diff options
| author | Maxence Lange <maxence@artificial-owl.com> | 2019-09-27 15:03:25 +0200 |
|---|---|---|
| committer | Maxence Lange <maxence@artificial-owl.com> | 2019-09-27 15:03:25 +0200 |
| commit | f3ce5967c9068ae17f4b475de5107b907c93554e (patch) | |
| tree | ac069c8e02737ac47f6c3d5e98e9ad0b490ccb89 | |
| parent | 238be61a10db36cd100492e4475bc0c61791227b (diff) | |
add viewer check on single post
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
| -rw-r--r-- | composer.lock | 8 | ||||
| -rw-r--r-- | lib/Controller/LocalController.php | 4 | ||||
| -rw-r--r-- | lib/Controller/SocialPubController.php | 8 | ||||
| -rw-r--r-- | lib/Db/StreamRequest.php | 11 | ||||
| -rw-r--r-- | lib/Db/StreamRequestBuilder.php | 7 | ||||
| -rw-r--r-- | lib/Model/ActivityPub/Stream.php | 6 |
6 files changed, 27 insertions, 17 deletions
diff --git a/composer.lock b/composer.lock index 5b325113..b93ca72a 100644 --- a/composer.lock +++ b/composer.lock @@ -12,12 +12,12 @@ "source": { "type": "git", "url": "https://github.com/daita/my-small-php-tools.git", - "reference": "ffc91a81c84ec679379b4b8a0a34434f3697c6e7" + "reference": "4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/daita/my-small-php-tools/zipball/ffc91a81c84ec679379b4b8a0a34434f3697c6e7", - "reference": "ffc91a81c84ec679379b4b8a0a34434f3697c6e7", + "url": "https://api.github.com/repos/daita/my-small-php-tools/zipball/4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e", + "reference": "4f96fd4cf4d87cc79c79ea5af3d6a4f133a09e2e", "shasum": "" }, "require": { @@ -40,7 +40,7 @@ } ], "description": "My small PHP Tools", - "time": "2019-09-15T08:55:12+00:00" + "time": "2019-09-16T10:53:15+00:00" }, { "name": "friendica/json-ld", diff --git a/lib/Controller/LocalController.php b/lib/Controller/LocalController.php index e61dcd08..82c747f7 100644 --- a/lib/Controller/LocalController.php +++ b/lib/Controller/LocalController.php @@ -195,6 +195,7 @@ class LocalController extends Controller { * get info about a post (limited to viewer rights). * * @NoAdminRequired + * @PublicPage * @NoCSRFRequired * * @param string $id @@ -203,8 +204,7 @@ class LocalController extends Controller { */ public function postGet(string $id): DataResponse { try { - $this->initViewer(true); - + $this->initViewer(false); $stream = $this->streamService->getStreamById($id, true); return $this->directSuccess($stream); diff --git a/lib/Controller/SocialPubController.php b/lib/Controller/SocialPubController.php index d83fd3b2..720fa2e2 100644 --- a/lib/Controller/SocialPubController.php +++ b/lib/Controller/SocialPubController.php @@ -209,14 +209,14 @@ class SocialPubController extends Controller { * @throws SocialAppConfigException */ public function displayPost(string $username, string $token): TemplateResponse { - // TODO - check viewer rights ! $postId = $this->configService->getSocialUrl() . '@' . $username . '/' . $token; + // TODO: remove this, as viewer rights are already implemented in LocalController $stream = $this->streamService->getStreamById($postId, false); $data = [ - 'id' => $postId, - 'item' => $stream, + 'id' => $postId, + 'item' => $stream, 'serverData' => [ - 'public' => true, + 'public' => ($this->userId === null), ], 'application' => 'Social' ]; diff --git a/lib/Db/StreamRequest.php b/lib/Db/StreamRequest.php index fe71ddb0..57205a46 100644 --- a/lib/Db/StreamRequest.php +++ b/lib/Db/StreamRequest.php @@ -228,7 +228,6 @@ class StreamRequest extends StreamRequestBuilder { * * @return Stream * @throws StreamNotFoundException - * @throws SocialAppConfigException */ public function getStreamById(string $id, bool $asViewer = false): Stream { if ($id === '') { @@ -236,15 +235,19 @@ class StreamRequest extends StreamRequestBuilder { }; $qb = $this->getStreamSelectSql(); + $expr = $qb->expr(); + $this->limitToIdString($qb, $id); - $this->leftJoinCacheActors($qb, 'attributed_to'); + $this->selectCacheActors($qb, 'ca'); + $qb->andWhere($expr->eq('s.attributed_to_prim', 'ca.id_prim')); if ($asViewer) { $this->limitToViewer($qb); - $this->leftJoinStreamAction($qb); + if ($this->viewer !== null) { + $this->leftJoinStreamAction($qb); + } } - try { return $this->getStreamFromRequest($qb); } catch (ItemUnknownException $e) { diff --git a/lib/Db/StreamRequestBuilder.php b/lib/Db/StreamRequestBuilder.php index 3d776e77..55934151 100644 --- a/lib/Db/StreamRequestBuilder.php +++ b/lib/Db/StreamRequestBuilder.php @@ -144,6 +144,13 @@ class StreamRequestBuilder extends CoreRequestBuilder { protected function limitToViewer(IQueryBuilder $qb) { $actor = $this->viewer; + // TODO - rewrite this request to use stream_dest ! + if ($this->viewer === null) { + $qb->andWhere($this->exprLimitToRecipient($qb, ACore::CONTEXT_PUBLIC, false)); + + return; + } + $on = $this->exprJoinFollowing($qb, $actor); $on->add($this->exprLimitToRecipient($qb, ACore::CONTEXT_PUBLIC, false)); $on->add($this->exprLimitToRecipient($qb, $actor->getId(), true)); diff --git a/lib/Model/ActivityPub/Stream.php b/lib/Model/ActivityPub/Stream.php index cd3c7c12..b6061e57 100644 --- a/lib/Model/ActivityPub/Stream.php +++ b/lib/Model/ActivityPub/Stream.php @@ -420,9 +420,9 @@ class Stream extends ACore implements IQueryRow, JsonSerializable { ] ); - $result['cc'] = ''; - $result['bcc'] = ''; - $result['to'] = ''; +// $result['cc'] = ''; +// $result['bcc'] = ''; +// $result['to'] = ''; } $this->cleanArray($result); |