2015-08-23 22:38:18 +02:00
< ? php
/**
* @ file mod / thing . php
* @ brief
*/
require_once ( 'include/items.php' );
2015-10-24 13:04:14 +02:00
require_once ( 'include/security.php' );
2015-08-23 22:38:18 +02:00
require_once ( 'include/contact_selectors.php' );
2015-10-24 13:04:14 +02:00
require_once ( 'include/acl_selectors.php' );
2015-08-23 22:38:18 +02:00
function thing_init ( & $a ) {
if ( ! local_channel ())
return ;
$channel = $a -> get_channel ();
$term_hash = (( $_REQUEST [ 'term_hash' ]) ? $_REQUEST [ 'term_hash' ] : '' );
$name = escape_tags ( $_REQUEST [ 'term' ]);
$verb = escape_tags ( $_REQUEST [ 'verb' ]);
$activity = intval ( $_REQUEST [ 'activity' ]);
$profile_guid = escape_tags ( $_REQUEST [ 'profile_assign' ]);
$url = $_REQUEST [ 'link' ];
$photo = $_REQUEST [ 'img' ];
$hash = random_string ();
$verbs = obj_verbs ();
/**
* verbs : [ 0 ] = first person singular , e . g . " I want " , [ 1 ] = 3 rd person singular , e . g . " Bill wants "
* We use the first person form when creating an activity , but the third person for use in activities
* @ FIXME There is no accounting for verb gender for languages where this is significant . We may eventually
* require obj_verbs () to provide full conjugations and specify which form to use in the $_REQUEST params to this module .
*/
$translated_verb = $verbs [ $verb ][ 1 ];
/*
* The site administrator can do things that normals cannot .
* This is restricted because it will likely cause
* an activitystreams protocol violation and the activity might
* choke in some other network and result in unnecessary
* support requests . It isn 't because we' re trying to be heavy - handed
* about what you can and can ' t do .
*/
if ( ! $translated_verb ) {
if ( is_site_admin ())
$translated_verb = $verb ;
}
/*
* Things , objects : We do not provide definite ( a , an ) or indefinite ( the ) articles or singular / plural designators
* That needs to be specified in your thing . e . g . Mike has " a carrot " , Greg wants " balls " , Bob likes " the Boston Red Sox " .
*/
/*
* Future work on this module might produce more complex activities with targets , e . g . Phillip likes Karen ' s moustache
* and to describe other non - thing objects like channels , such as Karl wants Susan - where Susan represents a channel profile .
*/
if (( ! $name ) || ( ! $translated_verb ))
return ;
2015-10-24 13:04:14 +02:00
$acl = new AccessList ( $channel );
if ( array_key_exists ( 'contact_allow' , $_REQUEST )
|| array_key_exists ( 'group_allow' , $_REQUEST )
|| array_key_exists ( 'contact_deny' , $_REQUEST )
|| array_key_exists ( 'group_deny' , $_REQUEST )) {
$acl -> set_from_array ( $_REQUEST );
}
$x = $acl -> get ();
2015-08-23 22:38:18 +02:00
if ( $term_hash ) {
2015-10-24 13:04:14 +02:00
$t = q ( " select * from obj where obj_obj = '%s' and obj_channel = %d limit 1 " ,
dbesc ( $term_hash ),
intval ( local_channel ())
2015-08-23 22:38:18 +02:00
);
if ( ! $t ) {
notice ( t ( 'Item not found.' ) . EOL );
return ;
}
$orig_record = $t [ 0 ];
2015-10-24 13:04:14 +02:00
