Commit 9f160346 authored by Evan Prodromou's avatar Evan Prodromou

Merge branch 'limitdist2' into 1.0.x

parents 38980396 31fd4dbe
...@@ -1472,6 +1472,8 @@ Configuration options specific to notices. ...@@ -1472,6 +1472,8 @@ Configuration options specific to notices.
contentlimit: max length of the plain-text content of a notice. contentlimit: max length of the plain-text content of a notice.
Default is null, meaning to use the site-wide text limit. Default is null, meaning to use the site-wide text limit.
0 means no limit. 0 means no limit.
defaultscope: default scope for notices. Defaults to 0; set to
1 to keep notices private to this site by default.
message message
------- -------
......
...@@ -85,8 +85,27 @@ class ApiStatusesRetweetAction extends ApiAuthAction ...@@ -85,8 +85,27 @@ class ApiStatusesRetweetAction extends ApiAuthAction
return false; return false;
} }
// Is it OK to repeat that notice (general enough scope)?
if ($this->original->scope != Notice::SITE_SCOPE &&
$this->original->scope != Notice::PUBLIC_SCOPE) {
$this->clientError(_('You may not repeat a private notice.'),
403,
$this->format);
return false;
}
$profile = $this->user->getProfile(); $profile = $this->user->getProfile();
// Can the profile actually see that notice?
if (!$this->original->inScope($profile)) {
$this->clientError(_('No access to that notice.'),
403,
$this->format);
return false;
}
if ($profile->hasRepeated($id)) { if ($profile->hasRepeated($id)) {
// TRANS: Client error displayed trying to re-repeat a notice through the API. // TRANS: Client error displayed trying to re-repeat a notice through the API.
$this->clientError(_('Already repeated that notice.'), $this->clientError(_('Already repeated that notice.'),
...@@ -94,6 +113,7 @@ class ApiStatusesRetweetAction extends ApiAuthAction ...@@ -94,6 +113,7 @@ class ApiStatusesRetweetAction extends ApiAuthAction
return false; return false;
} }
return true; return true;
} }
......
...@@ -209,6 +209,10 @@ class NewnoticeAction extends Action ...@@ -209,6 +209,10 @@ class NewnoticeAction extends Action
$author_id = $user->id; $author_id = $user->id;
$text = $content_shortened; $text = $content_shortened;
// Does the heavy-lifting for getting "To:" information
ToSelector::fillOptions($this, $options);
if (Event::handle('StartNoticeSaveWeb', array($this, &$author_id, &$text, &$options))) { if (Event::handle('StartNoticeSaveWeb', array($this, &$author_id, &$text, &$options))) {
$notice = Notice::saveNew($user->id, $content_shortened, 'web', $options); $notice = Notice::saveNew($user->id, $content_shortened, 'web', $options);
......
...@@ -73,6 +73,14 @@ class RepeatAction extends Action ...@@ -73,6 +73,14 @@ class RepeatAction extends Action
return false; return false;
} }
// Is it OK to repeat that notice (general enough scope)?
if ($this->notice->scope != Notice::SITE_SCOPE &&
$this->notice->scope != Notice::PUBLIC_SCOPE) {
$this->clientError(_('You may not repeat a private notice.'),
403);
}
if ($this->user->id == $this->notice->profile_id) { if ($this->user->id == $this->notice->profile_id) {
// TRANS: Client error displayed when trying to repeat an own notice. // TRANS: Client error displayed when trying to repeat an own notice.
$this->clientError(_('You cannot repeat your own notice.')); $this->clientError(_('You cannot repeat your own notice.'));
...@@ -88,6 +96,13 @@ class RepeatAction extends Action ...@@ -88,6 +96,13 @@ class RepeatAction extends Action
$profile = $this->user->getProfile(); $profile = $this->user->getProfile();
// Can the profile actually see that notice?
if (!$this->notice->inScope($profile)) {
$this->clientError(_('No access to that notice.'), 403);
}
if ($profile->hasRepeated($id)) { if ($profile->hasRepeated($id)) {
// TRANS: Client error displayed when trying to repeat an already repeated notice. // TRANS: Client error displayed when trying to repeat an already repeated notice.
