Commit Graph

1487 Commits

Author SHA1 Message Date
Evan Prodromou
f743a233ab Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2011-02-21 16:36:12 -05:00
Evan Prodromou
1525acdca1 Extend authorization framework to cover login and API use
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.

I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.

I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
2011-02-21 10:20:42 -05:00
Zach Copley
29ce5dd19a Reinstate profile_info in author/actor 2011-02-17 19:02:57 -08:00
Brion Vibber
98b1fe07c6 Blow user:site_owner cache when granting/revoking 'owner' role 2011-02-17 16:46:08 -08:00
Evan Prodromou
ccdd47bdb4 use fallback URIs for groups when filling in attention in Notice::asActivity() 2011-02-17 10:51:00 -05:00
Zach Copley
764a29e2ff Remove debugging statements I accidentally left in 2011-02-16 16:21:31 -08:00
Zach Copley
a1b436a8c6 First cut at some JSON Activity Streams output 2011-02-15 20:25:39 -08:00
Brion Vibber
454a980bd4 Fix for failure/exception on subscription/subscriber lists when deleted profiles are stuck in cached list.
Workaround for deleted profiles still appearing in cached subscriptions/subscribers lists: if we couldn't fetch them, don't include them in the ArrayWrapper.
ArrayWrapper doesn't deal well with null entries, which aren't meant to happen in how it works. This code has recently changed from dying directly with a PHP fatal error in that case to throwing an exception, which allows tracking down the caller.

It looks like there might be some cases where profiles and their matching subscriptions get deleted, but the subscription entries don't get properly cleared from cache... that still bears further investigation. The regular code path looks ok; calls Subscription::cancel() from code called in Profile::delete(); but if they're batch-deleted instead of one row at a time, that could fail to trigger.
2011-02-11 13:21:53 -08:00
Zach Copley
df19e88323 Atom output - Reinstate activity:actor and activity:subject
w/deprecation warnings. Also add statusnet:profile_info back into
author/actor.
2011-02-09 23:18:14 -08:00
Brion Vibber
4883069177 Fix group regexes that got missed in Nickname::DISPLAY_FMT update: fixes bug where group linking happened, but not actual delivery, when using _underscores_ in the !group_name 2011-02-07 12:18:41 -08:00
Evan Prodromou
c37f0f8256 Merge branch 'testing' into privategroup 2011-02-07 12:27:09 -05:00
Evan Prodromou
5f365e75ca only blow public timeline cache if notice is in it 2011-02-03 13:58:56 -05:00
Evan Prodromou
99db745f9d Merge branch 'testing' into privategroup
Conflicts:
	lib/groupeditform.php
2011-02-03 12:56:55 -05:00
Brion Vibber
de7726dd00 Performance counters: records number of total and unique cache get/set/incr/deletes and queries, and logs to syslog.
$config['site']['logperf'] = true; // to record & dump total hits of each type and the runtime to syslog
$config['site']['logperf_detail'] = true; // very verbose -- dump the individual cache keys and queries as they get used (may contain private info in some queries)

Seeing 180 cache gets on a timeline page seems not unusual currently; since these run in serial, even relatively small roundtrip times can add up heavily.
We should consider ways to reduce the number of round trips, such as more frequently storing compound objects or the output of processing in memcached.
Doing parallel multi-key lookups could also help by collapsing round-trip times, but might not be easy to fit into SN's object model. (For things like streams this should actually work pretty well -- grab the list, then when it's returned go grab all the individual items in parallel and return the list)
2011-01-31 13:12:56 -08:00
Brion Vibber
b896a37da0 Use cachedQuery on File::getAttachments, plus other cleanups:
* dropped unnecessary join on notice table
* made the function actually static, since it makes no sense as an instance variable. The only caller (in AttachmentList) is updated.
2011-01-31 12:22:50 -08:00
Brion Vibber
2a29738dc1 Revert "Session GC fix: save session.modified field as UTC so our comparisons work." - no longer needed with ticket #3020 fix to time zone settings
This reverts commit a7abb2323e.
2011-01-31 11:50:24 -08:00
Brion Vibber
47f31bce47 Merge branch 'master' into testing
Conflicts:
	classes/Profile.php
2011-01-31 11:50:06 -08:00
Brion Vibber
54f7154db8 Fix for ticket #3020: set MySQL session time_zone variable to UTC ('+0:00') so TIMESTAMP column values are comparable against our other UTC timestamp values.
MySQL stores TIMESTAMP columns as UTC, but with a local time interface. (SRSLY?!) DATETIME columns are always bare and assumed to be local time, but we keep only UTC in them.
Forcing the session time_zone to UTC means we won't have to worry as much about what we're sending/receiving in there.

Also will let us remove the hack in master commit a7abb2323e for session tweaks
2011-01-31 11:45:19 -08:00
Siebrand Mazeland
7db24c32d6 * fix some i18n and L10n issues
* update/add translator documentation
* remove superfluous whitespace
2011-01-29 00:33:13 +01:00
Brion Vibber
a7abb2323e Session GC fix: save session.modified field as UTC so our comparisons work.
Had to tweak statusnet.ini to remove the DB_DATAOBJECT_MYSQLTIMESTAMP bitfield constant on session.modified; while it sounds like a useful and legit setting, it actually just means that DB_DataObject silently fails to pass through any attempts to explicitly set the value. As a result, MySQL does its default behavior which is to insert the current *LOCAL* time, which is useless.
This was leading to early GC west of GMT, or late GC east of it. Early GC could at worst destroy all live sessions (whoever's session *triggered* GC is fine, as the session then gets saved right back.)
2011-01-27 12:27:31 -08:00
Brion Vibber
433ec21119 Add $config['sessions']['gc_limit'] to limit how much work we do in each session GC; defaulting to killing 1000 sessions at a time. 2011-01-27 12:08:24 -08:00
Evan Prodromou
2682915b99 events for creating a group 2011-01-26 18:35:01 -07:00
Brion Vibber
e35d46b415 Fix for ticket #3010: blocks are now applied against the original poster of repeats.
Previously, if someone you subscribe to repeats a notice by someone you've blocked, you got the message and had to just roll your eyes.
Now blocks are checked against both the current notice's posting profile, and the poster of the original if it's a repeat.
2011-01-24 14:16:15 -08:00
Zach Copley
3a24b95edb Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-20 10:44:05 -08:00
Zach Copley
6dc94a5389 Move getConnectedApps() from Profile to User, where it belongs
Conflicts:

	classes/User.php
2011-01-20 10:43:27 -08:00
Zach Copley
6eca8188b6 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 15:52:18 -08:00
Evan Prodromou
f9b2feb7f5 Merge branch '0.9.x' into 1.0.x
Conflicts:
	README
2011-01-12 18:05:56 -05:00
Brion Vibber
281076d5f6 Fix for PHP notice spew in group creation via API: set default 'mainpage' in User_group::register() rather than forcing all callers to do it manually. 2011-01-06 13:22:44 -08:00
Brion Vibber
af1cbc6fe3 Fix ticket #2181: Can't save #000000 (black) in color fields on design page
It seems to have actually been saving correctly, but the update of the colors on the form success page wasn't working properly.
When a design object is pulled out of the database, the numeric fields are read in as strings, so black comes back as "0".
But, when we populate the new object and then stick it live, we've populated it with actual integers; with memcache on these might live for a while in the cache...

The fallback code in Design::toWebColor() did a check ($color == null) which would be false for the string "0", but counts as true for the *integer* 0.
Thus, the display code would initially interpret the correctly-saved black color as "use default".

Changing the check to === against null and "" empty string avoids the false positive on integers, and lets us see our nice black text immediately after save.
2011-01-04 13:09:44 -08:00
Evan Prodromou
32eb4c5e2d Merge remote branch 'gitorious/0.9.x' into 1.0.x
Conflicts:
	lib/common.php
2010-12-30 15:52:08 -08:00
Evan Prodromou
26afe79ed9 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-12-29 14:53:38 -08:00
Evan Prodromou
39cf2338c2 Bad method call in File_to_post 2010-12-29 13:28:32 -08:00
Evan Prodromou
d31397bd45 method to count notices linking to an URL 2010-12-28 13:44:49 -08:00
Evan Prodromou
6ab46c70f7 Delete file links when Notice is deleted 2010-12-28 13:44:18 -08:00
Evan Prodromou
a2000f889a Merge branch '0.9.x' into socialbookmark 2010-12-28 13:42:44 -08:00
Evan Prodromou
faf0081a8b Fixes from testing File::stream() 2010-12-28 12:57:31 -08:00
Evan Prodromou
bf4c5cb41a Stream of notices linking to an URL 2010-12-28 11:58:55 -08:00
Brion Vibber
e211e6228d Merge branch '0.9.x' into 1.0.x 2010-12-28 11:38:34 -08:00
Brion Vibber
90c7ff1983 Merge branch 'master' into 0.9.x 2010-12-28 11:37:38 -08:00
Brion Vibber
d3d9797496 Prevent group creation by silenced users.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
2010-12-28 11:34:02 -08:00
Evan Prodromou
320e73a321 If notice has been deleted before, don't store URI again 2010-12-27 22:58:13 -08:00
Evan Prodromou
8814fb3822 Merge branch '0.9.x' into socialbookmark 2010-12-27 22:38:36 -08:00
Evan Prodromou
c458bafaa1 pass through $idField and $createdField in Notice queries 2010-12-27 22:35:57 -08:00
Evan Prodromou
763a5f182d Memcache_DataObject checks for PEAR::isError() on results 2010-12-26 21:08:20 -08:00
Brion Vibber
26baad63f2 Merge branch '0.9.x' into 1.0.x 2010-12-22 15:25:38 -08:00
Evan Prodromou
402cac2f93 Merge branch '0.9.x' into socialbookmark
Conflicts:
	lib/activityobject.php
2010-12-22 12:09:42 -08:00
Evan Prodromou
9a6ceb3303 Merge branch 'righttoleave' into 0.9.x 2010-12-22 11:22:51 -08:00
Evan Prodromou
9480bf1d10 Notice_tag::url() gets the URL for a tag string 2010-12-19 10:15:56 -05:00
Brion Vibber
d8a3a88ec8 Merge branch '0.9.x' into 1.0.x
Conflicts:
	classes/Memcached_DataObject.php
2010-12-17 17:13:21 -08:00
Brion Vibber
fb65d5901d Update sorting for conversation views: adds notice_conversation_created_id_idx index on notice, replacing more limited notice_conversation_idx 2010-12-17 16:08:37 -08:00
Brion Vibber
71151b3bc0 Update sorting for User::repeatedByMe() -- currently unused. Likely not ideally indexed yet. 2010-12-17 15:28:55 -08:00
Brion Vibber
b80151275a Update sorting on api/statuses/retweets_of_me; was and remains poorly indexed, but will use updated sorting method. 2010-12-17 15:25:19 -08:00
Brion Vibber
1b90ed564a Update sorting on api/statuses/retweets: adds notice_repeat_of_created_id_idx index to replace notice_repeatof_idx 2010-12-17 15:13:09 -08:00
Brion Vibber
04aa8bd70f work around borkage in statuses/repeats -- tries to check an offset var that's not there. use the limit var which is there instead 2010-12-17 15:05:45 -08:00
Brion Vibber
66474586af Update sorting for group inbox timelines; adds group_inbox_group_id_created_notice_id_idx index to group_inbox table 2010-12-17 14:51:37 -08:00
Brion Vibber
3ddfa4de93 Update sorting on reply/mentions timeline: added reply_profile_id_modified_notice_id_idx index to reply table 2010-12-17 14:43:45 -08:00
Brion Vibber
00a5a5342a Update sorting for tag-filtered public timeline: needs notice_tag_tag_created_notice_id_idx index added to notice_tag 2010-12-17 14:37:46 -08:00
Brion Vibber
33daace6cb add fixme for since_id/max_id on fave streaming (?) 2010-12-17 14:32:06 -08:00
Brion Vibber
4adf551f9f Update sorting for user tagged timelines (indexing was bad before and remains bad -- we need some DB changes to make this one nice) 2010-12-17 13:45:40 -08:00
Brion Vibber
4cd3a0756b Update notice sorting for profile streams; extract more common code to Notice::addSinceId() and Notice::addMaxId() 2010-12-17 13:20:38 -08:00
Brion Vibber
9e8bbff8ac Notice::whereSinceId() and Notice::whereMaxId() encapsulate logic for building where clauses for since_id/max_id parameters. Can override the field names from 'id' and 'created'. 2010-12-17 13:03:18 -08:00
Brion Vibber
5de86f0ccc Initial switch of public timeline stream to use timestamps for internal sorting 2010-12-17 12:38:38 -08:00
Brion Vibber
7c84c35587 Notice::getAsTimestamp() static function to look up the timestamp for a given notice, even if it's been deleted. To be used for converting since_id/max_id processing to use timestamp sorting internally. 2010-12-17 12:09:02 -08:00
Brion Vibber
0535a3d15c Event hook for SQLProfile 2010-12-17 11:46:11 -08:00
Evan Prodromou
39804809dd distribute flag for Notice::saveNew() 2010-12-16 16:17:38 -05:00
Brion Vibber
bf20258f4b Merge branch '0.9.x' into 1.0.x 2010-12-15 11:59:31 -08:00
Evan Prodromou
75aaa98462 define rights for account maintenance and default rules 2010-12-13 16:28:32 -05:00
Evan Prodromou
027c73a4a1 Merge branch 'activityatompub' into 0.9.x 2010-12-13 14:35:42 -05:00
Evan Prodromou
a93f0fea61 membership stream method and return membership from join() in Group_member class 2010-12-13 13:50:39 -05:00
Evan Prodromou
5bbd77b761 group_member includes self link, edit link 2010-12-13 12:40:44 -05:00
Zach Copley
bb55784e90 Move getConnectedApps() from Profile to User, where it belongs 2010-12-12 17:37:42 -08:00
Evan Prodromou
7c37aa802b a stream function for Fave class 2010-12-12 12:22:04 -05:00
Evan Prodromou
8dea5144a9 Merge branch '0.9.x' into activityatompub 2010-12-11 11:03:02 -05:00
Evan Prodromou
af4ee1d490 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-12-11 11:01:05 -05:00
Evan Prodromou
d0ea138888 cache stream of subscriptions 2010-12-11 11:00:04 -05:00
Evan Prodromou
7285bbc93b Subscription stream functions
Made two new functions, Subscription::bySubscriber() and
Subscription::bySubscribed(), to get streams of Subscription objects.

