From ed690615de8f6433a1a4d9a8fc7c28385af47d8a Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 12 Nov 2009 20:12:00 -0500 Subject: Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static --- classes/User.php | 16 +++++++++++++++- classes/statusnet.ini | 10 ++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) (limited to 'classes') diff --git a/classes/User.php b/classes/User.php index 9b90ce61b..9f1ee53f4 100644 --- a/classes/User.php +++ b/classes/User.php @@ -114,7 +114,7 @@ class User extends Memcached_DataObject return $result; } - function allowed_nickname($nickname) + static function allowed_nickname($nickname) { // XXX: should already be validated for size, content, etc. $blacklist = common_config('nickname', 'blacklist'); @@ -190,7 +190,17 @@ class User extends Memcached_DataObject $profile->query('BEGIN'); + if(!empty($email)) + { + $email = common_canonical_email($email); + } + + $nickname = common_canonical_nickname($nickname); $profile->nickname = $nickname; + if(! User::allowed_nickname($nickname)){ + common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname), + __FILE__); + } $profile->profileurl = common_profile_url($nickname); if (!empty($fullname)) { @@ -242,6 +252,10 @@ class User extends Memcached_DataObject } } + if(isset($email_confirmed) && $email_confirmed) { + $user->email = $email; + } + // This flag is ignored but still set to 1 $user->inboxed = 1; diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 912d05cdf..19ab7bf97 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -566,3 +566,13 @@ modified = 384 user_id = K token = K +[user_username] +user_id = 129 +provider_name = 130 +username = 130 +created = 142 +modified = 384 + +[user_username__keys] +provider_name = K +username = K -- cgit v1.2.3-54-g00ecf From c9475c76a8b4c2bf32d1d3293b03b646e7e7a91e Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 15 Nov 2009 15:59:10 +0100 Subject: define rights around how to silence, sandbox, and delete a user --- classes/User.php | 14 ++++++++++++++ classes/User_role.php | 2 ++ lib/right.php | 3 +++ 3 files changed, 19 insertions(+) (limited to 'classes') diff --git a/classes/User.php b/classes/User.php index 9f1ee53f4..0e8404377 100644 --- a/classes/User.php +++ b/classes/User.php @@ -720,10 +720,14 @@ class User extends Memcached_DataObject switch ($right) { case Right::DELETEOTHERSNOTICE: + case Right::SANDBOXUSER: + case Right::SILENCEUSER: + case Right::DELETEUSER: $result = $this->hasRole(User_role::MODERATOR); break; case Right::CONFIGURESITE: $result = $this->hasRole(User_role::ADMINISTRATOR); + break; default: $result = false; break; @@ -774,4 +778,14 @@ class User extends Memcached_DataObject $block->delete(); // XXX delete group block? Reset blocker? } + + function isSandboxed() + { + return $this->hasRole(User_role::SANDBOXED); + } + + function isSilenced() + { + return $this->hasRole(User_role::SILENCED); + } } diff --git a/classes/User_role.php b/classes/User_role.php index fc3806897..b415642fc 100644 --- a/classes/User_role.php +++ b/classes/User_role.php @@ -48,4 +48,6 @@ class User_role extends Memcached_DataObject const MODERATOR = 'moderator'; const ADMINISTRATOR = 'administrator'; + const SANDBOXED = 'sandboxed'; + const SILENCED = 'silenced'; } diff --git a/lib/right.php b/lib/right.php index 4fc981af0..88abdf780 100644 --- a/lib/right.php +++ b/lib/right.php @@ -47,5 +47,8 @@ class Right { const DELETEOTHERSNOTICE = 'deleteothersnotice'; const CONFIGURESITE = 'configuresite'; + const DELETEUSER = 'deleteuser'; + const SILENCEUSER = 'silenceuser'; + const SANDBOXUSER = 'sandboxuser'; } -- cgit v1.2.3-54-g00ecf From 6470ccd1b869808d2fca530b9ee53e6a574646c4 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 16 Nov 2009 00:19:19 -0500 Subject: getSubscribers and getSubscriptions were not handling the case where limit=null correctly --- classes/Profile.php | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'classes') diff --git a/classes/Profile.php b/classes/Profile.php index 7c1e9db33..9348248af 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -310,10 +310,12 @@ class Profile extends Memcached_DataObject 'AND subscription.subscribed != subscription.subscriber ' . 'ORDER BY subscription.created DESC '; - if (common_config('db','type') == 'pgsql') { - $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; - } else { - $qry .= ' LIMIT ' . $offset . ', ' . $limit; + if ($offset>0 && !is_null($limit)){ + if (common_config('db','type') == 'pgsql') { + $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $qry .= ' LIMIT ' . $offset . ', ' . $limit; + } } $profile = new Profile(); @@ -333,11 +335,13 @@ class Profile extends Memcached_DataObject 'AND subscription.subscribed != subscription.subscriber ' . 'ORDER BY subscription.created DESC '; - if ($offset) { - if (common_config('db','type') == 'pgsql') { - $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; - } else { - $qry .= ' LIMIT ' . $offset . ', ' . $limit; + if ($offset>0 && !is_null($limit)){ + if ($offset) { + if (common_config('db','type') == 'pgsql') { + $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $qry .