From e521dfd5e6e8da28d5a4057ff4ab368cc31c45bf Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Mon, 8 Nov 2010 20:43:58 -0800
Subject: [PATCH] refactor outgoing comment ability for off network contacts

---
 include/items.php    |  9 +++++----
 include/security.php | 26 ++++++++++++++------------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/include/items.php b/include/items.php
index d407b47978..fc68f185fc 100644
--- a/include/items.php
+++ b/include/items.php
@@ -909,14 +909,14 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) {
 				// FIXME update content if 'updated' changes
 				if(count($r)) {
 					$allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow');
-					if($allow && $allow[0]['data'] != $r[0]['last-child']) {
+					if((($allow) && ($allow[0]['data'] != $r[0]['last-child'])) || ($contact['network'] !== 'dfrn')) {
 						$r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
 							dbesc(datetime_convert()),
 							dbesc($parent_uri),
 							intval($importer['uid'])
 						);
 						$r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s'  WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
-							intval($allow[0]['data']),
+							intval((($allow) ? $allow[0]['data'] : 1)),
 							dbesc(datetime_convert()),
 							dbesc($item_id),
 							intval($importer['uid'])
@@ -977,8 +977,9 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) {
 				if($contact['network'] === 'stat') {
 					if(strlen($datarray['title']))
 						unset($datarray['title']);
-					if(($contact['rel'] == REL_VIP) || ($contact['rel'] == REL_BUD))
-						$datarray['last-child'] = 1;
+//					if(($contact['rel'] == REL_VIP) || ($contact['rel'] == REL_BUD))
+// basically allow comments to/from any OStatus contact, unless blocked by readonly
+					$datarray['last-child'] = 1;
 				}
 				$datarray['parent-uri'] = $item_id;
 				$datarray['uid'] = $importer['uid'];
diff --git a/include/security.php b/include/security.php
index 2fd4f46e32..f376039167 100644
--- a/include/security.php
+++ b/include/security.php
@@ -10,19 +10,21 @@ function can_write_wall(&$a,$owner) {
                 return true;
 		}
 
-        $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` 
-			WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
-			AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d OR (`contact`.`network` = 'stat' AND `contact`.rel` = %d)) LIMIT 1",
-			intval($owner),
-			intval($_SESSION['visitor_id']),
-			intval(REL_VIP),
-			intval(REL_BUD),
-			intval(PAGE_COMMUNITY),
-			intval(REL_FAN)
-        );
+		if(remote_user()) {
+			$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` 
+				WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
+				AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
+				intval($owner),
+				intval(remote_user()),
+				intval(REL_VIP),
+				intval(REL_BUD),
+				intval(PAGE_COMMUNITY)
+			);
+		}
+		if(count($r))
+			return true;
 
-        if(count($r))
-                return true;
+		
         return false;
 
 }