src/Module/PermissionTooltip.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2023, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module;
  23
  24 use Friendica\Core\Hook;
  25 use Friendica\Core\System;
  26 use Friendica\Database\DBA;
  27 use Friendica\DI;
  28 use Friendica\Model\APContact;
  29 use Friendica\Model\Group;
  30 use Friendica\Model\Item;
  31 use Friendica\Model\Post;
  32 use Friendica\Model\Tag;
  33 use Friendica\Model\User;
  34 use Friendica\Network\HTTPException;
  35 use Friendica\Protocol\ActivityPub;
  36
  37 /**
  38  * Outputs the permission tooltip HTML content for the provided item, photo or event id.
  39  */
  40 class PermissionTooltip extends \Friendica\BaseModule
  41 {
  42         protected function rawContent(array $request = [])
  43         {
  44                 $type = $this->parameters['type'];
  45                 $referenceId = $this->parameters['id'];
  46
  47                 $expectedTypes = ['item', 'photo', 'event'];
  48                 if (!in_array($type, $expectedTypes)) {
  49                         throw new HTTPException\BadRequestException(DI::l10n()->t('Wrong type "%s", expected one of: %s', $type, implode(', ', $expectedTypes)));
  50                 }
  51
  52                 $condition = ['id' => $referenceId, 'uid' => [0, DI::userSession()->getLocalUserId()]];
  53                 if ($type == 'item') {
  54                         $fields = ['uid', 'psid', 'private', 'uri-id'];
  55                         $model = Post::selectFirst($fields, $condition);
  56                 } else {
  57                         $fields = ['uid', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'];
  58                         $model = DBA::selectFirst($type, $fields, $condition);
  59                         $model['allow_cid'] = DI::aclFormatter()->expand($model['allow_cid']);
  60                         $model['allow_gid'] = DI::aclFormatter()->expand($model['allow_gid']);
  61                         $model['deny_cid']  = DI::aclFormatter()->expand($model['deny_cid']);
  62                         $model['deny_gid']  = DI::aclFormatter()->expand($model['deny_gid']);
  63                 }
  64
  65                 if (!DBA::isResult($model)) {
  66                         throw new HttpException\NotFoundException(DI::l10n()->t('Model not found'));
  67                 }
  68
  69                 if (isset($model['psid'])) {
  70                         $permissionSet = DI::permissionSet()->selectOneById($model['psid'], $model['uid']);
  71                         $model['allow_cid'] = $permissionSet->allow_cid;
  72                         $model['allow_gid'] = $permissionSet->allow_gid;
  73                         $model['deny_cid']  = $permissionSet->deny_cid;
  74                         $model['deny_gid']  = $permissionSet->deny_gid;
  75                 }
  76
  77                 // Kept for backwards compatiblity
  78                 Hook::callAll('lockview_content', $model);
  79
  80                 if ($type == 'item') {
  81                         $receivers = $this->fetchReceivers($model['uri-id']);
  82                         if (empty($receivers)) {
  83                                 switch ($model['private']) {
  84                                         case Item::PUBLIC:
  85                                                 $receivers = DI::l10n()->t('Public');
  86                                                 break;
  87
  88                                         case Item::UNLISTED:
  89                                                 $receivers = DI::l10n()->t('Unlisted');
  90                                                 break;
  91
  92                                         case Item::PRIVATE:
  93                                                 $receivers = DI::l10n()->t('Limited/Private');
  94                                                 break;
  95                                 }
  96                         }
  97                 } else {
  98                         $receivers = '';
  99                 }
 100
 101                 if (empty($model['allow_cid'])
 102                         && empty($model['allow_gid'])
 103                         && empty($model['deny_cid'])
 104                         && empty($model['deny_gid'])
 105                         && empty($receivers))
 106                 {
 107                         echo DI::l10n()->t('Remote privacy information not available.');
 108                         exit;
 109                 }
 110
 111                 $allowed_users  = $model['allow_cid'];
 112                 $allowed_groups = $model['allow_gid'];
 113                 $deny_users     = $model['deny_cid'];
 114                 $deny_groups    = $model['deny_gid'];
 115
 116                 $o = DI::l10n()->t('Visible to:') . '<br />';
 117                 $l = [];
 118
 119                 if (count($allowed_groups)) {
 120                         $key = array_search(Group::FOLLOWERS, $allowed_groups);
 121                         if ($key !== false) {
 122                                 $l[] = '<b>' . DI::l10n()->t('Followers') . '</b>';
 123                                 unset($allowed_groups[$key]);
 124                         }
 125
 126                         $key = array_search(Group::MUTUALS, $allowed_groups);
 127                         if ($key !== false) {
 128                                 $l[] = '<b>' . DI::l10n()->t('Mutuals') . '</b>';
 129                                 unset($allowed_groups[$key]);
 130                         }
 131
 132                         foreach (DI::dba()->selectToArray('group', ['name'], ['id' => $allowed_groups]) as $group) {