= ' LIMIT ' . $offset . ', ' . $limit; + } } } -- cgit v1.2.3-54-g00ecf From 792590bcdccfabc8565dea138d93f6f3405131da Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 15:52:33 +0100 Subject: move role functions to Profile class --- classes/Profile.php | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ classes/User.php | 68 ++++++++++++++++-------------------------------- 2 files changed, 96 insertions(+), 46 deletions(-) (limited to 'classes') diff --git a/classes/Profile.php b/classes/Profile.php index 7c1e9db33..2668efcc7 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -587,4 +587,78 @@ class Profile extends Memcached_DataObject return $location; } + + function hasRole($name) + { + $role = User_role::pkeyGet(array('user_id' => $this->id, + 'role' => $name)); + return (!empty($role)); + } + + function grantRole($name) + { + $role = new User_role(); + + $role->user_id = $this->id; + $role->role = $name; + $role->created = common_sql_now(); + + $result = $role->insert(); + + if (!$result) { + common_log_db_error($role, 'INSERT', __FILE__); + return false; + } + + return true; + } + + function revokeRole($name) + { + $role = User_role::pkeyGet(array('user_id' => $this->id, + 'role' => $name)); + + if (empty($role)) { + throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); + } + + $result = $role->delete(); + + if (!$result) { + common_log_db_error($role, 'DELETE', __FILE__); + throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.'); + } + + return true; + } + + function isSandboxed() + { + return $this->hasRole(User_role::SANDBOXED); + } + + function isSilenced() + { + return $this->hasRole(User_role::SILENCED); + } + + function sandbox() + { + $this->grantRole(User_role::SANDBOXED); + } + + function unsandbox() + { + $this->revokeRole(User_role::SANDBOXED); + } + + function silence() + { + $this->grantRole(User_role::SILENCED); + } + + function unsilence() + { + $this->revokeRole(User_role::SILENCED); + } } diff --git a/classes/User.php b/classes/User.php index 0e8404377..1dca59f23 100644 --- a/classes/User.php +++ b/classes/User.php @@ -657,50 +657,6 @@ class User extends Memcached_DataObject return Design::staticGet('id', $this->design_id); } - function hasRole($name) - { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); - return (!empty($role)); - } - - function grantRole($name) - { - $role = new User_role(); - - $role->user_id = $this->id; - $role->role = $name; - $role->created = common_sql_now(); - - $result = $role->insert(); - - if (!$result) { - common_log_db_error($role, 'INSERT', __FILE__); - return false; - } - - return true; - } - - function revokeRole($name) - { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); - - if (empty($role)) { - throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); - } - - $result = $role->delete(); - - if (!$result) { - common_log_db_error($role, 'DELETE', __FILE__); - throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.'); - } - - return true; - } - /** * Does this user have the right to do X? * @@ -779,13 +735,33 @@ class User extends Memcached_DataObject // XXX delete group block? Reset blocker? } + function hasRole($name) + { + $profile = $this->getProfile(); + return $profile->hasRole($name); + } + + function grantRole($name) + { + $profile = $this->getProfile(); + return $profile->grantRole($name); + } + + function revokeRole($name) + { + $profile = $this->getProfile(); + return $profile->revokeRole($name); + } + function isSandboxed() { - return $this->hasRole(User_role::SANDBOXED); + $profile = $this->getProfile(); + return $profile->isSandboxed(); } function isSilenced() { - return $this->hasRole(User_role::SILENCED); + $profile = $this->getProfile(); + return $profile->isSilenced(); } } -- cgit v1.2.3-54-g00ecf From 4e00ce01a9841ac055c058a4f0e221cc56eca06e Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 16:02:47 +0100 Subject: Rename user_role to profile_role Renamed the user_role table to profile_role. Remote users can have a role on the site; that 'role' may be negative (silenced or sandboxed). --- classes/Profile_role.php | 55 ++++++++++++++++++++++++++++++++++++++ classes/statusnet.ini | 69 +++++++++++++----------------------------------- db/statusnet.sql | 6 ++--- 3 files changed, 76 insertions(+), 54 deletions(-) create mode 100755 classes/Profile_role.php mode change 100644 => 100755 classes/statusnet.ini (limited to 'classes') diff --git a/classes/Profile_role.php b/classes/Profile_role.php new file mode 100755 index 000000000..afa7fb74e --- /dev/null +++ b/classes/Profile_role.php @@ -0,0 +1,55 @@ +. + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Table Definition for profile_role + */ + +require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; + +class Profile_role extends Memcached_DataObject +{ + ###START_AUTOCODE + /* the code below is auto generated do not remove the above tag */ + + public $__table = 'profile_role'; // table name + public $profile_id; // int(4) primary_key not_null + public $role; // varchar(32) primary_key not_null + public $created; // datetime not_null default_0000-00-00%2000%3A00%3A00 + + /* Static get */ + function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Profile_role',$k,$v); } + + /* the code above is auto generated do not remove the tag below */ + ###END_AUTOCODE + + function &pkeyGet($kv) + { + return Memcached_DataObject::pkeyGet('Profile_role', $kv); + } + + const MODERATOR = 'moderator'; + const ADMINISTRATOR = 