Api/Exportable.php

@@ -8,6 +8,9 @@
 
 namespace Minds\Api;
 
+use Minds\Core\Di\Di;
+use Minds\Core\Session;
+
 class Exportable implements \JsonSerializable
 {
  /** @var array */
@@ -100,6 +103,13 @@ class Exportable implements \JsonSerializable
 
  $exported = $item->export(...$this->exportArgs);
 
+ if ($item && Di::_()->get('Features\Manager')->has('permissions')) {
+ $permissionsManager = Di::_()->get('Permissions\Manager');
+ $permissions = $permissionsManager->getList(['user_guid' => Session::getLoggedinUser(),
+ 'entities' => [$item]]);
+ $exported['permissions'] = $permissions->export();
+ }
+
  // Shims
  // TODO: Maybe allow customization via classes? i.e. JavascriptGuidShim, ExceptionShim, etc
 
@@ -126,8 +136,6 @@ class Exportable implements \JsonSerializable
  $exported[$exception] = $item->{$exception};
  }
 
- //
-
  $output[$key] = $exported;
  }
 

Api/Factory.php

@@ -211,15 +211,23 @@ class Factory
  */
  public static function exportable($entities, $exceptions = [], $exportContext = false)
  {
+ $permissionsManager = Di::_()->get('Permissions\Manager');
  if (!$entities) {
  return [];
  }
+ 
  foreach ($entities as $k => $entity) {
  if ($exportContext && method_exists($entity, 'setExportContext')) {
  $entity->setExportContext($exportContext);
  }
 
  $entities[$k] = $entity->export();
+ //Calculate new permissions object with the entities
+ if ($entity && Di::_()->get('Features\Manager')->has('permissions')) {
+ $permissions = $permissionsManager->getList(['user_guid' => Session::getLoggedinUser(),
+ 'entities' => [$entity]]);
+ $entities[$k]['permissions'] = $permissions->export();
+ }
  $entities[$k]['guid'] = (string) $entities[$k]['guid']; //javascript doesn't like long numbers..
  if (isset($entities[$k]['ownerObj']['guid'])) {
  $entities[$k]['ownerObj']['guid'] = (string) $entity->ownerObj['guid'];

Controllers/api/v2/permissions/comments.php

@@ -7,7 +7,6 @@ use Minds\Core\Di\Di;
 use Minds\Interfaces;
 use Minds\Core\Entities\Actions\Save;
 use Minds\Core\Session;
-use Minds\Core\Permissions\Permissions;
 use Minds\Core\Permissions\Entities\EntityPermissions;
 
 class comments implements Interfaces\Api

Controllers/api/v2/permissions/schema.php

+<?php
+
+namespace Minds\Controllers\api\v2\permissions;
+
+use Minds\Api\Factory;
+use Minds\Core\Di\Di;
+use Minds\Interfaces;
+use Minds\Core\Entities\Actions\Save;
+use Minds\Core\Session;
+use Minds\Core\Permissions\Roles\Roles;
+use Minds\Core\Permissions\Roles\Flags;
+
+class schema implements Interfaces\Api
+{
+ public function get($pages)
+ {
+ $response = [
+ 'roles' => Roles::toArray(),
+ 'flags' => Flags::toArray()
+ ];
+ return Factory::response($response);
+ }
+
+ public function post($pages)
+ {
+ // TODO: Implement put() method.
+ }
+
+ public function put($pages)
+ {
+ // TODO: Implement put() method.
+ }
+
+ public function delete($pages)
+ {
+ // TODO: Implement put() method.
+ }
+}

Core/Feeds/FeedSyncEntity.php

@@ -22,6 +22,10 @@ use Minds\Traits\MagicAttributes;
  * @method FeedSyncEntity setTimestamp(int $timestamp)
  * @method string getUrn()
  * @method FeedSyncEntity setUrn(string $urn)
+ * @method int getAccessId()
+ * @method FeedSyncEntity setAccessId(int $accessId)
+ * @method string getType()
+ * @method FeedSyncEntity setType(string $type)
  */
 class FeedSyncEntity implements JsonSerializable
 {
@@ -36,12 +40,26 @@ class FeedSyncEntity implements JsonSerializable
  /** @var int */
  protected $timestamp;
 