$this->clientError(_('You already repeated that notice.')); $this->clientError(_('You already repeated that notice.'));
......
...@@ -365,6 +365,18 @@ class ShowgroupAction extends GroupDesignAction ...@@ -365,6 +365,18 @@ class ShowgroupAction extends GroupDesignAction
$this->raw(common_markup_to_html($m)); $this->raw(common_markup_to_html($m));
$this->elementEnd('div'); $this->elementEnd('div');
} }
function noticeFormOptions()
{
$options = parent::noticeFormOptions();
$cur = common_current_user();
if (!empty($cur) && $cur->isMember($this->group)) {
$options['to_group'] = $this->group;
}
return $options;
}
} }
class GroupAdminSection extends ProfileSection class GroupAdminSection extends ProfileSection
......
...@@ -79,7 +79,7 @@ class ShownoticeAction extends OwnerDesignAction ...@@ -79,7 +79,7 @@ class ShownoticeAction extends OwnerDesignAction
$id = $this->arg('notice'); $id = $this->arg('notice');
$this->notice = Notice::staticGet($id); $this->notice = Notice::staticGet('id', $id);
if (empty($this->notice)) { if (empty($this->notice)) {
// Did we used to have it, and it got deleted? // Did we used to have it, and it got deleted?
...@@ -94,6 +94,18 @@ class ShownoticeAction extends OwnerDesignAction ...@@ -94,6 +94,18 @@ class ShownoticeAction extends OwnerDesignAction
return false; return false;
} }
$cur = common_current_user();
if (!empty($cur)) {
$curProfile = $cur->getProfile();
} else {
$curProfile = null;
}
if (!$this->notice->inScope($curProfile)) {
throw new ClientException(_('Not available.'), 403);
}
$this->profile = $this->notice->getProfile(); $this->profile = $this->notice->getProfile();
if (empty($this->profile)) { if (empty($this->profile)) {
......
...@@ -278,6 +278,18 @@ class ShowstreamAction extends ProfileAction ...@@ -278,6 +278,18 @@ class ShowstreamAction extends ProfileAction
$cloud = new PersonalTagCloudSection($this, $this->user); $cloud = new PersonalTagCloudSection($this, $this->user);
$cloud->show(); $cloud->show();
} }
function noticeFormOptions()
{
$options = parent::noticeFormOptions();
$cur = common_current_user();
if (empty($cur) || $cur->id != $this->profile->id) {
$options['to_profile'] = $this->profile;
}
return $options;
}
} }
// We don't show the author for a profile, since we already know who it is! // We don't show the author for a profile, since we already know who it is!
......
...@@ -73,6 +73,7 @@ class Notice extends Memcached_DataObject ...@@ -73,6 +73,7 @@ class Notice extends Memcached_DataObject
public $location_ns; // int(4) public $location_ns; // int(4)
public $repeat_of; // int(4) public $repeat_of; // int(4)
public $object_type; // varchar(255) public $object_type; // varchar(255)
public $scope; // int(4)
/* Static get */ /* Static get */
function staticGet($k,$v=NULL) function staticGet($k,$v=NULL)
...@@ -89,6 +90,12 @@ class Notice extends Memcached_DataObject ...@@ -89,6 +90,12 @@ class Notice extends Memcached_DataObject
const LOCAL_NONPUBLIC = -1; const LOCAL_NONPUBLIC = -1;
const GATEWAY = -2; const GATEWAY = -2;
const PUBLIC_SCOPE = 0; // Useful fake constant
const SITE_SCOPE = 1;
const ADDRESSEE_SCOPE = 2;
const GROUP_SCOPE = 4;
const FOLLOWER_SCOPE = 8;
function getProfile() function getProfile()
{ {
$profile = Profile::staticGet('id', $this->profile_id); $profile = Profile::staticGet('id', $this->profile_id);
...@@ -243,6 +250,7 @@ class Notice extends Memcached_DataObject ...@@ -243,6 +250,7 @@ class Notice extends Memcached_DataObject
* notice in place of extracting links from content * notice in place of extracting links from content
