3 * @file src/Model/PermissionSet.php
6 namespace Friendica\Model;
8 use Friendica\Core\L10n;
9 use Friendica\Database\DBA;
11 use Friendica\Network\HTTPException;
14 * functions for interacting with the permission set of an object (item, photo, event, ...)
19 * Fetch the id of a given permission set. Generate a new one when needed
22 * @param string|null $allow_cid Allowed contact IDs - empty = everyone
23 * @param string|null $allow_gid Allowed group IDs - empty = everyone
24 * @param string|null $deny_cid Disallowed contact IDs - empty = no one
25 * @param string|null $deny_gid Disallowed group IDs - empty = no one
27 * @throws HTTPException\InternalServerErrorException
29 public static function getIdFromACL(
31 string $allow_cid = null,
32 string $allow_gid = null,
33 string $deny_cid = null,
34 string $deny_gid = null
36 $ACLFormatter = DI::aclFormatter();
38 $allow_cid = $ACLFormatter->sanitize($allow_cid);
39 $allow_gid = $ACLFormatter->sanitize($allow_gid);
40 $deny_cid = $ACLFormatter->sanitize($deny_cid);
41 $deny_gid = $ACLFormatter->sanitize($deny_gid);
44 if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
50 'allow_cid' => $allow_cid,
51 'allow_gid' => $allow_gid,
52 'deny_cid' => $deny_cid,
53 'deny_gid' => $deny_gid
55 $permissionset = DBA::selectFirst('permissionset', ['id'], $condition);
57 if (DBA::isResult($permissionset)) {
58 $psid = $permissionset['id'];
60 if (DBA::insert('permissionset', $condition, true)) {
61 $psid = DBA::lastInsertId();
63 throw new HTTPException\InternalServerErrorException(L10n::t('Unable to create a new permission set.'));
71 * Returns a permission set for a given contact
73 * @param integer $uid User id whom the items belong
74 * @param integer $contact_id Contact id of the visitor
76 * @return array of permission set ids.
79 static public function get($uid, $contact_id)
81 if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
82 $groups = Group::getIdsByContactId($contact_id);
85 if (empty($groups) || !is_array($groups)) {
89 $group_str = '<<>>'; // should be impossible to match
91 foreach ($groups as $g) {
92 $group_str .= '|<' . intval($g) . '>';
95 $contact_str = '<' . $contact_id . '>';
97 $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
98 AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
99 $uid, $contact_str, $group_str, $contact_str, $group_str];
101 $ret = DBA::select('permissionset', ['id'], $condition);
103 while ($permission = DBA::fetch($ret)) {
104 $set[] = $permission['id'];