Commit Graph

1365 Commits

Author SHA1 Message Date
Evan Prodromou
1525acdca1 Extend authorization framework to cover login and API use
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.

I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.

I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
2011-02-21 10:20:42 -05:00
Brion Vibber
454a980bd4 Fix for failure/exception on subscription/subscriber lists when deleted profiles are stuck in cached list.
Workaround for deleted profiles still appearing in cached subscriptions/subscribers lists: if we couldn't fetch them, don't include them in the ArrayWrapper.
ArrayWrapper doesn't deal well with null entries, which aren't meant to happen in how it works. This code has recently changed from dying directly with a PHP fatal error in that case to throwing an exception, which allows tracking down the caller.

It looks like there might be some cases where profiles and their matching subscriptions get deleted, but the subscription entries don't get properly cleared from cache... that still bears further investigation. The regular code path looks ok; calls Subscription::cancel() from code called in Profile::delete(); but if they're batch-deleted instead of one row at a time, that could fail to trigger.
2011-02-11 13:21:53 -08:00
Zach Copley
df19e88323 Atom output - Reinstate activity:actor and activity:subject
w/deprecation warnings. Also add statusnet:profile_info back into
author/actor.
2011-02-09 23:18:14 -08:00
Brion Vibber
4883069177 Fix group regexes that got missed in Nickname::DISPLAY_FMT update: fixes bug where group linking happened, but not actual delivery, when using _underscores_ in the !group_name 2011-02-07 12:18:41 -08:00
Evan Prodromou
c37f0f8256 Merge branch 'testing' into privategroup 2011-02-07 12:27:09 -05:00
Evan Prodromou
5f365e75ca only blow public timeline cache if notice is in it 2011-02-03 13:58:56 -05:00
Evan Prodromou
99db745f9d Merge branch 'testing' into privategroup
Conflicts:
	lib/groupeditform.php
2011-02-03 12:56:55 -05:00
Brion Vibber
de7726dd00 Performance counters: records number of total and unique cache get/set/incr/deletes and queries, and logs to syslog.
$config['site']['logperf'] = true; // to record & dump total hits of each type and the runtime to syslog
$config['site']['logperf_detail'] = true; // very verbose -- dump the individual cache keys and queries as they get used (may contain private info in some queries)

Seeing 180 cache gets on a timeline page seems not unusual currently; since these run in serial, even relatively small roundtrip times can add up heavily.
We should consider ways to reduce the number of round trips, such as more frequently storing compound objects or the output of processing in memcached.
Doing parallel multi-key lookups could also help by collapsing round-trip times, but might not be easy to fit into SN's object model. (For things like streams this should actually work pretty well -- grab the list, then when it's returned go grab all the individual items in parallel and return the list)
2011-01-31 13:12:56 -08:00
Brion Vibber
b896a37da0 Use cachedQuery on File::getAttachments, plus other cleanups:
* dropped unnecessary join on notice table
* made the function actually static, since it makes no sense as an instance variable. The only caller (in AttachmentList) is updated.
2011-01-31 12:22:50 -08:00
Brion Vibber
2a29738dc1 Revert "Session GC fix: save session.modified field as UTC so our comparisons work." - no longer needed with ticket #3020 fix to time zone settings
This reverts commit a7abb2323e.
2011-01-31 11:50:24 -08:00
Brion Vibber
47f31bce47 Merge branch 'master' into testing
Conflicts:
	classes/Profile.php
2011-01-31 11:50:06 -08:00
Brion Vibber
54f7154db8 Fix for ticket #3020: set MySQL session time_zone variable to UTC ('+0:00') so TIMESTAMP column values are comparable against our other UTC timestamp values.
MySQL stores TIMESTAMP columns as UTC, but with a local time interface. (SRSLY?!) DATETIME columns are always bare and assumed to be local time, but we keep only UTC in them.
Forcing the session time_zone to UTC means we won't have to worry as much about what we're sending/receiving in there.

Also will let us remove the hack in master commit a7abb2323e for session tweaks
2011-01-31 11:45:19 -08:00
Siebrand Mazeland
7db24c32d6 * fix some i18n and L10n issues
* update/add translator documentation
* remove superfluous whitespace
2011-01-29 00:33:13 +01:00
Brion Vibber
a7abb2323e Session GC fix: save session.modified field as UTC so our comparisons work.
Had to tweak statusnet.ini to remove the DB_DATAOBJECT_MYSQLTIMESTAMP bitfield constant on session.modified; while it sounds like a useful and legit setting, it actually just means that DB_DataObject silently fails to pass through any attempts to explicitly set the value. As a result, MySQL does its default behavior which is to insert the current *LOCAL* time, which is useless.
This was leading to early GC west of GMT, or late GC east of it. Early GC could at worst destroy all live sessions (whoever's session *triggered* GC is fine, as the session then gets saved right back.)
2011-01-27 12:27:31 -08:00
Brion Vibber
433ec21119 Add $config['sessions']['gc_limit'] to limit how much work we do in each session GC; defaulting to killing 1000 sessions at a time. 2011-01-27 12:08:24 -08:00
Evan Prodromou
2682915b99 events for creating a group 2011-01-26 18:35:01 -07:00
Brion Vibber
e35d46b415 Fix for ticket #3010: blocks are now applied against the original poster of repeats.
Previously, if someone you subscribe to repeats a notice by someone you've blocked, you got the message and had to just roll your eyes.
Now blocks are checked against both the current notice's posting profile, and the poster of the original if it's a repeat.
2011-01-24 14:16:15 -08:00
Zach Copley
3a24b95edb Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-20 10:44:05 -08:00
Zach Copley
6dc94a5389 Move getConnectedApps() from Profile to User, where it belongs
Conflicts:

	classes/User.php
2011-01-20 10:43:27 -08:00
Zach Copley
6eca8188b6 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 15:52:18 -08:00
Brion Vibber
281076d5f6 Fix for PHP notice spew in group creation via API: set default 'mainpage' in User_group::register() rather than forcing all callers to do it manually. 2011-01-06 13:22:44 -08:00
Brion Vibber
af1cbc6fe3 Fix ticket #2181: Can't save #000000 (black) in color fields on design page
It seems to have actually been saving correctly, but the update of the colors on the form success page wasn't working properly.
When a design object is pulled out of the database, the numeric fields are read in as strings, so black comes back as "0".
But, when we populate the new object and then stick it live, we've populated it with actual integers; with memcache on these might live for a while in the cache...

The fallback code in Design::toWebColor() did a check ($color == null) which would be false for the string "0", but counts as true for the *integer* 0.
Thus, the display code would initially interpret the correctly-saved black color as "use default".

Changing the check to === against null and "" empty string avoids the false positive on integers, and lets us see our nice black text immediately after save.
2011-01-04 13:09:44 -08:00
Evan Prodromou
26afe79ed9 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-12-29 14:53:38 -08:00
Evan Prodromou
39cf2338c2 Bad method call in File_to_post 2010-12-29 13:28:32 -08:00
Evan Prodromou
d31397bd45 method to count notices linking to an URL 2010-12-28 13:44:49 -08:00
Evan Prodromou
6ab46c70f7 Delete file links when Notice is deleted 2010-12-28 13:44:18 -08:00
Evan Prodromou
a2000f889a Merge branch '0.9.x' into socialbookmark 2010-12-28 13:42:44 -08:00
Evan Prodromou
faf0081a8b Fixes from testing File::stream() 2010-12-28 12:57:31 -08:00
Evan Prodromou
bf4c5cb41a Stream of notices linking to an URL 2010-12-28 11:58:55 -08:00
Brion Vibber
90c7ff1983 Merge branch 'master' into 0.9.x 2010-12-28 11:37:38 -08:00
Brion Vibber
d3d9797496 Prevent group creation by silenced users.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
2010-12-28 11:34:02 -08:00
Evan Prodromou
320e73a321 If notice has been deleted before, don't store URI again 2010-12-27 22:58:13 -08:00
Evan Prodromou
8814fb3822 Merge branch '0.9.x' into socialbookmark 2010-12-27 22:38:36 -08:00
Evan Prodromou
c458bafaa1 pass through $idField and $createdField in Notice queries 2010-12-27 22:35:57 -08:00
Evan Prodromou
763a5f182d Memcache_DataObject checks for PEAR::isError() on results 2010-12-26 21:08:20 -08:00
Evan Prodromou
402cac2f93 Merge branch '0.9.x' into socialbookmark
Conflicts:
	lib/activityobject.php
2010-12-22 12:09:42 -08:00
Evan Prodromou
9a6ceb3303 Merge branch 'righttoleave' into 0.9.x 2010-12-22 11:22:51 -08:00
Evan Prodromou
9480bf1d10 Notice_tag::url() gets the URL for a tag string 2010-12-19 10:15:56 -05:00
Brion Vibber
fb65d5901d Update sorting for conversation views: adds notice_conversation_created_id_idx index on notice, replacing more limited notice_conversation_idx 2010-12-17 16:08:37 -08:00
Brion Vibber
71151b3bc0 Update sorting for User::repeatedByMe() -- currently unused. Likely not ideally indexed yet. 2010-12-17 15:28:55 -08:00
Brion Vibber
b80151275a Update sorting on api/statuses/retweets_of_me; was and remains poorly indexed, but will use updated sorting method. 2010-12-17 15:25:19 -08:00
Brion Vibber
1b90ed564a Update sorting on api/statuses/retweets: adds notice_repeat_of_created_id_idx index to replace notice_repeatof_idx 2010-12-17 15:13:09 -08:00
Brion Vibber
04aa8bd70f work around borkage in statuses/repeats -- tries to check an offset var that's not there. use the limit var which is there instead 2010-12-17 15:05:45 -08:00
Brion Vibber
66474586af Update sorting for group inbox timelines; adds group_inbox_group_id_created_notice_id_idx index to group_inbox table 2010-12-17 14:51:37 -08:00
Brion Vibber
3ddfa4de93 Update sorting on reply/mentions timeline: added reply_profile_id_modified_notice_id_idx index to reply table 2010-12-17 14:43:45 -08:00
Brion Vibber
00a5a5342a Update sorting for tag-filtered public timeline: needs notice_tag_tag_created_notice_id_idx index added to notice_tag 2010-12-17 14:37:46 -08:00
Brion Vibber
33daace6cb add fixme for since_id/max_id on fave streaming (?) 2010-12-17 14:32:06 -08:00
Brion Vibber
4adf551f9f Update sorting for user tagged timelines (indexing was bad before and remains bad -- we need some DB changes to make this one nice) 2010-12-17 13:45:40 -08:00
Brion Vibber
4cd3a0756b Update notice sorting for profile streams; extract more common code to Notice::addSinceId() and Notice::addMaxId() 2010-12-17 13:20:38 -08:00
Brion Vibber
9e8bbff8ac Notice::whereSinceId() and Notice::whereMaxId() encapsulate logic for building where clauses for since_id/max_id parameters. Can override the field names from 'id' and 'created'. 2010-12-17 13:03:18 -08:00