From fc09017dd10fc7f2728180d35e25d46625e0698f Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 27 May 2023 18:19:02 -0400 Subject: [PATCH 1/2] Remove support for user.parent-uid = 0 - uid = 0 is the system user which isn't supposed to be the parent-uid of all the non-delegate users --- src/Model/User.php | 16 ++++++++++------ src/Module/Delegation.php | 8 ++++---- src/Module/Settings/Delegation.php | 10 ++++++---- tests/src/Model/UserTest.php | 2 +- 4 files changed, 21 insertions(+), 15 deletions(-) diff --git a/src/Model/User.php b/src/Model/User.php index cb769ce3f..ed63d6765 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -675,6 +675,10 @@ class User */ public static function updateLastActivity(int $uid) { + if (!$uid) { + return; + } + $user = User::getById($uid, ['last-activity']); if (empty($user)) { return; @@ -1640,7 +1644,7 @@ class User */ public static function identities(int $uid): array { - if (empty($uid)) { + if (!$uid) { return []; } @@ -1651,7 +1655,7 @@ class User return $identities; } - if ($user['parent-uid'] == 0) { + if (!$user['parent-uid']) { // First add our own entry $identities = [[ 'uid' => $user['uid'], @@ -1712,7 +1716,7 @@ class User */ public static function hasIdentities(int $uid): bool { - if (empty($uid)) { + if (!$uid) { return false; } @@ -1721,7 +1725,7 @@ class User return false; } - if ($user['parent-uid'] != 0) { + if ($user['parent-uid']) { return true; } @@ -1848,8 +1852,8 @@ class User { $condition = [ 'email' => self::getAdminEmailList(), - 'parent-uid' => 0, - 'blocked' => 0, + 'parent-uid' => null, + 'blocked' => false, 'verified' => true, 'account_removed' => false, 'account_expired' => false, diff --git a/src/Module/Delegation.php b/src/Module/Delegation.php index 3595ff7f3..8a2b31300 100644 --- a/src/Module/Delegation.php +++ b/src/Module/Delegation.php @@ -53,7 +53,7 @@ class Delegation extends BaseModule } } - $identity = intval($_POST['identity'] ?? 0); + $identity = intval($request['identity'] ?? 0); if (!$identity) { return; } @@ -76,16 +76,16 @@ class Delegation extends BaseModule $user = DBA::selectFirst('user', [], ['uid' => $identity, 'parent-uid' => $orig_record['uid']]); // Check if the target user is one of our siblings - if (!DBA::isResult($user) && ($orig_record['parent-uid'] != 0)) { + if (!DBA::isResult($user) && $orig_record['parent-uid']) { $user = DBA::selectFirst('user', [], ['uid' => $identity, 'parent-uid' => $orig_record['parent-uid']]); } // Check if it's our parent or our own user if (!DBA::isResult($user) && ( - $orig_record['parent-uid'] != 0 && $orig_record['parent-uid'] == $identity + $orig_record['parent-uid'] && $orig_record['parent-uid'] === $identity || - $orig_record['uid'] != 0 && $orig_record['uid'] == $identity + $orig_record['uid'] && $orig_record['uid'] === $identity ) ) { $user = User::getById($identity); diff --git a/src/Module/Settings/Delegation.php b/src/Module/Settings/Delegation.php index 134b002c1..3fd5fef49 100644 --- a/src/Module/Settings/Delegation.php +++ b/src/Module/Settings/Delegation.php @@ -43,11 +43,13 @@ class Delegation extends BaseSettings BaseModule::checkFormSecurityTokenRedirectOnError('settings/delegation', 'delegate'); - $parent_uid = (int)$_POST['parent_user'] ?? 0; - $parent_password = $_POST['parent_password'] ?? ''; + $parent_uid = $request['parent_user'] ?? null; + $parent_password = $request['parent_password'] ?? ''; - if ($parent_uid != 0) { + if ($parent_uid) { try { + // An integer value will trigger the direct user query on uid in User::getAuthenticationInfo + $parent_uid = (int)$parent_uid; User::getIdFromPasswordAuthentication($parent_uid, $parent_password); DI::sysmsg()->addInfo(DI::l10n()->t('Delegation successfully granted.')); } catch (\Exception $ex) { @@ -142,7 +144,7 @@ class Delegation extends BaseSettings $parents = [0 => DI::l10n()->t('No parent user')]; $fields = ['uid', 'username', 'nickname']; - $condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => 0]; + $condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => null]; $parent_users = DBA::selectToArray('user', $fields, $condition); foreach($parent_users as $parent) { if ($parent['uid'] != DI::userSession()->getLocalUserId()) { diff --git a/tests/src/Model/UserTest.php b/tests/src/Model/UserTest.php index eb0cb9f32..939d28245 100644 --- a/tests/src/Model/UserTest.php +++ b/tests/src/Model/UserTest.php @@ -82,7 +82,7 @@ class UserTest extends MockedTest public function testIdentitiesAsParent() { $parentSelect = $this->parent; - $parentSelect['parent-uid'] = 0; + $parentSelect['parent-uid'] = null; // Select the user itself (=parent) $this->dbMock->shouldReceive('selectFirst')->with('user', From 0a738c8ce3965da40016771658b7bda116576eee Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 27 May 2023 18:19:41 -0400 Subject: [PATCH 2/2] [Database version 1520] Reset user.parent-uid to null if it is set to zero --- database.sql | 2 +- static/dbstructure.config.php | 3 ++- update.php | 7 +++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/database.sql b/database.sql index 697f250fe..d61a3eda5 100644 --- a/database.sql +++ b/database.sql @@ -1,6 +1,6 @@ -- ------------------------------------------ -- Friendica 2023.09-dev (Giant Rhubarb) --- DB_UPDATE_VERSION 1519 +-- DB_UPDATE_VERSION 1520 -- ------------------------------------------ diff --git a/static/dbstructure.config.php b/static/dbstructure.config.php index 1b3e34875..8ff660412 100644 --- a/static/dbstructure.config.php +++ b/static/dbstructure.config.php @@ -54,8 +54,9 @@ use Friendica\Database\DBA; +// This file is required several times during the test in DbaDefinition which justifies this condition if (!defined('DB_UPDATE_VERSION')) { - define('DB_UPDATE_VERSION', 1519); + define('DB_UPDATE_VERSION', 1520); } return [ diff --git a/update.php b/update.php index 3cd0a45a7..14219bcdc 100644 --- a/update.php +++ b/update.php @@ -1326,3 +1326,10 @@ function update_1518() return Update::SUCCESS; } + +function update_1520(): int +{ + DBA::update('user', ['parent-uid' => null], ['parent-uid' => 0]); + + return Update::SUCCESS; +}