3 * @copyright Copyright (C) 2010-2021, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Security\PermissionSet\Repository;
25 use Friendica\BaseRepository;
26 use Friendica\Database\Database;
27 use Friendica\Model\Contact;
28 use Friendica\Model\Group;
29 use Friendica\Network\HTTPException\NotFoundException;
30 use Friendica\Security\PermissionSet\Exception\PermissionSetNotFoundException;
31 use Friendica\Security\PermissionSet\Exception\PermissionSetPersistenceException;
32 use Friendica\Security\PermissionSet\Factory;
33 use Friendica\Security\PermissionSet\Collection;
34 use Friendica\Security\PermissionSet\Entity;
35 use Friendica\Util\ACLFormatter;
36 use Psr\Log\LoggerInterface;
38 class PermissionSet extends BaseRepository
40 /** @var int Virtual permission set id for public permission */
43 /** @var Factory\PermissionSet */
46 protected static $table_name = 'permissionset';
48 /** @var ACLFormatter */
49 private $aclFormatter;
51 public function __construct(Database $database, LoggerInterface $logger, Factory\PermissionSet $factory, ACLFormatter $aclFormatter)
53 parent::__construct($database, $logger, $factory);
55 $this->aclFormatter = $aclFormatter;
59 * @param array $condition
60 * @param array $params
62 * @return Entity\PermissionSet
63 * @throws NotFoundException
66 private function selectOne(array $condition, array $params = []): Entity\PermissionSet
68 return parent::_selectOne($condition, $params);
74 private function select(array $condition, array $params = []): Collection\PermissionSets
76 return new Collection\PermissionSets(parent::_select($condition, $params)->getArrayCopy());
80 * Converts a given PermissionSet into a DB compatible row array
82 * @param Entity\PermissionSet $permissionSet
86 protected function convertToTableRow(Entity\PermissionSet $permissionSet): array
89 'uid' => $permissionSet->uid,
90 'allow_cid' => $this->aclFormatter->toString($permissionSet->allow_cid),
91 'allow_gid' => $this->aclFormatter->toString($permissionSet->allow_gid),
92 'deny_cid' => $this->aclFormatter->toString($permissionSet->deny_cid),
93 'deny_gid' => $this->aclFormatter->toString($permissionSet->deny_gid),
98 * @param int $id A PermissionSet table row id or self::PUBLIC
99 * @param int $uid The owner of the PermissionSet
100 * @return Entity\PermissionSet
102 * @throws PermissionSetNotFoundException
103 * @throws PermissionSetPersistenceException
105 public function selectOneById(int $id, int $uid): Entity\PermissionSet
107 if ($id === self::PUBLIC) {
108 return $this->factory->createFromString($uid);
112 return $this->selectOne(['id' => $id, 'uid' => $uid]);
113 } catch (NotFoundException $exception) {
114 throw new PermissionSetNotFoundException(sprintf('PermissionSet with id %d for user %u doesn\'t exist.', $id, $uid), $exception);
115 } catch (Exception $exception) {
116 throw new PermissionSetPersistenceException(sprintf('Cannot select PermissionSet %d for user %d', $id, $uid), $exception);
121 * Returns a permission set collection for a given contact
123 * @param int $cid Contact id of the visitor
124 * @param int $uid User id whom the items belong, used for ownership check.
126 * @return Collection\PermissionSets
128 * @throws PermissionSetPersistenceException
130 public function selectByContactId(int $cid, int $uid): Collection\PermissionSets
133 $cdata = Contact::getPublicAndUserContactID($cid, $uid);
134 if (!empty($cdata)) {
135 $public_contact_str = $this->aclFormatter->toString($cdata['public']);
136 $user_contact_str = $this->aclFormatter->toString($cdata['user']);
137 $cid = $cdata['user'];
139 $public_contact_str = $this->aclFormatter->toString($cid);
140 $user_contact_str = '';
144 if (!empty($user_contact_str) && $this->db->exists('contact', [
149 $groups = Group::getIdsByContactId($cid);
152 $group_str = '<<>>'; // should be impossible to match
153 foreach ($groups as $group_id) {
154 $group_str .= '|<' . preg_quote($group_id) . '>';
157 if (!empty($user_contact_str)) {
158 $condition = ["`uid` = ? AND (NOT (LOCATE(?, `deny_cid`) OR LOCATE(?, `deny_cid`) OR deny_gid REGEXP ?)