* boolean 'distribute' whether to distribute the notice, default true * boolean 'distribute' whether to distribute the notice, default true
* string 'object_type' URL of the associated object type (default ActivityObject::NOTE) * string 'object_type' URL of the associated object type (default ActivityObject::NOTE)
* int 'scope' Scope bitmask; default to SITE_SCOPE on private sites, 0 otherwise
* *
* @fixme tag override * @fixme tag override
* *
...@@ -254,6 +262,7 @@ class Notice extends Memcached_DataObject ...@@ -254,6 +262,7 @@ class Notice extends Memcached_DataObject
'url' => null, 'url' => null,
'reply_to' => null, 'reply_to' => null,
'repeat_of' => null, 'repeat_of' => null,
'scope' => null,
'distribute' => true); 'distribute' => true);
if (!empty($options)) { if (!empty($options)) {
...@@ -336,6 +345,19 @@ class Notice extends Memcached_DataObject ...@@ -336,6 +345,19 @@ class Notice extends Memcached_DataObject
// Handle repeat case // Handle repeat case
if (isset($repeat_of)) { if (isset($repeat_of)) {
// Check for a private one
$repeat = Notice::staticGet('id', $repeat_of);
if (!empty($repeat) &&
$repeat->scope != Notice::SITE_SCOPE &&
$repeat->scope != Notice::PUBLIC_SCOPE) {
throw new ClientException(_('Cannot repeat a private notice.'), 403);
}
// XXX: Check for access...?
$notice->repeat_of = $repeat_of; $notice->repeat_of = $repeat_of;
} else { } else {
$notice->reply_to = self::getReplyTo($reply_to, $profile_id, $source, $final); $notice->reply_to = self::getReplyTo($reply_to, $profile_id, $source, $final);
...@@ -343,6 +365,10 @@ class Notice extends Memcached_DataObject ...@@ -343,6 +365,10 @@ class Notice extends Memcached_DataObject
if (!empty($notice->reply_to)) { if (!empty($notice->reply_to)) {
$reply = Notice::staticGet('id', $notice->reply_to); $reply = Notice::staticGet('id', $notice->reply_to);
if (!$reply->inScope($profile)) {
throw new ClientException(sprintf(_("%s has no access to notice %d"),
$profile->nickname, $reply->id), 403);
}
$notice->conversation = $reply->conversation; $notice->conversation = $reply->conversation;
} }
...@@ -368,6 +394,12 @@ class Notice extends Memcached_DataObject ...@@ -368,6 +394,12 @@ class Notice extends Memcached_DataObject
$notice->object_type = $object_type; $notice->object_type = $object_type;
} }
if (is_null($scope)) { // 0 is a valid value
$notice->scope = common_config('notice', 'defaultscope');
} else {
$notice->scope = $scope;
}
if (Event::handle('StartNoticeSave', array(&$notice))) { if (Event::handle('StartNoticeSave', array(&$notice))) {
// XXX: some of these functions write to the DB // XXX: some of these functions write to the DB
...@@ -1556,8 +1588,13 @@ class Notice extends Memcached_DataObject ...@@ -1556,8 +1588,13 @@ class Notice extends Memcached_DataObject
$content = mb_substr($content, 0, $maxlen - 4) . ' ...'; $content = mb_substr($content, 0, $maxlen - 4) . ' ...';
} }
return self::saveNew($repeater_id, $content, $source, // Scope is same as this one's
array('repeat_of' => $this->id));
return self::saveNew($repeater_id,
$content,
$source,
array('repeat_of' => $this->id,
'scope' => $this->scope));
} }
// These are supposed to be in chron order! // These are supposed to be in chron order!
...@@ -2011,4 +2048,95 @@ class Notice extends Memcached_DataObject ...@@ -2011,4 +2048,95 @@ class Notice extends Memcached_DataObject
($this->is_local != Notice::GATEWAY)); ($this->is_local != Notice::GATEWAY));
} }
} }
/**
* Check that the given profile is allowed to read, respond to, or otherwise
* act on this notice.
