Commit 9f160346 authored by Evan Prodromou's avatar Evan Prodromou

Merge branch 'limitdist2' into 1.0.x

parents 38980396 31fd4dbe
......@@ -1472,6 +1472,8 @@ Configuration options specific to notices.
contentlimit: max length of the plain-text content of a notice.
Default is null, meaning to use the site-wide text limit.
0 means no limit.
defaultscope: default scope for notices. Defaults to 0; set to
1 to keep notices private to this site by default.
message
-------
......
......@@ -85,8 +85,27 @@ class ApiStatusesRetweetAction extends ApiAuthAction
return false;
}
// Is it OK to repeat that notice (general enough scope)?
if ($this->original->scope != Notice::SITE_SCOPE &&
$this->original->scope != Notice::PUBLIC_SCOPE) {
$this->clientError(_('You may not repeat a private notice.'),
403,
$this->format);
return false;
}
$profile = $this->user->getProfile();
// Can the profile actually see that notice?
if (!$this->original->inScope($profile)) {
$this->clientError(_('No access to that notice.'),
403,
$this->format);
return false;
}
if ($profile->hasRepeated($id)) {
// TRANS: Client error displayed trying to re-repeat a notice through the API.
$this->clientError(_('Already repeated that notice.'),
......@@ -94,6 +113,7 @@ class ApiStatusesRetweetAction extends ApiAuthAction
return false;
}
return true;
}
......
......@@ -209,6 +209,10 @@ class NewnoticeAction extends Action
$author_id = $user->id;
$text = $content_shortened;
// Does the heavy-lifting for getting "To:" information
ToSelector::fillOptions($this, $options);
if (Event::handle('StartNoticeSaveWeb', array($this, &$author_id, &$text, &$options))) {
$notice = Notice::saveNew($user->id, $content_shortened, 'web', $options);
......
......@@ -73,6 +73,14 @@ class RepeatAction extends Action
return false;
}
// Is it OK to repeat that notice (general enough scope)?
if ($this->notice->scope != Notice::SITE_SCOPE &&
$this->notice->scope != Notice::PUBLIC_SCOPE) {
$this->clientError(_('You may not repeat a private notice.'),
403);
}
if ($this->user->id == $this->notice->profile_id) {
// TRANS: Client error displayed when trying to repeat an own notice.
$this->clientError(_('You cannot repeat your own notice.'));
......@@ -88,6 +96,13 @@ class RepeatAction extends Action
$profile = $this->user->getProfile();
// Can the profile actually see that notice?
if (!$this->notice->inScope($profile)) {
$this->clientError(_('No access to that notice.'), 403);
}
if ($profile->hasRepeated($id)) {
// TRANS: Client error displayed when trying to repeat an already repeated notice.
$this->clientError(_('You already repeated that notice.'));
......
......@@ -365,6 +365,18 @@ class ShowgroupAction extends GroupDesignAction
$this->raw(common_markup_to_html($m));
$this->elementEnd('div');
}
function noticeFormOptions()
{
$options = parent::noticeFormOptions();
$cur = common_current_user();
if (!empty($cur) && $cur->isMember($this->group)) {
$options['to_group'] = $this->group;
}
return $options;
}
}
class GroupAdminSection extends ProfileSection
......
......@@ -79,7 +79,7 @@ class ShownoticeAction extends OwnerDesignAction
$id = $this->arg('notice');
$this->notice = Notice::staticGet($id);
$this->notice = Notice::staticGet('id', $id);
if (empty($this->notice)) {
// Did we used to have it, and it got deleted?
......@@ -94,6 +94,18 @@ class ShownoticeAction extends OwnerDesignAction
return false;
}
$cur = common_current_user();
if (!empty($cur)) {
$curProfile = $cur->getProfile();
} else {
$curProfile = null;
}
if (!$this->notice->inScope($curProfile)) {
throw new ClientException(_('Not available.'), 403);
}
$this->profile = $this->notice->getProfile();
if (empty($this->profile)) {
......
