implement "moderate" flag on items

[friendica.git] / mod / display.php

diff --git a/mod/display.php b/mod/display.php
old mode 100644 (file)
new mode 100755 (executable)
index fdb93e4..02f080a
--- a/mod/display.php
+++ b/mod/display.php
@@ -15,6 +15,9 @@ function display_content(&$a) {
 
        $o = '<div id="live-display"></div>' . "\r\n";
 
+       $a->page['htmlhead'] .= '<script>$(document).ready(function() { $(".comment-edit-wrapper  textarea").contact_autocomplete(baseurl+"/acl"); });</script>';
+
+
        $nick = (($a->argc > 1) ? $a->argv[1] : '');
        profile_load($a,$nick);
 
@@ -26,8 +29,6 @@ function display_content(&$a) {
                return;
        }
 
-
-
        $groups = array();
 
        $contact = null;
@@ -59,42 +60,14 @@ function display_content(&$a) {
        if(count($r))
                $a->page_contact = $r[0];
 
-       $sql_extra = "
-               AND `allow_cid` = '' 
-               AND `allow_gid` = '' 
-               AND `deny_cid`  = '' 
-               AND `deny_gid`  = '' 
-       ";
-
+       $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
 
-       // Profile owner - everything is visible
-
-       if(local_user() && (local_user() == $a->profile['uid'])) {
-               $sql_extra = '';                
+       if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
+               notice( t('Access to this profile has been restricted.') . EOL);
+               return;
        }
 
-       // authenticated visitor - here lie dragons
-       // If $remotecontact is true, we know that not only is this a remotely authenticated
-       // person, but that it is *our* contact, which is important in multi-user mode.
-
-       elseif($remote_contact) {
-               $gs = '<<>>'; // should be impossible to match
-               if(count($groups)) {
-                       foreach($groups as $g)
-                               $gs .= '|<' . intval($g) . '>';
-               } 
-               $sql_extra = sprintf(
-                       " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
-                         AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
-                         AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
-                         AND ( `deny_gid`  = '' OR  NOT `deny_gid` REGEXP '%s') ",
-
-                       intval($_SESSION['visitor_id']),
-                       intval($_SESSION['visitor_id']),
-                       dbesc($gs),
-                       dbesc($gs)
-               );
-       }
+       $sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups);
 
        $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, 
                `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@@ -102,6 +75,7 @@ function display_content(&$a) {
                `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
                FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
                WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+               and `item`.`moderated` = 0
                AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
                AND `item`.`parent` = ( SELECT `parent` FROM `item` WHERE ( `id` = '%s' OR `uri` = '%s' ))
                $sql_extra
@@ -144,8 +118,6 @@ function display_content(&$a) {
 
        }
 
-       $o .= '<div class="cc-license">' . t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.') . '</div>';
-
        return $o;
 }