*
* The $scope member is a bitmask of scopes, representing a logical AND of the
* scope requirement. So, 0x03 (Notice::ADDRESSEE_SCOPE | Notice::SITE_SCOPE) means
* "only visible to people who are mentioned in the notice AND are users on this site."
* Users on the site who are not mentioned in the notice will not be able to see the
* notice.
*
* @param Profile $profile The profile to check
*
* @return boolean whether the profile is in the notice's scope
*/
function inScope($profile)
{
// If there's no scope, anyone (even anon) is in scope.
if ($this->scope == 0) {
return true;
}
// If there's scope, anon cannot be in scope
if (empty($profile)) {
return false;
}
// Author is always in scope
if ($this->profile_id == $profile->id) {
return true;
}
// Only for users on this site
if ($this->scope & Notice::SITE_SCOPE) {
$user = $profile->getUser();
if (empty($user)) {
return false;
}
}
// Only for users mentioned in the notice
if ($this->scope & Notice::ADDRESSEE_SCOPE) {
// XXX: just query for the single reply
$replies = $this->getReplies();
if (!in_array($profile->id, $replies)) {
return false;
}
}
// Only for members of the given group
if ($this->scope & Notice::GROUP_SCOPE) {
// XXX: just query for the single membership
$groups = $this->getGroups();
$foundOne = false;
foreach ($groups as $group) {
if ($profile->isMember($group)) {
$foundOne = true;
break;
}
}
if (!$foundOne) {
return false;
}
}
// Only for followers of the author
if ($this->scope & Notice::FOLLOWER_SCOPE) {
$author = $this->getProfile();
if (!Subscription::exists($profile, $author)) {
return false;
}
}
return true;
}
} }
...@@ -1087,4 +1087,44 @@ class Profile extends Memcached_DataObject ...@@ -1087,4 +1087,44 @@ class Profile extends Memcached_DataObject
return $profile; return $profile;
} }
function canRead(Notice $notice)
{
if ($notice->scope & Notice::SITE_SCOPE) {
$user = $this->getUser();
if (empty($user)) {
return false;
}
}
if ($notice->scope & Notice::ADDRESSEE_SCOPE) {
$replies = $notice->getReplies();
if (!in_array($this->id, $replies)) {
$groups = $notice->getGroups();
$foundOne = false;
foreach ($groups as $group) {
if ($this->isMember($group)) {
$foundOne = true;
break;
}
}
if (!$foundOne) {
return false;
}
}
}
if ($notice->scope & Notice::FOLLOWER_SCOPE) {
$author = $notice->getProfile();
if (!Subscription::exists($this, $author)) {
return false;
}
}
return true;
}
} }
...@@ -337,6 +337,7 @@ location_id = 1 ...@@ -337,6 +337,7 @@ location_id = 1
location_ns = 1 location_ns = 1
repeat_of = 1 repeat_of = 1
object_type = 2 object_type = 2
scope = 1
[notice__keys] [notice__keys]
id = N id = N
......
...@@ -203,6 +203,9 @@ $schema['notice'] = array( ...@@ -203,6 +203,9 @@ $schema['notice'] = array(
'location_ns' => array('type' => 'int', 'description' => 'namespace for location'), 'location_ns' => array('type' => 'int', 'description' => 'namespace for location'),
'repeat_of' => array('type' => 'int', 'description' => 'notice this is a repeat of'), 'repeat_of' => array('type' => 'int', 'description' => 'notice this is a repeat of'),
'object_type' => array('type' => 'varchar', 'length' => 255, 'description' => 'URI representing activity streams object type', 'default' => 'http://activitystrea.ms/schema/1.0/note'), 'object_type' => array('type' => 'varchar', 'length' => 255, 'description' => 'URI representing activity streams object type', 'default' => 'http://activitystrea.ms/schema/1.0/note'),
'scope' => array('type' => 'int',
'default' => '1',
'description' => 'bit map for distribution scope; 0 = everywhere; 1 = this server only; 2 = addressees; 4 = followers'),
), ),
'primary key' => array('id'), 'primary key' => array('id'),
'unique keys' => array( 'unique keys' => array(
......
