X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FUtil%2FSecurity.php;h=42333821602d7b123d7da520c175d21ceb0eacea;hb=a98957eeb29cfb142dfc4cd3e03c5bdfbc373466;hp=043c59d84f20a0fd1ed1023dd48dcd1ff9829017;hpb=1de3960e267a8d298348fbca18cf1be1f6a20f7a;p=friendica.git

diff --git a/src/Util/Security.php b/src/Util/Security.php
index 043c59d84f..4233382160 100644
--- a/src/Util/Security.php
+++ b/src/Util/Security.php
@@ -1,11 +1,26 @@
 <?php
 /**
- * @file /src/Util/Security.php
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
  */
 
 namespace Friendica\Util;
 
-use Friendica\BaseObject;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Group;
@@ -15,7 +30,7 @@ use Friendica\Core\Session;
 /**
  * Secures that User is allow to do requests
  */
-class Security extends BaseObject
+class Security
 {
 	public static function canWriteToUserWall($owner)
 	{
@@ -72,20 +87,32 @@ class Security extends BaseObject
 		return false;
 	}
 
-	public static function getPermissionsSQLByUserId($owner_id)
+	/**
+	 * Create a permission string for an element based on the visitor
+	 *
+	 * @param integer $owner_id   User ID of the owner of the element
+	 * @param boolean $accessible Should the element be accessible anyway?
+	 * @return string SQL permissions
+	 */
+	public static function getPermissionsSQLByUserId(int $owner_id, bool $accessible = false)
 	{
 		$local_user = local_user();
 		$remote_contact = Session::getRemoteContactID($owner_id);
+		$acc_sql = '';
+
+		if ($accessible) {
+			$acc_sql = ' OR `accessible`';
+		}
 
 		/*
 		 * Construct permissions
 		 *
 		 * default permissions - anonymous user
 		 */
-		$sql = " AND allow_cid = ''
+		$sql = " AND (allow_cid = ''
 			 AND allow_gid = ''
 			 AND deny_cid  = ''
-			 AND deny_gid  = '' ";
+			 AND deny_gid  = ''" . $acc_sql . ") ";
 
 		/*
 		 * Profile owner - everything is visible
@@ -108,7 +135,8 @@ class Security extends BaseObject
 
 			$sql = sprintf(
 				" AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
-				  AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ",
+				  AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s'
+				  OR (allow_cid = '' AND allow_gid = ''))" . $acc_sql . ") ",
 				intval($remote_contact),
 				DBA::escape($gs),
 				intval($remote_contact),