2015-08-23 22:38:18 +02:00
< ? php
2017-02-05 16:11:01 +01:00
require_once ( 'include/security.php' );
2015-08-23 22:38:18 +02:00
/**
* @ file include / permissions . php
*
* This file conntains functions to check and work with permissions .
2017-02-05 16:11:01 +01:00
*
* Most of this file is obsolete and has been superceded by extensible permissions in v1 . 12 ; it is left here
* for reference and because we haven ' t yet checked that all functions have been replaced and are available
* elsewhere ( typically Zotlabs / Access /* ) .
2015-08-23 22:38:18 +02:00
*/
2017-02-05 16:11:01 +01:00
2015-08-23 22:38:18 +02:00
/**
* @ brief Return an array with all available permissions .
*
* These are channel specific permissions .
* The list of available permissions can get manipulated by the < i > hook </ i >
* < b > global_permissions </ b >.
*
* @ return array associative array containing all permissions
*/
function get_perms () {
// thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections
// for any given permission. Currently we use the boolean to disallow write access to "everybody", but we also want to be
// able to handle troublesome settings such as allowing channel_w_stream to anybody in the network. You can allow it, but
// there's no way to implement sending it.
$global_perms = array (
// Read only permissions
'view_stream' => array ( 'channel_r_stream' , intval ( PERMS_R_STREAM ), true , t ( 'Can view my normal stream and posts' ), '' ),
'view_profile' => array ( 'channel_r_profile' , intval ( PERMS_R_PROFILE ), true , t ( 'Can view my default channel profile' ), '' ),
'view_contacts' => array ( 'channel_r_abook' , intval ( PERMS_R_ABOOK ), true , t ( 'Can view my connections' ), '' ),
'view_storage' => array ( 'channel_r_storage' , intval ( PERMS_R_STORAGE ), true , t ( 'Can view my file storage and photos' ), '' ),
'view_pages' => array ( 'channel_r_pages' , intval ( PERMS_R_PAGES ), true , t ( 'Can view my webpages' ), '' ),
// Write permissions
'send_stream' => array ( 'channel_w_stream' , intval ( PERMS_W_STREAM ), false , t ( 'Can send me their channel stream and posts' ), '' ),
'post_wall' => array ( 'channel_w_wall' , intval ( PERMS_W_WALL ), false , t ( 'Can post on my channel page ("wall")' ), '' ),
'post_comments' => array ( 'channel_w_comment' , intval ( PERMS_W_COMMENT ), false , t ( 'Can comment on or like my posts' ), '' ),
'post_mail' => array ( 'channel_w_mail' , intval ( PERMS_W_MAIL ), false , t ( 'Can send me private mail messages' ), '' ),
'post_like' => array ( 'channel_w_like' , intval ( PERMS_W_LIKE ), false , t ( 'Can like/dislike stuff' ), t ( 'Profiles and things other than posts/comments' )),
'tag_deliver' => array ( 'channel_w_tagwall' , intval ( PERMS_W_TAGWALL ), false , t ( 'Can forward to all my channel contacts via post @mentions' ), t ( 'Advanced - useful for creating group forum channels' )),
'chat' => array ( 'channel_w_chat' , intval ( PERMS_W_CHAT ), false , t ( 'Can chat with me (when available)' ), t ( '' )),
'write_storage' => array ( 'channel_w_storage' , intval ( PERMS_W_STORAGE ), false , t ( 'Can write to my file storage and photos' ), '' ),
'write_pages' => array ( 'channel_w_pages' , intval ( PERMS_W_PAGES ), false , t ( 'Can edit my webpages' ), '' ),
'republish' => array ( 'channel_a_republish' , intval ( PERMS_A_REPUBLISH ), false , t ( 'Can source my public posts in derived channels' ), t ( 'Somewhat advanced - very useful in open communities' )),
'delegate' => array ( 'channel_a_delegate' , intval ( PERMS_A_DELEGATE ), false , t ( 'Can administer my channel resources' ), t ( 'Extremely advanced. Leave this alone unless you know what you are doing' )),
);
$ret = array ( 'global_permissions' => $global_perms );
call_hooks ( 'global_permissions' , $ret );
return $ret [ 'global_permissions' ];
}
/**
* get_all_perms ( $uid , $observer_xchan )
*
* @ param int $uid The channel_id associated with the resource owner
* @ param string $observer_xchan The xchan_hash representing the observer
* @ param bool $internal_use ( default true )
*
* @ returns array of all permissions , key is permission name , value is true or false
*/
function get_all_perms ( $uid , $observer_xchan , $internal_use = true ) {
2016-04-17 16:29:18 +02:00
$api = App :: get_oauth_key ();
2015-08-23 22:38:18 +02:00
if ( $api )
return get_all_api_perms ( $uid , $api );
2017-02-05 16:11:01 +01:00
$global_perms = \Zotlabs\Access\Permissions :: Perms ();
2015-08-23 22:38:18 +02:00
// Save lots of individual lookups
$r = null ;
$c = null ;
$x = null ;
$channel_checked = false ;
$onsite_checked = false ;
$abook_checked = false ;
$ret = array ();
2017-02-05 16:11:01 +01:00
$abperms = (( $uid && $observer_xchan ) ? load_abconfig ( $uid , $observer_xchan , 'my_perms' ) : array ());
2015-08-23 22:38:18 +02:00
foreach ( $global_perms as $perm_name => $permission ) {
// First find out what the channel owner declared permissions to be.
