All the permissions* (minus all the things I forgot/don't now about)

Controllers/api/v1/channel.php

@@ -88,8 +88,6 @@ class channel implements Interfaces\Api
  $block = Core\Security\ACL\Block::_();
  $response['channel']['blocked'] = $block->isBlocked($user);
  
- Core\Di\Di::_()->get('Permissions\Manager');
-
  //Calculate new permissions object with the entities
  if ($user && Di::_()->get('Features\Manager')->has('permissions')) {
  $permissionsManager = Core\Di\Di::_()->get('Permissions\Manager');

Controllers/api/v1/groups.php

@@ -77,6 +77,13 @@ class groups implements Interfaces\Api
 
  $response['groups'] = Factory::exportable($groups);
  $response['entities'] = Factory::exportable($groups);
+ 
+ if ($groups && Di::_()->get('Features\Manager')->has('permissions')) {
+ $permissionsManager = Core\Di\Di::_()->get('Permissions\Manager');
+ $permissions = $permissionsManager->getList(['user_guid' => Core\Session::getLoggedInUserGuid(),
+ 'entities' => $groups]);
+ $response['permissions'] = $permissions;
+ }
 
  if (!isset($response['load-next']) && $groups) {
  $response['load-next'] = (string) end($groups)->getGuid();

Controllers/api/v1/newsfeed.php

@@ -216,8 +216,6 @@ class newsfeed implements Interfaces\Api
  }
  }
 
- Core\Di\Di::_()->get('Permissions\Manager');
-
  //Calculate new permissions object with the entities
  if ($activity && Di::_()->get('Features\Manager')->has('permissions')) {
  $permissionsManager = Core\Di\Di::_()->get('Permissions\Manager');

Controllers/api/v1/newsfeed/single.php

@@ -48,8 +48,6 @@ class newsfeed implements Interfaces\Api
  'activtiy' => $activity->export()
  ];
 
- Core\Di\Di::_()->get('Permissions\Manager');
-
  //Calculate new permissions object with the entities
  if ($activity && Di::_()->get('Features\Manager')->has('permissions')) {
  $permissionsManager = Core\Di\Di::_()->get('Permissions\Manager');

Controllers/api/v2/boost/feed.php

@@ -147,8 +147,18 @@ class feed implements Interfaces\Api
  ]);
  }
 
+ $permissions = null;
+ //Calculate new permissions object with the entities
+ if ($boosts && Di::_()->get('Features\Manager')->has('permissions')) {
+ $permissionsManager = Core\Di\Di::_()->get('Permissions\Manager');
+ $permissions = $permissionsManager->getList(['user_guid' => Core\Session::getLoggedInUserGuid(),
+ 'entities' => $boosts]);
+ }
+
+
  return Factory::response([
  'entities' => Exportable::_($boosts),
+ 'permissions' => $permissions,
  'load-next' => $next ?: null,
  ]);
  }

Core/Feeds/FeedSyncEntity.php

@@ -23,6 +23,8 @@ use Minds\Traits\MagicAttributes;
  * @method FeedSyncEntity setUrn(string $urn)
  * @method int getAccessId()
  * @method FeedSyncEntity setAccessId(int $accessId)
+ * @method string getType()
+ * @method FeedSyncEntity setType(string $type)
  */
 class FeedSyncEntity
 {
@@ -46,6 +48,15 @@ class FeedSyncEntity
  /** @var Entity */
  protected $entity;
 
+ public function setEntity($entity)
+ {
+ $this->entity = $entity;
+ $this->accessId = $entity->getAccessId();
+ $this->type = $entity->getType();
+ }
+
+ /** @var type */
+ protected $type;
  /**
  * Export to public API
  * @return array
@@ -58,6 +69,7 @@ class FeedSyncEntity
  'access_id' => $this->accessId,
  'timestamp' => $this->timestamp,
  'urn' => $this->urn,
+ 'type' => $this->type,
  'entity' => $this->entity ? $this->entity->export() : null,
  ];
  }

Core/Feeds/Top/Manager.php

@@ -151,6 +151,7 @@ class Manager
  ->setGuid((string) $scoredGuid->getGuid())
  ->setOwnerGuid((string) $ownerGuid)
  ->setAccessId($scoredGuid->getAccessId())
+ ->setType($scoredGuid->getType())
  ->setUrn(new Urn($urn))
  ->setTimestamp($scoredGuid->getTimestamp());
 
@@ -182,6 +183,7 @@ class Manager
  ->setGuid($entity->getGuid())
  ->setOwnerGuid($entity->getOwnerGuid())
  ->setAccessId($entity->getAccessId())
+ ->setType($scoredGuid->getType())
  ->setUrn($entity->getUrn())
  ->setEntity($entity);
  }

Core/Permissions/Delegates/ChannelRoleCalculator.php

@@ -45,12 +45,12 @@ class ChannelRoleCalculator extends BaseRoleCalculator
  $role = $this->getChannelNonSubscriberRole($channel);
  } elseif ($entity->getOwnerGuid() === $this->user->getGuid()) {
  $role = $this->roles->getRole(Roles::ROLE_CHANNEL_OWNER);
- } elseif ($this->user->isSubscribed($entity->getOwnerGuid())) {
+ } elseif ($this->user->isSubscribed($channel->getGuid())) {
  $role = $this->getChannelSubscriberRole($channel);
  } else {
  $role = $this->getChannelNonSubscriberRole($channel);
  }
- $this->channels[$entity->getOwnerGuid()] = $role;
+ $this->channels[$channel->getGuid()] = $role;
 
  return $role;
  }
@@ -64,7 +64,9 @@ class ChannelRoleCalculator extends BaseRoleCalculator
  */
  protected function getChannelForEntity($entity) : User
  {
- if (method_exists($entity, 'getOwnerObj')) {
+ if ($entity->getType() === 'user') {
+ return $entity;
+ } elseif (method_exists($entity, 'getOwnerObj')) {
  return $this->entitiesBuilder->build($entity->getOwnerObj());
  } else {
  return $this->entitiesBuilder->single($entity->getOwnerGuid());

Core/Permissions/Delegates/GroupRoleCalculator.php

@@ -40,7 +40,12 @@ class GroupRoleCalculator extends BaseRoleCalculator
  if (isset($this->groups[$entity->getAccessId()])) {
  return $this->groups[$entity->getAccessId()];
  }
- $group = $this->entitiesBuilder->single($entity->getAccessId());
+ if ($entity->getType() === 'group') {
+ $group = $entity;
+ } else {
+ $group = $this->entitiesBuilder->single($entity->getAccessId());
+ }
+
  $role = null;
  if ($this->user === null) {
  $role = $this->getGroupNonSubscriberRole($group);
@@ -58,7 +63,7 @@ class GroupRoleCalculator extends BaseRoleCalculator
  $role = $this->getGroupNonSubscriberRole($group);
  }
  
- $this->groups[$entity->getAccessId()] = $role;
+ $this->groups[$group->getGuid()] = $role;
 
  return $role;
  }

Core/Permissions/Permissions.php

@@ -77,7 +77,9 @@ class Permissions implements \JsonSerializable
  public function calculate(array $entities = []): void
  {
  foreach ($entities as $entity) {
- $this->entities[$entity->getGuid()] = $this->getRoleForEntity($entity);
+ if ($entity) {
+ $this->entities[$entity->getGuid()] = $this->getRoleForEntity($entity);
+ }
  }
  }
 
@@ -85,19 +87,22 @@ class Permissions implements \JsonSerializable
  {
  $role = null;
 
