TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

refactor sql_extra > permission_sql

Browse Source
This commit is contained in:
Mario
2025-05-15 18:56:30 +00:00
parent 4ec895b891
commit 2b38eca986
3 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Zotlabs/Module/Channel.php
View File

@@ -298,7 +298,8 @@ class Channel extends Controller {
$item_normal = item_normal();
$item_normal_update = item_normal_update();
$sql_extra = item_permissions_sql(App::$profile['profile_uid']);
$sql_extra = '';
$permission_sql = item_permissions_sql(App::$profile['profile_uid']);
$page_mode = 'client';
@@ -337,7 +338,7 @@ class Channel extends Controller {
if ($mid) {
$r = q("SELECT parent AS item_id from item where $identifier = '%s' and uid = %d $item_normal_update
AND item_wall = 1 $simple_update $sql_extra limit 1",
AND item_wall = 1 $simple_update $permission_sql $sql_extra limit 1",
dbesc($mid),
intval(App::$profile['profile_uid'])
);
@@ -348,6 +349,7 @@ class Channel extends Controller {
WHERE uid = %d $item_normal_update
AND item_wall = 1 $simple_update
AND (abook.abook_blocked = 0 or abook.abook_flags is null)
$permission_sql
$sql_extra
ORDER BY created DESC",
intval(App::$profile['profile_uid'])
@@ -385,7 +387,7 @@ class Channel extends Controller {
if ($noscript_content || $load) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where $identifier = '%s' and uid = %d $item_normal
AND item_wall = 1 $sql_extra limit 1",
AND item_wall = 1 $permission_sql $sql_extra limit 1",
dbesc($mid),
intval(App::$profile['profile_uid'])
);
@@ -401,6 +403,7 @@ class Channel extends Controller {
AND (abook.abook_blocked = 0 or abook.abook_flags is null)
AND item.item_wall = 1
$item_normal
$permission_sql
$sql_extra
$sql_extra2
ORDER BY $ordering DESC, item_id
@@ -416,7 +419,7 @@ class Channel extends Controller {
if ($r) {
$parents_str = ids_to_querystr($r, 'item_id');
$r = items_by_parent_ids($parents_str, sql_extra: $sql_extra, blog_mode: $blog_mode);
$r = items_by_parent_ids($parents_str, permission_sql: $permission_sql, blog_mode: $blog_mode);
xchan_query($r);
$items = fetch_post_tags($r, true);

12
Zotlabs/Module/Display.php
View File

@@ -212,7 +212,7 @@ class Display extends Controller {
$observer_hash = get_observer_hash();
$item_normal = item_normal();
$item_normal_update = item_normal_update();
$sql_extra = '';
$permission_sql = '';
$r = [];
if($noscript_content || $load) {
@@ -231,7 +231,7 @@ class Display extends Controller {
}
if(!$r) {
$sql_extra = item_permissions_sql(0, $observer_hash);
$permission_sql = item_permissions_sql(0, $observer_hash);
$r = q("SELECT item.id AS item_id FROM item
WHERE ((mid = '%s'
@@ -239,7 +239,7 @@ class Display extends Controller {
AND item.deny_gid = '' AND item_private = 0 )
AND uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR uid = %d ))) OR
(mid = '%s' $sql_extra ))
(mid = '%s' $permission_sql ))
$item_normal
limit 1",
dbesc($target_item['parent_mid']),
@@ -269,7 +269,7 @@ class Display extends Controller {
}
if(!$r) {
$sql_extra = item_permissions_sql(0, $observer_hash);
$permission_sql = item_permissions_sql(0, $observer_hash);
$r = q("SELECT item.id as item_id from item
WHERE ((parent_mid = '%s'
@@ -277,7 +277,7 @@ class Display extends Controller {
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR uid = %d ))) OR
(parent_mid = '%s' $sql_extra ))
(parent_mid = '%s' $permission_sql ))
$item_normal
limit 1",
dbesc($target_item['parent_mid']),
@@ -291,7 +291,7 @@ class Display extends Controller {
$parents_str = ids_to_querystr($r,'item_id');
if($parents_str) {
$thr_parents_str = stringify_array(get_recursive_thr_parents($target_item), true);
$items = items_by_parent_ids($parents_str, $thr_parents_str, $sql_extra);
$items = items_by_parent_ids($parents_str, $thr_parents_str, $permission_sql);
xchan_query($items);
$items = fetch_post_tags($items,true);

14
include/items.php
View File

@@ -5438,15 +5438,16 @@ function item_by_item_id(int $id): array
/**
* @brief returns an array of items by ids
* ATTENTION: no permissions are checked here!!!
* ATTENTION: no permissions for the pa are checked here!!!
* Permissions MUST be checked by the function which returns the ids.
* @param string $ids - a string with ids separated by comma
* @param string $thr_parents (optional) - a string with thr_parent mids separated by comma
* which will be included
* @param string $permission_sql (optional) - SQL provided by item_permission_sql() by the calling module
* @param bool $blog_mode (optional) - if set to yes only the parent items will be returned
*/
function items_by_parent_ids(string $ids, string $thr_parents = '', string $sql_extra = '', bool $blog_mode = false): array
function items_by_parent_ids(string $ids, string $thr_parents = '', string $permission_sql = '', bool $blog_mode = false): array
{
$item_normal = item_normal();
$item_normal_c = item_normal(prefix: 'c');
@@ -5469,7 +5470,10 @@ function items_by_parent_ids(string $ids, string $thr_parents = '', string $sql_
$thr_parent_uuid_sql_join = "LEFT JOIN item tp ON item.thr_parent = tp.mid AND item.uid = tp.uid";
}
$sql_extra_c = str_replace('item.', 'c.', $sql_extra);
$permission_sql_c = '';
if ($permission_sql) {
$permission_sql_c = str_replace('item.', 'c.', $permission_sql);
}
$ret = q(
"SELECT item.*,
@@ -5481,7 +5485,7 @@ function items_by_parent_ids(string $ids, string $thr_parents = '', string $sql_
AND c.item_thread_top = 0
AND c.thr_parent = item.mid
$item_normal_c
$sql_extra_c
$permission_sql_c
$thr_parent_uuid_sql_join
WHERE $blog_mode_sql in (%s)
AND (
@@ -5490,7 +5494,7 @@ function items_by_parent_ids(string $ids, string $thr_parents = '', string $sql_
)
$thr_parent_sql
$item_normal
$sql_extra
$permission_sql
GROUP BY item.id",
dbesc($ids)
);