src/Module/PermissionTooltip.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2023, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module;
  23
  24 use Friendica\Core\Hook;
  25 use Friendica\Core\Protocol;
  26 use Friendica\Core\System;
  27 use Friendica\Database\DBA;
  28 use Friendica\DI;
  29 use Friendica\Model\APContact;
  30 use Friendica\Model\Circle;
  31 use Friendica\Model\Item;
  32 use Friendica\Model\Post;
  33 use Friendica\Model\Tag;
  34 use Friendica\Model\User;
  35 use Friendica\Network\HTTPException;
  36
  37 /**
  38  * Outputs the permission tooltip HTML content for the provided item, photo or event id.
  39  */
  40 class PermissionTooltip extends \Friendica\BaseModule
  41 {
  42         protected function rawContent(array $request = [])
  43         {
  44                 $type = $this->parameters['type'];
  45                 $referenceId = $this->parameters['id'];
  46
  47                 $expectedTypes = ['item', 'photo', 'event'];
  48                 if (!in_array($type, $expectedTypes)) {
  49                         throw new HTTPException\BadRequestException(DI::l10n()->t('Wrong type "%s", expected one of: %s', $type, implode(', ', $expectedTypes)));
  50                 }
  51
  52                 $condition = ['id' => $referenceId, 'uid' => [0, DI::userSession()->getLocalUserId()]];
  53                 if ($type == 'item') {
  54                         $fields = ['uid', 'psid', 'private', 'uri-id', 'origin', 'network'];
  55                         $model = Post::selectFirst($fields, $condition, ['order' => ['uid' => true]]);
  56
  57                         if ($model['origin'] || ($model['network'] != Protocol::ACTIVITYPUB)) {
  58                                 $permissionSet = DI::permissionSet()->selectOneById($model['psid'], $model['uid']);
  59                                 $model['allow_cid'] = $permissionSet->allow_cid;
  60                                 $model['allow_gid'] = $permissionSet->allow_gid;
  61                                 $model['deny_cid']  = $permissionSet->deny_cid;
  62                                 $model['deny_gid']  = $permissionSet->deny_gid;
  63                         } else {
  64                                 $model['allow_cid'] = [];
  65                                 $model['allow_gid'] = [];
  66                                 $model['deny_cid']  = [];
  67                                 $model['deny_gid']  = [];
  68                         }
  69                 } else {
  70                         $fields = ['uid', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'];
  71                         $model = DBA::selectFirst($type, $fields, $condition);
  72                         $model['allow_cid'] = DI::aclFormatter()->expand($model['allow_cid']);
  73                         $model['allow_gid'] = DI::aclFormatter()->expand($model['allow_gid']);
  74                         $model['deny_cid']  = DI::aclFormatter()->expand($model['deny_cid']);
  75                         $model['deny_gid']  = DI::aclFormatter()->expand($model['deny_gid']);
  76                 }
  77
  78                 if (!DBA::isResult($model)) {
  79                         throw new HttpException\NotFoundException(DI::l10n()->t('Model not found'));
  80                 }
  81
  82                 // Kept for backwards compatibility
  83                 Hook::callAll('lockview_content', $model);
  84
  85                 if ($type == 'item') {
  86                         $receivers = $this->fetchReceivers($model['uri-id']);
  87                         if (empty($receivers)) {
  88                                 switch ($model['private']) {
  89                                         case Item::PUBLIC:
  90                                                 $receivers = DI::l10n()->t('Public');
  91                                                 break;
  92
  93                                         case Item::UNLISTED:
  94                                                 $receivers = DI::l10n()->t('Unlisted');
  95                                                 break;
  96
  97                                         case Item::PRIVATE:
  98                                                 $receivers = DI::l10n()->t('Limited/Private');
  99                                                 break;
 100                                 }
 101                         }
 102                 } else {
 103                         $receivers = '';
 104                 }
 105
 106                 if (empty($model['allow_cid'])
 107                         && empty($model['allow_gid'])
 108                         && empty($model['deny_cid'])
 109                         && empty($model['deny_gid'])
 110                         && empty($receivers))
 111                 {
 112                         echo DI::l10n()->t('Remote privacy information not available.');
 113                         exit;
 114                 }
 115
 116                 $allowed_users   = $model['allow_cid'];
 117                 $allowed_circles = $model['allow_gid'];
 118                 $deny_users      = $model['deny_cid'];
 119                 $deny_circles    = $model['deny_gid'];
 120
 121                 $o = DI::l10n()->t('Visible to:') . '<br />';
 122                 $l = [];
 123
 124                 if (count($allowed_circles)) {
 125                         $key = array_search(Circle::FOLLOWERS, $allowed_circles);
 126                         if ($key !== false) {
 127                                 $l[] = '<b>' . DI::l10n()->t('Followers') . '</b>';
 128                                 unset($allowed_circles[$key]);
 129                         }
 130
 131                         $key = array_search(Circle::MUTUALS, $allowed_circles);
 132                         if ($key !== false) {
 133                                 $l[] = '<b>' . DI::l10n()->t('Mutuals') . '</b>';
 134                                 unset($allowed_circles[$key]);
 135                         }
 136
 137                         foreach (DI::dba()->selectToArray('group', ['name'], ['id' => $allowed_circles]) as $circle) {