......@@ -278,6 +278,18 @@ class ShowstreamAction extends ProfileAction
$cloud = new PersonalTagCloudSection($this, $this->user);
$cloud->show();
}
function noticeFormOptions()
{
$options = parent::noticeFormOptions();
$cur = common_current_user();
if (empty($cur) || $cur->id != $this->profile->id) {
$options['to_profile'] = $this->profile;
}
return $options;
}
}
// We don't show the author for a profile, since we already know who it is!
......
......@@ -73,6 +73,7 @@ class Notice extends Memcached_DataObject
public $location_ns; // int(4)
public $repeat_of; // int(4)
public $object_type; // varchar(255)
public $scope; // int(4)
/* Static get */
function staticGet($k,$v=NULL)
......@@ -89,6 +90,12 @@ class Notice extends Memcached_DataObject
const LOCAL_NONPUBLIC = -1;
const GATEWAY = -2;
const PUBLIC_SCOPE = 0; // Useful fake constant
const SITE_SCOPE = 1;
const ADDRESSEE_SCOPE = 2;
const GROUP_SCOPE = 4;
const FOLLOWER_SCOPE = 8;
function getProfile()
{
$profile = Profile::staticGet('id', $this->profile_id);
......@@ -243,6 +250,7 @@ class Notice extends Memcached_DataObject
* notice in place of extracting links from content
* boolean 'distribute' whether to distribute the notice, default true
* string 'object_type' URL of the associated object type (default ActivityObject::NOTE)
* int 'scope' Scope bitmask; default to SITE_SCOPE on private sites, 0 otherwise
*
* @fixme tag override
*
......@@ -254,6 +262,7 @@ class Notice extends Memcached_DataObject
'url' => null,
'reply_to' => null,
'repeat_of' => null,
'scope' => null,
'distribute' => true);
if (!empty($options)) {
......@@ -336,6 +345,19 @@ class Notice extends Memcached_DataObject
// Handle repeat case
if (isset($repeat_of)) {
// Check for a private one
$repeat = Notice::staticGet('id', $repeat_of);
if (!empty($repeat) &&
$repeat->scope != Notice::SITE_SCOPE &&
$repeat->scope != Notice::PUBLIC_SCOPE) {
throw new ClientException(_('Cannot repeat a private notice.'), 403);
}
// XXX: Check for access...?
$notice->repeat_of = $repeat_of;
} else {
$notice->reply_to = self::getReplyTo($reply_to, $profile_id, $source, $final);
......@@ -343,6 +365,10 @@ class Notice extends Memcached_DataObject
if (!empty($notice->reply_to)) {
$reply = Notice::staticGet('id', $notice->reply_to);
if (!$reply->inScope($profile)) {
throw new ClientException(sprintf(_("%s has no access to notice %d"),
$profile->nickname, $reply->id), 403);
}
$notice->conversation = $reply->conversation;
}
......@@ -368,6 +394,12 @@ class Notice extends Memcached_DataObject
$notice->object_type = $object_type;
}
if (is_null($scope)) { // 0 is a valid value
$notice->scope = common_config('notice', 'defaultscope');
} else {
$notice->scope = $scope;
}
if (Event::handle('StartNoticeSave', array(&$notice))) {
// XXX: some of these functions write to the DB
......@@ -1556,8 +1588,13 @@ class Notice extends Memcached_DataObject
$content = mb_substr($content, 0, $maxlen - 4) . ' ...';
}
return self::saveNew($repeater_id, $content, $source,
array('repeat_of' => $this->id));
// Scope is same as this one's
return self::saveNew($repeater_id,
$content,
$source,
array('repeat_of' => $this->id,
'scope' => $this->scope));
}
// These are supposed to be in chron order!
......@@ -2011,4 +2048,95 @@ class Notice extends Memcached_DataObject
($this->is_local != Notice::GATEWAY));
}
}
/**
* Check that the given profile is allowed to read, respond to, or otherwise
* act on this notice.
*
* The $scope member is a bitmask of scopes, representing a logical AND of the
* scope requirement. So, 0x03 (Notice::ADDRESSEE_SCOPE | Notice::SITE_SCOPE) means
* "only visible to people who are mentioned in the notice AND are users on this site."
* Users on the site who are not mentioned in the notice will not be able to see the
* notice.
*
* @param Profile $profile The profile to check
*
* @return boolean whether the profile is in the notice's scope
*/
function inScope($profile)
{
// If there's no scope, anyone (even anon) is in scope.
if ($this->scope == 0) {
return true;
}
// If there's scope, anon cannot be in scope
if (empty($profile)) {
return false;
}
// Author is always in scope
if ($this->profile_id == $profile->id) {
return true;
}
// Only for users on this site
if ($this->scope & Notice::SITE_SCOPE) {
$user = $profile->getUser();
if (empty($user)) {
return false;
}
}
// Only for users mentioned in the notice
if ($this->scope & Notice::ADDRESSEE_SCOPE) {
// XXX: just query for the single reply
$replies = $this->getReplies();
if (!in_array($profile->id, $replies)) {
return false;
}
}
// Only for members of the given group
if ($this->scope & Notice::GROUP_SCOPE) {
// XXX: just query for the single membership
$groups = $this->getGroups();
$foundOne = false;
foreach ($groups as $group) {
if ($profile->isMember($group)) {
$foundOne = true;
break;
}
}
if (!$foundOne) {
return false;
}
}
// Only for followers of the author
if ($this->scope & Notice::FOLLOWER_SCOPE) {
$author = $this->getProfile();
if (!Subscription::exists($profile, $author)) {
return false;
}
}
return true;
}
}
......@@ -1087,4 +1087,44 @@ class Profile extends Memcached_DataObject
return $profile;
}
function canRead(Notice $notice)
{
if ($notice->scope & Notice::SITE_SCOPE) {
$user = $this->getUser();
if (empty($user)) {
return false;
}
}
if ($notice->scope & Notice::ADDRESSEE_SCOPE) {
$replies = $notice->getReplies();
if (!in_array($this->id, $replies)) {
$groups = $notice->getGroups();
$foundOne = false;
foreach ($groups as $group) {
if ($this->isMember($group)) {
$foundOne = true;
break;
}
}
if (!$foundOne) {
return false;
}
}
}
if ($notice->scope & Notice::FOLLOWER_SCOPE) {
$author = $notice->getProfile();
if (!Subscription::exists($this, $author)) {
return false;
}
}
return true;
}
}
......@@ -337,6 +337,7 @@ location_id = 1
location_ns = 1
repeat_of = 1
object_type = 2
scope = 1
[notice__keys]
id = N
......
......@@ -203,6 +203,9 @@ $schema['notice'] = array(
'location_ns' => array('type' => 'int', 'description' => 'namespace for location'),
'repeat_of' => array('type' => 'int', 'description' => 'notice this is a repeat of'),
'object_type' => array('type' => 'varchar', 'length' => 255, 'description' => 'URI representing activity streams object type', 'default' => 'http://activitystrea.ms/schema/1.0/note'),
'scope' => array('type' => 'int',
'default' => '1',
'description' => 'bit map for distribution scope; 0 = everywhere; 1 = this server only; 2 = addressees; 4 = followers'),
),
'primary key' => array('id'),
'unique keys' => array(
......
......@@ -657,7 +657,8 @@ class Action extends HTMLOutputter // lawsuit
if (Event::handle('StartMakeEntryForm', array($tag, $this, &$form))) {
if ($tag == 'status') {
$form = new NoticeForm($this);
$options = $this->noticeFormOptions();
$form = new NoticeForm($this, $options);
}
Event::handle('EndMakeEntryForm', array($tag, $this, $form));
}
......@@ -673,6 +674,11 @@ class Action extends HTMLOutputter // lawsuit
$this->elementEnd('div');
}
function noticeFormOptions()
{
return array();
}
/**
* Show anonymous message.
*
......
