kopia lustrzana https://github.com/nextcloud/social
add viewer check on single post
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>pull/761/head
Maxence Lange
rodzic
238be61a10
commit
f3ce5967c9
|
|
@ -12,12 +12,12 @@
|
|||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/daita/my-small-php-tools.git",
|
||||
"reference": "ffc91a81c84ec679379b4b8a0a34434f3697c6e7"
|
||||
"reference": "4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/daita/my-small-php-tools/zipball/ffc91a81c84ec679379b4b8a0a34434f3697c6e7",
|
||||
"reference": "ffc91a81c84ec679379b4b8a0a34434f3697c6e7",
|
||||
"url": "https://api.github.com/repos/daita/my-small-php-tools/zipball/4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e",
|
||||
"reference": "4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
|
|
@ -40,7 +40,7 @@
|
|||
}
|
||||
],
|
||||
"description": "My small PHP Tools",
|
||||
"time": "2019-09-15T08:55:12+00:00"
|
||||
"time": "2019-09-16T10:53:15+00:00"
|
||||
},
|
||||
{
|
||||
"name": "friendica/json-ld",
|
||||
|
|
|
|||
|
|
@ -195,6 +195,7 @@ class LocalController extends Controller {
|
|||
* get info about a post (limited to viewer rights).
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @param string $id
|
||||
|
|
@ -203,8 +204,7 @@ class LocalController extends Controller {
|
|||
*/
|
||||
public function postGet(string $id): DataResponse {
|
||||
try {
|
||||
$this->initViewer(true);
|
||||
|
||||
$this->initViewer(false);
|
||||
$stream = $this->streamService->getStreamById($id, true);
|
||||
|
||||
return $this->directSuccess($stream);
|
||||
|
|
|
|||
|
|
@ -209,14 +209,14 @@ class SocialPubController extends Controller {
|
|||
* @throws SocialAppConfigException
|
||||
*/
|
||||
public function displayPost(string $username, string $token): TemplateResponse {
|
||||
// TODO - check viewer rights !
|
||||
$postId = $this->configService->getSocialUrl() . '@' . $username . '/' . $token;
|
||||
// TODO: remove this, as viewer rights are already implemented in LocalController
|
||||
$stream = $this->streamService->getStreamById($postId, false);
|
||||
$data = [
|
||||
'id' => $postId,
|
||||
'item' => $stream,
|
||||
'id' => $postId,
|
||||
'item' => $stream,
|
||||
'serverData' => [
|
||||
'public' => true,
|
||||
'public' => ($this->userId === null),
|
||||
],
|
||||
'application' => 'Social'
|
||||
];
|
||||
|
|
|
|||
|
|
@ -228,7 +228,6 @@ class StreamRequest extends StreamRequestBuilder {
|
|||
*
|
||||
* @return Stream
|
||||
* @throws StreamNotFoundException
|
||||
* @throws SocialAppConfigException
|
||||
*/
|
||||
public function getStreamById(string $id, bool $asViewer = false): Stream {
|
||||
if ($id === '') {
|
||||
|
|
@ -236,15 +235,19 @@ class StreamRequest extends StreamRequestBuilder {
|
|||
};
|
||||
|
||||
$qb = $this->getStreamSelectSql();
|
||||
$expr = $qb->expr();
|
||||
|
||||
$this->limitToIdString($qb, $id);
|
||||
$this->leftJoinCacheActors($qb, 'attributed_to');
|
||||
$this->selectCacheActors($qb, 'ca');
|
||||
$qb->andWhere($expr->eq('s.attributed_to_prim', 'ca.id_prim'));
|
||||
|
||||
if ($asViewer) {
|
||||
$this->limitToViewer($qb);
|
||||
$this->leftJoinStreamAction($qb);
|
||||
if ($this->viewer !== null) {
|
||||
$this->leftJoinStreamAction($qb);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
try {
|
||||
return $this->getStreamFromRequest($qb);
|
||||
} catch (ItemUnknownException $e) {
|
||||
|
|
|
|||
|
|
@ -144,6 +144,13 @@ class StreamRequestBuilder extends CoreRequestBuilder {
|
|||
protected function limitToViewer(IQueryBuilder $qb) {
|
||||
$actor = $this->viewer;
|
||||
|
||||
// TODO - rewrite this request to use stream_dest !
|
||||
if ($this->viewer === null) {
|
||||
$qb->andWhere($this->exprLimitToRecipient($qb, ACore::CONTEXT_PUBLIC, false));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$on = $this->exprJoinFollowing($qb, $actor);
|
||||
$on->add($this->exprLimitToRecipient($qb, ACore::CONTEXT_PUBLIC, false));
|
||||
$on->add($this->exprLimitToRecipient($qb, $actor->getId(), true));
|
||||
|
|
|
|||
|
|
@ -420,9 +420,9 @@ class Stream extends ACore implements IQueryRow, JsonSerializable {
|
|||
]
|
||||
);
|
||||
|
||||
$result['cc'] = '';
|
||||
$result['bcc'] = '';
|
||||
$result['to'] = '';
|
||||
// $result['cc'] = '';
|
||||
// $result['bcc'] = '';
|
||||
// $result['to'] = '';
|
||||
}
|
||||
|
||||
$this->cleanArray($result);
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue