[PHP]Events for f_brunoais_can_read_others_topics

Request hook events and what data needs to be sent for the new hook system.
Post Reply
User avatar
brunoais
Registered User
Posts: 958
Joined: Fri Dec 18, 2009 3:55 pm

[PHP]Events for f_brunoais_can_read_others_topics

Post by brunoais » Wed May 07, 2014 4:35 pm

Here I present location proposals for events that are meant to be used by an extension that implements [RFC] New Forum permission for viewing other users' topics.

Name: core.functions_display.display_user_activity.actives_after
File: includes/functions_display.php
Variables:
  • $userdata -> Just as part of the set if another extension wants to meddle with it
  • $active_t_row -> Based on its information and the user permission, I may need to empty it.
  • $active_f_row -> I need to know the forum_id in order to apply the permission.
[/b]
Before:

Code: Select all

	$userdata['active_t_row'] = $active_t_row;
	$userdata['active_f_row'] = $active_f_row;

Name: core.functions_posting.load_drafts_topic_data_query
file: includes/functions_posting.php
Variables:
  • ? -> I'm not sure here. Maybe the $sql
If the user does not have f_brunoais_can_read_others_topics on all rows, I need to include the SELECT of the topic_poster in the query.
Before:

Code: Select all

$result = $db->sql_query($sql);
(I'm not sure exactly where)

Name: core.functions_posting.load_drafts_draft_list_results
file: includes/functions_posting.php
Variables:
  • $draft -> I need topic_poster
  • $link_topic -> I only act if it is a link to a topic
  • $accept_row (new variable) -> I need to be able to reject a row because it failed to comply with the user's permissions
If the user does not have f_brunoais_can_read_others_topics on all rows, I need to include the SELECT of the topic_poster in the query.
Before:

Code: Select all

$template->assign_block_vars('draftrow', array(
(I'm not sure exactly where)
Note: If found appropriate, this event can also only live inside the "if" when $link_topic is set to true. I just decided to place there in order to make it more reusable


Name: core.mcp_mcp_front.mcp_front_view_queue_postid_list_after
file: includes/mcp/mcp_front.php
Variables:
  • $total -> I may need to change this number
  • $post_list -> I need the posts to get to the topics to get to the topic posters
  • $forum_list -> To calculate the diff with f_brunoais_can_read_others_topics list. If empty, then no action is done.
After:

Code: Select all

if (empty($post_list))
				{
					$total = 0;
				}
			}
Before:

Code: Select all

if ($total)
Name: core.mcp_mcp_front_reports_listing_query_before
file: includes/mcp/mcp_front.php
Variables:
  • $sql_ary -> In order to modify the query itself
  • $forum_list -> I need to analyze the forum_list to make sure if I need to inject anything extra or not.
After:

Code: Select all

					'WHERE'		=> 'r.post_id = p.post_id
						AND r.pm_id = 0
						AND r.report_closed = 0
						AND r.reason_id = rr.reason_id
						AND p.topic_id = t.topic_id
						AND r.user_id = u.user_id
						AND p.poster_id = u2.user_id
						AND ' . $db->sql_in_set('p.forum_id', $forum_list),

					'ORDER_BY'	=> 'p.post_time DESC',
				);
Before:

Code: Select all

$sql = $db->sql_build_query('SELECT', $sql_ary);

Name: core.mcp_queue_!is_topics_query_before
file: includes/mcp/mcp_queue.php
Variables:
  • $sql -> Maybe add something to WHERE
  • $forum_list -> Get which forums the user is looking at and I might need to analyze to make sure if I need to inject anything extra or not.
After:

Code: Select all

								OR t.topic_delete_user = 0)
							$limit_time_sql
						ORDER BY $sort_order_sql";
Before:

Code: Select all

$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
Name: core.mcp_queue_is_topics_query_before
file: includes/mcp/mcp_queue.php
Variables:
  • $sql -> Maybe add something to WHERE
  • $forum_list -> Get which forums the user is looking at and I might need to analyze to make sure if I need to inject anything extra or not.
After:

Code: Select all

								OR t.topic_delete_user = 0)
							$limit_time_sql
						ORDER BY $sort_order_sql";
Before:

Code: Select all

$result = $db->sql_query($sql);

Name: core.mcp_reports_gather_query_before
file: includes/mcp/mcp_reports.php
Variables:
  • $sql -> Maybe add something to WHERE
  • $forum_list -> Get which forums the user is looking at and I might need to analyze to make sure if I need to inject anything extra or not.
After:

Code: Select all

						AND t.topic_id = p.topic_id
						AND r.pm_id = 0
						$limit_time_sql
					ORDER BY $sort_order_sql";
Before:

Code: Select all

$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);

Name: core.ucp_pm_compose_compose_pm_basic_info_query_before
file: includes/ucp/ucp_pm_compose.php
Variables:
  • $sql -> Maybe column to SELECT
Before:

Code: Select all

	if ($sql)
	{
		$result = $db->sql_query($sql);
		$post = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);
Name: core.ucp_pm_compose_compose_pm_quotepost_query_after
file: includes/ucp/ucp_pm_compose.php
Variables:
  • $post -> Get the topic poster (the required forum_id is also inside)
After:

Code: Select all

			if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read')))
			{
				trigger_error('NOT_AUTHORISED');
			}
Before:

Code: Select all

			// Passworded forum?
			if ($post['forum_id'])
			{

Name: core.mcp_global_f_read_auth_after
file: mcp.php
Variables:
  • $topic_id -> Required to get the topic poster
  • $forum_id -> Required to compare towards f_brunoais_can_read_others_topics
After:

Code: Select all

if ($forum_id && !$auth->acl_get('f_read', $forum_id))
{
	trigger_error('NOT_AUTHORISED');
}
Before:

Code: Select all

if ($forum_id)
{
Name: core.mcp_mcp_sorting_unapproved_deleted_posts_query_before
file: mcp.php includes/functions_mcp.php
Variables:
  • $forum_id -> See if I can get away without injecting f_brunoais_can_read_others_topics
  • $topic_id -> Can be used to simplify the internal SQL query.
  • $where_sql -> Required to inject the check
After:

Code: Select all

$where_sql .= ($topic_id) ? ' p.topic_id = ' . $topic_id . ' AND' : '';
Before:

Code: Select all

$sql = 'SELECT COUNT(p.post_id) AS total
				FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . " t

Name: core.memberlist_viewprofile_email_query_before
file: memberlist.php
Variables:
  • $sql -> Add topic poster to the list

After:

Code: Select all

				FROM ' . TOPICS_TABLE . "
				WHERE topic_id = $topic_id";
Before:

Code: Select all

			$result = $db->sql_query($sql);
			$row = $db->sql_fetchrow($result);
core.memberlist_viewprofile_email_query_before does not make sense anymore (see below).

Name: core.memberlist_viewprofile_email_query_after
file: memberlist.php
Variables:
  • $row -> Gather the required info

After:

Code: Select all

			$row = $db->sql_fetchrow($result);
			$db->sql_freeresult($result);
Before:

Code: Select all

			if (!$row)
			{
				trigger_error('NO_TOPIC');
			}
core.memberlist_viewprofile_email_query_before does not make sense anymore.

Name: core.phpbb_content_visibility_get_forums_visibility_sql_before
file: phpbb/content_visibility.php
Variables:
  • $where_sql -> What I change with the result of the event
  • $mode -> To know if I should do something or not
  • $forum_ids -> Used to diff with f_brunoais_can_read_others_topics. If array(), nothing is done
  • $table_alias -> Used so that the right table alias is used in the injection.
After:

Code: Select all

	public function get_forums_visibility_sql($mode, $forum_ids = array(), $table_alias = '')
	{
		$where_sql = '(';
Before:

Code: Select all

$approve_forums = array_intersect($forum_ids, array_keys($this->auth->acl_getf('m_approve', true)));
Name: core.phpbb_content_visibility_get_global_visibility_sql_before
file: phpbb/content_visibility.php
Variables:
  • $where_sqls -> used to inject my extra check to the query
  • $mode -> To know if I should do something or not
  • $table_alias -> Used so that the right table alias is used in the injection.
After:

Code: Select all

	public function get_global_visibility_sql($mode, $exclude_forum_ids = array(), $table_alias = '')
	{
		$where_sqls = array();
Before:

Code: Select all

$approve_forums = array_diff(array_keys($this->auth->acl_getf('m_approve', true)), $exclude_forum_ids);

Name: core.phpbb_log_log_get_logs_after
file: phpbb/log/log.php
Variables:
  • $topic_id_list -> Probably can be used to speed up the process
  • $topic_auth -> used to inject my extra check to the query
  • $log -> To place $log[$key]['viewtopic'] to false, when applicable
After:

Code: Select all

				$log[$key]['reportee_username_full'] = get_username_string('full', $row['reportee_id'], $reportee_data_list[$row['reportee_id']]['username'], $reportee_data_list[$row['reportee_id']]['user_colour'], false, $profile_url);
			}
		}
Before:

Code: Select all

		return $log;
	}
NOTE: I'm not sure where to place this. It may be a better more a little above where f_read and m_ are being calculated.

Name: core.phpbb_log_log_get_topic_auth_sql_before
file: phpbb/log/log.php
Variables:
  • $sql -> ADD topic_poster to SELECT
After:

Code: Select all

		$sql = 'SELECT topic_id, forum_id
			FROM ' . TOPICS_TABLE . '
			WHERE ' . $this->db->sql_in_set('topic_id', array_map('intval', $topic_ids));
Before:

Code: Select all

		$result = $this->db->sql_query($sql);
NOTE: Depending on the one above, this one may be useless.

Name: core.phpbb_log_log_get_topic_auth_sql_after
file: phpbb/log/log.php
Variables:
  • $forum_auth-> Add these permissions
  • $row -> Where info is read from
After:

Code: Select all

if ($this->auth->acl_get('f_read', $row['forum_id']))
			{
				$forum_auth['f_read'][$row['topic_id']] = $row['forum_id'];
			}
Before:

Code: Select all

if ($this->auth->acl_gets('a_', 'm_', $row['forum_id']))
NOTE: Depending on the one above the one above, this one may be useless.


Name: core.phpbb_notification_type_approve_topic_find_users_for_notification_middle
file: phpbb/notification/type/approve_topic.php
Variables:
  • $post-> To read and, maybe, edit it
  • $auth_read -> used to diff with f_brunoais_can_read_others_topics
After:

Code: Select all

$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);
Before:

Code: Select all

if (empty($auth_read))
Name: core.phpbb_notification_type_approve_post_find_users_for_notification_middle
file: phpbb/notification/type/approve_post.php
Variables:
  • $post-> To read and, maybe, edit it
  • $auth_read -> used to diff with f_brunoais_can_read_others_topics
After:

Code: Select all

$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);
Before:

Code: Select all

if (empty($auth_read))
Name: core.phpbb_notification_type_bookmark_find_users_for_notification_middle
file: phpbb/notification/type/approve_topic.php
Variables:
  • $post-> To read and, maybe, edit it
  • $auth_read -> used to diff with f_brunoais_can_read_others_topics
After:

Code: Select all

$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);
Before:

Code: Select all

if (empty($auth_read))
Name: core.phpbb_notification_type_post_find_users_for_notification_middle
file: phpbb/notification/type/post.php
Variables:
  • $post-> To read and, maybe, edit it
  • $auth_read -> used to diff with f_brunoais_can_read_others_topics
After:

Code: Select all

$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);
Before:

Code: Select all

if (empty($auth_read))
Name: core.phpbb_notification_type_post_in_queue_find_users_for_notification_middle
file: phpbb/notification/type/post_in_queue.php
Variables:
  • $post-> To read and, maybe, edit it
  • $auth_read -> used to diff with f_brunoais_can_read_others_topics
After:

Code: Select all

$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);
Before:

Code: Select all

if (empty($auth_read))
Name: core.phpbb_notification_type_quote_find_users_for_notification_middle
file: phpbb/notification/type/quote.php
Variables:
  • $post -> To read and, maybe, edit it
  • $auth_read -> used to diff with f_brunoais_can_read_others_topics
After:

Code: Select all

$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);
Before:

Code: Select all

if (empty($auth_read))
Name: core.phpbb_notification_type_topic_find_users_for_notification_middle
file: phpbb/notification/type/topic.php
Variables:
  • $topic-> To read and, maybe, edit it
  • $auth_read -> used to diff with f_brunoais_can_read_others_topics
After:

Code: Select all

$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);
Before:

Code: Select all

if (empty($auth_read))

Name: core.posting_f_read_after
file: posting.php
Variables:
  • $topic_id -> Used to gather the topic poster
  • $forum_id -> Used to do the f_brunoais_can_read_others_topics check
Before:

Code: Select all

// Permission to do the action asked?
$is_authed = false;

Name: core.report_post_auth_middle
file: report.php
Variables:
  • $report_data-> Used to gather the topic poster
  • $forum_id -> Used to do the f_brunoais_can_read_others_topics check
Before:

Code: Select all

foreach ($acl_check_ary as $acl => $error);
Name: core.viewforum_shadow_topic_row
file: viewforum.php
Variables:
  • $row-> Used to gather the topic poster
  • $orig_topic_id -> Used to clear up the tracks
  • $rowset -> Used to clear up the tracks
  • $topic_list -> Used to clear up the tracks
  • $topics_count -> Used to clear up the tracks
Before:

Code: Select all

		// We want to retain some values
		$row = array_merge($row, array(

Name: core.viewtopic_f_read_after
file:viewtopic.php
Variables:
  • $topic_data -> Used to gather the topic poster
  • $forum_id -> Used to do the f_brunoais_can_read_others_topics check
Before:

Code: Select all

// Forum is passworded ... check whether access has been granted to this
// user this session, if not show login box
if ($topic_data['forum_password'])
Overloads:
'message.form.topic' method: check_allow().


You may see the actual places where I found the need for each event (including places where events exist and I'm just using) here: https://github.com/brunoais/phpbb3/comp ... p-can-view
Here's the main ticket for this:
https://tracker.phpbb.com/browse/PHPBB3-12799


EDIT: Changed the name from f_brunoais_read_other to f_brunoais_can_read_others_topics
Last edited by brunoais on Fri Dec 05, 2014 8:59 am, edited 1 time in total.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [PHP]Events for f_brunoais_read_other

Post by Pony99CA » Fri Dec 05, 2014 1:54 am

If I understand the topic, you're creating permissions to only allow people to see their own posts. I think that's backwards, though. The permission should be something like f_can_read_others_posts. This way, they need to have read permission to see any posts at all, then the f_can_read_others_posts permission to read (and see) any posts other than their own. (And, of course, the default should be that everybody has the new permission.)

Even if your permission has the same intent, the name is obviously horrible -- nobody will understand what "brunoais_read" is when reading code. ;)

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
brunoais
Registered User
Posts: 958
Joined: Fri Dec 18, 2009 3:55 pm

Re: [PHP]Events for f_brunoais_read_other

Post by brunoais » Fri Dec 05, 2014 8:56 am

THANK YOU! That's the kind of feedback I'm after.

BTW, in f_brunoais_read_other: "brunoais" is used here just as a namespacer to make sure it is unique only because this is an extension (otherwise, I don't need it, right?). By using my username, I can ensure that that permission name is unique. It is not part of its real name. It's real name is f_read_other.
At some point in the past, it had already had f_can_read_others_topics but it was rejected for being too long...
Well... Thinking a bit... Extensions don't need to follow those rules.... Yeah! I'll use that! Thanks for the heads up.

BTW, it is other's topics, not posts ;).

Post Reply