+ /** @var int */
+ protected $accessId;
+
  /** @var string */
  protected $urn;
 
  /** @var Entity */
  protected $entity;
 
+ public function setEntity($entity)
+ {
+ $this->entity = $entity;
+ $this->accessId = $entity->getAccessId();
+ $this->type = $entity->getType();
+ return $this;
+ }
+
+ /** @var type */
+ public $type;
+
  /**
  * Export to public API
  * @return array
@@ -51,8 +69,10 @@ class FeedSyncEntity implements JsonSerializable
  return [
  'guid' => (string) $this->guid,
  'owner_guid' => (string) $this->ownerGuid,
+ 'access_id' => $this->accessId,
  'timestamp' => $this->timestamp,
  'urn' => $this->urn,
+ 'type' => $this->type,
  'entity' => $this->entity ? $this->entity->export() : null,
  ];
  }

Core/Feeds/Top/Manager.php

@@ -150,6 +150,8 @@ class Manager
  $feedSyncEntities[] = (new FeedSyncEntity())
  ->setGuid((string) $scoredGuid->getGuid())
  ->setOwnerGuid((string) $ownerGuid)
+ ->setAccessId($scoredGuid->getAccessId())
+ ->setType($scoredGuid->getType())
  ->setUrn(new Urn($urn))
  ->setTimestamp($scoredGuid->getTimestamp());
 
@@ -180,6 +182,8 @@ class Manager
  $entities[] = (new FeedSyncEntity)
  ->setGuid($entity->getGuid())
  ->setOwnerGuid($entity->getOwnerGuid())
+ ->setAccessId($entity->getAccessId())
+ ->setType($scoredGuid->getType())
  ->setUrn($entity->getUrn())
  ->setEntity($entity);
  }

Core/Feeds/Top/Repository.php

@@ -408,6 +408,7 @@ class Repository
  ->setGuid($doc['_source'][$this->getSourceField($opts['type'])])
  ->setType($doc['_type'])
  ->setScore($algorithm->fetchScore($doc))
+ ->setAccessId($doc['_source']['access_id'])
  ->setOwnerGuid($doc['_source']['owner_guid'])
  ->setTimestamp($doc['_source']['@timestamp']);
  }

Core/Feeds/Top/ScoredGuid.php

@@ -21,6 +21,8 @@ use Minds\Traits\MagicAttributes;
  * @method ScoredGuid setTimestamp(int $timestamp)
  * @method string getType()
  * @method ScoredGuid setType(string $type)
+ * @method int getAccessId()
+ * @method ScoredGuid setAccessId(int $accessId)
  */
 class ScoredGuid
 {
@@ -41,6 +43,9 @@ class ScoredGuid
  /** @var int */
  protected $timestamp;
 
+ /** @var int */
+ protected $accessId;
+
  /**
  * @param $score
  * @return $this

Core/Permissions/Delegates/BaseRoleCalculator.php

@@ -12,7 +12,7 @@ abstract class BaseRoleCalculator
  /** @var User */
  protected $user;
 
- public function __construct(User $user, Roles $roles = null)
+ public function __construct(User $user = null, Roles $roles = null)
  {
  $this->roles = $roles ?: new Roles();
  $this->user = $user;

Core/Permissions/Delegates/ChannelRoleCalculator.php

@@ -5,12 +5,25 @@ namespace Minds\Core\Permissions\Delegates;
 use Minds\Traits\MagicAttributes;
 use Minds\Core\Permissions\Roles\Roles;
 use Minds\Core\Permissions\Roles\Role;
+use Minds\Entities\User;
+use Minds\Common\ChannelMode;
+use Minds\Core\Di\Di;
+use Minds\Core\EntitiesBuilder;
+use Minds\Entities\Factory as EntitiesFactory;
 
 class ChannelRoleCalculator extends BaseRoleCalculator
 {
  use MagicAttributes;
 
  private $channels = [];
+ /** @var EntitiesBuilder */
+ private $entitiesBuilder;
+
+ public function __construct(User $user = null, Roles $roles, EntitiesBuilder $entitiesBuilder = null)
+ {
+ parent::__construct($user, $roles);
+ $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder');
+ }
 
  /**
  * Retrieves permissions for an entity relative to the user's role in a channel
@@ -23,19 +36,84 @@ class ChannelRoleCalculator extends BaseRoleCalculator
  */
  public function calculate($entity): Role
  {
- if (isset($this->channels[$entity->getOwnerGUID()])) {
- return $this->channels[$entity->getOwnerGUID()];
+ if (isset($this->channels[$entity->getOwnerGuid()])) {
+ return $this->channels[$entity->getOwnerGuid()];
  }
  $role = null;
- if ($entity->getOwnerGUID() === $this->user->getGUID()) {
+ $channel = $this->getChannelForEntity($entity);
+ if ($this->user === null) {
+ $role = $this->getChannelNonSubscriberRole($channel);
+ } elseif ($entity->getOwnerGuid() === $this->user->getGuid()) {
  $role = $this->roles->getRole(Roles::ROLE_CHANNEL_OWNER);
- } elseif ($this->user->isSubscribed($entity->getOwnerGUID())) {
- $role = $this->roles->getRole(Roles::ROLE_CHANNEL_SUBSCRIBER);
+ } elseif ($this->user->isSubscribed($channel->getGuid())) {
+ $role = $this->getChannelSubscriberRole($channel);
  } else {
- $role = $this->roles->getRole(Roles::ROLE_CHANNEL_NON_SUBSCRIBER);
+ $role = $this->getChannelNonSubscriberRole($channel);
  }
- $this->channels[$entity->getOwnerGUID()] = $role;
+ $this->channels[$channel->getGuid()] = $role;
 
  return $role;
  }
+
+ /**
+ * Gets the channel user object for a given entity
+ * Return the denormalized version
+ * Or look it up in cassandra / entities cache
+ * @param entity
+ * @return user
+ */
+ protected function getChannelForEntity($entity) : User
+ {
+ if ($entity->getType() === 'user') {
+ return $entity;
+ } elseif (method_exists($entity, 'getOwnerObj')) {
+ return $this->entitiesBuilder->build($entity->getOwnerObj());
+ } else {
+ return $this->entitiesBuilder->single($entity->getOwnerGuid());
+ }
+ }
+
+
+ /**
+ * Gets a subscriber's role based on channel mode
+ * @param User
+ * @return Role
+ */
+ protected function getChannelSubscriberRole(User $channel) : Role
+ {
+ switch ($channel->getMode()) {
+ case ChannelMode::CLOSED:
+ return $this->roles->getRole(Roles::ROLE_CLOSED_CHANNEL_SUBSCRIBER);
+ case ChannelMode::MODERATED:
+ return $this->roles->getRole(Roles::ROLE_MODERATED_CHANNEL_SUBSCRIBER);
+ case ChannelMode::OPEN:
+ return $this->roles->getRole(Roles::ROLE_OPEN_CHANNEL_SUBSCRIBER);
+ }
+ }
+
+ /**
+ * Gets a non-subscriber's role based on channel mode
+ * @param User
+ * @return Role
+ */
+ protected function getChannelNonSubscriberRole(User $channel) : Role
+ {
+ switch ($channel->getMode()) {
+ case ChannelMode::CLOSED:
+ if ($this->user === null) {
+ return $this->roles->getRole(Roles::ROLE_LOGGED_OUT_CLOSED);
+ }
+ return $this->roles->getRole(Roles::ROLE_CLOSED_CHANNEL_NON_SUBSCRIBER);
+ case ChannelMode::MODERATED:
+ if ($this->user === null) {
+ return $this->roles->getRole(Roles::ROLE_LOGGED_OUT);
+ }
+ return $this->roles->getRole(Roles::ROLE_MODERATED_CHANNEL_NON_SUBSCRIBER);
+ case ChannelMode::OPEN:
+ if ($this->user === null) {
+ return $this->roles->getRole(Roles::ROLE_LOGGED_OUT);
+ }
+ return $this->roles->getRole(Roles::ROLE_OPEN_CHANNEL_NON_SUBSCRIBER);
+ }
+ }
 }

Core/Permissions/Delegates/GroupRoleCalculator.php

@@ -8,6 +8,7 @@ use Minds\Core\Permissions\Roles\Role;
 use Minds\Core\EntitiesBuilder;
 use Minds\Entities\User;
 use Minds\Core\Permissions\Roles\Roles;
+use Minds\Entities\Group;
 
 class GroupRoleCalculator extends BaseRoleCalculator
 {
@@ -18,7 +19,8 @@ class GroupRoleCalculator extends BaseRoleCalculator
  /** @var array */
  private $groups = [];
 
- public function __construct(User $user, Roles $roles, EntitiesBuilder $entitiesBuilder = null)
+
+ public function __construct(User $user = null, Roles $roles, EntitiesBuilder $entitiesBuilder = null)
  {
  parent::__construct($user, $roles);
  $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder');
@@ -38,9 +40,16 @@ class GroupRoleCalculator extends BaseRoleCalculator
  if (isset($this->groups[$entity->getAccessId()])) {
  return $this->groups[$entity->getAccessId()];
  }
- $group = $this->entitiesBuilder->single($entity->getAccessId());
+ if ($entity->getType() === 'group') {
+ $group = $entity;
+ } else {
+ $group = $this->entitiesBuilder->single($entity->getAccessId());
+ }
+
  $role = null;
- if ($group->isCreator($this->user)) {
+ if ($this->user === null) {
+ $role = $this->getGroupNonSubscriberRole($group);
+ } elseif ($group->isCreator($this->user)) {
  $role = $this->roles->getRole(Roles::ROLE_GROUP_OWNER);
  } elseif ($group->isOwner($this->user)) {
  $role = $this->roles->getRole(Roles::ROLE_GROUP_ADMIN);
@@ -49,12 +58,48 @@ class GroupRoleCalculator extends BaseRoleCalculator
  } elseif ($group->isModerator($this->user)) {
  $role = $this->roles->getRole(Roles::ROLE_GROUP_MODERATOR);
  } elseif ($group->isMember($this->user)) {
- $role = $this->roles->getRole(Roles::ROLE_GROUP_SUBSCRIBER);
+ $role = $this->getGroupSubscriberRole($group);
  } else {
- $role = $this->roles->getRole(Roles::ROLE_GROUP_NON_SUBSCRIBER);
+ $role = $this->getGroupNonSubscriberRole($group);
  }
- $this->groups[$entity->getAccessId()] = $role;
+ 
+ $this->groups[$group->getGuid()] = $role;
 
  return $role;
  }
+
+
+ /**
+ * Gets a subscriber's role based on group mode
+ * @param Group
+ * @return Role
+ */
+ protected function getGroupSubscriberRole(Group $group) : Role
+ {
+ if ($group->isPublic()) {
+ return $this->roles->getRole(Roles::ROLE_OPEN_GROUP_SUBSCRIBER);
+ } else {
+ return $this->roles->getRole(Roles::ROLE_CLOSED_GROUP_SUBSCRIBER);
+ }
+ }
+
+ /**
+ * Gets a non-subscriber's role based on channel mode
+ * @param Group
+ * @return Role
+ */
+ protected function getGroupNonSubscriberRole(Group $group) : Role
+ {
+ if ($group->isPublic()) {
+ if ($this->user === null) {
+ $this->roles->getRole(Roles::ROLE_LOGGED_OUT);
+ }
+ return $this->roles->getRole(Roles::ROLE_OPEN_GROUP_NON_SUBSCRIBER);
+ } else {
+ if ($this->user === null) {
+ $this->roles->getRole(Roles::ROLE_LOGGED_OUT_CLOSED);
+ }
+ return $this->roles->getRole(Roles::ROLE_CLOSED_GROUP_NON_SUBSCRIBER);
+ }
+ }
 }

Core/Permissions/Entities/Manager.php

@@ -6,6 +6,7 @@ use Minds\Core\Di\Di;
 use Minds\Core\EntitiesBuilder;
 use Minds\Core\Data\Call;
 use Minds\Core\Entities\Actions\Save;
+use Minds\Core\Permissions\Entities\EntityPermissions;
 
 /*
 * Manager for managing entity specific permissions

Core/Permissions/Manager.php

@@ -3,16 +3,20 @@
 namespace Minds\Core\Permissions;
 
 use Minds\Core\Di\Di;
+use Minds\Core\Permissions\Permissions;
+use Minds\Core\EntitiesBuilder;
+use Minds\Core\Permissions\Roles\Roles;
 
 /*
 * Manager for managing role based permissions
 */
+
 class Manager
 {
- /** @var EntityBuilder */
- private $entityBuilder;
+ /** @var EntitiesBuilder */
+ private $entitiesBuilder;
 
- public function __construct($entityBuilder = null)
+ public function __construct($entitiesBuilder = null)
  {
  $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder');
  }
@@ -33,23 +37,34 @@ class Manager
  $opts = array_merge([
  'user_guid' => null,
  'guids' => [],
+ 'entities' => [],
  ], $opts);
 
  if ($opts['user_guid'] === null) {
  throw new \InvalidArgumentException('user_guid is required');
  }
 
+ $guids = $opts['guids'] ?: array_map(function ($item) {
+ return $item['guid'];
+ }, $opts['entities']);
+
  $user = $this->entitiesBuilder->single($opts['user_guid']);
- $entities = $this->entitiesBuilder->get($opts);
+ $entities = $this->entitiesBuilder->get(['guids' => $guids]);
 
- if ($user->getType() !== 'user') {
+ if (!$user) {
+ throw new \InvalidArgumentException('User does not exist');
+ }
+
+ if ($user && $user->getType() !== 'user') {
  throw new \InvalidArgumentException('Entity is not a user');
  }
 
+ $entities = array_merge($entities, $opts['entities']);
+
  $roles = new Roles();
 
  /** @var Permissions */
- $permissions = new Permissions($user, null, $entitiesBuilder);
+ $permissions = new Permissions($user, $roles, $this->entitiesBuilder);
  if (is_array($entities)) {
  $permissions->calculate($entities);
  }

Core/Permissions/Permissions.php

@@ -34,22 +34,27 @@ class Permissions implements \JsonSerializable
  /** @var EntitiesBuilder */
  private $entitiesBuilder;
 
- public function __construct(User $user, Roles $roles = null, EntitiesBuilder $entitiesBuilder = null)
+ public function __construct(User $user = null, Roles $roles = null, EntitiesBuilder $entitiesBuilder = null)
  {
  $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder');
  $this->roles = $roles ?: new Roles();
  $this->user = $user;
- $this->isAdmin = $user->isAdmin();
- $this->isBanned = $user->isBanned();
  $this->groups = [];
  $this->channels = [];
  $this->entities = [];
+ $this->roles = $roles ?: new Roles();
+ $this->user = $user;
+ if ($this->user) {
+ $this->isAdmin = $user->isAdmin();
+ $this->isBanned = $user->isBanned();
+ $this->channels[$user->getGuid()] = $user;
+ }
  $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder');
- $this->channels[$user->getGUID()] = $user;
- $this->channelRoleCalculator = new ChannelRoleCalculator($this->user, $this->roles);
+ $this->channelRoleCalculator = new ChannelRoleCalculator($this->user, $this->roles, $entitiesBuilder);
  $this->groupRoleCalculator = new GroupRoleCalculator($this->user, $this->roles, $entitiesBuilder);
  }
 
+
  /**
  * Permissions are user aware. This bomb function is to keep the user from being changed after instantiation.
  *
@@ -72,16 +77,24 @@ class Permissions implements \JsonSerializable
  public function calculate(array $entities = []): void
  {
  foreach ($entities as $entity) {
- $this->entities[$entity->getGUID()] = $this->getRoleForEntity($entity);
+ if ($entity) {
+ $this->entities[$entity->getGuid()] = $this->getRoleForEntity($entity);
+ }
  }
  }
 
  private function getRoleForEntity($entity): Role
  {
  $role = null;
- //Access id is the best way to determine what the parent entity is
- //Any of the access flags are a channel
- //Anything else is a group guid
+
+ //Permissions for specific channels and groups
+ if ($entity->getType() === 'user') {
+ return $this->channelRoleCalculator->calculate($entity);
+ } elseif ($entity->getType() === 'group') {
+ return $this->groupRoleCalculator->calculate($entity);
+ }
+
+ //Permissions for entities belonging to groups or channels
  switch ($entity->getAccessId()) {
  case Access::UNLISTED:
  case Access::LOGGED_IN:
@@ -100,6 +113,22 @@ class Permissions implements \JsonSerializable
  $role = $this->roles->getRole(Roles::ROLE_BANNED);
  }
 