- //Access id is the best way to determine what the parent entity is
- //Any of the access flags are a channel
- //Anything else is a group guid
+ //Permissions for specific channels and groups
+ if ($entity->getType() === 'user') {
+ return $this->channelRoleCalculator->calculate($entity);
+ } elseif ($entity->getType() === 'group') {
+ return $this->groupRoleCalculator->calculate($entity);
+ }
+
+ //Permissions for entities belonging to groups or channels
  switch ($entity->getAccessId()) {
  case Access::UNLISTED:
  case Access::LOGGED_IN:
  case Access::PUBLIC:
  case Access::UNKNOWN:
- error_log('Getting channel role');
  $role = $this->channelRoleCalculator->calculate($entity);
  break;
  default:
- error_log('Getting group role');
  $role = $this->groupRoleCalculator->calculate($entity);
  }
  //Apply global overrides
@@ -108,6 +113,22 @@ class Permissions implements \JsonSerializable
  $role = $this->roles->getRole(Roles::ROLE_BANNED);
  }
 
+ //Permissions for any entity a user owns
+ //Filtering out banned users and closed channels and groupos
+ if ($this->user && $entity->getOwnerGuid() === $this->user->getGuid()) {
+ switch ($role->getName()) {
+ //If a user has any of these roles, they can no longer interact with their own content
+ case Roles::ROLE_CLOSED_CHANNEL_NON_SUBSCRIBER:
+ case Roles::ROLE_CLOSED_GROUP_NON_SUBSCRIBER:
+ case Roles::ROLE_BANNED:
+ return $role;
+ default:
+ //Else they own the entity and can edit/delete, etc
+ return $this->roles->getRole(Roles::ROLE_ENTITY_OWNER);
+
+ }
+ }
+
  return $role;
  }
 

Core/Permissions/Roles/BannedRole.php

@@ -7,5 +7,6 @@ class BannedRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_BANNED);
+ //No permissions for banned users
  }
 }

Core/Permissions/Roles/ClosedGroupNonSubscriberRole.php

@@ -7,5 +7,6 @@ class ClosedGroupNonSubscriberRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_CLOSED_GROUP_NON_SUBSCRIBER);
+ //No permissions for closed group non subscribers
  }
 }

Core/Permissions/Roles/ClosedGroupSubscriberRole.php

@@ -7,5 +7,17 @@ class ClosedGroupSubscriberRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_CLOSED_GROUP_SUBSCRIBER);
+ $this->addPermission(Roles::FLAG_CREATE_POST);
+ $this->addPermission(Roles::FLAG_VIEW);
+ $this->addPermission(Roles::FLAG_VOTE);
+ $this->addPermission(Roles::FLAG_CREATE_COMMENT);
+ $this->addPermission(Roles::FLAG_REMIND);
+ $this->addPermission(Roles::FLAG_WIRE);
+ $this->addPermission(Roles::FLAG_MESSAGE);
+ $this->addPermission(Roles::FLAG_INVITE);
+ $this->addPermission(Roles::FLAG_SUBSCRIBE);
+ $this->addPermission(Roles::FLAG_CREATE_GROUP);
+ $this->addPermission(Roles::FLAG_JOIN);
+ $this->addPermission(Roles::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/EntityOwnerRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class EntityOwnerRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_ENTITY_OWNER);
+ $this->addPermission(Roles::FLAG_EDIT_POST);
+ $this->addPermission(Roles::FLAG_DELETE_POST);
+ $this->addPermission(Roles::FLAG_VIEW);
+ $this->addPermission(Roles::FLAG_CREATE_COMMENT);
+ $this->addPermission(Roles::FLAG_EDIT_COMMENT);
+ $this->addPermission(Roles::FLAG_DELETE_COMMENT);
+ $this->addPermission(Roles::FLAG_VOTE);
+ $this->addPermission(Roles::FLAG_REMIND);
+ $this->addPermission(Roles::FLAG_WIRE);
+ }
+}

