friendica/mod/acl.php

320 lines
9.9 KiB
PHP
Raw Normal View History

2011-07-19 14:17:58 +00:00
<?php
2011-07-19 14:17:58 +00:00
/* ACL selector json backend */
2012-06-06 03:33:11 +00:00
use Friendica\App;
use Friendica\Content\Widget;
2018-03-02 23:41:24 +00:00
use Friendica\Core\ACL;
use Friendica\Core\Hook;
2018-10-29 21:20:46 +00:00
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
2018-06-12 09:05:36 +00:00
use Friendica\Model\Item;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
function acl_content(App $a)
{
if (!local_user()) {
return '';
}
$start = defaults($_REQUEST, 'start' , 0);
$count = defaults($_REQUEST, 'count' , 100);
$search = defaults($_REQUEST, 'search' , '');
$type = defaults($_REQUEST, 'type' , '');
$conv_id = defaults($_REQUEST, 'conversation', null);
// For use with jquery.textcomplete for private mail completion
if (!empty($_REQUEST['query'])) {
if (!$type) {
$type = 'm';
}
$search = $_REQUEST['query'];
}
2018-12-30 20:42:56 +00:00
$a->getLogger()->info("Searching for " . $search . " - type " . $type . " conversation " . $conv_id);
if ($search != '') {
2018-07-21 13:10:13 +00:00
$sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'";
$sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')";
} else {
/// @TODO Avoid these needless else blocks by putting variable-initialization atop of if()
$sql_extra = $sql_extra2 = '';
}
// count groups and contacts
$group_count = 0;
if ($type == '' || $type == 'g') {
$r = q("SELECT COUNT(*) AS g FROM `group` WHERE NOT `deleted` AND `uid` = %d $sql_extra",
intval(local_user())
);
$group_count = (int) $r[0]['g'];
}
$sql_extra2 .= ' ' . Widget::unavailableNetworks();
$contact_count = 0;
if ($type == '' || $type == 'c') {
// autocomplete for editor mentions
$r = q("SELECT COUNT(*) AS c FROM `contact`
WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
AND NOT `blocked` AND NOT `pending` AND NOT `archive`
AND `success_update` >= `failure_update`
AND `notify` != '' $sql_extra2",
intval(local_user())
);
$contact_count = (int) $r[0]['c'];
} elseif ($type == 'f') {
// autocomplete for editor mentions of forums
$r = q("SELECT COUNT(*) AS c FROM `contact`
WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
AND NOT `blocked` AND NOT `pending` AND NOT `archive`
AND (`forum` OR `prv`)
AND `success_update` >= `failure_update`
AND `notify` != '' $sql_extra2",
intval(local_user())
);
$contact_count = (int) $r[0]['c'];
} elseif ($type == 'm') {
// autocomplete for Private Messages
$r = q("SELECT COUNT(*) AS c FROM `contact`
WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
AND NOT `blocked` AND NOT `pending` AND NOT `archive`
AND `success_update` >= `failure_update`
2018-10-06 03:17:44 +00:00
AND `network` IN ('%s', '%s', '%s') $sql_extra2",
intval(local_user()),
2018-10-06 03:17:44 +00:00
DBA::escape(Protocol::ACTIVITYPUB),
DBA::escape(Protocol::DFRN),
DBA::escape(Protocol::DIASPORA)
);
$contact_count = (int) $r[0]['c'];
} elseif ($type == 'a') {
// autocomplete for Contacts
$r = q("SELECT COUNT(*) AS c FROM `contact`
WHERE `uid` = %d AND NOT `self`
AND NOT `pending` AND NOT `deleted` $sql_extra2",
intval(local_user())
);
$contact_count = (int) $r[0]['c'];
}
$tot = $group_count + $contact_count;
$groups = [];
$contacts = [];
if ($type == '' || $type == 'g') {
/// @todo We should cache this query.
