From d71574617e881c227d9b49f178538814d89d0622 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Fri, 27 Mar 2015 23:37:54 +0100 Subject: [PATCH] Introduced isCurrentProfileInScope() which shall check if current profile is allowed (in scope of) to see the tag. Signed-off-by: Roland Haeder --- classes/Notice_tag.php | 37 +++++++++++++++++++++ plugins/TagCloud/actions/publictagcloud.php | 29 ++-------------- plugins/TagCloud/lib/tagcloudsection.php | 6 ++-- 3 files changed, 44 insertions(+), 28 deletions(-) diff --git a/classes/Notice_tag.php b/classes/Notice_tag.php index 84d108eee7..62810eba98 100644 --- a/classes/Notice_tag.php +++ b/classes/Notice_tag.php @@ -83,4 +83,41 @@ class Notice_tag extends Managed_DataObject return $url; } + + /** + * Checks whether the current profile is allowed (in scope) to see this tag. + * + * @return $inScope Whether the current profile is allowed to see this tag + */ + public function isCurrentProfileInScope () { + // Check scope, default is allowed + $inScope = TRUE; + + // 1) Get notice object and set id + $notice = new Notice(); + $notice->id = $this->notice_id; + $notice->scope = $this->scope; + /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',notice->id=' . $notice->id . ',notice->scope=' . $notice->scope); + + // Is it private scope? + if ($notice->isPrivateScope()) { + // 2) Get current profile + $profile = Profile::current(); + + // Is the profile not set? + if (!$profile instanceof Profile) { + // Public viewer shall not see a tag from a private dent (privacy leak) + /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] Not logged in, skipping ...'); + $inScope = FALSE; + } elseif (!$notice->inScope($profile)) { + // Current profile is not in scope (not allowed to see) of notice + /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] profile->id=' . $profile->id . ' is not allowed to see this tag, skipping ...'); + $inScope = FALSE; + } + } + + // Return result + /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->weight=' . $this->weight . ',inScope=' . intval($inScope) . ' - EXIT!'); + return $inScope; + } } diff --git a/plugins/TagCloud/actions/publictagcloud.php b/plugins/TagCloud/actions/publictagcloud.php index 4d8c07edea..e8bd561052 100644 --- a/plugins/TagCloud/actions/publictagcloud.php +++ b/plugins/TagCloud/actions/publictagcloud.php @@ -134,33 +134,10 @@ class PublictagcloudAction extends Action $sum = 0; while ($tags->fetch()) { // Check scope: - - // 1) Get notice object and set id - $notice = new Notice(); - $notice->id = $tags->notice_id; - $notice->scope = $tags->scope; - /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] tags->tag=' . $tags->tag . ',notice->id=' . $notice->id . ',notice->scope=' . $notice->scope); - - // Is it private scope? - if ($notice->isPrivateScope()) { - // 2) Get current profile - $profile = Profile::current(); - - // Is the profile not set? - if (!$profile instanceof Profile) { - // Public viewer shall not see a tag from a private dent (privacy leak) - /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] Not logged in, skipping ...'); - continue; - } elseif (!$notice->inScope($profile)) { - // Current profile is not in scope (not allowed to see) of notice - /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] profile->id=' . $profile->id . ' is not allowed to see this tag, skipping ...'); - continue; - } + if ($tags->isCurrentProfileInScope()) { + $tw[$tags->tag] = $tags->weight; + $sum += $tags->weight; } - - /* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] tags->tag=' . $tags->tag . ',tags->weight=' . $tags->weight . ' - Added!'); - $tw[$tags->tag] = $tags->weight; - $sum += $tags->weight; } ksort($tw); diff --git a/plugins/TagCloud/lib/tagcloudsection.php b/plugins/TagCloud/lib/tagcloudsection.php index 80a9042e0f..cec3619a8e 100644 --- a/plugins/TagCloud/lib/tagcloudsection.php +++ b/plugins/TagCloud/lib/tagcloudsection.php @@ -63,8 +63,10 @@ class TagCloudSection extends Section $sum = 0; while ($tags->fetch() && ++$cnt <= TAGS_PER_SECTION) { - $tw[$tags->tag] = $tags->weight; - $sum += $tags->weight; + if ($tags->isCurrentProfileInScope()) { + $tw[$tags->tag] = $tags->weight; + $sum += $tags->weight; + } } if ($cnt == 0) { -- 2.39.5