2017-02-05 16:11:01 +01:00
$channel_perm = \Zotlabs\Access\PermissionLimits :: Get ( $uid , $perm_name );
2015-08-23 22:38:18 +02:00
if ( ! $channel_checked ) {
$r = q ( " select * from channel where channel_id = %d limit 1 " ,
intval ( $uid )
);
$channel_checked = true ;
}
// The uid provided doesn't exist. This would be a big fail.
if ( ! $r ) {
$ret [ $perm_name ] = false ;
continue ;
}
// Next we're going to check for blocked or ignored contacts.
// These take priority over all other settings.
if ( $observer_xchan ) {
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_AUTHED ) {
2015-08-23 22:38:18 +02:00
$ret [ $perm_name ] = true ;
continue ;
}
if ( ! $abook_checked ) {
$x = q ( " select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = % d and abook_xchan = '%s' and abook_self = 0 limit 1 " ,
intval ( $uid ),
dbesc ( $observer_xchan )
);
if ( ! $x ) {
2017-02-05 16:11:01 +01:00
// see if they've got a guest access token; these are treated as connections
$y = atoken_abook ( $uid , $observer_xchan );
if ( $y )
$x = array ( $y );
if ( ! $x ) {
// not in address book and no guest token, see if they've got an xchan
// these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections
$y = q ( " select xchan_network from xchan where xchan_hash = '%s' limit 1 " ,
dbesc ( $observer_xchan )
);
if ( $y ) {
$x = array ( pseudo_abook ( $y [ 0 ]));
}
}
2015-08-23 22:38:18 +02:00
}
$abook_checked = true ;
}
// If they're blocked - they can't read or write
if (( $x ) && intval ( $x [ 0 ][ 'abook_blocked' ])) {
$ret [ $perm_name ] = false ;
continue ;
}
// Check if this is a write permission and they are being ignored
// This flag is only visible internally.
2017-02-05 16:11:01 +01:00
$blocked_anon_perms = \Zotlabs\Access\Permissions :: BlockedAnonPerms ();
if (( $x ) && ( $internal_use ) && in_array ( $perm_name , $blocked_anon_perms ) && intval ( $x [ 0 ][ 'abook_ignored' ])) {
2015-08-23 22:38:18 +02:00
$ret [ $perm_name ] = false ;
continue ;
}
}
// system is blocked to anybody who is not authenticated
if (( ! $observer_xchan ) && intval ( get_config ( 'system' , 'block_public' ))) {
$ret [ $perm_name ] = false ;
continue ;
}
// Check if this $uid is actually the $observer_xchan - if it's your content
// you always have permission to do anything
2016-03-20 08:06:33 +01:00
// if you've moved elsewhere, you will only have read only access
2015-08-23 22:38:18 +02:00
if (( $observer_xchan ) && ( $r [ 0 ][ 'channel_hash' ] === $observer_xchan )) {
2017-02-05 16:11:01 +01:00
if ( $r [ 0 ][ 'channel_moved' ] && ( in_array ( $perm_name , $blocked_anon_perms )))
2016-03-20 08:06:33 +01:00
$ret [ $perm_name ] = false ;
else
$ret [ $perm_name ] = true ;
2015-08-23 22:38:18 +02:00
continue ;
}
// Anybody at all (that wasn't blocked or ignored). They have permission.