'administrator'; + const SANDBOXED = 'sandboxed'; + const SILENCED = 'silenced'; +} diff --git a/classes/statusnet.ini b/classes/statusnet.ini old mode 100644 new mode 100755 index 19ab7bf97..6a7be1008 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -253,6 +253,15 @@ modified = 384 [location_namespace__keys] id = K +[login_token] +user_id = 129 +token = 130 +created = 142 +modified = 384 + +[login_token__keys] +user_id = K + [message] id = 129 uri = 2 @@ -358,6 +367,15 @@ modified = 384 blocker = K blocked = K +[profile_role] +profile_id = 129 +role = 130 +created = 142 + +[profile_role__keys] +profile_id = K +role = K + [profile_tag] tagger = 129 tagged = 129 @@ -525,54 +543,3 @@ modified = 384 [user_group__keys] id = N - -[user_openid] -canonical = 130 -display = 130 -user_id = 129 -created = 142 -modified = 384 - -[user_openid__keys] -canonical = K -display = U - -[user_openid_trustroot] -trustroot = 130 -user_id = 129 -created = 142 -modified = 384 - -[user_openid__keys] -trustroot = K -user_id = K - -[user_role] -user_id = 129 -role = 130 -created = 142 - -[user_role__keys] -user_id = K -role = K - -[login_token] -user_id = 129 -token = 130 -created = 142 -modified = 384 - -[login_token__keys] -user_id = K -token = K - -[user_username] -user_id = 129 -provider_name = 130 -username = 130 -created = 142 -modified = 384 - -[user_username__keys] -provider_name = K -username = K diff --git a/db/statusnet.sql b/db/statusnet.sql index 732aded5a..18abcdfdb 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -557,13 +557,13 @@ create table config ( ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; -create table user_role ( +create table profile_role ( - user_id integer not null comment 'user having the role' references user (id), + profile_id integer not null comment 'account having the role' references profile (id), role varchar(32) not null comment 'string representing the role', created datetime not null comment 'date the role was granted', - constraint primary key (user_id, role) + constraint primary key (profile_id, role) ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; -- cgit v1.2.3-54-g00ecf From fa00aed88b8ee0afc63b0e19d05564d20dcd0b1e Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 16:04:51 +0100 Subject: remove User_role class --- classes/User_role.php | 53 --------------------------------------------------- 1 file changed, 53 deletions(-) delete mode 100644 classes/User_role.php (limited to 'classes') diff --git a/classes/User_role.php b/classes/User_role.php deleted file mode 100644 index b415642fc..000000000 --- a/classes/User_role.php +++ /dev/null @@ -1,53 +0,0 @@ -. - */ - -if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } - -/** - * Table Definition for user_role - */ - -require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; - -class User_role extends Memcached_DataObject -{ - ###START_AUTOCODE - /* the code below is auto generated do not remove the above tag */ - - public $__table = 'user_role'; // table name - public $user_id; // int(4) primary_key not_null - public $role; // varchar(32) primary_key not_null - public $created; // datetime() not_null - - /* Static get */ - function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('User_role',$k,$v); } - - /* the code above is auto generated do not remove the tag below */ - ###END_AUTOCODE - - function &pkeyGet($kv) - { - return Memcached_DataObject::pkeyGet('User_role', $kv); - } - - const MODERATOR = 'moderator'; - const ADMINISTRATOR = 'administrator'; - const SANDBOXED = 'sandboxed'; - const SILENCED = 'silenced'; -} -- cgit v1.2.3-54-g00ecf From dd10e9729bfa6dc712433db49e385f94cbc3cdea Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 16:05:22 +0100 Subject: fix exe flag after createTable --- classes/Profile_role.php | 0 classes/statusnet.ini | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 classes/Profile_role.php mode change 100755 => 100644 classes/statusnet.ini (limited to 'classes') diff --git a/classes/Profile_role.php b/classes/Profile_role.php old mode 100755 new mode 100644 diff --git a/classes/statusnet.ini b/classes/statusnet.ini old mode 100755 new mode 100644 -- cgit v1.2.3-54-g00ecf From 3e08309826f1f627676a02b85d6809fcbd27a37b Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 16:06:52 +0100 Subject: change uses of User_role to Profile_role --- classes/Profile.php | 28 ++++++++++++++-------------- classes/User.php | 4 ++-- 2 files changed, 16 insertions(+), 16 deletions(-) (limited to 'classes') diff --git a/classes/Profile.php b/classes/Profile.php index 2668efcc7..5b4394d3b 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -590,18 +590,18 @@ class Profile extends Memcached_DataObject function hasRole($name) { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); + $role = Profile_role::pkeyGet(array('profile_id' => $this->id, + 'role' => $name)); return (!empty($role)); } function grantRole($name) { - $role = new User_role(); + $role = new Profile_role(); - $role->user_id = $this->id; - $role->role = $name; - $role->created = common_sql_now(); + $role->profile_id = $this->id; + $role->role = $name; + $role->created = common_sql_now(); $result = $role->insert(); @@ -615,8 +615,8 @@ class Profile extends Memcached_DataObject function