Commit Graph

210 Commits

Author SHA1 Message Date
Evan Prodromou
1525acdca1 Extend authorization framework to cover login and API use
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.

I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.

I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
2011-02-21 10:20:42 -05:00
Zach Copley
29ce5dd19a Reinstate profile_info in author/actor 2011-02-17 19:02:57 -08:00
Brion Vibber
98b1fe07c6 Blow user:site_owner cache when granting/revoking 'owner' role 2011-02-17 16:46:08 -08:00
Brion Vibber
454a980bd4 Fix for failure/exception on subscription/subscriber lists when deleted profiles are stuck in cached list.
Workaround for deleted profiles still appearing in cached subscriptions/subscribers lists: if we couldn't fetch them, don't include them in the ArrayWrapper.
ArrayWrapper doesn't deal well with null entries, which aren't meant to happen in how it works. This code has recently changed from dying directly with a PHP fatal error in that case to throwing an exception, which allows tracking down the caller.

It looks like there might be some cases where profiles and their matching subscriptions get deleted, but the subscription entries don't get properly cleared from cache... that still bears further investigation. The regular code path looks ok; calls Subscription::cancel() from code called in Profile::delete(); but if they're batch-deleted instead of one row at a time, that could fail to trigger.
2011-02-11 13:21:53 -08:00
Zach Copley
df19e88323 Atom output - Reinstate activity:actor and activity:subject
w/deprecation warnings. Also add statusnet:profile_info back into
author/actor.
2011-02-09 23:18:14 -08:00
Brion Vibber
e211e6228d Merge branch '0.9.x' into 1.0.x 2010-12-28 11:38:34 -08:00
Brion Vibber
90c7ff1983 Merge branch 'master' into 0.9.x 2010-12-28 11:37:38 -08:00
Brion Vibber
d3d9797496 Prevent group creation by silenced users.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
2010-12-28 11:34:02 -08:00
Brion Vibber
26baad63f2 Merge branch '0.9.x' into 1.0.x 2010-12-22 15:25:38 -08:00
Evan Prodromou
9a6ceb3303 Merge branch 'righttoleave' into 0.9.x 2010-12-22 11:22:51 -08:00
Brion Vibber
d8a3a88ec8 Merge branch '0.9.x' into 1.0.x
Conflicts:
	classes/Memcached_DataObject.php
2010-12-17 17:13:21 -08:00
Brion Vibber
4adf551f9f Update sorting for user tagged timelines (indexing was bad before and remains bad -- we need some DB changes to make this one nice) 2010-12-17 13:45:40 -08:00
Brion Vibber
4cd3a0756b Update notice sorting for profile streams; extract more common code to Notice::addSinceId() and Notice::addMaxId() 2010-12-17 13:20:38 -08:00
Brion Vibber
bf20258f4b Merge branch '0.9.x' into 1.0.x 2010-12-15 11:59:31 -08:00
Evan Prodromou
75aaa98462 define rights for account maintenance and default rules 2010-12-13 16:28:32 -05:00
Zach Copley
bb55784e90 Move getConnectedApps() from Profile to User, where it belongs 2010-12-12 17:37:42 -08:00
Evan Prodromou
7285bbc93b Subscription stream functions
Made two new functions, Subscription::bySubscriber() and
Subscription::bySubscribed(), to get streams of Subscription objects.

Converted Profile::getSubscribers() and Profile::getSubscriptions() to
use these functions.
2010-12-11 10:24:46 -05:00
Brion Vibber
9df856e667 Merge branch '0.9.x' into merge
Conflicts:
	README
	actions/hostmeta.php
	classes/File_redirection.php
	lib/common.php
	lib/designsettings.php
	lib/router.php
	lib/util.php
	lib/xmppmanager.php
	plugins/OStatus/OStatusPlugin.php
2010-12-07 10:50:05 -08:00
Brion Vibber
407663fb40 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 12:44:43 -08:00
Brion Vibber
4b01dd8b2e Ticket #2441: fix deletion of avatars when a profile is deleted.
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19 12:40:18 -08:00
Brion Vibber
e4eb3b3dfd Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-15 17:36:48 -08:00
Brion Vibber
0d0e51292d some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em. 2010-11-15 15:32:57 -08:00
Brion Vibber
b716d01a41 Merge branch '0.9.x' into 1.0.x 2010-11-03 16:09:49 -07:00
Siebrand Mazeland
a65362f7fa Add context for different uses of "%1$s (%2$s)" 2010-11-02 23:08:59 +01:00
Brion Vibber
0229c22d23 Merge branch '1.0.x' into schema-x 2010-11-02 15:02:55 -07:00
Brion Vibber
04ca706601 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/othersettings.php
2010-11-02 15:02:10 -07:00
Brion Vibber
426cda5e1f Alternate pretty-title tweaks for #2668 2010-11-02 13:42:44 -07:00
Brion Vibber
96521f38d2 Fix for changed cache functions in code merged up from 0.9.x 2010-10-29 16:31:25 -07:00
Brion Vibber
ca489631db Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/subscriptions.php
	lib/router.php
	lib/xmppmanager.php
	lib/xmppoutqueuehandler.php
2010-10-25 13:08:57 -07:00
Evan Prodromou
aef88c7cee max_id is inclusive 2010-10-25 11:18:49 -04:00
Evan Prodromou
968f9b0513 change max_id from < to <= 2010-10-25 11:08:53 -04:00
Evan Prodromou
1d85bfece1 New events when granting and revoking roles
Four new events for when roles are granted or revoked.
2010-10-22 10:31:50 -04:00
Zach Copley
e8b6d7c946 Add support for an anonymous OAuth consumer. Note: this requires a
small DB tweak.  Oauth_application_user needs to have the primary
compound key: (profile_id, application_id, token).

http://status.net/open-source/issues/2761

This should also make it possible to have multiple access tokens
per application.

http://status.net/open-source/issues/2788
2010-10-19 20:54:53 -07:00
Brion Vibber
5f81f6119b Merge branch '0.9.x' into 1.0.x 2010-10-12 16:33:36 -07:00
Brion Vibber
f4f16af8ac Add a basic group deletion for moderator users. 2010-10-12 15:49:20 -07:00
Brion Vibber
59119482ca Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	actions/hostmeta.php
	actions/imsettings.php
	classes/User.php
	lib/adminpanelaction.php
	lib/channel.php
	lib/default.php
	lib/router.php
	lib/util.php
2010-10-04 12:54:36 -07:00
Zach Copley
3960c9ad39 Move blowFavesCache() to Profile 2010-09-29 16:35:12 -07:00
Zach Copley
c19e592fa8 Move hasFave() to Profile 2010-09-29 16:35:12 -07:00
Siebrand Mazeland
9587f9f55b * i18n/L10n and translator documentation updates.
* whitespace and indentation updates
2010-09-28 23:42:18 +02:00
Evan Prodromou
a319b40c97 common_cache_key() -> Cache::key() 2010-09-06 10:07:43 -04:00
Evan Prodromou
8f81762d68 common_memcache() => Cache::instance() 2010-09-06 09:56:45 -04:00
Evan Prodromou
974ac48771 bug in Profile::fromURI() wasn't returning profile 2010-09-01 16:55:16 -04:00
Evan Prodromou
7bec455a21 Static method to get a profile based on an URI 2010-09-01 16:15:22 -04:00
Brion Vibber
7e55fc0044 OStatus/FeedSub: tweaked PuSH feed garbage collection so other plugins can declare usage of a low-level feed or an OStatus profile besides profile subscriptions & group memberships.
SubMirror: redid add-mirror frontend to accept a feed URL, then pass that on to OStatus, instead of pulling from your subscriptions.
Profile: tweaked subscriberCount() so it doesn't subtract 1 for foreign profiles who aren't subscribed to themselves; instead excludes the self-subscription in the count query.
Memcached_DataObject: tweak to avoid extra error spew in the DB error raising

Work in progress: tweaking feedsub garbage collection so we can count other uses
2010-08-06 11:49:52 -07:00
Evan Prodromou
2ba36fc242 Merge branch 'activityhooks' into 0.9.x
Conflicts:
	classes/Notice.php
2010-08-03 16:01:18 -07:00
Evan Prodromou
f83171824f correctly show <source> for atom feeds 2010-08-03 15:50:21 -07:00
Siebrand Mazeland
8f8588026b Fixes for messages after review by Brion. 2010-07-30 19:25:55 +02:00
Siebrand Mazeland
125ff142e8 * mark a few message for translation
* add translator documentation
2010-07-29 13:36:08 +02:00
Zach Copley
1eec7f779f - Add profile_info tag to Atom author
- Normalize xmlns:statusnet links in the API
2010-06-22 16:28:06 -07:00
Brion Vibber
f1c01f9ead Temporary hack until notice_profile_id_idx is updated
to (profile_id, id) instead of (profile_id, created, id).
It's been falling back to PRIMARY instead, which is really
very inefficient for a profile that hasn't posted in a few
months. Even though forcing the index will cause a filesort,
it's usually going to be better. Even for large profiles it
seems much faster than the badly-indexed query.
2010-04-01 10:17:17 -07:00
Evan Prodromou
c1c7feedbd do complete unsubscribe process when deleting a user 2010-03-31 15:02:19 -04:00
Brion Vibber
441e52718e Background deletion of user accounts. Notices are deleted in chunks, then the user itself when they're all gone.
While deletion is in progress, the account is locked with the 'deleted' role, which disables all actions with rights control.

