Merge pull request #9694 from MrPetovan/bug/9672-empty-acl-public
Improve handling of the visibility parameter of the new ACL
This commit is contained in:
commit
21a15294b1
|
@ -4219,7 +4219,7 @@ function api_fr_photo_create_update($type)
|
||||||
$deny_cid = $_REQUEST['deny_cid' ] ?? null;
|
$deny_cid = $_REQUEST['deny_cid' ] ?? null;
|
||||||
$allow_gid = $_REQUEST['allow_gid'] ?? null;
|
$allow_gid = $_REQUEST['allow_gid'] ?? null;
|
||||||
$deny_gid = $_REQUEST['deny_gid' ] ?? null;
|
$deny_gid = $_REQUEST['deny_gid' ] ?? null;
|
||||||
$visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false";
|
$visibility = !$allow_cid && !$deny_cid && !$allow_gid && !$deny_gid;
|
||||||
|
|
||||||
// do several checks on input parameters
|
// do several checks on input parameters
|
||||||
// we do not allow calls without album string
|
// we do not allow calls without album string
|
||||||
|
|
|
@ -163,27 +163,26 @@ function events_post(App $a)
|
||||||
|
|
||||||
|
|
||||||
if ($share) {
|
if ($share) {
|
||||||
$str_contact_allow = '';
|
$user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
|
||||||
$str_group_allow = '';
|
if (!DBA::isResult($user)) {
|
||||||
$str_contact_deny = '';
|
return;
|
||||||
$str_group_deny = '';
|
}
|
||||||
|
|
||||||
if (($_REQUEST['visibility'] ?? '') !== 'public') {
|
$aclFormatter = DI::aclFormatter();
|
||||||
$user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
|
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
|
||||||
if (!DBA::isResult($user)) {
|
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
|
||||||
return;
|
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
|
||||||
}
|
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
|
||||||
|
|
||||||
$aclFormatter = DI::aclFormatter();
|
$visibility = $_REQUEST['visibility'] ?? '';
|
||||||
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
|
if ($visibility === 'public') {
|
||||||
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
|
// The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
|
||||||
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
|
$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
|
||||||
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
|
} else if ($visibility === 'custom') {
|
||||||
|
// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
|
||||||
// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
|
// case that would make it public. So we always append the author's contact id to the allowed contacts.
|
||||||
// that would make the item public. So we always append the author's contact id to the allowed contacts.
|
|
||||||
// See https://github.com/friendica/friendica/issues/9672
|
// See https://github.com/friendica/friendica/issues/9672
|
||||||
$str_contact_allow .= $aclFormatter->toString(\Friendica\Model\Contact::getPublicIdByUserId($uid));
|
$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$str_contact_allow = '<' . $self . '>';
|
$str_contact_allow = '<' . $self . '>';
|
||||||
|
|
25
mod/item.php
25
mod/item.php
|
@ -261,20 +261,19 @@ function item_post(App $a) {
|
||||||
$guid = $orig_post['guid'];
|
$guid = $orig_post['guid'];
|
||||||
$extid = $orig_post['extid'];
|
$extid = $orig_post['extid'];
|
||||||
} else {
|
} else {
|
||||||
$str_contact_allow = '';
|
$aclFormatter = DI::aclFormatter();
|
||||||
$str_group_allow = '';
|
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
|
||||||
$str_contact_deny = '';
|
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
|
||||||
$str_group_deny = '';
|
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
|
||||||
|
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
|
||||||
|
|
||||||
if (($_REQUEST['visibility'] ?? '') !== 'public') {
|
$visibility = $_REQUEST['visibility'] ?? '';
|
||||||
$aclFormatter = DI::aclFormatter();
|
if ($visibility === 'public') {
|
||||||
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
|
// The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
|
||||||
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
|
$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
|
||||||
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
|
} else if ($visibility === 'custom') {
|
||||||
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
|
// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
|
||||||
|
// case that would make it public. So we always append the author's contact id to the allowed contacts.
|
||||||
// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
|
|
||||||
// that would make the item public. So we always append the author's contact id to the allowed contacts.
|
|
||||||
// See https://github.com/friendica/friendica/issues/9672
|
// See https://github.com/friendica/friendica/issues/9672
|
||||||
$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
|
$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
|
||||||
}
|
}
|
||||||
|
|
|
@ -184,22 +184,21 @@ function photos_post(App $a)
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
$str_contact_allow = '';
|
$aclFormatter = DI::aclFormatter();
|
||||||
$str_group_allow = '';
|
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $owner_record['allow_cid'] ?? '';
|
||||||
$str_contact_deny = '';
|
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $owner_record['allow_gid'] ?? '';
|
||||||
$str_group_deny = '';
|
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $owner_record['deny_cid'] ?? '';
|
||||||
|
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $owner_record['deny_gid'] ?? '';
|
||||||
|
|
||||||
if (($_REQUEST['visibility'] ?? '') !== 'public') {
|
$visibility = $_REQUEST['visibility'] ?? '';
|
||||||
$aclFormatter = DI::aclFormatter();
|
if ($visibility === 'public') {
|
||||||
$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $owner_record['allow_cid'] ?? '';
|
// The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
|
||||||
$str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $owner_record['allow_gid'] ?? '';
|
$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
|
||||||
$str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $owner_record['deny_cid'] ?? '';
|
} else if ($visibility === 'custom') {
|
||||||
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $owner_record['deny_gid'] ?? '';
|
// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
|
||||||
|
// case that would make it public. So we always append the author's contact id to the allowed contacts.
|
||||||
// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
|
|
||||||
// that would make the item public. So we always append the author's contact id to the allowed contacts.
|
|
||||||
// See https://github.com/friendica/friendica/issues/9672
|
// See https://github.com/friendica/friendica/issues/9672
|
||||||
$str_contact_allow .= $aclFormatter->toString(\Friendica\Model\Contact::getPublicIdByUserId($page_owner_uid));
|
$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($page_owner_uid));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($a->argc > 3 && $a->argv[2] === 'album') {
|
if ($a->argc > 3 && $a->argv[2] === 'album') {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user