revokeRole($name) { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); + $role = Profile_role::pkeyGet(array('profile_id' => $this->id, + 'role' => $name)); if (empty($role)) { throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); @@ -634,31 +634,31 @@ class Profile extends Memcached_DataObject function isSandboxed() { - return $this->hasRole(User_role::SANDBOXED); + return $this->hasRole(Profile_role::SANDBOXED); } function isSilenced() { - return $this->hasRole(User_role::SILENCED); + return $this->hasRole(Profile_role::SILENCED); } function sandbox() { - $this->grantRole(User_role::SANDBOXED); + $this->grantRole(Profile_role::SANDBOXED); } function unsandbox() { - $this->revokeRole(User_role::SANDBOXED); + $this->revokeRole(Profile_role::SANDBOXED); } function silence() { - $this->grantRole(User_role::SILENCED); + $this->grantRole(Profile_role::SILENCED); } function unsilence() { - $this->revokeRole(User_role::SILENCED); + $this->revokeRole(Profile_role::SILENCED); } } diff --git a/classes/User.php b/classes/User.php index 1dca59f23..82d3bd59a 100644 --- a/classes/User.php +++ b/classes/User.php @@ -679,10 +679,10 @@ class User extends Memcached_DataObject case Right::SANDBOXUSER: case Right::SILENCEUSER: case Right::DELETEUSER: - $result = $this->hasRole(User_role::MODERATOR); + $result = $this->hasRole(Profile_role::MODERATOR); break; case Right::CONFIGURESITE: - $result = $this->hasRole(User_role::ADMINISTRATOR); + $result = $this->hasRole(Profile_role::ADMINISTRATOR); break; default: $result = false; -- cgit v1.2.3-54-g00ecf From 717758563038e802976fbd5fcdede45804b82c51 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 16 Nov 2009 11:22:45 -0500 Subject: getGroups was not handling the case where limit=null correctly --- classes/User.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'classes') diff --git a/classes/User.php b/classes/User.php index 9f1ee53f4..4ddf94916 100644 --- a/classes/User.php +++ b/classes/User.php @@ -577,11 +577,13 @@ class User extends Memcached_DataObject 'WHERE group_member.profile_id = %d ' . 'ORDER BY group_member.created DESC '; - if ($offset) { - if (common_config('db','type') == 'pgsql') { - $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; - } else { - $qry .= ' LIMIT ' . $offset . ', ' . $limit; + if ($offset>0 && !is_null($limit)) { + if ($offset) { + if (common_config('db','type') == 'pgsql') { + $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $qry .= ' LIMIT ' . $offset . ', ' . $limit; + } } } -- cgit v1.2.3-54-g00ecf From d2145a5b7f3a95dcfa90edb4bcd5e5b3bf66c116 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 19:03:59 +0100 Subject: Move rights check to profile and add right for new notices Added a right for new notices, realized that the hasRight() method should be on the profile, and moved it. Makes this a less atomic commit but that's the way it goes sometimes. --- classes/Notice.php | 6 ++---- classes/Profile.php | 38 ++++++++++++++++++++++++++++++++++++++ classes/User.php | 33 ++------------------------------- lib/right.php | 1 + 4 files changed, 43 insertions(+), 35 deletions(-) (limited to 'classes') diff --git a/classes/Notice.php b/classes/Notice.php index 291e6202b..fde40240f 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject ' take a breather and post again in a few minutes.')); } - $banned = common_config('profile', 'banned'); - - if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) { - common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id)."); + if (!$profile->hasRight(Right::NEWNOTICE)) { + common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname); throw new ClientException(_('You are banned from posting notices on this site.')); } diff --git a/classes/Profile.php b/classes/Profile.php index 5b4394d3b..e3b35533a 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject { $this->revokeRole(Profile_role::SILENCED); } + + /** + * Does this user have the right to do X? + * + * With our role-based authorization, this is merely a lookup for whether the user + * has a particular role. The implementation currently uses a switch statement + * to determine if the user has the pre-defined role to exercise the right. Future + * implementations may allow per-site roles, and different mappings of roles to rights. + * + * @param $right string Name of the right, usually a constant in class Right + * @return boolean whether the user has the right in question + */ + + function hasRight($right) + { + $result = false; + if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { + switch ($right) + { + case Right::DELETEOTHERSNOTICE: + case Right::SANDBOXUSER: + case Right::SILENCEUSER: + case Right::DELETEUSER: + $result = $this->hasRole(Profile_role::MODERATOR); + break; + case Right::CONFIGURESITE: + $result = $this->hasRole(Profile_role::ADMINISTRATOR); + break; + case Right::NEWNOTICE: + $result = !