3 namespace Friendica\Repository;
5 use Friendica\BaseRepository;
6 use Friendica\Collection;
7 use Friendica\Database\Database;
9 use Friendica\Model\Group;
10 use Friendica\Network\HTTPException;
11 use Friendica\Util\ACLFormatter;
12 use Psr\Log\LoggerInterface;
14 class PermissionSet extends BaseRepository
16 protected static $table_name = 'permissionset';
18 protected static $model_class = Model\PermissionSet::class;
20 protected static $collection_class = Collection\PermissionSets::class;
22 /** @var ACLFormatter */
23 private $aclFormatter;
25 public function __construct(Database $dba, LoggerInterface $logger, ACLFormatter $aclFormatter)
27 parent::__construct($dba, $logger);
29 $this->aclFormatter = $aclFormatter;
34 * @return Model\PermissionSet
36 protected function create(array $data)
38 return new Model\PermissionSet($this->dba, $this->logger, $data);
42 * @param array $condition
43 * @return Model\PermissionSet
44 * @throws \Friendica\Network\HTTPException\NotFoundException
46 public function selectFirst(array $condition)
48 if (isset($condition['id']) && !$condition['id']) {
49 return $this->create([
51 'uid' => $condition['uid'] ?? 0,
59 return parent::selectFirst($condition);
63 * @param array $condition
64 * @param array $params
65 * @return Collection\PermissionSets
68 public function select(array $condition = [], array $params = [])
70 return parent::select($condition, $params);
74 * @param array $condition
75 * @param array $params
76 * @param int|null $max_id
77 * @param int|null $since_id
79 * @return Collection\PermissionSets
82 public function selectByBoundaries(array $condition = [], array $params = [], int $max_id = null, int $since_id = null, int $limit = self::LIMIT)
84 return parent::selectByBoundaries($condition, $params, $max_id, $since_id, $limit);
88 * Fetch the id of a given permission set. Generate a new one when needed
91 * @param string|null $allow_cid Allowed contact IDs - empty = everyone
92 * @param string|null $allow_gid Allowed group IDs - empty = everyone
93 * @param string|null $deny_cid Disallowed contact IDs - empty = no one
94 * @param string|null $deny_gid Disallowed group IDs - empty = no one
98 public function getIdFromACL(
100 string $allow_cid = null,
101 string $allow_gid = null,
102 string $deny_cid = null,
103 string $deny_gid = null
105 $allow_cid = $this->aclFormatter->sanitize($allow_cid);
106 $allow_gid = $this->aclFormatter->sanitize($allow_gid);
107 $deny_cid = $this->aclFormatter->sanitize($deny_cid);
108 $deny_gid = $this->aclFormatter->sanitize($deny_gid);
111 if (!$allow_cid && !$allow_gid && !$deny_cid && !$deny_gid) {
117 'allow_cid' => $allow_cid,
118 'allow_gid' => $allow_gid,
119 'deny_cid' => $deny_cid,
120 'deny_gid' => $deny_gid
124 $permissionset = $this->selectFirst($condition);
125 } catch(HTTPException\NotFoundException $exception) {
126 $permissionset = $this->insert($condition);
129 return $permissionset->id;
133 * Returns a permission set collection for a given contact
135 * @param integer $contact_id Contact id of the visitor
136 * @param integer $uid User id whom the items belong, used for ownership check.
138 * @return Collection\PermissionSets
141 public function selectByContactId($contact_id, $uid)
144 if ($this->dba->exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
145 $groups = Group::getIdsByContactId($contact_id);
148 $group_str = '<<>>'; // should be impossible to match
149 foreach ($groups as $group_id) {
150 $group_str .= '|<' . preg_quote($group_id) . '>';
153 $contact_str = '<' . $contact_id . '>';
155 $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
156 AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
157 $uid, $contact_str, $group_str, $contact_str, $group_str];
159 return $this->select($condition);