Todo:
* Pretty up the notice on the profile page about the pending delete. Show status?
* Possibly more thorough account disabling, such as disallowing all use for login and access.
* Improve error recovery; worst case is that an account gets left locked in 'deleted' state but the queue jobs have gotten dropped out. This would leave the username in use and any undeleted notices in place.
2010-03-15 16:08:00 -07:00
Brion Vibber
ce92bc7143 Drop timestamp cutoff parameter from User::getCurrentNotice() and Profile::getCurrentNotice().
It's not currently used, and won't be efficient when we update the notice.profile_id_idx index to optimize for our id-based sorting when pulling user post lists for profile pages, feeds etc.
2010-03-11 11:01:01 -08:00
Brion Vibber
4a2511139e Initial user role controls on profile pages, for owner to add/remove administrator and moderator options.
Buttons need to be themed.
2010-03-03 15:43:49 -08:00
Brion Vibber
3bb42d1170 Use poster's subscribed groups to disambiguate group linking when a remote group and a local group exist with the same name. (If you're a member of two groups with the same name though, there's not a defined winner.) 2010-03-03 19:00:02 +00:00
Brion Vibber
6b134ae4c7 Dropped deprecated timestamp-based 'since' parameter for all API methods. When it sneaks in it can cause some very slow queries due to mismatches with the indexing.
Twitter removed 'since' support some time ago, and we've already removed it from the public timeline, so it shouldn't be missed.
2010-03-02 11:54:02 -08:00
Zach Copley
6a711c6cdc Move ActivityObject and related stuff to core 2010-02-22 17:10:50 -08:00
Evan Prodromou
b79d4ed6a1 add PoCo preferredUsername for nickname in Profile::asActivityNoun() 2010-02-22 07:43:12 -05:00
Evan Prodromou
fae5a15a88 add strongly-suggested link to Profile::asActivityNoun() 2010-02-22 07:40:20 -05:00
Zach Copley
35be39e30e Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing 2010-02-22 01:23:24 -08:00
Zach Copley
47300a2ae9 Upgrade profile-based activity noun to have more complete set of
profile fields
2010-02-22 01:21:34 -08:00
Evan Prodromou
a745d38d6d slight rearrangement of getting profile URIs 2010-02-21 22:52:27 -05:00
Evan Prodromou
52e8aa798a Refactor subs_* functions for remote use
The subs_* functions in subs.php have made a lot of assumptions
about users versus profiles. I've refactored the functions to
be methods of the Subscription class instead, and to use Profile
objects throughout.

Some of the checks for blocks or existing subscriptions depended
on users or profiles, so I've moved those methods around a bit.

I've left stubs for the subs_* functions until we get time to replace
them.
2010-02-19 08:16:45 -05:00
Zach Copley
2cb243808c More sensical profile::getUri() 2010-02-16 20:13:39 -08:00
Zach Copley
c892726c80 Take remote profiles into account when looking up canonical profile URIs 2010-02-16 16:22:58 -08:00
Zach Copley
eea52c708b Add rel="avatar" to img links in <activity:actor> stanzas 2010-02-16 11:32:10 -08:00
Evan Prodromou
71ecd68901 add a FIXME to Profile 2010-02-16 12:45:00 -05:00
Brion Vibber
b39047d95b OStatus: prep work for sending notifications on sub/unsub/join/leave/favorite/unfavorite via Salmon; needs to be completed and hooked up once feed gen is fixed. 2010-02-12 18:54:48 +00:00
Zach Copley
3beddffc39 ostatus:attention links in Notice Atom output 2010-02-11 16:29:27 -08:00
Zach Copley
e2c0f59414 Some upgrades to Atom output for OStatus 2010-02-11 13:56:05 -08:00
Evan Prodromou
5fdcd88176 Moderator can make users admins of a group 2010-02-06 11:36:59 +01:00
Zach Copley
9e7f47652d Revoke access token UI 2010-01-24 16:36:05 -08:00
Zach Copley
c78937537e Better detial in connected OAuth applications list 2010-01-24 16:36:03 -08:00
Zach Copley
ae46bc5fff Started work on interface for displaying connected OAuth apps 2010-01-24 16:36:01 -08:00
Brion Vibber
b93244395f Fix for broken profile flag admin UI: delete stray flag entries when users are deleted so broken entries don't litter the lookups.
* added ProfileDeleteRelated event to match UserDeleteRelated, to allow plugins to add extra related tables on profile deletion
* UserFlagPlugin: deleting flags when target profile is deleted
* UserFlagPlugin: deleting flags when flagging user is deleted
* UserFlagPlugin: fix for autoloader -- class names are case-insensitive. We may get lowercase class names coming in at times, such as when creating DB objects programatically from a table name.