if ( $photo != $orig_record [ 'obj_imgurl' ]) {
$arr = import_xchan_photo ( $photo , get_observer_hash (), true );
2015-08-23 22:38:18 +02:00
$local_photo = $arr [ 0 ];
$local_photo_type = $arr [ 3 ];
}
else
2015-10-24 13:04:14 +02:00
$local_photo = $orig_record [ 'obj_imgurl' ];
2015-08-23 22:38:18 +02:00
2015-10-24 13:04:14 +02:00
$r = q ( " update obj set obj_term = '%s', obj_url = '%s', obj_imgurl = '%s', obj_edited = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where obj_obj = '%s' and obj_channel = %d " ,
2015-08-23 22:38:18 +02:00
dbesc ( $name ),
dbesc (( $url ) ? $url : z_root () . '/thing/' . $term_hash ),
dbesc ( $local_photo ),
2015-10-24 13:04:14 +02:00
dbesc ( datetime_convert ()),
dbesc ( $x [ 'allow_cid' ]),
dbesc ( $x [ 'allow_gid' ]),
dbesc ( $x [ 'deny_cid' ]),
dbesc ( $x [ 'deny_gid' ]),
2015-08-23 22:38:18 +02:00
dbesc ( $term_hash ),
intval ( local_channel ())
);
info ( t ( 'Thing updated' ) . EOL );
2015-10-24 13:04:14 +02:00
$r = q ( " select * from obj where obj_channel = %d and obj_obj = '%s' limit 1 " ,
intval ( local_channel ()),
dbesc ( $term_hash )
);
if ( $r ) {
build_sync_packet ( 0 , array ( 'obj' => $r ));
}
2015-08-23 22:38:18 +02:00
return ;
}
$sql = (( $profile_guid ) ? " and profile_guid = ' " . dbesc ( $profile_guid ) . " ' " : " and is_default = 1 " );
$p = q ( " select profile_guid, is_default from profile where uid = %d $sql limit 1 " ,
intval ( local_channel ())
);
if ( $p )
$profile = $p [ 0 ];
else
return ;
$local_photo = null ;
if ( $photo ) {
2015-10-24 13:04:14 +02:00
$arr = import_xchan_photo ( $photo , get_observer_hash (), true );
2015-08-23 22:38:18 +02:00
$local_photo = $arr [ 0 ];
$local_photo_type = $arr [ 3 ];
}
2015-10-24 13:04:14 +02:00
$created = datetime_convert ();
$url = (( $url ) ? $url : z_root () . '/thing/' . $hash );
2015-08-23 22:38:18 +02:00
2015-10-24 13:04:14 +02:00
$r = q ( " insert into obj ( obj_page, obj_verb, obj_type, obj_channel, obj_obj, obj_term, obj_url, obj_imgurl, obj_created, obj_edited, allow_cid, allow_gid, deny_cid, deny_gid ) values ('%s','%s', %d, %d, '%s','%s','%s','%s','%s','%s','%s','%s','%s','%s') " ,
2015-08-23 22:38:18 +02:00
dbesc ( $profile [ 'profile_guid' ]),
dbesc ( $verb ),
intval ( TERM_OBJ_THING ),
intval ( local_channel ()),
2015-10-24 13:04:14 +02:00
dbesc ( $hash ),
dbesc ( $name ),
dbesc ( $url ),
dbesc (( $photo ) ? $local_photo : '' ),
dbesc ( $created ),
dbesc ( $created ),
dbesc ( $x [ 'allow_cid' ]),
dbesc ( $x [ 'allow_gid' ]),
dbesc ( $x [ 'deny_cid' ]),
dbesc ( $x [ 'deny_gid' ])
2015-08-23 22:38:18 +02:00
);
if ( ! $r ) {
notice ( t ( 'Object store: failed' ));
return ;
}
info ( t ( 'Thing added' ));
2015-10-24 13:04:14 +02:00
$r = q ( " select * from obj where obj_channel = %d and obj_obj = '%s' limit 1 " ,
intval ( local_channel ()),
dbesc ( $hash )
);
if ( $r ) {
build_sync_packet ( 0 , array ( 'obj' => $r ));
}
2015-08-23 22:38:18 +02:00
if ( $activity ) {
$arr = array ();
2015-10-24 13:04:14 +02:00
$links = array ( array ( 'rel' => 'alternate' , 'type' => 'text/html' , 'href' => $url ));
2015-08-23 22:38:18 +02:00