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_PUBLIC ) {
2015-08-23 22:38:18 +02:00
$ret [ $perm_name ] = true ;
continue ;
}
// From here on out, we need to know who they are. If we can't figure it
// out, permission is denied.
if ( ! $observer_xchan ) {
$ret [ $perm_name ] = false ;
continue ;
}
// If we're still here, we have an observer, check the network.
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_NETWORK ) {
if ( $x && $x [ 0 ][ 'xchan_network' ] === 'zot' ) {
2015-08-23 22:38:18 +02:00
$ret [ $perm_name ] = true ;
continue ;
}
}
// If PERMS_SITE is specified, find out if they've got an account on this hub
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_SITE ) {
2015-08-23 22:38:18 +02:00
if ( ! $onsite_checked ) {
$c = q ( " select channel_hash from channel where channel_hash = '%s' limit 1 " ,
dbesc ( $observer_xchan )
);
$onsite_checked = true ;
}
if ( $c )
$ret [ $perm_name ] = true ;
else
$ret [ $perm_name ] = false ;
continue ;
}
// From here on we require that the observer be a connection and
// handle whether we're allowing any, approved or specific ones
if ( ! $x ) {
$ret [ $perm_name ] = false ;
continue ;
}
// They are in your address book, but haven't been approved
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_PENDING ) {
2015-08-23 22:38:18 +02:00
$ret [ $perm_name ] = true ;
continue ;
}
if ( intval ( $x [ 0 ][ 'abook_pending' ])) {
$ret [ $perm_name ] = false ;
continue ;
}
// They're a contact, so they have permission
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_CONTACTS ) {
// it was a fake abook entry, not really a connection
if ( array_key_exists ( 'abook_pseudo' , $x [ 0 ]) && intval ( $x [ 0 ][ 'abook_pseudo' ])) {
$ret [ $perm_name ] = false ;
continue ;
}
2015-08-23 22:38:18 +02:00
$ret [ $perm_name ] = true ;
continue ;
}
// Permission granted to certain channels. Let's see if the observer is one of them
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_SPECIFIC ) {
if ( $abperms ) {
foreach ( $abperms as $ab ) {
if (( $ab [ 'cat' ] == 'my_perms' ) && ( $ab [ 'k' ] == $perm_name )) {
$ret [ $perm_name ] = ( intval ( $ab [ 'v' ]) ? true : false );
break ;
}
}
2015-08-23 22:38:18 +02:00
continue ;
}
}
// No permissions allowed.
$ret [ $perm_name ] = false ;
continue ;
}
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permissions' => $ret );
call_hooks ( 'get_all_perms' , $arr );
return $arr [ 'permissions' ];
}
/**
* @ brief Checks if given permission is allowed for given observer on a channel .
*
* Checks if the given observer with the hash $observer_xchan has permission
* $permission on channel_id $uid .
* $permission is one defined in get_perms ();
*
* @ param int $uid The channel_id associated with the resource owner
* @ param string $observer_xchan The xchan_hash representing the observer
* @ param string $permission
* @ return bool true if permission is allowed for observer on channel
*/
function perm_is_allowed ( $uid , $observer_xchan , $permission ) {
2016-04-17 16:29:18 +02:00
$api = App :: get_oauth_key ();
2015-08-23 22:38:18 +02:00
if ( $api )
return api_perm_is_allowed ( $uid , $api , $permission );
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permission' => $permission ,
'result' => false );
call_hooks ( 'perm_is_allowed' , $arr );
if ( $arr [ 'result' ])
return true ;
2017-02-05 16:11:01 +01:00
$global_perms = \Zotlabs\Access\Permissions :: Perms ();
2015-08-23 22:38:18 +02:00
// First find out what the channel owner declared permissions to be.