 133                                 $l[] = '<b>' . $group['name'] . '</b>';
 134                         }
 135                 }
 136
 137                 foreach (DI::dba()->selectToArray('contact', ['name'], ['id' => $allowed_users]) as $contact) {
 138                         $l[] = $contact['name'];
 139                 }
 140
 141                 if (count($deny_groups)) {
 142                         $key = array_search(Group::FOLLOWERS, $deny_groups);
 143                         if ($key !== false) {
 144                                 $l[] = '<b><strike>' . DI::l10n()->t('Followers') . '</strike></b>';
 145                                 unset($deny_groups[$key]);
 146                         }
 147
 148                         $key = array_search(Group::MUTUALS, $deny_groups);
 149                         if ($key !== false) {
 150                                 $l[] = '<b><strike>' . DI::l10n()->t('Mutuals') . '</strike></b>';
 151                                 unset($deny_groups[$key]);
 152                         }
 153
 154                         foreach (DI::dba()->selectToArray('group', ['name'], ['id' => $allowed_groups]) as $group) {
 155                                 $l[] = '<b><strike>' . $group['name'] . '</strike></b>';
 156                         }
 157                 }
 158
 159                 foreach (DI::dba()->selectToArray('contact', ['name'], ['id' => $deny_users]) as $contact) {
 160                         $l[] = '<strike>' . $contact['name'] . '</strike>';
 161                 }
 162
 163                 if (!empty($l)) {
 164                         echo $o . implode(', ', $l);
 165                 } else {
 166                         echo $o . $receivers;
 167                 }
 168                 System::exit();
 169         }
 170
 171         /**
 172          * Fetch a list of receivers
 173          *
 174          * @param int $uriId
 175          * @return string
 176          */
 177         private function fetchReceivers(int $uriId): string
 178         {
 179                 $own_url = '';
 180                 $uid = DI::userSession()->getLocalUserId();
 181                 if ($uid) {
 182                         $owner = User::getOwnerDataById($uid);
 183                         if (!empty($owner['url'])) {
 184                                 $own_url = $owner['url'];
 185                         }
 186                 }
 187
 188                 $receivers = [];
 189                 foreach (Tag::getByURIId($uriId, [Tag::TO, Tag::CC, Tag::BCC]) as $receiver) {
 190                         // We only display BCC when it contains the current user
 191                         if (($receiver['type'] == Tag::BCC) && ($receiver['url'] != $own_url)) {
 192                                 continue;
 193                         }
 194
 195                         switch (Tag::getTargetType($receiver['url'], false)) {
 196                                 case Tag::PUBLIC_COLLECTION:
 197                                         $receivers[$receiver['type']][] = DI::l10n()->t('Public');
 198                                         break;
 199                                 case Tag::GENERAL_COLLECTION:
 200                                         $receivers[$receiver['type']][] = DI::l10n()->t('Collection (%s)', $receiver['name']);
 201                                         break;
 202                                 case Tag::FOLLOWER_COLLECTION:
 203                                         $apcontact = DBA::selectFirst('apcontact', ['name'], ['followers' => $receiver['url']]);
 204                                         $receivers[$receiver['type']][] = DI::l10n()->t('Followers (%s)', $apcontact['name'] ?? $receiver['name']);
 205                                         break;
 206                                 case Tag::ACCOUNT:
 207                                         $apcontact = APContact::getByURL($receiver['url'], false);
 208                                         $receivers[$receiver['type']][] = $apcontact['name'] ?? $receiver['name'];
 209                                         break;
 210                                 default:
 211                                         $receivers[$receiver['type']][] = $receiver['name'];
 212                                         break;
 213                         }
 214                 }
 215
 216                 $output = '';
 217
 218                 foreach ($receivers as $type => $receiver) {
 219                         $max = DI::config()->get('system', 'max_receivers');
 220                         $total = count($receiver);
 221                         if ($total > $max) {
 222                                 $receiver = array_slice($receiver, 0, $max);
 223                                 $receiver[] = DI::l10n()->t('%d more', $total - $max);
 224                         }
 225                         switch ($type) {
 226                                 case Tag::TO:
 227                                         $output .= DI::l10n()->t('<b>To:</b> %s<br>', implode(', ', $receiver));
 228                                         break;
 229                                 case Tag::CC:
 230                                         $output .= DI::l10n()->t('<b>CC:</b> %s<br>', implode(', ', $receiver));
 231                                         break;
 232                                 case Tag::BCC:
 233                                         $output .= DI::l10n()->t('<b>BCC:</b> %s<br>', implode(', ', $receiver));
 234                                         break;
 235                         }
 236                 }
 237
 238                 return $output;
 239         }
 240 }