...@@ -657,7 +657,8 @@ class Action extends HTMLOutputter // lawsuit ...@@ -657,7 +657,8 @@ class Action extends HTMLOutputter // lawsuit
if (Event::handle('StartMakeEntryForm', array($tag, $this, &$form))) { if (Event::handle('StartMakeEntryForm', array($tag, $this, &$form))) {
if ($tag == 'status') { if ($tag == 'status') {
$form = new NoticeForm($this); $options = $this->noticeFormOptions();
$form = new NoticeForm($this, $options);
} }
Event::handle('EndMakeEntryForm', array($tag, $this, $form)); Event::handle('EndMakeEntryForm', array($tag, $this, $form));
} }
...@@ -673,6 +674,11 @@ class Action extends HTMLOutputter // lawsuit ...@@ -673,6 +674,11 @@ class Action extends HTMLOutputter // lawsuit
$this->elementEnd('div'); $this->elementEnd('div');
} }
function noticeFormOptions()
{
return array();
}
/** /**
* Show anonymous message. * Show anonymous message.
* *
......
...@@ -544,7 +544,22 @@ class RepeatCommand extends Command ...@@ -544,7 +544,22 @@ class RepeatCommand extends Command
return; return;
} }
if ($this->user->getProfile()->hasRepeated($notice->id)) { // Is it OK to repeat that notice (general enough scope)?
if ($notice->scope != Notice::SITE_SCOPE &&
$notice->scope != Notice::PUBLIC_SCOPE) {
$channel->error($this->user, _('You may not repeat a private notice.'));
}
$profile = $this->user->getProfile();
// Can the profile actually see that notice?
if (!$notice->inScope($profile)) {
$channel->error($this->user, _('You have no access to that notice.'));
}
if ($profile->hasRepeated($notice->id)) {
// TRANS: Error text shown when trying to repeat an notice that was already repeated by the user. // TRANS: Error text shown when trying to repeat an notice that was already repeated by the user.
$channel->error($this->user, _('Already repeated that notice.')); $channel->error($this->user, _('Already repeated that notice.'));
return; return;
......
<?php <?php
/**
* StatusNet - the distributed open-source microblogging tool
* Copyright (C) 2011, StatusNet, Inc.
*
* Notice stream for a conversation
*
* PHP version 5
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Cache
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class ConversationNoticeStream extends CachingNoticeStream if (!defined('STATUSNET')) {
// This check helps protect against security problems;
// your code file can't be executed directly from the web.
exit(1);
}
/**
* Notice stream for a conversation
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class ConversationNoticeStream extends ScopingNoticeStream
{ {
function __construct($id) function __construct($id)
{ {
parent::__construct(new RawConversationNoticeStream($id), parent::__construct(new CachingNoticeStream(new RawConversationNoticeStream($id),
'notice:conversation_ids:'.$id); 'notice:conversation_ids:'.$id));
} }
} }
/**
* Notice stream for a conversation
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class RawConversationNoticeStream extends NoticeStream class RawConversationNoticeStream extends NoticeStream
{ {
protected $id; protected $id;
......
...@@ -288,7 +288,8 @@ $default = ...@@ -288,7 +288,8 @@ $default =
array('enabled' => true, array('enabled' => true,
'css' => ''), 'css' => ''),
'notice' => 'notice' =>
array('contentlimit' => null), array('contentlimit' => null,
'defaultscope' => 0), // set to 0 for default open
'message' => 'message' =>
array('contentlimit' => null), array('contentlimit' => null),
'location' => 'location' =>
......
<?php <?php
/**
* StatusNet - the distributed open-source microblogging tool
* Copyright (C) 2011, StatusNet, Inc.
*
* Notice stream for favorites
*
* PHP version 5
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,