Merge pull request #10160 from annando/issue-10156

[friendica.git] / src / Repository / PermissionSet.php

<?php
/**
 * @copyright Copyright (C) 2010-2021, the Friendica project
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 */

namespace Friendica\Repository;

use Friendica\BaseRepository;
use Friendica\Collection;
use Friendica\Database\Database;
use Friendica\Model;
use Friendica\Network\HTTPException;
use Friendica\Util\ACLFormatter;
use Psr\Log\LoggerInterface;

class PermissionSet extends BaseRepository
{
        /** @var int Virtual permission set id for public permission */
        const PUBLIC = 0;

        protected static $table_name = 'permissionset';

        protected static $model_class = Model\PermissionSet::class;

        protected static $collection_class = Collection\PermissionSets::class;

        /** @var ACLFormatter */
        private $aclFormatter;

        public function __construct(Database $dba, LoggerInterface $logger, ACLFormatter $aclFormatter)
        {
                parent::__construct($dba, $logger);

                $this->aclFormatter = $aclFormatter;
        }

        /**
         * @param array $data
         * @return Model\PermissionSet
         */
        protected function create(array $data)
        {
                return new Model\PermissionSet($this->dba, $this->logger, $data);
        }

        /**
         * @param array $condition
         * @return Model\PermissionSet
         * @throws \Friendica\Network\HTTPException\NotFoundException
         */
        public function selectFirst(array $condition)
        {
                if (isset($condition['id']) && !$condition['id']) {
                        return $this->create([
                                'id' => self::PUBLIC,
                                'uid' => $condition['uid'] ?? 0,
                                'allow_cid' => '',
                                'allow_gid' => '',
                                'deny_cid' => '',
                                'deny_gid' => '',
                        ]);
                }

                return parent::selectFirst($condition);
        }

        /**
         * @param array $condition
         * @param array $params
         * @return Collection\PermissionSets
         * @throws \Exception
         */
        public function select(array $condition = [], array $params = [])
        {
                return parent::select($condition, $params);
        }

        /**
         * @param array    $condition
         * @param array    $params
         * @param int|null $min_id
         * @param int|null $max_id
         * @param int      $limit
         * @return Collection\PermissionSets
         * @throws \Exception
         */
        public function selectByBoundaries(array $condition = [], array $params = [], int $min_id = null, int $max_id = null, int $limit = self::LIMIT)
        {
                return parent::selectByBoundaries($condition, $params, $min_id, $max_id, $limit);
        }

        /**
         * Fetch the id of a given permission set. Generate a new one when needed
         *
         * @param int         $uid
         * @param string|null $allow_cid Allowed contact IDs    - empty = everyone
         * @param string|null $allow_gid Allowed group IDs      - empty = everyone
         * @param string|null $deny_cid  Disallowed contact IDs - empty = no one
         * @param string|null $deny_gid  Disallowed group IDs   - empty = no one
         * @return int id
         * @throws \Exception
         */
        public function getIdFromACL(
                int $uid,
                string $allow_cid = null,
                string $allow_gid = null,
                string $deny_cid = null,
                string $deny_gid = null
        ) {
                $allow_cid = $this->aclFormatter->sanitize($allow_cid);
                $allow_gid = $this->aclFormatter->sanitize($allow_gid);
                $deny_cid = $this->aclFormatter->sanitize($deny_cid);
                $deny_gid = $this->aclFormatter->sanitize($deny_gid);

                // Public permission
                if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
                        return self::PUBLIC;
                }

                $condition = [
                        'uid' => $uid,
                        'allow_cid' => $allow_cid,
                        'allow_gid' => $allow_gid,
                        'deny_cid'  => $deny_cid,
                        'deny_gid'  => $deny_gid
                ];

                try {
                        $permissionset = $this->selectFirst($condition);
                } catch(HTTPException\NotFoundException $exception) {
                        $permissionset = $this->insert($condition);
                }

                return $permissionset->id;
        }

        /**
         * Returns a permission set collection for a given contact
         *
         * @param integer $contact_id Contact id of the visitor
         * @param integer $uid        User id whom the items belong, used for ownership check.
         *
         * @return Collection\PermissionSets
         * @throws \Exception
         */
        public function selectByContactId($contact_id, $uid)
        {
                $cdata = Model\Contact::getPublicAndUserContacID($contact_id, $uid);
                if (!empty($cdata)) {
                        $public_contact_str = '<' . $cdata['public'] . '>';
                        $user_contact_str = '<' . $cdata['user'] . '>';
                        $contact_id = $cdata['user'];
                } else {
                        $public_contact_str = '<' . $contact_id . '>';
                        $user_contact_str = '';
                }

                $groups = [];
                if (!empty($user_contact_str) && $this->dba->exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
                        $groups = Model\Group::getIdsByContactId($contact_id);
                }

                $group_str = '<<>>'; // should be impossible to match
                foreach ($groups as $group_id) {
                        $group_str .= '|<' . preg_quote($group_id) . '>';
                }

                if (!empty($user_contact_str)) {
                        $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR `deny_cid` REGEXP ? OR deny_gid REGEXP ?)
                                AND (allow_cid REGEXP ? OR allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
                                $uid, $user_contact_str, $public_contact_str, $group_str,
                                $user_contact_str, $public_contact_str, $group_str];
                } else {
                        $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
                                AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
                                $uid, $public_contact_str, $group_str, $public_contact_str, $group_str];
                }

                return $this->select($condition);
        }
}