Core/Permissions/Roles/GroupAdminRole.php

@@ -7,5 +7,25 @@ class GroupAdminRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_GROUP_ADMIN);
+ $this->addPermission(Roles::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Roles::FLAG_CREATE_POST);
+ $this->addPermission(Roles::FLAG_EDIT_POST);
+ $this->addPermission(Roles::FLAG_DELETE_POST);
+ $this->addPermission(Roles::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Roles::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Roles::FLAG_SUBSCRIBE);
+ $this->addPermission(Roles::FLAG_VIEW);
+ $this->addPermission(Roles::FLAG_VOTE);
+ $this->addPermission(Roles::FLAG_CREATE_COMMENT);
+ $this->addPermission(Roles::FLAG_EDIT_COMMENT);
+ $this->addPermission(Roles::FLAG_DELETE_COMMENT);
+ $this->addPermission(Roles::FLAG_REMIND);
+ $this->addPermission(Roles::FLAG_WIRE);
+ $this->addPermission(Roles::FLAG_MESSAGE);
+ $this->addPermission(Roles::FLAG_INVITE);
+ $this->addPermission(Roles::FLAG_CREATE_GROUP);
+ $this->addPermission(Roles::FLAG_EDIT_GROUP);
+ $this->addPermission(Roles::FLAG_JOIN);
+ $this->addPermission(Roles::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/GroupModeratorRole.php

@@ -7,5 +7,23 @@ class GroupModeratorRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_GROUP_MODERATOR);
+ $this->addPermission(Roles::FLAG_CREATE_POST);
+ $this->addPermission(Roles::FLAG_EDIT_POST);
+ $this->addPermission(Roles::FLAG_DELETE_POST);
+ $this->addPermission(Roles::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Roles::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Roles::FLAG_SUBSCRIBE);
+ $this->addPermission(Roles::FLAG_VIEW);
+ $this->addPermission(Roles::FLAG_VOTE);
+ $this->addPermission(Roles::FLAG_CREATE_COMMENT);
+ $this->addPermission(Roles::FLAG_EDIT_COMMENT);
+ $this->addPermission(Roles::FLAG_DELETE_COMMENT);
+ $this->addPermission(Roles::FLAG_REMIND);
+ $this->addPermission(Roles::FLAG_WIRE);
+ $this->addPermission(Roles::FLAG_MESSAGE);
+ $this->addPermission(Roles::FLAG_INVITE);
+ $this->addPermission(Roles::FLAG_CREATE_GROUP);
+ $this->addPermission(Roles::FLAG_JOIN);
+ $this->addPermission(Roles::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/GroupOwnerRole.php

@@ -7,9 +7,26 @@ class GroupOwnerRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_GROUP_OWNER);
- $this->addPermission(Roles::FLAG_CREATE_COMMENT);
+ $this->addPermission(Roles::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Roles::FLAG_CREATE_POST);
+ $this->addPermission(Roles::FLAG_EDIT_POST);
+ $this->addPermission(Roles::FLAG_DELETE_POST);
+ $this->addPermission(Roles::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Roles::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Roles::FLAG_SUBSCRIBE);
+ $this->addPermission(Roles::FLAG_VIEW);
+ $this->addPermission(Roles::FLAG_VOTE);
  $this->addPermission(Roles::FLAG_CREATE_COMMENT);
  $this->addPermission(Roles::FLAG_EDIT_COMMENT);
  $this->addPermission(Roles::FLAG_DELETE_COMMENT);
+ $this->addPermission(Roles::FLAG_REMIND);
+ $this->addPermission(Roles::FLAG_WIRE);
+ $this->addPermission(Roles::FLAG_MESSAGE);
+ $this->addPermission(Roles::FLAG_INVITE);
+ $this->addPermission(Roles::FLAG_CREATE_GROUP);
+ $this->addPermission(Roles::FLAG_EDIT_GROUP);
+ $this->addPermission(Roles::FLAG_DELETE_GROUP);
+ $this->addPermission(Roles::FLAG_JOIN);
+ $this->addPermission(Roles::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/OpenChannelNonSubscriberRole.php

@@ -11,8 +11,6 @@ class OpenChannelNonSubscriberRole extends BaseRole
  $this->addPermission(Roles::FLAG_VIEW);
  $this->addPermission(Roles::FLAG_VOTE);
  $this->addPermission(Roles::FLAG_CREATE_COMMENT);
- $this->addPermission(Roles::FLAG_EDIT_COMMENT);
- $this->addPermission(Roles::FLAG_DELETE_COMMENT);
  $this->addPermission(Roles::FLAG_REMIND);
  $this->addPermission(Roles::FLAG_WIRE);
  $this->addPermission(Roles::FLAG_MESSAGE);

Core/Permissions/Roles/OpenChannelSubscriberRole.php

@@ -12,8 +12,6 @@ class OpenChannelSubscriberRole extends BaseRole
  $this->addPermission(Roles::FLAG_VIEW);
  $this->addPermission(Roles::FLAG_VOTE);
  $this->addPermission(Roles::FLAG_CREATE_COMMENT);
- $this->addPermission(Roles::FLAG_EDIT_COMMENT);
- $this->addPermission(Roles::FLAG_DELETE_COMMENT);
  $this->addPermission(Roles::FLAG_REMIND);
  $this->addPermission(Roles::FLAG_WIRE);
  $this->addPermission(Roles::FLAG_MESSAGE);

Core/Permissions/Roles/OpenGroupNonSubscriberRole.php

@@ -7,5 +7,15 @@ class OpenGroupNonSubscriberRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_OPEN_GROUP_NON_SUBSCRIBER);
+ $this->addPermission(Roles::FLAG_SUBSCRIBE);
+ $this->addPermission(Roles::FLAG_VIEW);
+ $this->addPermission(Roles::FLAG_VOTE);
+ $this->addPermission(Roles::FLAG_CREATE_COMMENT);
+ $this->addPermission(Roles::FLAG_REMIND);
+ $this->addPermission(Roles::FLAG_WIRE);
+ $this->addPermission(Roles::FLAG_MESSAGE);
+ $this->addPermission(Roles::FLAG_INVITE);
+ $this->addPermission(Roles::FLAG_JOIN);
+ $this->addPermission(Roles::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/OpenGroupSubscriberRole.php

@@ -7,5 +7,17 @@ class OpenGroupSubscriberRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_OPEN_GROUP_SUBSCRIBER);
+ $this->addPermission(Roles::FLAG_CREATE_POST);
+ $this->addPermission(Roles::FLAG_VIEW);
+ $this->addPermission(Roles::FLAG_VOTE);
+ $this->addPermission(Roles::FLAG_CREATE_COMMENT);
+ $this->addPermission(Roles::FLAG_REMIND);
+ $this->addPermission(Roles::FLAG_WIRE);
+ $this->addPermission(Roles::FLAG_MESSAGE);
+ $this->addPermission(Roles::FLAG_INVITE);
+ $this->addPermission(Roles::FLAG_SUBSCRIBE);
+ $this->addPermission(Roles::FLAG_CREATE_GROUP);
+ $this->addPermission(Roles::FLAG_JOIN);
+ $this->addPermission(Roles::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/Roles.php

@@ -15,6 +15,7 @@ class Roles extends Rbac
  public const ROLE_CLOSED_CHANNEL_NON_SUBSCRIBER = 'closed_channel_nonsubscriber';
  public const ROLE_CLOSED_GROUP_SUBSCRIBER = 'closed_group_subscriber';
  public const ROLE_CLOSED_GROUP_NON_SUBSCRIBER = 'closed_group_nonsubscriber';
+ public const ROLE_ENTITY_OWNER = 'entity_owner';
  public const ROLE_GROUP_ADMIN = 'group_admin';
  public const ROLE_GROUP_MODERATOR = 'group_moderator';
  public const ROLE_GROUP_OWNER = 'group_owner';
@@ -64,6 +65,7 @@ class Roles extends Rbac
  $this->addRole(new ClosedChannelSubscriberRole());
  $this->addRole(new ClosedGroupNonSubscriberRole());
  $this->addRole(new ClosedGroupSubscriberRole());
+ $this->addRole(new EntityOwnerRole());
  $this->addRole(new GroupAdminRole());
  $this->addRole(new GroupModeratorRole());
  $this->addRole(new GroupOwnerRole());

Entities/User.php

@@ -8,7 +8,6 @@ use Minds\Common\ChannelMode;
 
 /**
  * User Entity.
- *
  * @todo Do not inherit from ElggUser
  */
 class User extends \ElggUser