2017-02-05 16:11:01 +01:00
$channel_perm = \Zotlabs\Access\PermissionLimits :: Get ( $uid , $permission );
2015-08-23 22:38:18 +02:00
2017-02-05 16:11:01 +01:00
$r = q ( " select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1 " ,
2015-08-23 22:38:18 +02:00
intval ( $uid )
);
if ( ! $r )
return false ;
2017-02-05 16:11:01 +01:00
$blocked_anon_perms = \Zotlabs\Access\Permissions :: BlockedAnonPerms ();
2015-08-23 22:38:18 +02:00
if ( $observer_xchan ) {
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_AUTHED )
2015-08-23 22:38:18 +02:00
return true ;
$x = q ( " select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = % d and abook_xchan = '%s' and abook_self = 0 limit 1 " ,
intval ( $uid ),
dbesc ( $observer_xchan )
);
// If they're blocked - they can't read or write
if (( $x ) && intval ( $x [ 0 ][ 'abook_blocked' ]))
return false ;
2017-02-05 16:11:01 +01:00
if (( $x ) && in_array ( $permission , $blocked_anon_perms ) && intval ( $x [ 0 ][ 'abook_ignored' ]))
2015-08-23 22:38:18 +02:00
return false ;
if ( ! $x ) {
2017-02-05 16:11:01 +01:00
// see if they've got a guest access token
$y = atoken_abook ( $uid , $observer_xchan );
if ( $y )
$x = array ( $y );
if ( ! $x ) {
// not in address book and no guest token, see if they've got an xchan
$y = q ( " select xchan_network from xchan where xchan_hash = '%s' limit 1 " ,
dbesc ( $observer_xchan )
);
if ( $y ) {
$x = array ( pseudo_abook ( $y [ 0 ]));
}
}
2015-08-23 22:38:18 +02:00
}
2017-02-05 16:11:01 +01:00
$abperms = load_abconfig ( $uid , $observer_xchan , 'my_perms' );
2015-08-23 22:38:18 +02:00
}
2017-02-05 16:11:01 +01:00
2015-08-23 22:38:18 +02:00
// system is blocked to anybody who is not authenticated
if (( ! $observer_xchan ) && intval ( get_config ( 'system' , 'block_public' )))
return false ;
// Check if this $uid is actually the $observer_xchan
2016-03-20 08:06:33 +01:00
// you will have full access unless the channel was moved -
// in which case you will have read_only access
2015-08-23 22:38:18 +02:00
2016-03-20 08:06:33 +01:00
if ( $r [ 0 ][ 'channel_hash' ] === $observer_xchan ) {
2017-02-05 16:11:01 +01:00
if ( $r [ 0 ][ 'channel_moved' ] && ( in_array ( $permission , $blocked_anon_perms )))
2016-03-20 08:06:33 +01:00
return false ;
else
return true ;
}
2015-08-23 22:38:18 +02:00
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_PUBLIC )
2015-08-23 22:38:18 +02:00
return true ;
// If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set
if ( ! $observer_xchan ) {
return false ;
}
// If we're still here, we have an observer, check the network.
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_NETWORK ) {
2015-08-23 22:38:18 +02:00
if (( $x && $x [ 0 ][ 'xchan_network' ] === 'zot' ) || ( $y && $y [ 0 ][ 'xchan_network' ] === 'zot' ))
return true ;
}
// If PERMS_SITE is specified, find out if they've got an account on this hub
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_SITE ) {
2015-08-23 22:38:18 +02:00
$c = q ( " select channel_hash from channel where channel_hash = '%s' limit 1 " ,
dbesc ( $observer_xchan )
);
if ( $c )
return true ;
return false ;
}
// From here on we require that the observer be a connection and
// handle whether we're allowing any, approved or specific ones
if ( ! $x ) {
return false ;
}
// They are in your address book, but haven't been approved
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_PENDING ) {
2015-08-23 22:38:18 +02:00
return true ;
}
if ( intval ( $x [ 0 ][ 'abook_pending' ])) {
return false ;
}
// They're a contact, so they have permission
2017-02-05 16:11:01 +01:00
if ( $channel_perm & PERMS_CONTACTS ) {
// it was a fake abook entry, not really a connection
if ( array_key_exists ( 'abook_pseudo' , $x [ 0 ]) && intval ( $x [ 0 ][ 'abook_pseudo' ])) {
return false ;
}
2015-08-23 22:38:18 +02:00
return true ;
}
// Permission granted to certain channels. Let's see if the observer is one of them
2017-02-05 16:11:01 +01:00
if (( $r ) && ( $channel_perm & PERMS_SPECIFIC )) {
if ( $abperms ) {
foreach ( $abperms as $ab ) {
if ( $ab [ 'cat' ] == 'my_perms' && $ab [ 'k' ] == $permission ) {
return (( intval ( $ab [ 'v' ])) ? true : false );
}
}
}
2015-08-23 22:38:18 +02:00
}
// No permissions allowed.