$this->isSilenced(); + break; + default: + $result = false; + break; + } + } + return $result; + } } diff --git a/classes/User.php b/classes/User.php index 82d3bd59a..a466369a1 100644 --- a/classes/User.php +++ b/classes/User.php @@ -657,39 +657,10 @@ class User extends Memcached_DataObject return Design::staticGet('id', $this->design_id); } - /** - * Does this user have the right to do X? - * - * With our role-based authorization, this is merely a lookup for whether the user - * has a particular role. The implementation currently uses a switch statement - * to determine if the user has the pre-defined role to exercise the right. Future - * implementations may allow per-site roles, and different mappings of roles to rights. - * - * @param $right string Name of the right, usually a constant in class Right - * @return boolean whether the user has the right in question - */ - function hasRight($right) { - $result = false; - if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { - switch ($right) - { - case Right::DELETEOTHERSNOTICE: - case Right::SANDBOXUSER: - case Right::SILENCEUSER: - case Right::DELETEUSER: - $result = $this->hasRole(Profile_role::MODERATOR); - break; - case Right::CONFIGURESITE: - $result = $this->hasRole(Profile_role::ADMINISTRATOR); - break; - default: - $result = false; - break; - } - } - return $result; + $profile = $this->getProfile(); + return $profile->hasRight($right); } function delete() diff --git a/lib/right.php b/lib/right.php index 88abdf780..ae8516602 100644 --- a/lib/right.php +++ b/lib/right.php @@ -50,5 +50,6 @@ class Right const DELETEUSER = 'deleteuser'; const SILENCEUSER = 'silenceuser'; const SANDBOXUSER = 'sandboxuser'; + const NEWNOTICE = 'newnotice'; } -- cgit v1.2.3-54-g00ecf From f1efb845e4955f398be3a7e36499474dc67bdade Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 19:22:22 +0100 Subject: don't allow sandboxed users to post public notices --- classes/Notice.php | 5 ++--- classes/Profile.php | 3 +++ lib/right.php | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) (limited to 'classes') diff --git a/classes/Notice.php b/classes/Notice.php index fde40240f..1db431f2a 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -203,12 +203,11 @@ class Notice extends Memcached_DataObject $notice = new Notice(); $notice->profile_id = $profile_id; - $blacklist = common_config('public', 'blacklist'); $autosource = common_config('public', 'autosource'); - # Blacklisted are non-false, but not 1, either + # Sandboxed are non-false, but not 1, either - if (($blacklist && in_array($profile_id, $blacklist)) || + if (!$user->hasRight(Right::PUBLICNOTICE) || ($source && $autosource && in_array($source, $autosource))) { $notice->is_local = Notice::LOCAL_NONPUBLIC; } else { diff --git a/classes/Profile.php b/classes/Profile.php index e3b35533a..291e3f064 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -692,6 +692,9 @@ class Profile extends Memcached_DataObject case Right::NEWNOTICE: $result = !$this->isSilenced(); break; + case Right::PUBLICNOTICE: + $result = !$this->isSandboxed(); + break; default: $result = false; break; diff --git a/lib/right.php b/lib/right.php index ae8516602..1a3a7d49a 100644 --- a/lib/right.php +++ b/lib/right.php @@ -51,5 +51,6 @@ class Right const SILENCEUSER = 'silenceuser'; const SANDBOXUSER = 'sandboxuser'; const NEWNOTICE = 'newnotice'; + const PUBLICNOTICE = 'publicnotice'; } -- cgit v1.2.3-54-g00ecf From e9321a18063911f28bb55e355298ce65b36b5b71 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 19:46:08 +0100 Subject: more rights denied to silenced and sandboxed --- classes/Profile.php | 4 ++++ lib/right.php | 4 ++++ 2 files changed, 8 insertions(+) (limited to 'classes') diff --git a/classes/Profile.php b/classes/Profile.php index 291e3f064..8754c506c 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -690,9 +690,13 @@ class Profile extends Memcached_DataObject $result = $this->hasRole(Profile_role::ADMINISTRATOR); break; case Right::NEWNOTICE: + case Right::NEWMESSAGE: + case Right::SUBSCRIBE: $result = !$this->isSilenced(); break; case Right::PUBLICNOTICE: + case Right::EMAILONREPLY: + case Right::EMAILONSUBSCRIBE: $result = !$this->isSandboxed(); break; default: diff --git a/lib/right.php b/lib/right.php index 1a3a7d49a..90ca75fd5 100644 --- a/lib/right.php +++ b/lib/right.php @@ -52,5 +52,9 @@ class Right const SANDBOXUSER = 'sandboxuser'; const NEWNOTICE = 'newnotice'; const PUBLICNOTICE = 'publicnotice'; + const NEWMESSAGE = 'newmessage'; + const SUBSCRIBE = 'subscribe'; + const EMAILONREPLY = 'emailonreply'; + const EMAILONSUBSCRIBE = 'emailonsubscribe'; } -- cgit v1.2.3-54-g00ecf From 440af7ed7a2ae0a93d691c9a6a8081cbd065e53b Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 19:51:41 +0100 Subject: silenced users can't send direct messages --- classes/Message.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'classes') diff --git a/classes/Message.php b/classes/Message.php index 979e6e87c..718a9d922 100644 --- a/classes/Message.php +++ b/classes/Message.php @@ -39,6 +39,12 @@ class Message extends Memcached_DataObject static function saveNew($from, $to, $content, $source) { + $sender = Profile::staticGet('id', $from); + + if (!$sender->hasRight(Right::NEWMESSAGE)) { + throw new ClientException(_('You are banned from sending direct messages.')); + } + $msg = new Message(); $msg->from_profile = $from; -- cgit v1.2.3-54-g00ecf From d59af0296070cd868855564a0280e4be2c16410d Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 14:28:55 -0500 Subject: disallow email on faves from sandboxed users --- classes/Profile.php | 1 + lib/mail.php | 4 ++++ lib/right.php | 1 + 3 files changed, 6 insertions(+) (limited to 'classes') diff --git a/classes/Profile.php b/classes/Profile.php index 8754c506c..d52dff5af 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -697,6 +697,7 @@ class Profile extends Memcached_DataObject case Right::PUBLICNOTICE: case Right::EMAILONREPLY: case Right::EMAILONSUBSCRIBE: + case Right::EMAILONFAVE: $result = !