Converted Profile::getSubscribers() and Profile::getSubscriptions() to
use these functions.
2010-12-11 10:24:46 -05:00
Evan Prodromou
37c447be46 Show a single favorite for AtomPub 2010-12-10 18:50:50 -05:00
Brion Vibber
3f9b8b293d Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
2010-12-10 14:12:02 -08:00
Brion Vibber
ab7a06542c Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
2010-12-10 22:08:36 +00:00
Evan Prodromou
11a0bde459 AtomPub for single subscription 2010-12-09 13:11:02 -05:00
Evan Prodromou
94ff04e190 Don't cache user-specific information for Notice atom entries 2010-12-08 13:59:12 -05:00
Evan Prodromou
b8b5b87c4c Don't cache user-specific information for Notice atom entries 2010-12-08 07:25:55 -05:00
Brion Vibber
9df856e667 Merge branch '0.9.x' into merge
Conflicts:
	README
	actions/hostmeta.php
	classes/File_redirection.php
	lib/common.php
	lib/designsettings.php
	lib/router.php
	lib/util.php
	lib/xmppmanager.php
	plugins/OStatus/OStatusPlugin.php
2010-12-07 10:50:05 -08:00
Evan Prodromou
1fb506c27d use codeKey() in activity caching 2010-12-06 17:28:22 -05:00
Evan Prodromou
8564fc51c5 cache generated activity info 2010-12-06 16:38:02 -05:00
Brion Vibber
2617c40e04 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	classes/User.php
2010-12-06 12:44:19 -08:00
Brion Vibber
76f3dc32e0 Added User::singleUserNickname() as (temporary?) fallback for single-user lookup as a workaround for site setup of 1user sites. We found that an external tool attempting to spin up StatusNet and then register the user would fail because StatusNet's router setup dies on being unable to find its single-user account, since the nickname is needed in setting up routing entries. This tweak will let it survive, using the configured setting as a fallback if it can't actually find the user account. 2010-12-06 12:39:09 -08:00
Evan Prodromou
b28266b3d6 Convert Notice::asAtomEntry() to use Notice::asActivity() and Activity::asString()
We had two ways to generate an activity entry from a notice; one through
Notice::asAtomEntry() and one through Notice::asActivity() and
Activity::asString(). The code paths had already diverged somewhat. I
took the conditions that were in Notice::asAtomEntry() and made sure
they were replicated in the other two functions. Then, I rewrote
Notice::asAtomEntry() to use the other two functions instead.

