X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fitem.php;h=bfb865b790553d3ee293acfc40f117a4beba0652;hb=3972fe62fe8afb3791e9d6526e7665501a577b81;hp=75f234a759ff8f4be4f72ffa4ba49750748c95a4;hpb=a4f7fddf411d874fb921e3ec395a10ccfcbc7c8a;p=friendica.git

diff --git a/mod/item.php b/mod/item.php
index 75f234a759..bfb865b790 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2021, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -40,11 +40,13 @@ use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\DI;
+use Friendica\Model\APContact;
 use Friendica\Model\Attach;
 use Friendica\Model\Contact;
 use Friendica\Model\Conversation;
 use Friendica\Model\FileTag;
 use Friendica\Model\Item;
+use Friendica\Model\ItemURI;
 use Friendica\Model\Notification;
 use Friendica\Model\Photo;
 use Friendica\Model\Post;
@@ -53,7 +55,6 @@ use Friendica\Model\User;
 use Friendica\Network\HTTPException;
 use Friendica\Object\EMail\ItemCCEMail;
 use Friendica\Protocol\Activity;
-use Friendica\Protocol\Diaspora;
 use Friendica\Security\Security;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\ParseUrl;
@@ -176,10 +177,11 @@ function item_post(App $a) {
 	}
 
 	// Allow commenting if it is an answer to a public post
-	$allow_comment = local_user() && ($profile_uid == 0) && $toplevel_item_id && in_array($toplevel_item['network'], Protocol::FEDERATED);
+	$allow_comment = local_user() && $toplevel_item_id && in_array($toplevel_item['private'], [Item::PUBLIC, Item::UNLISTED]) && in_array($toplevel_item['network'], Protocol::FEDERATED);
 
 	// Now check that valid personal details have been provided
 	if (!Security::canWriteToUserWall($profile_uid) && !$allow_comment) {
+		Logger::notice('Permission denied.', ['local' => local_user(), 'profile_uid' => $profile_uid, 'toplevel_item_id' => $toplevel_item_id, 'network' => $toplevel_item['network']]);
 		notice(DI::l10n()->t('Permission denied.'));
 		if ($return_path) {
 			DI::baseUrl()->redirect($return_path);
@@ -409,21 +411,22 @@ function item_post(App $a) {
 				}
 			}
 
-			$success = ItemHelper::replaceTag($body, $inform, local_user() ? local_user() : $profile_uid, $tag, $network);
-			if ($success['replaced']) {
-				$tagged[] = $tag;
-			}
-			// When the forum is private or the forum is addressed with a "!" make the post private
-			if (!empty($success['contact']['prv']) || ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION])) {
-				$private_forum = $success['contact']['prv'];
-				$only_to_forum = ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION]);
-				$private_id = $success['contact']['id'];
-				$forum_contact = $success['contact'];
-			} elseif (!empty($success['contact']['forum']) && ($str_contact_allow == '<' . $success['contact']['id'] . '>')) {
-				$private_forum = false;
-				$only_to_forum = true;
-				$private_id = $success['contact']['id'];
-				$forum_contact = $success['contact'];
+			if ($success = ItemHelper::replaceTag($body, $inform, local_user() ? local_user() : $profile_uid, $tag, $network)) {
+				if ($success['replaced']) {
+					$tagged[] = $tag;
+				}
+				// When the forum is private or the forum is addressed with a "!" make the post private
+				if (!empty($success['contact']['prv']) || ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION])) {
+					$private_forum = $success['contact']['prv'];
+					$only_to_forum = ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION]);
+					$private_id = $success['contact']['id'];
+					$forum_contact = $success['contact'];
+				} elseif (!empty($success['contact']['forum']) && ($str_contact_allow == '<' . $success['contact']['id'] . '>')) {
+					$private_forum = false;
+					$only_to_forum = true;
+					$private_id = $success['contact']['id'];
+					$forum_contact = $success['contact'];
+				}
 			}
 		}
 
@@ -434,20 +437,33 @@ function item_post(App $a) {
 
 	if (!$toplevel_item_id && !empty($forum_contact) && ($private_forum || $only_to_forum)) {
 		// we tagged a forum in a top level post. Now we change the post
-		$private = $private_forum;
+		$private = $private_forum ? Item::PRIVATE : Item::UNLISTED;
 
