mirror
/
social
kopia lustrzana https://github.com/nextcloud/social
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

add viewer check on single post 

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
pull/761/head
Maxence Lange 2019-09-27 15:03:25 +02:00
rodzic 238be61a10
commit f3ce5967c9
6 zmienionych plików z 27 dodań i 17 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
composer.lock wygenerowano
Wyświetl plik

@ -12,12 +12,12 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/daita/my-small-php-tools.git", "url": "https://github.com/daita/my-small-php-tools.git",
"reference": "ffc91a81c84ec679379b4b8a0a34434f3697c6e7" "reference": "4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/daita/my-small-php-tools/zipball/ffc91a81c84ec679379b4b8a0a34434f3697c6e7", "url": "https://api.github.com/repos/daita/my-small-php-tools/zipball/4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e",
"reference": "ffc91a81c84ec679379b4b8a0a34434f3697c6e7", "reference": "4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -40,7 +40,7 @@
} }
], ],
"description": "My small PHP Tools", "description": "My small PHP Tools",
"time": "2019-09-15T08:55:12+00:00" "time": "2019-09-16T10:53:15+00:00"
}, },
{ {
"name": "friendica/json-ld", "name": "friendica/json-ld",

4
lib/Controller/LocalController.php
Wyświetl plik

@ -195,6 +195,7 @@ class LocalController extends Controller {
* get info about a post (limited to viewer rights). * get info about a post (limited to viewer rights).
* *
* @NoAdminRequired * @NoAdminRequired
* @PublicPage
* @NoCSRFRequired * @NoCSRFRequired
* *
* @param string $id * @param string $id
@ -203,8 +204,7 @@ class LocalController extends Controller {
*/ */
public function postGet(string $id): DataResponse { public function postGet(string $id): DataResponse {
try { try {
$this->initViewer(true); $this->initViewer(false);
$stream = $this->streamService->getStreamById($id, true); $stream = $this->streamService->getStreamById($id, true);
return $this->directSuccess($stream); return $this->directSuccess($stream);

8
lib/Controller/SocialPubController.php
Wyświetl plik

@ -209,14 +209,14 @@ class SocialPubController extends Controller {
* @throws SocialAppConfigException * @throws SocialAppConfigException
*/ */
public function displayPost(string $username, string $token): TemplateResponse { public function displayPost(string $username, string $token): TemplateResponse {
// TODO - check viewer rights !
$postId = $this->configService->getSocialUrl() . '@' . $username . '/' . $token; $postId = $this->configService->getSocialUrl() . '@' . $username . '/' . $token;
// TODO: remove this, as viewer rights are already implemented in LocalController
$stream = $this->streamService->getStreamById($postId, false); $stream = $this->streamService->getStreamById($postId, false);
$data = [ $data = [
'id' => $postId, 'id' => $postId,
'item' => $stream, 'item' => $stream,
'serverData' => [ 'serverData' => [
'public' => true, 'public' => ($this->userId === null),
], ],
'application' => 'Social' 'application' => 'Social'
]; ];

11
lib/Db/StreamRequest.php
Wyświetl plik

@ -228,7 +228,6 @@ class StreamRequest extends StreamRequestBuilder {
* *
* @return Stream * @return Stream
* @throws StreamNotFoundException * @throws StreamNotFoundException
* @throws SocialAppConfigException
*/ */
public function getStreamById(string $id, bool $asViewer = false): Stream { public function getStreamById(string $id, bool $asViewer = false): Stream {
if ($id === '') { if ($id === '') {
@ -236,15 +235,19 @@ class StreamRequest extends StreamRequestBuilder {
}; };
$qb = $this->getStreamSelectSql(); $qb = $this->getStreamSelectSql();
$expr = $qb->expr();
$this->limitToIdString($qb, $id); $this->limitToIdString($qb, $id);
$this->leftJoinCacheActors($qb, 'attributed_to'); $this->selectCacheActors($qb, 'ca');
$qb->andWhere($expr->eq('s.attributed_to_prim', 'ca.id_prim'));
if ($asViewer) { if ($asViewer) {
$this->limitToViewer($qb); $this->limitToViewer($qb);
$this->leftJoinStreamAction($qb); if ($this->viewer !== null) {
$this->leftJoinStreamAction($qb);
}
} }
try { try {
return $this->getStreamFromRequest($qb); return $this->getStreamFromRequest($qb);
} catch (ItemUnknownException $e) { } catch (ItemUnknownException $e) {

7
lib/Db/StreamRequestBuilder.php
Wyświetl plik

@ -144,6 +144,13 @@ class StreamRequestBuilder extends CoreRequestBuilder {
protected function limitToViewer(IQueryBuilder $qb) { protected function limitToViewer(IQueryBuilder $qb) {
$actor = $this->viewer; $actor = $this->viewer;
// TODO - rewrite this request to use stream_dest !
if ($this->viewer === null) {
$qb->andWhere($this->exprLimitToRecipient($qb, ACore::CONTEXT_PUBLIC, false));
return;
}
$on = $this->exprJoinFollowing($qb, $actor); $on = $this->exprJoinFollowing($qb, $actor);
$on->add($this->exprLimitToRecipient($qb, ACore::CONTEXT_PUBLIC, false)); $on->add($this->exprLimitToRecipient($qb, ACore::CONTEXT_PUBLIC, false));
$on->add($this->exprLimitToRecipient($qb, $actor->getId(), true)); $on->add($this->exprLimitToRecipient($qb, $actor->getId(), true));

6
lib/Model/ActivityPub/Stream.php
Wyświetl plik

@ -420,9 +420,9 @@ class Stream extends ACore implements IQueryRow, JsonSerializable {
] ]
); );
$result['cc'] = ''; // $result['cc'] = '';
$result['bcc'] = ''; // $result['bcc'] = '';
$result['to'] = ''; // $result['to'] = '';
} }
$this->cleanArray($result); $this->cleanArray($result);