// This can be done when we can delete cache entries via wildcard
$r = q("SELECT `group`.`id`, `group`.`name`, GROUP_CONCAT(DISTINCT `group_member`.`contact-id` SEPARATOR ',') AS uids
FROM `group`
INNER JOIN `group_member` ON `group_member`.`gid`=`group`.`id`
WHERE NOT `group`.`deleted` AND `group`.`uid` = %d
$sql_extra
GROUP BY `group`.`name`, `group`.`id`
ORDER BY `group`.`name`
LIMIT %d,%d",
intval(local_user()),
intval($start),
intval($count)
);
foreach ($r as $g) {
$groups[] = [
'type' => 'g',
'photo' => 'images/twopeople.png',
2018-11-25 19:48:26 +00:00
'name' => htmlspecialchars($g['name']),
'id' => intval($g['id']),
'uids' => array_map('intval', explode(',', $g['uids'])),
'link' => '',
'forum' => '0'
];
}
if ((count($groups) > 0) && ($search == '')) {
$groups[] = ['separator' => true];
}
}
$r = [];
if ($type == '') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv`, (`prv` OR `forum`) AS `frm` FROM `contact`
WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s', '%s'))
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
DBA::escape(Protocol::OSTATUS),
DBA::escape(Protocol::STATUSNET)
);
} elseif ($type == 'c') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s'))
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
DBA::escape(Protocol::STATUSNET)
);
} elseif ($type == 'f') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s'))
AND (`forum` OR `prv`)
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
DBA::escape(Protocol::STATUSNET)
);
} elseif ($type == 'm') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact`
WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive`
2018-10-06 03:17:44 +00:00
AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s')
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
2018-10-06 03:17:44 +00:00
DBA::escape(Protocol::ACTIVITYPUB),
DBA::escape(Protocol::DFRN),
DBA::escape(Protocol::DIASPORA)
);
} elseif ($type == 'a') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
WHERE `uid` = %d AND NOT `deleted` AND NOT `pending` AND `success_update` >= `failure_update`
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user())
);
} elseif ($type == 'x') {
// autocomplete for global contact search (e.g. navbar search)
$search = Strings::escapeTags(trim($_REQUEST['search']));
2018-02-26 01:04:30 +00:00
$mode = $_REQUEST['smode'];
2018-03-02 23:41:24 +00:00
$r = ACL::contactAutocomplete($search, $mode);
2018-02-26 01:04:30 +00:00
$contacts = [];
foreach ($r as $g) {
$contacts[] = [
'photo' => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO),
2018-11-25 19:48:26 +00:00
'name' => htmlspecialchars($g['name']),
'nick' => defaults($g, 'addr', $g['url']),
'network' => $g['network'],
'link' => $g['url'],
'forum' => !empty($g['community']) ? 1 : 0,
];
}
$o = [
'start' => $start,
'count' => $count,
'items' => $contacts,
];
echo json_encode($o);
exit;
}
2018-07-21 12:46:04 +00:00
if (DBA::isResult($r)) {
$forums = [];
foreach ($r as $g) {
$entry = [
'type' => 'c',
'photo' => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO),
2018-11-25 19:48:26 +00:00
'name' => htmlspecialchars($g['name']),
'id' => intval($g['id']),
'network' => $g['network'],
'link' => $g['url'],
'nick' => htmlentities(defaults($g, 'attag', $g['nick'])),
'addr' => htmlentities(defaults($g, 'addr', $g['url'])),
'forum' => !empty($g['forum']) || !empty($g['prv']) ? 1 : 0,
];
if ($entry['forum']) {
$forums[] = $entry;
} else {
$contacts[] = $entry;
}
}
if (count($forums) > 0) {
if ($search == '') {
$forums[] = ['separator' => true];
}
$contacts = array_merge($forums, $contacts);
}
}
$items = array_merge($groups, $contacts);
if ($conv_id) {
// In multi threaded posts the conv_id is not the parent of the whole thread
$parent_item = Item::selectFirst(['parent'], ['id' => $conv_id]);
2018-07-21 12:46:04 +00:00
if (DBA::isResult($parent_item)) {
$conv_id = $parent_item['parent'];
}
/*
* if $conv_id is set, get unknown contacts in thread
* but first get known contacts url to filter them out
*/
$known_contacts = array_map(function ($i) {
2018-06-12 09:05:36 +00:00
return $i['link'];
}, $contacts);
$unknown_contacts = [];
2018-06-12 09:05:36 +00:00
$condition = ["`parent` = ?", $conv_id];
$params = ['order' => ['author-name' => true]];
$authors = Item::selectForUser(local_user(), ['author-link'], $condition, $params);
2018-06-12 09:05:36 +00:00
$item_authors = [];
while ($author = Item::fetch($authors)) {
2018-06-12 09:05:36 +00:00
$item_authors[$author['author-link']] = $author['author-link'];
}
DBA::close($authors);
2018-06-12 09:05:36 +00:00
foreach ($item_authors as $author) {
if (in_array($author, $known_contacts)) {
continue;
}
$contact = Contact::getDetailsByURL($author);
if (count($contact) > 0) {
$unknown_contacts[] = [
'type' => 'c',
'photo' => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO),
2018-11-25 19:48:26 +00:00
'name' => htmlspecialchars($contact['name']),
2018-06-12 09:05:36 +00:00
'id' => intval($contact['cid']),
'network' => $contact['network'],
'link' => $contact['url'],
'nick' => htmlentities(defaults($contact, 'nick', $contact['addr'])),
'addr' => htmlentities(defaults($contact, 'addr', $contact['url'])),
'forum' => $contact['forum']
];
}
}
$items = array_merge($items, $unknown_contacts);
$tot += count($unknown_contacts);
}
$results = [
'tot' => $tot,
'start' => $start,
'count' => $count,
'groups' => $groups,
'contacts' => $contacts,
'items' => $items,
'type' => $type,
'search' => $search,
];
Hook::callAll('acl_lookup_end', $results);
$o = [
'tot' => $results['tot'],
'start' => $results['start'],
'count' => $results['count'],
'items' => $results['items'],
];
echo json_encode($o);
exit;
}