-		$str_group_allow = '';
-		$str_contact_deny = '';
-		$str_group_deny = '';
-		if ($private_forum) {
-			$str_contact_allow = '<' . $private_id . '>';
-		} else {
+		if ($only_to_forum) {
+			$postopts = '';
+		}
+
+		if (!$private_forum) {
 			$str_contact_allow = '';
+			$str_group_allow   = '';
+			$str_contact_deny  = '';
+			$str_group_deny    = '';
+		}
+
+		if ($private_forum || !APContact::getByURL($forum_contact['url'])) {
+			$str_group_allow = '';
+			$str_contact_deny = '';
+			$str_group_deny = '';
+			if ($private_forum) {
+				$str_contact_allow = '<' . $private_id . '>';
+			} else {
+				$str_contact_allow = '';
+			}
+			$contact_id = $private_id;
+			$contact_record = $forum_contact;
+			$_REQUEST['origin'] = false;
+			$wall = 0;
 		}
-		$contact_id = $private_id;
-		$contact_record = $forum_contact;
-		$_REQUEST['origin'] = false;
-		$wall = 0;
 	}
 
 	/*
@@ -613,6 +629,8 @@ function item_post(App $a) {
 	$datarray['origin']        = $origin;
 	$datarray['object']        = $object;
 
+	$datarray['attachments']   = $_REQUEST['attachments'] ?? [];
+
 	/*
 	 * These fields are for the convenience of addons...
 	 * 'self' if true indicates the owner is posting on their own wall
@@ -660,13 +678,30 @@ function item_post(App $a) {
 		$datarray["uri-id"] = -1;
 		$datarray["author-network"] = Protocol::DFRN;
 
-		$o = conversation($a, [array_merge($contact_record, $datarray)], 'search', false, true);
+		$o = DI::conversation()->create([array_merge($contact_record, $datarray)], 'search', false, true);
 
 		System::jsonExit(['preview' => $o]);
 	}
 
 	Hook::callAll('post_local',$datarray);
 
+	if (!empty($_REQUEST['scheduled_at'])) {
+		$scheduled_at = DateTimeFormat::convert($_REQUEST['scheduled_at'], 'UTC', $a->getTimeZone());
+		if ($scheduled_at > DateTimeFormat::utcNow()) {
+			unset($datarray['created']);
+			unset($datarray['edited']);
+			unset($datarray['commented']);
+			unset($datarray['received']);
+			unset($datarray['changed']);
+			unset($datarray['edit']);
+			unset($datarray['self']);
+			unset($datarray['api_source']);
+
+			Post\Delayed::add($datarray['uri'], $datarray, PRIORITY_HIGH, Post\Delayed::PREPARED_NO_HOOK, $scheduled_at);
+			item_post_return(DI::baseUrl(), $api_source, $return_path);
+		}
+	}
+
 	if (!empty($datarray['cancel'])) {
 		Logger::info('mod_item: post cancelled by addon.');
 		if ($return_path) {
@@ -681,6 +716,8 @@ function item_post(App $a) {
 		System::jsonExit($json);
 	}
 
+	$datarray['uri-id'] = ItemURI::getIdByURI($datarray['uri']);
+
 	if ($orig_post)	{
 		// Fill the cache field
 		// This could be done in Item::update as well - but we have to check for the existance of some fields.
@@ -709,13 +746,6 @@ function item_post(App $a) {
 	unset($datarray['self']);
 	unset($datarray['api_source']);
 
-	if ($origin) {
-		$signed = Diaspora::createCommentSignature($uid, $datarray);
-		if (!empty($signed)) {
-			$datarray['diaspora_signed_text'] = json_encode($signed);
-		}
-	}
-
 	$post_id = Item::insert($datarray);
 
 	if (!$post_id) {
@@ -902,6 +932,7 @@ function drop_item(int $id, string $return = '')
 
 		item_redirect_after_action($item, $return);
 	} else {
+		Logger::notice('Permission denied.', ['local' => local_user(), 'uid' => $item['uid'], 'cid' => $contact_id]);
 		notice(DI::l10n()->t('Permission denied.'));
 		DI::baseUrl()->redirect('display/' . $item['guid']);
 		//NOTREACHED