$this->isSandboxed(); break; default: diff --git a/lib/mail.php b/lib/mail.php index 6e74d1806..dffac3262 100644 --- a/lib/mail.php +++ b/lib/mail.php @@ -546,6 +546,10 @@ function mail_notify_message($message, $from=null, $to=null) function mail_notify_fave($other, $user, $notice) { + if (!$user->hasRight(Right::EMAILONFAVE)) { + return; + } + $profile = $user->getProfile(); $bestname = $profile->getBestName(); diff --git a/lib/right.php b/lib/right.php index 90ca75fd5..5e66eae0e 100644 --- a/lib/right.php +++ b/lib/right.php @@ -56,5 +56,6 @@ class Right const SUBSCRIBE = 'subscribe'; const EMAILONREPLY = 'emailonreply'; const EMAILONSUBSCRIBE = 'emailonsubscribe'; + const EMAILONFAVE = 'emailonfave'; } -- cgit v1.2.3-54-g00ecf From a373d07ae00b878f47970f2e4a7d86c6ec3a65cf Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 16 Nov 2009 15:24:25 -0500 Subject: Allow plugin DB_DataObject classes to not have to use the .ini file by overriding keys(), table(), and sequenceKey() for them --- classes/Plugin_DataObject.php | 195 ++++++++++++++++++++++++ classes/statusnet.ini | 31 ---- lib/schema.php | 41 ++++- plugins/Authentication/AuthenticationPlugin.php | 11 +- plugins/Authentication/User_username.php | 22 ++- plugins/OpenID/OpenIDPlugin.php | 23 +-- plugins/OpenID/User_openid.php | 22 ++- plugins/OpenID/User_openid_trustroot.php | 20 ++- plugins/UserFlag/UserFlagPlugin.php | 11 +- plugins/UserFlag/User_flag_profile.php | 21 ++- 10 files changed, 318 insertions(+), 79 deletions(-) create mode 100644 classes/Plugin_DataObject.php (limited to 'classes') diff --git a/classes/Plugin_DataObject.php b/classes/Plugin_DataObject.php new file mode 100644 index 000000000..d5cecf0f7 --- /dev/null +++ b/classes/Plugin_DataObject.php @@ -0,0 +1,195 @@ +. + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } + +require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; + +abstract class Plugin_DataObject extends Memcached_DataObject +{ + function table() { + static $table = null; + if($table == null) { + $table = array(); + $DB = $this->getDatabaseConnection(); + $dbtype = $DB->phptype; + $tableDef = $this->tableDef(); + foreach($tableDef->columns as $columnDef){ + switch(strtoupper($columnDef->type)) { + /*shamelessly copied from DB_DataObject_Generator*/ + case 'INT': + case 'INT2': // postgres + case 'INT4': // postgres + case 'INT8': // postgres + case 'SERIAL4': // postgres + case 'SERIAL8': // postgres + case 'INTEGER': + case 'TINYINT': + case 'SMALLINT': + case 'MEDIUMINT': + case 'BIGINT': + $type = DB_DATAOBJECT_INT; + if ($columnDef->size == 1) { + $type += DB_DATAOBJECT_BOOL; + } + break; + + case 'REAL': + case 'DOUBLE': + case 'DOUBLE PRECISION': // double precision (firebird) + case 'FLOAT': + case 'FLOAT4': // real (postgres) + case 'FLOAT8': // double precision (postgres) + case 'DECIMAL': + case 'MONEY': // mssql and maybe others + case 'NUMERIC': + case 'NUMBER': // oci8 + $type = DB_DATAOBJECT_INT; // should really by FLOAT!!! / MONEY... + break; + + case 'YEAR': + $type = DB_DATAOBJECT_INT; + break; + + case 'BIT': + case 'BOOL': + case 'BOOLEAN': + + $type = DB_DATAOBJECT_BOOL; + // postgres needs to quote '0' + if ($dbtype == 'pgsql') { + $type += DB_DATAOBJECT_STR; + } + break; + + case 'STRING': + case 'CHAR': + case 'VARCHAR': + case 'VARCHAR2': + case 'TINYTEXT': + + case 'ENUM': + case 'SET': // not really but oh well + + case 'POINT': // mysql geometry stuff - not really string - but will do.. + + case 'TIMESTAMPTZ': // postgres + case 'BPCHAR': // postgres + case 'INTERVAL': // postgres (eg. '12 days') + + case 'CIDR': // postgres IP net spec + case 'INET': // postgres IP + case 'MACADDR': // postgress network Mac address. + + case 'INTEGER[]': // postgres type + case 'BOOLEAN[]': // postgres type + + $type = DB_DATAOBJECT_STR; + break; + + case 'TEXT': + case 'MEDIUMTEXT': + case 'LONGTEXT': + + $type = DB_DATAOBJECT_STR + DB_DATAOBJECT_TXT; + break; + + + case 'DATE': + $type = DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE; + break; + + case 'TIME': + $type = DB_DATAOBJECT_STR + DB_DATAOBJECT_TIME; + break; + + + case 'DATETIME': + + $type = DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME; + break; + + case 'TIMESTAMP': // do other databases use this??? + + $type = ($dbtype == 'mysql') ? + DB_DATAOBJECT_MYSQLTIMESTAMP : + DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME; + break; + + + case 'BLOB': /// these should really be ignored!!!??? + case 'TINYBLOB': + case 'MEDIUMBLOB': + case 'LONGBLOB': + + case 'CLOB': // oracle character lob support + + case 'BYTEA': // postgres blob support.. + $type = DB_DATAOBJECT_STR + DB_DATAOBJECT_BLOB; + break; + + default: + throw new Exception("Cannot handle datatype: $columnDef->type"); + } + if(! $columnDef->nullable) { + $type+=DB_DATAOBJECT_NOTNULL; + } + $table[$columnDef->name]=$type; + } + } + return $table; + } + + function keys() { + static $keys = null; + if($keys == null) { + $keys = array(); + $tableDef = $this->tableDef(); + foreach($tableDef->columns as $columnDef){ + if($columnDef->key != null){ + $keys[] = $columnDef->name; + } + } + } + return $keys; + } + + function sequenceKey() { + static $sequenceKey = null; + if($sequenceKey == null) { + $sequenceKey = array(false,false); + $tableDef = $this->tableDef(); + foreach($tableDef->columns as $columnDef){ + if($columnDef->key == 'PRI' && $columnDef->auto_increment){ + $sequenceKey=array($columnDef->name,true); + } + } + } + return $sequenceKey; + } + + /** + * Get the TableDef object that represents the table backing this class + * Ideally, this function would a static function, but PHP doesn't allow + * abstract static functions + * @return TableDef TableDef instance + */ + abstract function tableDef(); +} + diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 19ab7bf97..8572ea8ac 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -526,27 +526,6 @@ modified = 384 [user_group__keys] id = N -[user_openid] -canonical = 130 -display = 130 -user_id = 129 -created = 142 -modified = 384 - -[user_openid__keys] -canonical = K -display = U - -[user_openid_trustroot] -trustroot = 130 -user_id = 129 -created = 142 -modified = 384 - -[user_openid__keys] -trustroot = K -user_id = K - [user_role] user_id = 129 role = 130 @@ -566,13 +545,3 @@ modified = 384 user_id = K token = K -[user_username] -user_id = 129 -provider_name = 130 -username = 130 -created = 142 -modified = 384 - -[user_username__keys] -provider_name = K -username = K diff --git a/lib/schema.php b/lib/schema.php index 1e0c1f3e9..560884d9f 100644 --- a/lib/schema.php +++ b/lib/schema.php @@ -372,6 +372,26 @@ class Schema return true; } + /** + * Ensures that the table that backs a given + * Plugin_DataObject class exists. + * + * If the table does not yet exist, it will + * create the table. If it does exist, it will + * alter the table to match the column definitions. + * + * @param Plugin_DataObject $dataObjectClass + * + * @return boolean success flag + */ + + public function ensureDataObject($dataObjectClass) + { + $obj = new $dataObjectClass(); + $tableDef = $obj->tableDef(); + return $this->ensureTable($tableDef->name,$tableDef->columns); + } + /** * Ensures that a table exists with the given * name and the given column definitions. @@ -544,6 +564,19 @@ class TableDef public $name; /** array of ColumnDef objects for the columns. */ public $columns; + + /** + * Constructor. + * + * @param string $name name of the table + * @param array $columns columns in the table + */ + + function __construct($name=null,$columns=null) + { + $this->name = $name; + $this->columns = $columns; + } } /** @@ -576,6 +609,8 @@ class ColumnDef /** 'extra' stuff. Returned by MySQL, largely * unused. */ public $extra; + /** auto increment this field if no value is specific for it during an insert **/ + public $auto_increment; /** * Constructor. @@ -591,7 +626,7 @@ class ColumnDef function __construct($name=null, $type=null, $size=null, $nullable=true, $key=null, $default=null, - $extra=null) + $extra=null, $auto_increment=false) { $this->name = strtolower($name); $this->type = strtolower($type); @@ -600,6 +635,7 @@ class ColumnDef $this->key = $key; $this->default = $default; $this->extra = $extra; + $this->auto_increment = $auto_increment; } /** @@ -617,7 +653,8 @@ class ColumnDef $this->_typeMatch($other) && $this->_defaultMatch($other) && $this->_nullMatch($other) && - $this->key == $other->key); + $this->key == $other->key && + $this->auto_increment == $other->auto_increment); } /** diff --git a/plugins/Authentication/AuthenticationPlugin.php b/plugins/Authentication/AuthenticationPlugin.php index a76848b04..a80da901c 100644 --- a/plugins/Authentication/AuthenticationPlugin.php +++ b/plugins/Authentication/AuthenticationPlugin.php @@ -204,16 +204,7 @@ abstract class AuthenticationPlugin extends Plugin function onCheckSchema() { $schema = Schema::get(); - $schema->ensureTable('user_username', - array(new ColumnDef('provider_name', 'varchar', - '255', false, 'PRI'), - new ColumnDef('username', 'varchar', - '255', false, 'PRI'), - new ColumnDef('user_id', 'integer', - null, false), - new ColumnDef('created', 'datetime', - null, false), - new ColumnDef('modified', 'timestamp'))); + $schema->ensureDataObject(User_username); return true; } diff --git a/plugins/Authentication/User_username.php b/plugins/Authentication/User_username.php index f30f60d83..6826f2681 100644 --- a/plugins/Authentication/User_username.php +++ b/plugins/Authentication/User_username.php @@ -2,9 +2,9 @@ /** * Table Definition for user_username */ -require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; +require_once INSTALLDIR.'/classes/Plugin_DataObject.php'; -class User_username extends Memcached_DataObject +class User_username extends Plugin_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ @@ -43,4 +43,22 @@ class User_username extends Memcached_DataObject return false; } } + + /** + * Get the TableDef object that represents the table backing this class + * @return TableDef TableDef instance + */ + function tableDef() + { + return new TableDef($this->__table, + array(new ColumnDef('provider_name', 'varchar', + '255', false, 'PRI'), + new ColumnDef('username', 'varchar', + '255', false, 'PRI'), + new ColumnDef('user_id', 'integer', + null, false), + new ColumnDef('created', 'datetime', + null, false), + new ColumnDef('modified', 'timestamp'))); + } } diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index 55c0eadaf..88e23ea3e 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -156,6 +156,9 @@ class OpenIDPlugin extends Plugin case 'User_openid': require_once(INSTALLDIR.'