159 AND (LOCATE(?, allow_cid) OR LOCATE(?, allow_cid) OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
160 $uid, $user_contact_str, $public_contact_str, $group_str,
161 $user_contact_str, $public_contact_str, $group_str];
163 $condition = ["`uid` = ? AND (NOT (LOCATE(?, `deny_cid`) OR deny_gid REGEXP ?)
164 AND (LOCATE(?, allow_cid) OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
165 $uid, $public_contact_str, $group_str, $public_contact_str, $group_str];
168 return $this->select($condition);
169 } catch (Exception $exception) {
170 throw new PermissionSetPersistenceException(sprintf('Cannot select PermissionSet for contact %d and user %d', $cid, $uid), $exception);
175 * Fetch the default PermissionSet for a given user, create it if it doesn't exist
179 * @return Entity\PermissionSet
181 * @throws PermissionSetPersistenceException
183 public function selectDefaultForUser(int $uid): Entity\PermissionSet
186 $self_contact = Contact::selectFirst(['id'], ['uid' => $uid, 'self' => true]);
187 } catch (Exception $exception) {
188 throw new PermissionSetPersistenceException(sprintf('Cannot select Contact for user %d', $uid));
191 if (!$this->db->isResult($self_contact)) {
192 throw new PermissionSetPersistenceException(sprintf('No "self" contact found for user %d', $uid));
195 return $this->selectOrCreate($this->factory->createFromString(
197 $this->aclFormatter->toString($self_contact['id'])
202 * Fetch the public PermissionSet
206 * @return Entity\PermissionSet
208 public function selectPublicForUser(int $uid): Entity\PermissionSet
210 return $this->factory->createFromString($uid, '', '', '', '', self::PUBLIC);
214 * Selects or creates a PermissionSet based on it's fields
216 * @param Entity\PermissionSet $permissionSet
218 * @return Entity\PermissionSet
220 * @throws PermissionSetPersistenceException
222 public function selectOrCreate(Entity\PermissionSet $permissionSet): Entity\PermissionSet
224 if ($permissionSet->id) {
225 return $permissionSet;
228 // Don't select/update Public permission sets
229 if ($permissionSet->isPublic()) {
230 return $this->selectPublicForUser($permissionSet->uid);
234 return $this->selectOne($this->convertToTableRow($permissionSet));
235 } catch (NotFoundException $exception) {
236 return $this->save($permissionSet);
237 } catch (Exception $exception) {
238 throw new PermissionSetPersistenceException(sprintf('Cannot select PermissionSet %d', $permissionSet->id ?? 0), $exception);
243 * @param Entity\PermissionSet $permissionSet
245 * @return Entity\PermissionSet
247 * @throws PermissionSetPersistenceException
249 public function save(Entity\PermissionSet $permissionSet): Entity\PermissionSet
251 // Don't save/update the common public PermissionSet
252 if ($permissionSet->isPublic()) {
253 return $this->selectPublicForUser($permissionSet->uid);
256 $fields = $this->convertToTableRow($permissionSet);
259 if ($permissionSet->id) {
260 $this->db->update(self::$table_name, $fields, ['id' => $permissionSet->id]);
262 $this->db->insert(self::$table_name, $fields);
264 $permissionSet = $this->selectOneById($this->db->lastInsertId(), $permissionSet->uid);
266 } catch (Exception $exception) {
267 throw new PermissionSetPersistenceException(sprintf('Cannot save PermissionSet %d', $permissionSet->id ?? 0), $exception);
270 return $permissionSet;