+ //Permissions for any entity a user owns
+ //Filtering out banned users and closed channels and groupos
+ if ($this->user && $entity->getOwnerGuid() === $this->user->getGuid()) {
+ switch ($role->getName()) {
+ //If a user has any of these roles, they can no longer interact with their own content
+ case Roles::ROLE_CLOSED_CHANNEL_NON_SUBSCRIBER:
+ case Roles::ROLE_CLOSED_GROUP_NON_SUBSCRIBER:
+ case Roles::ROLE_BANNED:
+ return $role;
+ default:
+ //Else they own the entity and can edit/delete, etc
+ return $this->roles->getRole(Roles::ROLE_ENTITY_OWNER);
+
+ }
+ }
+
  return $role;
  }
 
@@ -111,7 +140,9 @@ class Permissions implements \JsonSerializable
  public function export(): array
  {
  $export = [];
- $export['user'] = $this->user->export();
+ if ($this->user) {
+ $export['user'] = $this->user->export();
+ }
  $export['channels'] = $this->getChannels();
  $export['groups'] = $this->getGroups();
  $export['entities'] = $this->entities;

Core/Permissions/Roles/AdminRole.php

@@ -7,6 +7,28 @@ class AdminRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_ADMIN);
- $this->addPermission(Roles::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Flags::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_EDIT_CHANNEL);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_CHANNEL);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Flags::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ $this->addPermission(Flags::FLAG_CREATE_GROUP);
+ $this->addPermission(Flags::FLAG_EDIT_GROUP);
+ $this->addPermission(Flags::FLAG_DELETE_GROUP);
+ $this->addPermission(Flags::FLAG_JOIN);
+ $this->addPermission(Flags::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/BannedRole.php

@@ -7,5 +7,6 @@ class BannedRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_BANNED);
+ //No permissions for banned users
  }
 }

Core/Permissions/Roles/ChannelAdminRole.php

@@ -7,5 +7,22 @@ class ChannelAdminRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_CHANNEL_ADMIN);
+ $this->addPermission(Flags::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_EDIT_CHANNEL);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Flags::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
  }
 }

Core/Permissions/Roles/ChannelModeratorRole.php

@@ -7,5 +7,21 @@ class ChannelModeratorRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_CHANNEL_MODERATOR);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_EDIT_CHANNEL);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Flags::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
  }
 }

Core/Permissions/Roles/ChannelOwnerRole.php

@@ -7,5 +7,24 @@ class ChannelOwnerRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_CHANNEL_OWNER);
+ $this->addPermission(Flags::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_EDIT_CHANNEL);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_CHANNEL);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Flags::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_TAG);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
  }
 }

Core/Permissions/Roles/GroupSubscriberRole.php → Core/Permissions/Roles/ClosedChannelNonSubscriberRole.php

@@ -2,10 +2,11 @@
 
 namespace Minds\Core\Permissions\Roles;
 
-class GroupSubscriberRole extends BaseRole
+class ClosedChannelNonSubscriberRole extends BaseRole
 {
  public function __construct()
  {
- parent::__construct(Roles::ROLE_GROUP_SUBSCRIBER);
+ parent::__construct(Roles::ROLE_CLOSED_CHANNEL_NON_SUBSCRIBER);
+ //No permissions for closed channel non subscribers
  }
 }

Core/Permissions/Roles/ClosedChannelSubscriberRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class ClosedChannelSubscriberRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_CLOSED_CHANNEL_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ }
+}

Core/Permissions/Roles/ChannelSubscriberRole.php → Core/Permissions/Roles/ClosedGroupNonSubscriberRole.php

@@ -2,10 +2,11 @@
 
 namespace Minds\Core\Permissions\Roles;
 