 138                                 $l[] = '<b>' . $circle['name'] . '</b>';
 139                         }
 140                 }
 141
 142                 foreach (DI::dba()->selectToArray('contact', ['name'], ['id' => $allowed_users]) as $contact) {
 143                         $l[] = $contact['name'];
 144                 }
 145
 146                 if (count($deny_circles)) {
 147                         $key = array_search(Circle::FOLLOWERS, $deny_circles);
 148                         if ($key !== false) {
 149                                 $l[] = '<b><strike>' . DI::l10n()->t('Followers') . '</strike></b>';
 150                                 unset($deny_circles[$key]);
 151                         }
 152
 153                         $key = array_search(Circle::MUTUALS, $deny_circles);
 154                         if ($key !== false) {
 155                                 $l[] = '<b><strike>' . DI::l10n()->t('Mutuals') . '</strike></b>';
 156                                 unset($deny_circles[$key]);
 157                         }
 158
 159                         foreach (DI::dba()->selectToArray('group', ['name'], ['id' => $allowed_circles]) as $circle) {
 160                                 $l[] = '<b><strike>' . $circle['name'] . '</strike></b>';
 161                         }
 162                 }
 163
 164                 foreach (DI::dba()->selectToArray('contact', ['name'], ['id' => $deny_users]) as $contact) {
 165                         $l[] = '<strike>' . $contact['name'] . '</strike>';
 166                 }
 167
 168                 if (!empty($l)) {
 169                         $this->httpExit($o . implode(', ', $l));
 170                 } else {
 171                         $this->httpExit($o . $receivers);;
 172                 }
 173         }
 174
 175         /**
 176          * Fetch a list of receivers
 177          *
 178          * @param int $uriId
 179          * @return string
 180          */
 181         private function fetchReceivers(int $uriId): string
 182         {
 183                 $own_url = '';
 184                 $uid = DI::userSession()->getLocalUserId();
 185                 if ($uid) {
 186                         $owner = User::getOwnerDataById($uid);
 187                         if (!empty($owner['url'])) {
 188                                 $own_url = $owner['url'];
 189                         }
 190                 }
 191
 192                 $receivers = [];
 193                 foreach (Tag::getByURIId($uriId, [Tag::TO, Tag::CC, Tag::BCC, Tag::AUDIENCE, Tag::ATTRIBUTED]) as $receiver) {
 194                         // We only display BCC when it contains the current user
 195                         if (($receiver['type'] == Tag::BCC) && ($receiver['url'] != $own_url)) {
 196                                 continue;
 197                         }
 198
 199                         switch (Tag::getTargetType($receiver['url'], false)) {
 200                                 case Tag::PUBLIC_COLLECTION:
 201                                         $receivers[$receiver['type']][] = DI::l10n()->t('Public');
 202                                         break;
 203                                 case Tag::GENERAL_COLLECTION:
 204                                         $receivers[$receiver['type']][] = DI::l10n()->t('Collection (%s)', $receiver['name']);
 205                                         break;
 206                                 case Tag::FOLLOWER_COLLECTION:
 207                                         $apcontact = DBA::selectFirst('apcontact', ['name'], ['followers' => $receiver['url']]);
 208                                         $receivers[$receiver['type']][] = DI::l10n()->t('Followers (%s)', $apcontact['name'] ?? $receiver['name']);
 209                                         break;
 210                                 case Tag::ACCOUNT:
 211                                         $apcontact = APContact::getByURL($receiver['url'], false);
 212                                         $receivers[$receiver['type']][] = $apcontact['name'] ?? $receiver['name'];
 213                                         break;
 214                                 default:
 215                                         $receivers[$receiver['type']][] = $receiver['name'];
 216                                         break;
 217                         }
 218                 }
 219
 220                 $output = '';
 221
 222                 foreach ($receivers as $type => $receiver) {
 223                         $max = DI::config()->get('system', 'max_receivers');
 224                         $total = count($receiver);
 225                         if ($total > $max) {
 226                                 $receiver = array_slice($receiver, 0, $max);
 227                                 $receiver[] = DI::l10n()->t('%d more', $total - $max);
 228                         }
 229                         switch ($type) {
 230                                 case Tag::TO:
 231                                         $output .= DI::l10n()->t('<b>To:</b> %s<br>', implode(', ', $receiver));
 232                                         break;
 233                                 case Tag::CC:
 234                                         $output .= DI::l10n()->t('<b>CC:</b> %s<br>', implode(', ', $receiver));
 235                                         break;
 236                                 case Tag::BCC:
 237                                         $output .= DI::l10n()->t('<b>BCC:</b> %s<br>', implode(', ', $receiver));
 238                                         break;
 239                                 case Tag::AUDIENCE:
 240                                         $output .= DI::l10n()->t('<b>Audience:</b> %s<br>', implode(', ', $receiver));
 241                                         break;
 242                                 case Tag::ATTRIBUTED:
 243                                         $output .= DI::l10n()->t('<b>Attributed To:</b> %s<br>', implode(', ', $receiver));
 244                                         break;
 245                         }
 246                 }
 247
 248                 return $output;
 249         }
 250 }