From 7fabafdce6237e59ebacbdc95ab7ed02c5a0dcc2 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Tue, 24 Mar 2020 16:34:19 -0400 Subject: [PATCH] Enable visibility request parameter to override default user permissions in mod/item --- mod/item.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/mod/item.php b/mod/item.php index 85ec3b1d27..bc60506460 100644 --- a/mod/item.php +++ b/mod/item.php @@ -262,12 +262,18 @@ function item_post(App $a) { $guid = $orig_post['guid']; $extid = $orig_post['extid']; } else { - $aclFormatter = DI::aclFormatter(); - - $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? ''; - $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? ''; - $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; - $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? ''; + $str_contact_allow = ''; + $str_group_allow = ''; + $str_contact_deny = ''; + $str_group_deny = ''; + + if (($_REQUEST['visibility'] ?? '') !== 'public') { + $aclFormatter = DI::aclFormatter(); + $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? ''; + $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? ''; + $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? ''; + $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; + } $title = Strings::escapeTags(trim($_REQUEST['title'] ?? '')); $location = Strings::escapeTags(trim($_REQUEST['location'] ?? '')); -- 2.39.5