......@@ -544,7 +544,22 @@ class RepeatCommand extends Command
return;
}
if ($this->user->getProfile()->hasRepeated($notice->id)) {
// Is it OK to repeat that notice (general enough scope)?
if ($notice->scope != Notice::SITE_SCOPE &&
$notice->scope != Notice::PUBLIC_SCOPE) {
$channel->error($this->user, _('You may not repeat a private notice.'));
}
$profile = $this->user->getProfile();
// Can the profile actually see that notice?
if (!$notice->inScope($profile)) {
$channel->error($this->user, _('You have no access to that notice.'));
}
if ($profile->hasRepeated($notice->id)) {
// TRANS: Error text shown when trying to repeat an notice that was already repeated by the user.
$channel->error($this->user, _('Already repeated that notice.'));
return;
......
<?php
/**
* StatusNet - the distributed open-source microblogging tool
* Copyright (C) 2011, StatusNet, Inc.
*
* Notice stream for a conversation
*
* PHP version 5
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Cache
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class ConversationNoticeStream extends CachingNoticeStream
if (!defined('STATUSNET')) {
// This check helps protect against security problems;
// your code file can't be executed directly from the web.
exit(1);
}
/**
* Notice stream for a conversation
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class ConversationNoticeStream extends ScopingNoticeStream
{
function __construct($id)
{
parent::__construct(new RawConversationNoticeStream($id),
'notice:conversation_ids:'.$id);
parent::__construct(new CachingNoticeStream(new RawConversationNoticeStream($id),
'notice:conversation_ids:'.$id));
}
}
/**
* Notice stream for a conversation
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class RawConversationNoticeStream extends NoticeStream
{
protected $id;
......
......@@ -288,7 +288,8 @@ $default =
array('enabled' => true,
'css' => ''),
'notice' =>
array('contentlimit' => null),
array('contentlimit' => null,
'defaultscope' => 0), // set to 0 for default open
'message' =>
array('contentlimit' => null),
'location' =>
......
<?php
/**
* StatusNet - the distributed open-source microblogging tool
* Copyright (C) 2011, StatusNet, Inc.
*
* Notice stream for favorites
*
* PHP version 5
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
if (!defined('STATUSNET')) {
// This check helps protect against security problems;
// your code file can't be executed directly from the web.
exit(1);
}
class FaveNoticeStream extends CachingNoticeStream
/**
* Notice stream for favorites
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class FaveNoticeStream extends ScopingNoticeStream
{
function __construct($user_id, $own)
{
......@@ -10,10 +55,21 @@ class FaveNoticeStream extends CachingNoticeStream
} else {
$key = 'fave:ids_by_user:'.$user_id;
}
parent::__construct($stream, $key);
parent::__construct(new CachingNoticeStream($stream, $key));
}
}
/**
* Raw notice stream for favorites
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class RawFaveNoticeStream extends NoticeStream
{
protected $user_id;
......
<?php
/**
* StatusNet - the distributed open-source microblogging tool
* Copyright (C) 2011, StatusNet, Inc.
*
* Stream of notices that reference an URL
*
* PHP version 5
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class FileNoticeStream extends CachingNoticeStream
if (!defined('STATUSNET')) {
// This check helps protect against security problems;
// your code file can't be executed directly from the web.
exit(1);
}
class FileNoticeStream extends ScopingNoticeStream
{
function __construct($file)
{
parent::__construct(new RawFileNoticeStream($file),
'file:notice-ids:'.$this->url);
parent::__construct(new CachingNoticeStream(new RawFileNoticeStream($file),
'file:notice-ids:'.$this->url));
}
}
/**
* Raw stream for a file
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
class RawFileNoticeStream extends NoticeStream
{
protected $file = null;
function __construct($file)
{
$this->file = $file;
parent::__construct();
$this->file = $file;
}
/**
......
<?php
/**
* StatusNet - the distributed open-source microblogging tool
* Copyright (C) 2011, StatusNet, Inc.
*
* A notice stream that filters its upstream content
*
* PHP version 5
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
if (!defined('STATUSNET')) {
// This check helps protect against security problems;
// your code file can't be executed directly from the web.
exit(1);
}
/**
* A class for presenting a filtered notice stream based on an upstream stream
*
* @category Stream
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
abstract class FilteringNoticeStream extends NoticeStream
{
protected $upstream;
function __construct($upstream)