From: friendica Date: Mon, 28 Jan 2013 02:10:26 +0000 (-0800) Subject: really nitty permission tweaking X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=38238972b5b7b2e181d72f143fa9fdede4e7fc3e;p=friendica.git really nitty permission tweaking --- diff --git a/include/security.php b/include/security.php index 56d4cad36f..d92f48a084 100644 --- a/include/security.php +++ b/include/security.php @@ -266,8 +266,14 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * Profile owner - everything is visible */ - if(($local_user) && ($local_user == $owner_id)) { - $sql = ''; + if($local_user) { + if($local_user == $owner_id) { + $sql = ''; + } + else { + /* logged in user can see hidden walls and feeds that are blocked to unknown users (private == 2) */ + $sql = " AND private != 1 "; + } } /** @@ -300,7 +306,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) } $sql = sprintf( - " AND ( private = 0 OR ( private = 1 AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) + " AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s')))