function cal_init(App $a)
{
- if ($a->argc > 1) {
- DFRN::autoRedir($a, $a->argv[1]);
- }
-
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
}
$contact_id = remote_user($a->profile['profile_uid']);
}
- $groups = [];
if ($contact_id) {
- $groups = Group::getIdsByContactId($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($a->profile['profile_uid'])
}
// get the permissions
- $sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+ $sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
// we only want to have the events of the profile owner
$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;
$nick = $a->user["nickname"];
}
// Is this item private but could be visible to the remove visitor?
- } elseif (remote_user()) {
+ } elseif (remote_user($item['uid'])) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
if (DBA::isResult($item)) {
- if (!Contact::isFollower(remote_user(), $item['uid'])) {
- $item = null;
- } else {
- $item_user = $item['uid'];
- }
+ $item_user = $item['uid'];
}
}
$item_parent = $item["parent"];
$item_parent_uri = $item['parent-uri'];
}
- } elseif (remote_user()) {
+ } elseif (remote_user($item['uid'])) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
- if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) {
+ if (DBA::isResult($item)) {
$item_id = $item["id"];
$item_parent = $item["parent"];
$item_parent_uri = $item['parent-uri'];
['$alternate' => $alternate,
'$conversation' => $conversation]);
- $groups = [];
- $remote_cid = null;
$is_remote_contact = false;
$item_uid = local_user();
if (DBA::isResult($parent)) {
$a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']);
$a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']);
- $is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
-
+ $is_remote_contact = remote_user($a->profile['profile_uid']);
if ($is_remote_contact) {
- $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
- if (!empty($cdata['user'])) {
- $groups = Group::getIdsByContactId($cdata['user']);
- $remote_cid = $cdata['user'];
- $item_uid = $parent['uid'];
- }
+ $item_uid = $parent['uid'];
}
}
}
if (DBA::isResult($page_contact)) {
$a->page_contact = $page_contact;
}
+
$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) {
];
$o .= status_editor($a, $x, 0, true);
}
- $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid);
+ $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
if (local_user() && (local_user() == $a->profile['profile_uid'])) {
$condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true];
function photos_init(App $a) {
- if ($a->argc > 1) {
- DFRN::autoRedir($a, $a->argv[1]);
- }
-
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return;
}
$can_post = true;
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid);
-
- if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
- $can_post = true;
- $visitor = $contact_id;
- }
+ $can_post = true;
+ $visitor = $contact_id;
}
if (!$can_post) {
}
}
- $groups = [];
-
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid);
- $groups = Group::getIdsByContactId($contact_id);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
return;
}
- $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+ $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact);
$o = "";
function videos_init(App $a)
{
- if ($a->argc > 1) {
- DFRN::autoRedir($a, $a->argv[1]);
- }
-
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
return;
}
$can_post = true;
} elseif ($community_page && !empty(remote_user($owner_uid))) {
$contact_id = remote_user($owner_uid);
-
- $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($owner_uid)
- );
-
- if (DBA::isResult($r)) {
- $can_post = true;
- $remote_contact = true;
- $visitor = $contact_id;
- }
+ $can_post = true;
+ $remote_contact = true;
+ $visitor = $contact_id;
}
- $groups = [];
-
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid);
-
- if ($contact_id > 0) {
- $groups = Group::getIdsByContactId($contact_id);
- $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($owner_uid)
- );
-
- if (DBA::isResult($r)) {
- $remote_contact = true;
- }
- }
+ $remote_contact = true;
}
- if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) {
+ if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) {
notice(L10n::t('Access to this item is restricted.') . EOL);
return;
}
- $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+ $sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
$o = "";
}
}
- public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null)
+ public static function getPermissionsSQLByUserId($owner_id)
{
$local_user = local_user();
$remote_user = remote_user($owner_id);
- if (is_null($remote_cid)) {
- $remote_cid = $remote_user;
- }
-
/*
* Construct permissions
*
* If pre-verified, the caller is expected to have already
* done this and passed the groups into this function.
*/
- $set = PermissionSet::get($owner_id, $remote_cid, $groups);
+ $set = PermissionSet::get($owner_id, $remote_user);
if (!empty($set)) {
$sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))";
*
* @param integer $uid User id whom the items belong
* @param integer $contact_id Contact id of the visitor
- * @param array $groups Possibly previously fetched group ids for that contact
*
* @return array of permission set ids.
* @throws \Exception
*/
-
- static public function get($uid, $contact_id, $groups = null)
+ static public function get($uid, $contact_id)
{
- if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
+ if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
$groups = Group::getIdsByContactId($contact_id);
}
if (empty($groups) || !is_array($groups)) {
return [];
}
+
$group_str = '<<>>'; // should be impossible to match
foreach ($groups as $g) {
*/
public static function getPhoto($resourceid, $scale = 0)
{
- $r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]);
- if ($r === false) {
+ $r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
+ if (!DBA::isResult($r)) {
return false;
}
- $uid = $r["uid"];
- // This is the first place, when retrieving just a photo, that we know who owns the photo.
- // Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
- // make sure that the requester's session is appropriately authenticated to that user
- // otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
- if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
- $r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
- // this will either just return (if auth all ok) or will redirect and exit (starting over)
- DFRN::autoRedir(self::getApp(), $r["nickname"]);
- }
+ $uid = $r["uid"];
$sql_acl = Security::getPermissionsSQLByUserId($uid);
- $conditions = [
- "`resource-id` = ? AND `scale` <= ? " . $sql_acl,
- $resourceid, $scale
- ];
-
+ $conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
$params = ["order" => ["scale" => true]];
-
$photo = self::selectFirst([], $conditions, $params);
return $photo;
if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') {
self::$which = $a->user['nickname'];
self::$profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT);
- } else {
- DFRN::autoRedir($a, self::$which);
}
}
return Login::form();
}
- $groups = [];
- $remote_cid = null;
-
$o = '';
if ($update) {
$is_owner = local_user() == $a->profile['profile_uid'];
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact;
- if ($remote_contact) {
- $cdata = ContactModel::getPublicAndUserContacID($remote_contact, $a->profile['profile_uid']);
- if (!empty($cdata['user'])) {
- $groups = Group::getIdsByContactId($cdata['user']);
- $remote_cid = $cdata['user'];
- }
- }
-
if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
notice(L10n::t('Access to this profile has been restricted.') . EOL);
return '';
}
// Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
- $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups, $remote_cid);
+ $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
$sql_extra2 = '';
$last_updated_array = Session::get('last_updated', []);
return 200;
}
- /**
- * @param App $a App
- * @param string $contact_nick contact nickname
- * @throws \Friendica\Network\HTTPException\InternalServerErrorException
- */
- public static function autoRedir(App $a, $contact_nick)
- {
- // prevent looping
- if (!empty($_REQUEST['redir'])) {
- Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG);
- // looping prevention also appears to sometimes prevent authentication for images
- // because browser may have multiple connections open and load an image on a connection
- // whose session wasn't updated when a previous redirect authenticated
- // Leaving commented in case looping reappears
- // return;
- }
-
- if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
- return;
- }
-
- if (local_user()) {
- // We need to find out if $contact_nick is a user on this hub, and if so, if I
- // am a contact of that user. However, that user may have other contacts with the
- // same nickname as me on other hubs or other networks. Exclude these by requiring
- // that the contact have a local URL. I will be the only person with my nickname at
- // this URL, so if a result is found, then I am a contact of the $contact_nick user.
- //
- // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending.
-
- $baseurl = System::baseUrl();
- $domain_st = strpos($baseurl, "://");
- if ($domain_st === false) {
- return;
- }
- $baseurl = substr($baseurl, $domain_st + 3);
- $nurl = Strings::normaliseLink($baseurl);
-
- $r = User::getByNickname($contact_nick, ["uid"]);
- $contact_uid = $r["uid"];
-
- /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
- $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
- AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
- DBA::escape($contact_nick),
- DBA::escape($a->user['nickname']),
- DBA::escape($baseurl),
- DBA::escape($nurl)
- );
- if ((! DBA::isResult($r))) {
- return;
- }
- // test if redirect authentication already succeeded
- // Note that "contact" in the sense used in the $contact_nick argument to this function
- // and the sense in the $remote[]["cid"] in the session are opposite.
- // In the session variable the user currently fetching is the contact
- // while $contact_nick is the nick of tho user who owns the stuff being fetched.
- if (Session::getVisitorContactIDForUserID($contact_uid) == $r[0]['id']) {
- return;
- }
-
- $r = q("SELECT * FROM contact WHERE nick = '%s'
- AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1",
- DBA::escape($contact_nick),
- DBA::escape(Protocol::DFRN),
- intval(local_user()),
- DBA::escape($baseurl)
- );
- if (! DBA::isResult($r)) {
- return;
- }
-
- $cid = $r[0]['id'];
-
- $dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']);
-
- if ($r[0]['duplex'] && $r[0]['issued-id']) {
- $orig_id = $r[0]['issued-id'];
- $dfrn_id = '1:' . $orig_id;
- }
- if ($r[0]['duplex'] && $r[0]['dfrn-id']) {
- $orig_id = $r[0]['dfrn-id'];
- $dfrn_id = '0:' . $orig_id;
- }
-
- // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode
- // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues
-
- if (strlen($dfrn_id) < 3) {
- return;
- }
-
- $sec = Strings::getRandomHex();
-
- DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]);
-
- $url = curPageURL();
-
- Logger::log('auto_redir: ' . $r[0]['name'] . ' ' . $sec, Logger::DEBUG);
- $dest = (($url) ? '&destination_url=' . $url : '');
- System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
- . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest);
- }
-
- return;
- }
-
/**
* @brief Returns the activity verb
*