From 38238972b5b7b2e181d72f143fa9fdede4e7fc3e Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 27 Jan 2013 18:10:26 -0800
Subject: [PATCH] really nitty permission tweaking

---
 include/security.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/include/security.php b/include/security.php
index 56d4cad36f..d92f48a084 100644
--- a/include/security.php
+++ b/include/security.php
@@ -266,8 +266,14 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 	 * Profile owner - everything is visible
 	 */
 
-	if(($local_user) && ($local_user == $owner_id)) {
-		$sql = ''; 
+	if($local_user) {
+		if($local_user == $owner_id) {
+			$sql = '';
+		}
+		else {
+			/* logged in user can see hidden walls and feeds that are blocked to unknown users (private == 2) */
+			$sql = " AND private != 1 "; 
+		}
 	}
 
 	/**
@@ -300,7 +306,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 			} 
 
 			$sql = sprintf(
-				" AND ( private = 0 OR ( private = 1 AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
+				" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
 				  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
 				  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
 				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s')))