-class ChannelSubscriberRole extends BaseRole
+class ClosedGroupNonSubscriberRole extends BaseRole
 {
  public function __construct()
  {
- parent::__construct(Roles::ROLE_CHANNEL_SUBSCRIBER);
+ parent::__construct(Roles::ROLE_CLOSED_GROUP_NON_SUBSCRIBER);
+ //No permissions for closed group non subscribers
  }
 }

Core/Permissions/Roles/ClosedGroupSubscriberRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class ClosedGroupSubscriberRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_CLOSED_GROUP_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_CREATE_GROUP);
+ $this->addPermission(Flags::FLAG_JOIN);
+ $this->addPermission(Flags::FLAG_JOIN_GATHERING);
+ }
+}

Core/Permissions/Roles/EntityOwnerRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class EntityOwnerRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_ENTITY_OWNER);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ }
+}

Core/Permissions/Roles/Flags.php

+<?php
+namespace Minds\Core\Permissions\Roles;
+
+use ReflectionClass;
+
+class Flags
+{
+ public const FLAG_APPOINT_ADMIN = 'appoint_admin';
+ public const FLAG_APPOINT_MODERATOR = 'appoint_moderator';
+ public const FLAG_APPROVE_SUBSCRIBER = 'approve_subscriber';
+ public const FLAG_CREATE_CHANNEL = 'create_channel';
+ public const FLAG_CREATE_COMMENT = 'create_comment';
+ public const FLAG_CREATE_GROUP = 'create_group';
+ public const FLAG_CREATE_POST = 'create_post';
+ public const FLAG_DELETE_CHANNEL = 'delete_channel';
+ public const FLAG_DELETE_COMMENT = 'delete_comment';
+ public const FLAG_DELETE_GROUP = 'delete_group';
+ public const FLAG_DELETE_POST = 'delete_post';
+ public const FLAG_EDIT_CHANNEL = 'edit_channel';
+ public const FLAG_EDIT_COMMENT = 'edit_comment';
+ public const FLAG_EDIT_GROUP = 'edit_group';
+ public const FLAG_EDIT_POST = 'edit_post';
+ public const FLAG_INVITE = 'invite';
+ public const FLAG_JOIN = 'join';
+ public const FLAG_JOIN_GATHERING = 'gathering';
+ public const FLAG_MESSAGE = 'message';
+ public const FLAG_SUBSCRIBE = 'subscribe';
+ public const FLAG_TAG = 'tag';
+ public const FLAG_REMIND = 'remind';
+ public const FLAG_WIRE = 'wire';
+ public const FLAG_VIEW = 'view';
+ public const FLAG_VOTE = 'vote';
+
+ final public static function toArray() : array
+ {
+ return (new ReflectionClass(static::class))->getConstants();
+ }
+}

Core/Permissions/Roles/GroupAdminRole.php

@@ -7,5 +7,25 @@ class GroupAdminRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_GROUP_ADMIN);
+ $this->addPermission(Flags::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Flags::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ $this->addPermission(Flags::FLAG_CREATE_GROUP);
+ $this->addPermission(Flags::FLAG_EDIT_GROUP);
+ $this->addPermission(Flags::FLAG_JOIN);
+ $this->addPermission(Flags::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/GroupModeratorRole.php

@@ -7,5 +7,23 @@ class GroupModeratorRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_GROUP_MODERATOR);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Flags::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ $this->addPermission(Flags::FLAG_CREATE_GROUP);
+ $this->addPermission(Flags::FLAG_JOIN);
+ $this->addPermission(Flags::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/GroupOwnerRole.php

@@ -7,5 +7,26 @@ class GroupOwnerRole extends BaseRole
  public function __construct()
  {
  parent::__construct(Roles::ROLE_GROUP_OWNER);
+ $this->addPermission(Flags::FLAG_APPOINT_ADMIN);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_EDIT_POST);
+ $this->addPermission(Flags::FLAG_DELETE_POST);
+ $this->addPermission(Flags::FLAG_APPOINT_MODERATOR);
+ $this->addPermission(Flags::FLAG_APPROVE_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_EDIT_COMMENT);
+ $this->addPermission(Flags::FLAG_DELETE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ $this->addPermission(Flags::FLAG_CREATE_GROUP);
+ $this->addPermission(Flags::FLAG_EDIT_GROUP);
+ $this->addPermission(Flags::FLAG_DELETE_GROUP);
+ $this->addPermission(Flags::FLAG_JOIN);
+ $this->addPermission(Flags::FLAG_JOIN_GATHERING);
  }
 }

