 }
 264                         }
 265                         Hook::callAll('jot_networks', $jotnets_fields);
 266                 }
 267
 268                 $acl_contacts = self::getContactListByUserId($user['uid'], $condition);
 269
 270                 $acl_groups = self::getGroupListByUserId($user['uid']);
 271
 272                 $acl_list = array_merge($acl_groups, $acl_contacts);
 273
 274                 $input_names = [
 275                         'visibility'    => $form_prefix ? $form_prefix . '[visibility]'    : 'visibility',
 276                         'group_allow'   => $form_prefix ? $form_prefix . '[group_allow]'   : 'group_allow',
 277                         'contact_allow' => $form_prefix ? $form_prefix . '[contact_allow]' : 'contact_allow',
 278                         'group_deny'    => $form_prefix ? $form_prefix . '[group_deny]'    : 'group_deny',
 279                         'contact_deny'  => $form_prefix ? $form_prefix . '[contact_deny]'  : 'contact_deny',
 280                         'emailcc'       => $form_prefix ? $form_prefix . '[emailcc]'       : 'emailcc',
 281                 ];
 282
 283                 $tpl = Renderer::getMarkupTemplate('acl/full_selector.tpl');
 284                 $o = Renderer::replaceMacros($tpl, [
 285                         '$public_title'   => DI::l10n()->t('Public'),
 286                         '$public_desc'    => DI::l10n()->t('This content will be shown to all your followers and can be seen in the community pages and by anyone with its link.'),
 287                         '$custom_title'   => DI::l10n()->t('Limited/Private'),
 288                         '$custom_desc'    => DI::l10n()->t('This content will be shown only to the people in the first box, to the exception of the people mentioned in the second box. It won\'t appear anywhere public.'),
 289                         '$allow_label'    => DI::l10n()->t('Show to:'),
 290                         '$deny_label'     => DI::l10n()->t('Except to:'),
 291                         '$emailcc'        => DI::l10n()->t('CC: email addresses'),
 292                         '$emtitle'        => DI::l10n()->t('Example: bob@example.com, mary@example.com'),
 293                         '$jotnets_summary' => DI::l10n()->t('Connectors'),
 294                         '$visibility'     => $visibility,
 295                         '$acl_contacts'   => $acl_contacts,
 296                         '$acl_groups'     => $acl_groups,
 297                         '$acl_list'       => $acl_list,
 298                         '$contact_allow'  => implode(',', $default_permissions['allow_cid']),
 299                         '$group_allow'    => implode(',', $default_permissions['allow_gid']),
 300                         '$contact_deny'   => implode(',', $default_permissions['deny_cid']),
 301                         '$group_deny'     => implode(',', $default_permissions['deny_gid']),
 302                         '$for_federation' => $for_federation,
 303                         '$jotnets_fields' => $jotnets_fields,
 304                         '$input_names'    => $input_names,
 305                         '$input_group_id' => $input_group_id,
 306                 ]);
 307
 308                 return $o;
 309         }
 310 }