]> git.mxchange.org Git - friendica.git/blobdiff - include/security.php
Moved global PAGE_* to Profile class (#5500)
[friendica.git] / include / security.php
index cd24279119c889cae44814caadd0ef11c659d7cd..af18a281a6e4d49a2f0da5e264d72917a6a619be 100644 (file)
@@ -9,8 +9,10 @@ use Friendica\Core\L10n;
 use Friendica\Core\PConfig;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
+use Friendica\Model\Contact;
 use Friendica\Model\Group;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Model\PermissionSet;
 
 /**
  * @brief Calculate the hash that is needed for the "Friendica" cookie
@@ -241,9 +243,9 @@ function can_write_wall($owner)
                                AND `user`.`blockwall` = 0 AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
                                intval($owner),
                                intval($cid),
-                               intval(CONTACT_IS_SHARING),
-                               intval(CONTACT_IS_FRIEND),
-                               intval(PAGE_COMMUNITY)
+                               intval(Contact::SHARING),
+                               intval(Contact::FRIEND),
+                               intval(Contact::PAGE_COMMUNITY)
                        );
 
                        if (DBA::isResult($r)) {
@@ -341,12 +343,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
         *
         * default permissions - anonymous user
         */
-       $sql = " AND `item`.allow_cid = ''
-                        AND `item`.allow_gid = ''
-                        AND `item`.deny_cid  = ''
-                        AND `item`.deny_gid  = ''
-                        AND `item`.private != 1
-       ";
+       $sql = " AND NOT `item`.`private`";
 
        // Profile owner - everything is visible
        if ($local_user && ($local_user == $owner_id)) {
@@ -359,37 +356,15 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
                 * If pre-verified, the caller is expected to have already
                 * done this and passed the groups into this function.
                 */
-               if (!$remote_verified) {
-                       $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1",
-                               intval($remote_user),
-                               intval($owner_id)
-                       );
-                       if (DBA::isResult($r)) {
-                               $remote_verified = true;
-                               $groups = Group::getIdsByContactId($remote_user);
-                       }
-               }
-               if ($remote_verified) {
-
-                       $gs = '<<>>'; // should be impossible to match
+               $set = PermissionSet::get($owner_id, $remote_user, $groups);
 
-                       if (is_array($groups) && count($groups)) {
-                               foreach ($groups as $g) {
-                                       $gs .= '|<' . intval($g) . '>';
-                               }
-                       }
-
-                       $sql = sprintf(
-                               " AND ( `item`.private = 0 OR ( `item`.private in (1,2) AND `item`.`wall` = 1
-                                 AND ( NOT (`item`.deny_cid REGEXP '<%d>' OR `item`.deny_gid REGEXP '%s')
-                                 AND ( `item`.allow_cid REGEXP '<%d>' OR `item`.allow_gid REGEXP '%s' OR ( `item`.allow_cid = '' AND `item`.allow_gid = '')))))
-                               ",
-                               intval($remote_user),
-                               DBA::escape($gs),
-                               intval($remote_user),
-                               DBA::escape($gs)
-                       );
+               if (!empty($set)) {
+                       $sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))";
+               } else {
+                       $sql_set = '';
                }
+
+               $sql = " AND (NOT `item`.`private`" . $sql_set . ")";
        }
 
        return $sql;