From 660f1cd6b884743c33eb27910e2f6a8c3038fb23 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Mon, 4 Apr 2011 17:33:42 -0400
Subject: [PATCH 1/2] Force group scope on notices sent to a private-only group

For groups that require a private scope, we force every notice to be limited to group scope.

Changed the group-discovery code so we only get groups once -- regardless if they were provided or not.
---
 classes/Notice.php | 80 +++++++++++++++++++++++++++++++---------------
 1 file changed, 54 insertions(+), 26 deletions(-)

diff --git a/classes/Notice.php b/classes/Notice.php
index 2fac7b9e2c..edd1b02cff 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -433,6 +433,22 @@ class Notice extends Memcached_DataObject
             }
         }
 
+        // Force the scope for private groups
+
+        if (!isset($groups)) {
+            $groups = self::groupsFromText($notice->content, $profile);
+        }
+
+        foreach ($groups as $groupId) {
+            $group = User_group::staticGet('id', $groupId);
+            if (!empty($group)) {
+                if ($group->force_scope) {
+                    $notice->scope |= Notice::GROUP_SCOPE;
+                    break;
+                }
+            }
+        }
+
         if (Event::handle('StartNoticeSave', array(&$notice))) {
 
             // XXX: some of these functions write to the DB
@@ -496,11 +512,9 @@ class Notice extends Memcached_DataObject
 
         // Note: groups may save tags, so must be run after tags are saved
         // to avoid errors on duplicates.
-        if (isset($groups)) {
-            $notice->saveKnownGroups($groups);
-        } else {
-            $notice->saveGroups();
-        }
+        // Note: groups should always be set.
+
+        $notice->saveKnownGroups($groups);
 
         if (isset($urls)) {
             $notice->saveKnownUrls($urls);
@@ -940,7 +954,15 @@ class Notice extends Memcached_DataObject
                     common_log_db_error($gi, 'INSERT', __FILE__);
                 }
 
-                // @fixme should we save the tags here or not?
+                // we automatically add a tag for every group name, too
+
+                $tag = Notice_tag::pkeyGet(array('tag' => common_canonical_tag($group->nickname),
+                                                 'notice_id' => $this->id));
+
+                if (is_null($tag)) {
+                    $this->saveTag($group->nickname);
+                }
+
                 $groups[] = clone($group);
             } else {
                 common_log(LOG_ERR, "Local delivery to group id $id skipped, doesn't exist");
@@ -962,36 +984,19 @@ class Notice extends Memcached_DataObject
             return array();
         }
 
-        $groups = array();
-
-        /* extract all !group */
-        $count = preg_match_all('/(?:^|\s)!(' . Nickname::DISPLAY_FMT . ')/',
-                                strtolower($this->content),
-                                $match);
-        if (!$count) {
-            return $groups;
-        }
-
         $profile = $this->getProfile();
 
+        $groups = self::groupsFromText($this->content, $profile);
+
         /* Add them to the database */
 
-        foreach (array_unique($match[1]) as $nickname) {
+        foreach ($groups as $group) {
             /* XXX: remote groups. */
-            $group = User_group::getForNickname($nickname, $profile);
 
             if (empty($group)) {
                 continue;
             }
 
-            // we automatically add a tag for every group name, too
-
-            $tag = Notice_tag::pkeyGet(array('tag' => common_canonical_tag($nickname),
-                                             'notice_id' => $this->id));
-
-            if (is_null($tag)) {
-                $this->saveTag($nickname);
-            }
 
             if ($profile->isMember($group)) {
 
@@ -2180,4 +2185,27 @@ class Notice extends Memcached_DataObject
 
         return true;
     }
+
+    static function groupsFromText($text, $profile)
+    {
+        $groups = array();
+
+        /* extract all !group */
+        $count = preg_match_all('/(?:^|\s)!(' . Nickname::DISPLAY_FMT . ')/',
+                                strtolower($text),
+                                $match);
+
+        if (!$count) {
+            return $groups;
+        }
+
+        foreach (array_unique($match[1]) as $nickname) {
+            $group = User_group::getForNickname($nickname, $profile);
+            if (!empty($group) && $profile->isMember($group)) {
+                $groups[] = $group->id;
+            }
+        }
+
+        return $groups;
+    }
 }

From ddbd4801e067a4ec023f93a89bf28139b3c43f78 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Mon, 4 Apr 2011 17:44:23 -0400
Subject: [PATCH 2/2] include protected flag for users in JSON or XML

---
 lib/apiaction.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/apiaction.php b/lib/apiaction.php
index 3b3ece17cd..1dfeea998a 100644
--- a/lib/apiaction.php
+++ b/lib/apiaction.php
@@ -202,6 +202,8 @@ class ApiAction extends Action
     {
         $twitter_user = array();
 
+        $user = $profile->getUser();
+
         $twitter_user['id'] = intval($profile->id);
         $twitter_user['name'] = $profile->getBestName();
         $twitter_user['screen_name'] = $profile->nickname;
@@ -213,11 +215,10 @@ class ApiAction extends Action
             Avatar::defaultImage(AVATAR_STREAM_SIZE);
 
         $twitter_user['url'] = ($profile->homepage) ? $profile->homepage : null;
-        $twitter_user['protected'] = false; # not supported by StatusNet yet
+        $twitter_user['protected'] = ($user->private_stream) ? true : false;
         $twitter_user['followers_count'] = $profile->subscriberCount();
 
-        $design        = null;
-        $user          = $profile->getUser();
+        $design = null;
 
         // Note: some profiles don't have an associated user