src/Repository/PermissionSet.php

   1 <?php
   2
   3 namespace Friendica\Repository;
   4
   5 use Friendica\BaseRepository;
   6 use Friendica\Collection;
   7 use Friendica\Database\Database;
   8 use Friendica\Model;
   9 use Friendica\Model\Group;
  10 use Friendica\Network\HTTPException;
  11 use Friendica\Util\ACLFormatter;
  12 use Psr\Log\LoggerInterface;
  13
  14 class PermissionSet extends BaseRepository
  15 {
  16         const PUBLIC = 0;
  17
  18         protected static $table_name = 'permissionset';
  19
  20         protected static $model_class = Model\PermissionSet::class;
  21
  22         protected static $collection_class = Collection\PermissionSets::class;
  23
  24         /** @var ACLFormatter */
  25         private $aclFormatter;
  26
  27         public function __construct(Database $dba, LoggerInterface $logger, ACLFormatter $aclFormatter)
  28         {
  29                 parent::__construct($dba, $logger);
  30
  31                 $this->aclFormatter = $aclFormatter;
  32         }
  33
  34         /**
  35          * @param array $data
  36          * @return Model\PermissionSet
  37          */
  38         protected function create(array $data)
  39         {
  40                 return new Model\PermissionSet($this->dba, $this->logger, $data);
  41         }
  42
  43         /**
  44          * @param array $condition
  45          * @return Model\PermissionSet
  46          * @throws \Friendica\Network\HTTPException\NotFoundException
  47          */
  48         public function selectFirst(array $condition)
  49         {
  50                 if (isset($condition['id']) && !$condition['id']) {
  51                         return $this->create([
  52                                 'id' => self::PUBLIC,
  53                                 'uid' => $condition['uid'] ?? 0,
  54                                 'allow_cid' => '',
  55                                 'allow_gid' => '',
  56                                 'deny_cid' => '',
  57                                 'deny_gid' => '',
  58                         ]);
  59                 }
  60
  61                 return parent::selectFirst($condition);
  62         }
  63
  64         /**
  65          * @param array $condition
  66          * @param array $params
  67          * @return Collection\PermissionSets
  68          * @throws \Exception
  69          */
  70         public function select(array $condition = [], array $params = [])
  71         {
  72                 return parent::select($condition, $params);
  73         }
  74
  75         /**
  76          * @param array $condition
  77          * @param array $params
  78          * @param int|null $max_id
  79          * @param int|null $since_id
  80          * @param int $limit
  81          * @return Collection\PermissionSets
  82          * @throws \Exception
  83          */
  84         public function selectByBoundaries(array $condition = [], array $params = [], int $max_id = null, int $since_id = null, int $limit = self::LIMIT)
  85         {
  86                 return parent::selectByBoundaries($condition, $params, $max_id, $since_id, $limit);
  87         }
  88
  89         /**
  90          * Fetch the id of a given permission set. Generate a new one when needed
  91          *
  92          * @param int         $uid
  93          * @param string|null $allow_cid Allowed contact IDs    - empty = everyone
  94          * @param string|null $allow_gid Allowed group IDs      - empty = everyone
  95          * @param string|null $deny_cid  Disallowed contact IDs - empty = no one
  96          * @param string|null $deny_gid  Disallowed group IDs   - empty = no one
  97          * @return int id
  98          * @throws \Exception
  99          */
 100         public function getIdFromACL(
 101                 int $uid,
 102                 string $allow_cid = null,
 103                 string $allow_gid = null,
 104                 string $deny_cid = null,
 105                 string $deny_gid = null
 106         ) {
 107                 $allow_cid = $this->aclFormatter->sanitize($allow_cid);
 108                 $allow_gid = $this->aclFormatter->sanitize($allow_gid);
 109                 $deny_cid = $this->aclFormatter->sanitize($deny_cid);
 110                 $deny_gid = $this->aclFormatter->sanitize($deny_gid);
 111
 112                 // Public permission
 113                 if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
 114                         return self::PUBLIC;
 115                 }
 116
 117                 $condition = [
 118                         'uid' => $uid,
 119                         'allow_cid' => $allow_cid,
 120                         'allow_gid' => $allow_gid,
 121                         'deny_cid'  => $deny_cid,
 122                         'deny_gid'  => $deny_gid
 123                 ];
 124
 125                 try {
 126                         $permissionset = $this->selectFirst($condition);
 127                 } catch(HTTPException\NotFoundException $exception) {
 128                         $permissionset = $this->insert($condition);
 129                 }
 130
 131                 return $permissionset->id;
 132         }
 133
 134         /**
 135          * Returns a permission set collection for a given contact
 136          *
 137          * @param integer $contact_id Contact id of the visitor
 138          * @param integer $uid        User id whom the items belong, used for ownership check.
 139          *
 140          * @return Collection\PermissionSets
 141          * @throws \Exception
 142          */
 143         public function selectByContactId($contact_id, $uid)
 144         {
 145                 $groups = [];
 146                 if ($this->dba->exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
 147                         $groups = Group::getIdsByContactId($contact_id);
 148                 }
 149
 150                 $group_str = '<<>>'; // should be impossible to match
 151                 foreach ($groups as $group_id) {
 152                         $group_str .= '|<' . preg_quote($group_id) . '>';
 153                 }
 154
 155                 $contact_str = '<' . $contact_id . '>';
 156
 157                 $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
 158                         AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
 159                         $uid, $contact_str, $group_str, $contact_str, $group_str];
 160
 161                 return $this->select($condition);
 162         }
 163 }