/plugins/OpenID/User_openid.php'); return false; + case 'User_openid_trustroot': + require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'); + return false; default: return true; } @@ -278,24 +281,8 @@ class OpenIDPlugin extends Plugin function onCheckSchema() { $schema = Schema::get(); - $schema->ensureTable('user_openid', - array(new ColumnDef('canonical', 'varchar', - '255', false, 'PRI'), - new ColumnDef('display', 'varchar', - '255', false), - new ColumnDef('user_id', 'integer', - null, false, 'MUL'), - new ColumnDef('created', 'datetime', - null, false), - new ColumnDef('modified', 'timestamp'))); - $schema->ensureTable('user_openid_trustroot', - array(new ColumnDef('trustroot', 'varchar', - '255', false, 'PRI'), - new ColumnDef('user_id', 'integer', - null, false, 'PRI'), - new ColumnDef('created', 'datetime', - null, false), - new ColumnDef('modified', 'timestamp'))); + $schema->ensureDataObject(User_openid); + $schema->ensureDataObject(User_openid_trustroot); return true; } diff --git a/plugins/OpenID/User_openid.php b/plugins/OpenID/User_openid.php index 338e0f6e9..c3624118e 100644 --- a/plugins/OpenID/User_openid.php +++ b/plugins/OpenID/User_openid.php @@ -2,9 +2,9 @@ /** * Table Definition for user_openid */ -require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; +require_once INSTALLDIR.'/classes/Plugin_DataObject.php'; -class User_openid extends Memcached_DataObject +class User_openid extends Plugin_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ @@ -33,4 +33,22 @@ class User_openid extends Memcached_DataObject return ($cnt > 0); } + + /** + * Get the TableDef object that represents the table backing this class + * @return TableDef TableDef instance + */ + function tableDef() + { + return new TableDef($this->__table, + array(new ColumnDef('canonical', 'varchar', + '255', false, 'PRI'), + new ColumnDef('display', 'varchar', + '255', false), + new ColumnDef('user_id', 'integer', + null, false, 'MUL'), + new ColumnDef('created', 'datetime', + null, false), + new ColumnDef('modified', 'timestamp'))); + } } diff --git a/plugins/OpenID/User_openid_trustroot.php b/plugins/OpenID/User_openid_trustroot.php index 4654b72df..b208dddfd 100644 --- a/plugins/OpenID/User_openid_trustroot.php +++ b/plugins/OpenID/User_openid_trustroot.php @@ -2,9 +2,9 @@ /** * Table Definition for user_openid_trustroot */ -require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; +require_once INSTALLDIR.'/classes/Plugin_DataObject.php'; -class User_openid_trustroot extends Memcached_DataObject +class User_openid_trustroot extends Plugin_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ @@ -26,4 +26,20 @@ class User_openid_trustroot extends Memcached_DataObject { return Memcached_DataObject::pkeyGet('User_openid_trustroot', $kv); } + + /** + * Get the TableDef object that represents the table backing this class + * @return TableDef TableDef instance + */ + function tableDef() + { + return new TableDef($this->__table, + array(new ColumnDef('trustroot', 'varchar', + '255', false, 'PRI'), + new ColumnDef('user_id', 'integer', + null, false, 'PRI'), + new ColumnDef('created', 'datetime', + null, false), + new ColumnDef('modified', 'timestamp'))); + } } diff --git a/plugins/UserFlag/UserFlagPlugin.php b/plugins/UserFlag/UserFlagPlugin.php index 6410ee1ce..df7eac7a2 100644 --- a/plugins/UserFlag/UserFlagPlugin.php +++ b/plugins/UserFlag/UserFlagPlugin.php @@ -48,16 +48,7 @@ class UserFlagPlugin extends Plugin $schema = Schema::get(); // For storing user-submitted flags on profiles - - $schema->ensureTable('user_flag_profile', - array(new ColumnDef('profile_id', 'integer', null, - false, 'PRI'), - new ColumnDef('user_id', 'integer', null, - false, 'PRI'), - new ColumnDef('created', 'datetime', null, - false, 'MUL'), - new ColumnDef('cleared', 'datetime', null, - true, 'MUL'))); + $schema->ensureDataObject(User_flag_profile); return true; } diff --git a/plugins/UserFlag/User_flag_profile.php b/plugins/UserFlag/User_flag_profile.php index 30bd4ae68..2fb27912d 100644 --- a/plugins/UserFlag/User_flag_profile.php +++ b/plugins/UserFlag/User_flag_profile.php @@ -21,9 +21,9 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/classes/Memcached_DataObject.php'; +require_once INSTALLDIR.'/classes/Plugin_DataObject.php'; -class User_flag_profile extends Memcached_DataObject +class User_flag_profile extends Plugin_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ @@ -65,4 +65,21 @@ class User_flag_profile extends Memcached_DataObject return !empty($ufp); } + + /** + * Get the TableDef object that represents the table backing this class + * @return TableDef TableDef instance + */ + function tableDef() + { + return new TableDef($this->__table, + array(new ColumnDef('profile_id', 'integer', null, + false, 'PRI'), + new ColumnDef('user_id', 'integer', null, + false, 'PRI'), + new ColumnDef('created', 'datetime', null, + false, 'MUL'), + new ColumnDef('cleared', 'datetime', null, + true, 'MUL'))); + } } -- cgit v1.2.3-54-g00ecf