return false ;
}
function get_all_api_perms ( $uid , $api ) {
$global_perms = get_perms ();
$ret = array ();
$r = q ( " select * from xperm where xp_client = '%s' and xp_channel = %d " ,
dbesc ( $api ),
intval ( $uid )
);
if ( ! $r )
return false ;
$allow_all = false ;
$allowed = array ();
foreach ( $r as $rr ) {
if ( $rr [ 'xp_perm' ] === 'all' )
$allow_all = true ;
if ( ! in_array ( $rr [ 'xp_perm' ], $allowed ))
$allowed [] = $rr [ 'xp_perm' ];
}
foreach ( $global_perms as $perm_name => $permission ) {
if ( $allow_all || in_array ( $perm_name , $allowed ))
$ret [ $perm_name ] = true ;
else
$ret [ $perm_name ] = false ;
}
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permissions' => $ret );
call_hooks ( 'get_all_api_perms' , $arr );
return $arr [ 'permissions' ];
}
function api_perm_is_allowed ( $uid , $api , $permission ) {
$arr = array (
'channel_id' => $uid ,
'observer_hash' => $observer_xchan ,
'permission' => $permission ,
'result' => false
);
call_hooks ( 'api_perm_is_allowed' , $arr );
if ( $arr [ 'result' ])
return true ;
$r = q ( " select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' ) " ,
dbesc ( $api ),
intval ( $uid ),
dbesc ( $permission )
);
if ( ! $r )
return false ;
foreach ( $r as $rr ) {
if ( $rr [ 'xp_perm' ] === 'all' || $rr [ 'xp_perm' ] === $permission )
return true ;
}
return false ;
}
// Check a simple array of observers against a permissions
// return a simple array of those with permission
function check_list_permissions ( $uid , $arr , $perm ) {
$result = array ();
if ( $arr )
foreach ( $arr as $x )
if ( perm_is_allowed ( $uid , $x , $perm ))
$result [] = $x ;
return ( $result );
}
/**
* @ brief Sets site wide default permissions .
*
* @ return array
*/
function site_default_perms () {
$ret = array ();
$typical = array (
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC ,
'post_like' => PERMS_NETWORK
);
$global_perms = get_perms ();
foreach ( $global_perms as $perm => $v ) {
$x = get_config ( 'default_perms' , $perm );
if ( $x === false )
$x = $typical [ $perm ];
$ret [ $perm ] = $x ;
}
return $ret ;
}
/**
* @ brief Return an array of all permissions for this role .
*
* Given a string for the channel role ( 'social' , 'forum' , etc )
* return an array of all permission fields pre - filled for this role .