if ( $local_photo )
$links [] = array ( 'rel' => 'photo' , 'type' => $local_photo_type , 'href' => $local_photo );
$objtype = ACTIVITY_OBJ_THING ;
$obj = json_encode ( array (
'type' => $objtype ,
2015-10-24 13:04:14 +02:00
'id' => $url ,
2015-08-23 22:38:18 +02:00
'link' => $links ,
2015-10-24 13:04:14 +02:00
'title' => $name ,
'content' => $name
2015-08-23 22:38:18 +02:00
));
$bodyverb = str_replace ( 'OBJ: ' , '' , t ( 'OBJ: %1$s %2$s %3$s' ));
$arr [ 'owner_xchan' ] = $channel [ 'channel_hash' ];
$arr [ 'author_xchan' ] = $channel [ 'channel_hash' ];
$arr [ 'item_origin' ] = 1 ;
$arr [ 'item_wall' ] = 1 ;
$arr [ 'item_thread_top' ] = 1 ;
$ulink = '[zrl=' . $channel [ 'xchan_url' ] . ']' . $channel [ 'channel_name' ] . '[/zrl]' ;
2015-10-24 13:04:14 +02:00
$plink = '[zrl=' . $url . ']' . $name . '[/zrl]' ;
2015-08-23 22:38:18 +02:00
$arr [ 'body' ] = sprintf ( $bodyverb , $ulink , $translated_verb , $plink );
if ( $local_photo )
$arr [ 'body' ] .= " \n \n [zmg] " . $local_photo . " [/zmg] " ;
$arr [ 'verb' ] = $verb ;
$arr [ 'obj_type' ] = $objtype ;
$arr [ 'object' ] = $obj ;
if ( ! $profile [ 'is_default' ]) {
$arr [ 'item_private' ] = true ;
$str = '' ;
$r = q ( " select abook_xchan from abook where abook_channel = %d and abook_profile = '%s' " ,
intval ( local_channel ()),
dbesc ( $profile_guid )
);
if ( $r ) {
$arr [ 'allow_cid' ] = '' ;
foreach ( $r as $rr )
$arr [ 'allow_cid' ] .= '<' . $rr [ 'abook_xchan' ] . '>' ;
}
else
$arr [ 'allow_cid' ] = '<' . get_observer_hash () . '>' ;
}
$ret = post_activity_item ( $arr );
}
}
function thing_content ( & $a ) {
2015-10-24 13:04:14 +02:00
// @FIXME one problem with things is we can't share them unless we provide the channel in the url
// so we can definitively lookup the owner.
2015-08-23 22:38:18 +02:00
if ( argc () == 2 ) {
2015-10-24 13:04:14 +02:00
$r = q ( " select obj_channel from obj where obj_type = %d and obj_obj = '%s' limit 1 " ,
intval ( TERM_OBJ_THING ),
dbesc ( argv ( 1 ))
);
if ( $r )
$sql_extra = permissions_sql ( $r [ 0 ][ 'obj_channel' ]);
$r = q ( " select * from obj where obj_type = %d and obj_obj = '%s' $sql_extra limit 1 " ,
2015-08-23 22:38:18 +02:00
intval ( TERM_OBJ_THING ),
dbesc ( argv ( 1 ))
);
if ( $r ) {
return replace_macros ( get_markup_template ( 'show_thing.tpl' ), array (
'$header' => t ( 'Show Thing' ),
'$edit' => t ( 'Edit' ),
'$delete' => t ( 'Delete' ),
'$canedit' => (( local_channel () && local_channel () == $r [ 0 ][ 'obj_channel' ]) ? true : false ),
'$thing' => $r [ 0 ] ));
}
else {
notice ( t ( 'item not found.' ) . EOL );
return ;
}
}
$channel = $a -> get_channel ();
if ( ! ( local_channel () && $channel )) {
notice ( t ( 'Permission denied.' ) . EOL );
return ;
}
2015-10-24 13:04:14 +02:00
$acl = new AccessList ( $channel );
$channel_acl = $acl -> get ();
$lockstate = (( $acl -> is_private ()) ? 'lock' : 'unlock' );
2015-08-23 22:38:18 +02:00
$thing_hash = '' ;
if ( argc () == 3 && argv ( 1 ) === 'edit' ) {
$thing_hash = argv ( 2 );
2015-10-24 13:04:14 +02:00
