From 38238972b5b7b2e181d72f143fa9fdede4e7fc3e Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 27 Jan 2013 18:10:26 -0800 Subject: [PATCH] really nitty permission tweaking --- include/security.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/include/security.php b/include/security.php index 56d4cad36f..d92f48a084 100644 --- a/include/security.php +++ b/include/security.php @@ -266,8 +266,14 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * Profile owner - everything is visible */ - if(($local_user) && ($local_user == $owner_id)) { - $sql = ''; + if($local_user) { + if($local_user == $owner_id) { + $sql = ''; + } + else { + /* logged in user can see hidden walls and feeds that are blocked to unknown users (private == 2) */ + $sql = " AND private != 1 "; + } } /** @@ -300,7 +306,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) } $sql = sprintf( - " AND ( private = 0 OR ( private = 1 AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) + " AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s'))) -- 2.39.2