src/Repository/PermissionSet.php

   1 <?php
   2
   3 namespace Friendica\Repository;
   4
   5 use Friendica\BaseRepository;
   6 use Friendica\Collection;
   7 use Friendica\Database\Database;
   8 use Friendica\Model;
   9 use Friendica\Model\Group;
  10 use Friendica\Network\HTTPException;
  11 use Friendica\Util\ACLFormatter;
  12 use Psr\Log\LoggerInterface;
  13
  14 class PermissionSet extends BaseRepository
  15 {
  16         protected static $table_name = 'permissionset';
  17
  18         protected static $model_class = Model\PermissionSet::class;
  19
  20         protected static $collection_class = Collection\PermissionSets::class;
  21
  22         /** @var ACLFormatter */
  23         private $aclFormatter;
  24
  25         public function __construct(Database $dba, LoggerInterface $logger, ACLFormatter $aclFormatter)
  26         {
  27                 parent::__construct($dba, $logger);
  28
  29                 $this->aclFormatter = $aclFormatter;
  30         }
  31
  32         /**
  33          * @param array $data
  34          * @return Model\PermissionSet
  35          */
  36         protected function create(array $data)
  37         {
  38                 return new Model\PermissionSet($this->dba, $this->logger, $data);
  39         }
  40
  41         /**
  42          * @param array $condition
  43          * @return Model\PermissionSet
  44          * @throws \Friendica\Network\HTTPException\NotFoundException
  45          */
  46         public function selectFirst(array $condition)
  47         {
  48                 if (isset($condition['id']) && !$condition['id']) {
  49                         return $this->create([
  50                                 'id' => 0,
  51                                 'uid' => $condition['uid'] ?? 0,
  52                                 'allow_cid' => '',
  53                                 'allow_gid' => '',
  54                                 'deny_cid' => '',
  55                                 'deny_gid' => '',
  56                         ]);
  57                 }
  58
  59                 return parent::selectFirst($condition);
  60         }
  61
  62         /**
  63          * @param array $condition
  64          * @param array $params
  65          * @return Collection\PermissionSets
  66          * @throws \Exception
  67          */
  68         public function select(array $condition = [], array $params = [])
  69         {
  70                 return parent::select($condition, $params);
  71         }
  72
  73         /**
  74          * @param array $condition
  75          * @param array $params
  76          * @param int|null $max_id
  77          * @param int|null $since_id
  78          * @param int $limit
  79          * @return Collection\PermissionSets
  80          * @throws \Exception
  81          */
  82         public function selectByBoundaries(array $condition = [], array $params = [], int $max_id = null, int $since_id = null, int $limit = self::LIMIT)
  83         {
  84                 return parent::selectByBoundaries($condition, $params, $max_id, $since_id, $limit);
  85         }
  86
  87         /**
  88          * Fetch the id of a given permission set. Generate a new one when needed
  89          *
  90          * @param int         $uid
  91          * @param string|null $allow_cid Allowed contact IDs    - empty = everyone
  92          * @param string|null $allow_gid Allowed group IDs      - empty = everyone
  93          * @param string|null $deny_cid  Disallowed contact IDs - empty = no one
  94          * @param string|null $deny_gid  Disallowed group IDs   - empty = no one
  95          * @return int id
  96          * @throws \Exception
  97          */
  98         public function getIdFromACL(
  99                 int $uid,
 100                 string $allow_cid = null,
 101                 string $allow_gid = null,
 102                 string $deny_cid = null,
 103                 string $deny_gid = null
 104         ) {
 105                 $allow_cid = $this->aclFormatter->sanitize($allow_cid);
 106                 $allow_gid = $this->aclFormatter->sanitize($allow_gid);
 107                 $deny_cid = $this->aclFormatter->sanitize($deny_cid);
 108                 $deny_gid = $this->aclFormatter->sanitize($deny_gid);
 109
 110                 // Public permission
 111                 if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
 112                         return 0;
 113                 }
 114
 115                 $condition = [
 116                         'uid' => $uid,
 117                         'allow_cid' => $allow_cid,
 118                         'allow_gid' => $allow_gid,
 119                         'deny_cid'  => $deny_cid,
 120                         'deny_gid'  => $deny_gid
 121                 ];
 122
 123                 try {
 124                         $permissionset = $this->selectFirst($condition);
 125                 } catch(HTTPException\NotFoundException $exception) {
 126                         $permissionset = $this->insert($condition);
 127                 }
 128
 129                 return $permissionset->id;
 130         }
 131
 132         /**
 133          * Returns a permission set collection for a given contact
 134          *
 135          * @param integer $contact_id Contact id of the visitor
 136          * @param integer $uid        User id whom the items belong, used for ownership check.
 137          *
 138          * @return Collection\PermissionSets
 139          * @throws \Exception
 140          */
 141         public function selectByContactId($contact_id, $uid)
 142         {
 143                 $groups = [];
 144                 if ($this->dba->exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
 145                         $groups = Group::getIdsByContactId($contact_id);
 146                 }
 147
 148                 $group_str = '<<>>'; // should be impossible to match
 149                 foreach ($groups as $group_id) {
 150                         $group_str .= '|<' . preg_quote($group_id) . '>';
 151                 }
 152
 153                 $contact_str = '<' . $contact_id . '>';
 154
 155                 $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
 156                         AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
 157                         $uid, $contact_str, $group_str, $contact_str, $group_str];
 158
 159                 return $this->select($condition);
 160         }
 161 }