$r = q ( " select * from obj where obj_type = %d and obj_obj = '%s' limit 1 " ,
2015-08-23 22:38:18 +02:00
intval ( TERM_OBJ_THING ),
dbesc ( $thing_hash )
);
if (( ! $r ) || ( $r [ 0 ][ 'obj_channel' ] != local_channel ())) {
notice ( t ( 'Permission denied.' ) . EOL );
return '' ;
}
$o .= replace_macros ( get_markup_template ( 'thing_edit.tpl' ), array (
'$thing_hdr' => t ( 'Edit Thing' ),
'$multiprof' => feature_enabled ( local_channel (), 'multi_profiles' ),
'$profile_lbl' => t ( 'Select a profile' ),
'$profile_select' => contact_profile_assign ( $r [ 0 ][ 'obj_page' ]),
'$verb_lbl' => $channel [ 'channel_name' ],
'$verb_select' => obj_verb_selector ( $r [ 0 ][ 'obj_verb' ]),
'$activity' => array ( 'activity' , t ( 'Post an activity' ), true , t ( 'Only sends to viewers of the applicable profile' )),
'$thing_hash' => $thing_hash ,
'$thing_lbl' => t ( 'Name of thing e.g. something' ),
2015-10-24 13:04:14 +02:00
'$thething' => $r [ 0 ][ 'obj_term' ],
2015-08-23 22:38:18 +02:00
'$url_lbl' => t ( 'URL of thing (optional)' ),
2015-10-24 13:04:14 +02:00
'$theurl' => $r [ 0 ][ 'obj_url' ],
2015-08-23 22:38:18 +02:00
'$img_lbl' => t ( 'URL for photo of thing (optional)' ),
2015-10-24 13:04:14 +02:00
'$imgurl' => $r [ 0 ][ 'obj_imgurl' ],
'$permissions' => t ( 'Permissions' ),
'$aclselect' => populate_acl ( $channel_acl , false ),
'$lockstate' => $lockstate ,
2015-08-23 22:38:18 +02:00
'$submit' => t ( 'Submit' )
));
return $o ;
}
if ( argc () == 3 && argv ( 1 ) === 'drop' ) {
$thing_hash = argv ( 2 );
2015-10-24 13:04:14 +02:00
$r = q ( " select * from obj where obj_type = %d and obj_obj = '%s' limit 1 " ,
2015-08-23 22:38:18 +02:00
intval ( TERM_OBJ_THING ),
dbesc ( $thing_hash )
);
if (( ! $r ) || ( $r [ 0 ][ 'obj_channel' ] != local_channel ())) {
notice ( t ( 'Permission denied.' ) . EOL );
return '' ;
}
$x = q ( " delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d " ,
dbesc ( $thing_hash ),
intval ( TERM_OBJ_THING ),
intval ( local_channel ())
);
2015-10-24 13:04:14 +02:00
$r [ 0 ][ 'obj_deleted' ] = 1 ;
build_sync_packet ( 0 , array ( 'obj' => $r ));
2015-08-23 22:38:18 +02:00
return $o ;
}
$o .= replace_macros ( get_markup_template ( 'thing_input.tpl' ), array (
'$thing_hdr' => t ( 'Add Thing to your Profile' ),
'$multiprof' => feature_enabled ( local_channel (), 'multi_profiles' ),
'$profile_lbl' => t ( 'Select a profile' ),
'$profile_select' => contact_profile_assign ( '' ),
'$verb_lbl' => $channel [ 'channel_name' ],
'$activity' => array ( 'activity' , t ( 'Post an activity' ),(( array_key_exists ( 'activity' , $_REQUEST )) ? $_REQUEST [ 'activity' ] : true ), t ( 'Only sends to viewers of the applicable profile' )),
'$verb_select' => obj_verb_selector (),
'$thing_lbl' => t ( 'Name of thing e.g. something' ),
'$url_lbl' => t ( 'URL of thing (optional)' ),
'$img_lbl' => t ( 'URL for photo of thing (optional)' ),
2015-10-24 13:04:14 +02:00
'$permissions' => t ( 'Permissions' ),
'$aclselect' => populate_acl ( $channel_acl , false ),
'$lockstate' => $lockstate ,
2015-08-23 22:38:18 +02:00
'$submit' => t ( 'Submit' )
));
return $o ;
}
