if ($this->cnt > 0) {
while ($notice->fetch()) {
+ // Check scope of notice to current profile (including guests)
+ if (!$notice->isCurrentProfileInScope()) {
+ // Not in scope
+ continue;
+ }
+
++$cnt;
if (!$this->max_id) {
$search_engine->limit(($this->page - 1) * $this->rpp, $this->rpp + 1);
if ($search_engine->query($this->query)) {
$cnt = $notice->find();
- $this->notices = $notice->fetchAll();
+ foreach ($notice->fetchAll() as $testNotice) {
+ // Must be true
+ assert($testNotice instanceof Notice);
+
+ // Check scope of notice to current profile (including guests)
+ if ($testNotice->isCurrentProfileInScope()) {
+ // In scope
+ $this->notices[] = $testNotice;
+ }
+ } // END - if
}
$this->showJsonTimeline($this->notices);
if ($cnt > 0) {
while ($notice->fetch()) {
- $notices[] = clone($notice);
+ // Check scope of notice to current profile (including guests)
+ if ($notice->isCurrentProfileInScope()) {
+ // Is in scope
+ $notices[] = clone($notice);
+ }
}
}
return ($this->scope != Notice::SITE_SCOPE &&
$this->scope != Notice::PUBLIC_SCOPE);
}
+
+ /**
+ * Checks whether the current profile is allowed (in scope) to see this notice.
+ *
+ * @return $inScope Whether the current profile is allowed to see this notice
+ */
+ public function isCurrentProfileInScope () {
+ // Check scope, default is allowed
+ $inScope = true;
+
+ //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->id=' . $this->id . ',this->scope=' . $this->scope);
+
+ // Is it private scope?
+ if ($this->isPrivateScope()) {
+ // 2) Get current profile
+ $profile = Profile::current();
+
+ // Is the profile not set?
+ if (!$profile instanceof Profile) {
+ // Public viewer shall not see a tag from a private dent (privacy leak)
+ //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] Not logged in (public view).');
+ $inScope = false;
+ } elseif (!$this->inScope($profile)) {
+ // Current profile is not in scope (not allowed to see) of notice
+ //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] profile->id=' . $profile->id . ' is not allowed to see this notice.');
+ $inScope = false;
+ }
+ }
+
+ // Return result
+ //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->weight=' . $this->weight . ',inScope=' . intval($inScope) . ' - EXIT!');
+ return $inScope;
+ }
}
//* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',notice->id=' . $notice->id . ',notice->scope=' . $notice->scope);
// Is it private scope?
- if ($notice->isPrivateScope()) {
- // 2) Get current profile
- $profile = Profile::current();
-
- // Is the profile not set?
- if (!$profile instanceof Profile) {
- // Public viewer shall not see a tag from a private dent (privacy leak)
- //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] Not logged in (public view).');
- $inScope = FALSE;
- } elseif (!$notice->inScope($profile)) {
- // Current profile is not in scope (not allowed to see) of notice
- //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] profile->id=' . $profile->id . ' is not allowed to see this tag.');
- $inScope = FALSE;
- }
- }
+ $inScope = $notice->isCurrentProfileInScope();
// Return result
//* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->weight=' . $this->weight . ',inScope=' . intval($inScope) . ' - EXIT!');
'OR'
);
}
- return true;
} else if ('notice' === $this->table) {
// Don't show imported notices
);
}
- return true;
} else {
throw new ServerException('Unknown table: ' . $this->table);
}
+
+ return true;
}
}
$sum = 0;
while ($tags->fetch() && ++$cnt <= TAGS_PER_SECTION) {
+ // Check scope of tag to current profile (including guests)
if ($tags->isCurrentProfileInScope()) {
$tw[$tags->tag] = $tags->weight;
$sum += $tags->weight;
projects / quix0rs-gnu-social.git / commitdiff