* This includes the channel permission scope indicators ( anything beginning with 'channel_' ) as well as
* * perms_auto : true or false to create auto - permissions for this channel
* * perms_follow : The permissions to apply when initiating a connection request to another channel
* * perms_accept : The permissions to apply when accepting a connection request from another channel ( not automatic )
* * default_collection : true or false to make the default ACL include the channel ' s default collection
* * directory_publish : true or false to publish this channel in the directory
* Any attributes may be extended ( new roles defined ) and modified ( specific permissions altered ) by plugins
*
* @ param string $role
* @ return array
*/
function get_role_perms ( $role ) {
$ret = array ();
$ret [ 'role' ] = $role ;
switch ( $role ) {
case 'social' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = true ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'send_stream' , 'post_wall' , 'post_comments' ,
'post_mail' , 'chat' , 'post_like' , 'republish' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'social_restricted' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = true ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'send_stream' , 'post_wall' , 'post_comments' ,
'post_mail' , 'chat' , 'post_like' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'social_private' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = false ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'send_stream' , 'post_wall' , 'post_comments' ,
'post_mail' , 'post_like' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_SPECIFIC ,
'view_storage' => PERMS_SPECIFIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'forum' :
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'post_wall' , 'post_comments' , 'tag_deliver' ,
'post_mail' , 'post_like' , 'republish' , 'chat' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'forum_restricted' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'post_wall' , 'post_comments' , 'tag_deliver' ,
'post_mail' , 'post_like' , 'chat' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'forum_private' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = false ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'post_wall' , 'post_comments' ,
'post_mail' , 'post_like' , 'chat' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_SPECIFIC ,
'view_contacts' => PERMS_SPECIFIC ,
'view_storage' => PERMS_SPECIFIC ,
'view_pages' => PERMS_SPECIFIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'feed' :
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'send_stream' , 'post_wall' , 'post_comments' ,
'post_mail' , 'post_like' , 'republish' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'feed_restricted' :
$ret [ 'perms_auto' ] = false ;
$ret [ 'default_collection' ] = true ;
$ret [ 'directory_publish' ] = false ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'send_stream' , 'post_wall' , 'post_comments' ,
'post_mail' , 'post_like' , 'republish' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'soapbox' :
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'post_like' , 'republish' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
case 'repository' :
$ret [ 'perms_auto' ] = true ;
$ret [ 'default_collection' ] = false ;
$ret [ 'directory_publish' ] = true ;
$ret [ 'online' ] = false ;
2017-02-05 16:11:01 +01:00
$ret [ 'perms_connect' ] = [
'view_stream' , 'view_profile' , 'view_contacts' , 'view_storage' ,
'view_pages' , 'write_storage' , 'write_pages' , 'post_wall' , 'post_comments' , 'tag_deliver' ,
'post_mail' , 'post_like' , 'republish' , 'chat' ];
$ret [ 'limits' ] = [
'view_stream' => PERMS_PUBLIC ,
'view_profile' => PERMS_PUBLIC ,
'view_contacts' => PERMS_PUBLIC ,
'view_storage' => PERMS_PUBLIC ,
'view_pages' => PERMS_PUBLIC ,
'send_stream' => PERMS_SPECIFIC ,
'post_wall' => PERMS_SPECIFIC ,
'post_comments' => PERMS_SPECIFIC ,
'post_mail' => PERMS_SPECIFIC ,
'post_like' => PERMS_SPECIFIC ,
'tag_deliver' => PERMS_SPECIFIC ,
'chat' => PERMS_SPECIFIC ,
'write_storage' => PERMS_SPECIFIC ,
'write_pages' => PERMS_SPECIFIC ,
'republish' => PERMS_SPECIFIC ,
'delegate' => PERMS_SPECIFIC
];
2015-08-23 22:38:18 +02:00
break ;
default :
break ;
}
$x = get_config ( 'system' , 'role_perms' );
// let system settings over-ride any or all
if ( $x && is_array ( $x ) && array_key_exists ( $role , $x ))
$ret = array_merge ( $ret , $x [ $role ]);
call_hooks ( 'get_role_perms' , $ret );
return $ret ;
}
/**
* @ brief Returns a list or roles , grouped by type .
*
* @ return string Returns an array of roles , grouped by type
*/
function get_roles () {
$roles = array (
2016-03-20 08:06:33 +01:00
t ( 'Social Networking' ) => array ( 'social' => t ( 'Social - Mostly Public' ), 'social_restricted' => t ( 'Social - Restricted' ), 'social_private' => t ( 'Social - Private' )),
t ( 'Community Forum' ) => array ( 'forum' => t ( 'Forum - Mostly Public' ), 'forum_restricted' => t ( 'Forum - Restricted' ), 'forum_private' => t ( 'Forum - Private' )),
t ( 'Feed Republish' ) => array ( 'feed' => t ( 'Feed - Mostly Public' ), 'feed_restricted' => t ( 'Feed - Restricted' )),
t ( 'Special Purpose' ) => array ( 'soapbox' => t ( 'Special - Celebrity/Soapbox' ), 'repository' => t ( 'Special - Group Repository' )),
2015-08-23 22:38:18 +02:00
t ( 'Other' ) => array ( 'custom' => t ( 'Custom/Expert Mode' ))
);
return $roles ;
}
