Merge pull request #8912 from annando/subscribed-tags

[friendica.git] / src / Util / Security.php

diff --git a/src/Util/Security.php b/src/Util/Security.php
index a269ca88c168723907b0ef2180d471cd40ac359e..42333821602d7b123d7da520c175d21ceb0eacea 100644 (file)
--- a/src/Util/Security.php
+++ b/src/Util/Security.php
@@ -1,6 +1,22 @@
 <?php
 /**
- * @file /src/Util/Security.php
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
  */
 
 namespace Friendica\Util;
@@ -71,20 +87,32 @@ class Security
                return false;
        }
 
-       public static function getPermissionsSQLByUserId($owner_id)
+       /**
+        * Create a permission string for an element based on the visitor
+        *
+        * @param integer $owner_id   User ID of the owner of the element
+        * @param boolean $accessible Should the element be accessible anyway?
+        * @return string SQL permissions
+        */
+       public static function getPermissionsSQLByUserId(int $owner_id, bool $accessible = false)
        {
                $local_user = local_user();
                $remote_contact = Session::getRemoteContactID($owner_id);
+               $acc_sql = '';
+
+               if ($accessible) {
+                       $acc_sql = ' OR `accessible`';
+               }
 
                /*
                 * Construct permissions
                 *
                 * default permissions - anonymous user
                 */
-               $sql = " AND allow_cid = ''
+               $sql = " AND (allow_cid = ''
                         AND allow_gid = ''
                         AND deny_cid  = ''
-                        AND deny_gid  = '' ";
+                        AND deny_gid  = ''" . $acc_sql . ") ";
 
                /*
                 * Profile owner - everything is visible
@@ -107,7 +135,8 @@ class Security
 
                        $sql = sprintf(
                                " AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
-                                 AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ",
+                                 AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s'
+                                 OR (allow_cid = '' AND allow_gid = ''))" . $acc_sql . ") ",
                                intval($remote_contact),
                                DBA::escape($gs),
                                intval($remote_contact),