Note that any already-existing bogus entries need to be removed from the database:
select * from user_flag_profile where (select id from profile where id=profile_id) is null;
select * from user_flag_profile where (select id from user where id=user_id) is null;
2010-01-06 11:10:33 -08:00
Evan Prodromou
81843f2acd show the repeat form in notice lists 2009-12-11 10:49:26 -05:00
Evan Prodromou
433106dfc5 remove 'has forwarded' method from Profile 2009-12-10 14:40:48 -05:00
Evan Prodromou
c49ece9fb4 method to check if a profile has forwarded a notice 2009-12-08 17:20:17 -05:00
Craig Andrews
d07df8a796 Added Authorization plugin
Added LDAPAuthorization plugin
2009-11-18 14:19:43 -05:00
Evan Prodromou
6a1afda259 Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	classes/statusnet.ini
2009-11-17 06:25:07 -05:00
Evan Prodromou
d59af02960 disallow email on faves from sandboxed users 2009-11-16 14:28:55 -05:00
Evan Prodromou
e9321a1806 more rights denied to silenced and sandboxed 2009-11-16 19:46:08 +01:00
Evan Prodromou
f1efb845e4 don't allow sandboxed users to post public notices 2009-11-16 19:22:22 +01:00
Evan Prodromou
d2145a5b7f Move rights check to profile and add right for new notices
Added a right for new notices, realized that the hasRight() method
should be on the profile, and moved it.

Makes this a less atomic commit but that's the way it goes sometimes.
2009-11-16 19:03:59 +01:00
Evan Prodromou
3e08309826 change uses of User_role to Profile_role 2009-11-16 16:06:52 +01:00
Evan Prodromou
792590bcdc move role functions to Profile class 2009-11-16 15:52:33 +01:00
Craig Andrews
6470ccd1b8 getSubscribers and getSubscriptions were not handling the case where limit=null correctly 2009-11-16 00:19:19 -05:00
Brion Vibber
088081675f Revert "Remove more contractions"
This reverts commit 5ab709b739.

Missed this one yesterday...
2009-11-09 20:01:46 +01:00
Siebrand Mazeland
5ab709b739 Remove more contractions
* doesn't
* won't
* isn't
* don't
2009-11-08 23:32:15 +01:00
Evan Prodromou
5d2b35cce6 get location from a Profile 2009-10-29 14:43:25 -04:00
Evan Prodromou
3c724ccd0d Merge branch '0.9.x' into location 2009-10-24 19:59:46 -04:00
Evan Prodromou
2ed073f295 new data structures for location 2009-10-21 22:43:40 -04:00
Trever Fischer
1241e651ae Added support for profile designs to the twitter API 2009-10-15 05:16:37 -04:00
Evan Prodromou
c5047fd90a Merge branch '0.8.x' into 0.9.x
Conflicts:
	classes/Profile.php
2009-10-04 03:07:37 -04:00
Evan Prodromou
be513db013 copy-and-paste typo in profile deletion 2009-10-02 15:42:34 -04:00
Evan Prodromou
b3b3af9a2e Merge branch '0.8.x' into deleteuser 2009-10-02 15:27:55 -04:00
Craig Andrews
4a97ad9efe Remove unnecessary Profile::pkeyGet
Thanks for the info, Evan.
2009-09-15 17:08:26 -04:00
Craig Andrews
bb48698416 Add missing pkeyGet override to the Profile class 2009-09-13 21:43:29 -04:00
Evan Prodromou
5d09b6b3f0 Merge branch '0.8.x' into 0.9.x
Conflicts:
	EVENTS.txt
	actions/finishremotesubscribe.php
	actions/postnotice.php
	actions/public.php
	actions/remotesubscribe.php
	actions/showstream.php
	actions/updateprofile.php
	actions/userauthorization.php
	classes/laconica.ini
	lib/common.php
	lib/oauthstore.php
	lib/omb.php
2009-08-27 11:16:45 -07:00
Evan Prodromou
df86aa7214 define LACONICA and accept LACONICA for backwards compatibility 2009-08-26 10:41:36 -04:00