3 * @copyright Copyright (C) 2010-2021, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Repository;
24 use Friendica\BaseRepository;
25 use Friendica\Collection;
26 use Friendica\Database\Database;
28 use Friendica\Network\HTTPException;
29 use Friendica\Util\ACLFormatter;
30 use Psr\Log\LoggerInterface;
32 class PermissionSet extends BaseRepository
34 /** @var int Virtual permission set id for public permission */
37 protected static $table_name = 'permissionset';
39 protected static $model_class = Model\PermissionSet::class;
41 protected static $collection_class = Collection\PermissionSets::class;
43 /** @var ACLFormatter */
44 private $aclFormatter;
46 public function __construct(Database $dba, LoggerInterface $logger, ACLFormatter $aclFormatter)
48 parent::__construct($dba, $logger);
50 $this->aclFormatter = $aclFormatter;
55 * @return Model\PermissionSet
57 protected function create(array $data)
59 return new Model\PermissionSet($this->dba, $this->logger, $data);
63 * @param array $condition
64 * @return Model\PermissionSet
65 * @throws \Friendica\Network\HTTPException\NotFoundException
67 public function selectFirst(array $condition)
69 if (isset($condition['id']) && !$condition['id']) {
70 return $this->create([
72 'uid' => $condition['uid'] ?? 0,
80 return parent::selectFirst($condition);
84 * @param array $condition
85 * @param array $params
86 * @return Collection\PermissionSets
89 public function select(array $condition = [], array $params = [])
91 return parent::select($condition, $params);
95 * @param array $condition
96 * @param array $params
97 * @param int|null $min_id
98 * @param int|null $max_id
100 * @return Collection\PermissionSets
103 public function selectByBoundaries(array $condition = [], array $params = [], int $min_id = null, int $max_id = null, int $limit = self::LIMIT)
105 return parent::selectByBoundaries($condition, $params, $min_id, $max_id, $limit);
109 * Fetch the id of a given permission set. Generate a new one when needed
112 * @param string|null $allow_cid Allowed contact IDs - empty = everyone
113 * @param string|null $allow_gid Allowed group IDs - empty = everyone
114 * @param string|null $deny_cid Disallowed contact IDs - empty = no one
115 * @param string|null $deny_gid Disallowed group IDs - empty = no one
119 public function getIdFromACL(
121 string $allow_cid = null,
122 string $allow_gid = null,
123 string $deny_cid = null,
124 string $deny_gid = null
126 $allow_cid = $this->aclFormatter->sanitize($allow_cid);
127 $allow_gid = $this->aclFormatter->sanitize($allow_gid);
128 $deny_cid = $this->aclFormatter->sanitize($deny_cid);
129 $deny_gid = $this->aclFormatter->sanitize($deny_gid);
132 if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
138 'allow_cid' => $allow_cid,
139 'allow_gid' => $allow_gid,
140 'deny_cid' => $deny_cid,
141 'deny_gid' => $deny_gid
145 $permissionset = $this->selectFirst($condition);
146 } catch(HTTPException\NotFoundException $exception) {
147 $permissionset = $this->insert($condition);
150 return $permissionset->id;
154 * Returns a permission set collection for a given contact
156 * @param integer $contact_id Contact id of the visitor
157 * @param integer $uid User id whom the items belong, used for ownership check.
159 * @return Collection\PermissionSets
162 public function selectByContactId($contact_id, $uid)
164 $cdata = Model\Contact::getPublicAndUserContactID($contact_id, $uid);
165 if (!empty($cdata)) {
166 $public_contact_str = '<' . $cdata['public'] . '>';
167 $user_contact_str = '<' . $cdata['user'] . '>';
168 $contact_id = $cdata['user'];
170 $public_contact_str = '<' . $contact_id . '>';
171 $user_contact_str = '';
175 if (!empty($user_contact_str) && $this->dba->exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
176 $groups = Model\Group::getIdsByContactId($contact_id);
179 $group_str = '<<>>'; // should be impossible to match
180 foreach ($groups as $group_id) {
181 $group_str .= '|<' . preg_quote($group_id) . '>';
184 if (!empty($user_contact_str)) {
185 $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR `deny_cid` REGEXP ? OR deny_gid REGEXP ?)
186 AND (allow_cid REGEXP ? OR allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
187 $uid, $user_contact_str, $public_contact_str, $group_str,
188 $user_contact_str, $public_contact_str, $group_str];
190 $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
191 AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
192 $uid, $public_contact_str, $group_str, $public_contact_str, $group_str];
195 return $this->select($condition);