This change passes the ActivityGenerationTests unit tests, but there
may be some other stuff that's not getting covered.
2010-12-05 16:15:05 -05:00
Brion Vibber
043f0ad152 URL shortening fix for direct messages: if we're going to shorten the text, shorten the rendered text too. 2010-12-02 13:59:51 -08:00
Brion Vibber
aa96c3c1d9 Fix for tickets #2917, #2262: user URL shortening options not being applied in non-web channels
common_shorten_links() can only access the web session's logged-in user, so never properly took user options into effect for posting via XMPP, API, mail, etc.

Adds an optional $user parameter on common_shorten_links(), and a $user->shortenLinks() as a clearer interface for that.
Tweaked some lower-level functions so $user gets passed down -- making the $notice_id param previously there for saving URLs at notice save time generalized a little.

Note also ticket #2919: there's a lot of duplicate code calling the shortening, checking the length, and reporting near-identical error messages. These should be consolidated to aid in code and translation maintenance.
2010-12-02 13:41:56 -08:00
Brion Vibber
6e249b4ab5 doc comments on User::allowed_nickname 2010-11-29 11:57:27 -08:00
Brion Vibber
826a695077 Ticket #2797: replace addslashes() with explicit escape calls on the DB objects 2010-11-19 15:06:26 -08:00
Brion Vibber
407663fb40 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 12:44:43 -08:00
Brion Vibber
4b01dd8b2e Ticket #2441: fix deletion of avatars when a profile is deleted.
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19 12:40:18 -08:00
Brion Vibber
197b56778a Add $config['attachments']['process_links'] to allow disabling processing of mentioned URL links for attachment info (oEmbed lookups) and dereferencing of redirects that we didn't have shortened ourselves.
This option may be useful for intranet sites that don't have direct access to the internet, as they may be unable to successfully fetch those resources.
2010-11-17 13:03:59 -08:00
Brion Vibber
e4eb3b3dfd Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-15 17:36:48 -08:00
Brion Vibber
0d0e51292d some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em. 2010-11-15 15:32:57 -08:00
Brion Vibber
5c00848b74 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-15 12:38:53 -08:00
Brion Vibber
1c90d09ec8 Workaround for yfrog.com photo attachments: fudge File_redirection::lookupWhere()'s HTTP handling -- when we get a 204 on a HEAD, double-check it by re-running as a GET. yfrog.com returns a 204 incorrectly for this case. 2010-11-15 11:01:00 -08:00
Brion Vibber
e1ffbfed04 doc comments on File::processNew 2010-11-15 11:00:42 -08:00