Core/Permissions/Roles/ChannelNonSubscriberRole.php → Core/Permissions/Roles/LoggedOutClosedRole.php

@@ -2,10 +2,11 @@
 
 namespace Minds\Core\Permissions\Roles;
 
-class ChannelNonSubscriberRole extends BaseRole
+class LoggedOutClosedRole extends BaseRole
 {
  public function __construct()
  {
- parent::__construct(Roles::ROLE_CHANNEL_NON_SUBSCRIBER);
+ parent::__construct(Roles::ROLE_LOGGED_OUT_CLOSED);
+ //No permissions for closed channels or groups
  }
 }

Core/Permissions/Roles/LoggedOutRole.php

@@ -2,12 +2,11 @@
 
 namespace Minds\Core\Permissions\Roles;
 
-use Zend\Permissions\Rbac;
-
-class LoggedOutRole extends Rbac\Role
+class LoggedOutRole extends BaseRole
 {
  public function __construct()
  {
  parent::__construct(Roles::ROLE_LOGGED_OUT);
+ $this->addPermission(Flags::FLAG_VIEW);
  }
 }

Core/Permissions/Roles/GroupNonSubscriberRole.php → Core/Permissions/Roles/ModeratedChannelNonSubscriberRole.php

@@ -2,10 +2,11 @@
 
 namespace Minds\Core\Permissions\Roles;
 
-class GroupNonSubscriberRole extends BaseRole
+class ModeratedChannelNonSubscriberRole extends BaseRole
 {
  public function __construct()
  {
- parent::__construct(Roles::ROLE_GROUP_NON_SUBSCRIBER);
+ parent::__construct(Roles::ROLE_MODERATED_CHANNEL_NON_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_VIEW);
  }
 }

Core/Permissions/Roles/ModeratedChannelSubscriberRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class ModeratedChannelSubscriberRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_MODERATED_CHANNEL_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ }
+}

Core/Permissions/Roles/OpenChannelNonSubscriberRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class OpenChannelNonSubscriberRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_OPEN_CHANNEL_NON_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ }
+}

Core/Permissions/Roles/OpenChannelSubscriberRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class OpenChannelSubscriberRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_OPEN_CHANNEL_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ }
+}

Core/Permissions/Roles/OpenGroupNonSubscriberRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class OpenGroupNonSubscriberRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_OPEN_GROUP_NON_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ $this->addPermission(Flags::FLAG_JOIN);
+ $this->addPermission(Flags::FLAG_JOIN_GATHERING);
+ }
+}

Core/Permissions/Roles/OpenGroupSubscriberRole.php

+<?php
+
+namespace Minds\Core\Permissions\Roles;
+
+class OpenGroupSubscriberRole extends BaseRole
+{
+ public function __construct()
+ {
+ parent::__construct(Roles::ROLE_OPEN_GROUP_SUBSCRIBER);
+ $this->addPermission(Flags::FLAG_CREATE_POST);
+ $this->addPermission(Flags::FLAG_VIEW);
+ $this->addPermission(Flags::FLAG_VOTE);
+ $this->addPermission(Flags::FLAG_CREATE_COMMENT);
+ $this->addPermission(Flags::FLAG_REMIND);
+ $this->addPermission(Flags::FLAG_WIRE);
+ $this->addPermission(Flags::FLAG_MESSAGE);
+ $this->addPermission(Flags::FLAG_INVITE);
+ $this->addPermission(Flags::FLAG_SUBSCRIBE);
+ $this->addPermission(Flags::FLAG_CREATE_GROUP);
+ $this->addPermission(Flags::FLAG_JOIN);
+ $this->addPermission(Flags::FLAG_JOIN_GATHERING);
+ }
+}

Core/Permissions/Roles/Roles.php

@@ -3,48 +3,31 @@
 namespace Minds\Core\Permissions\Roles;
 
 use Zend\Permissions\Rbac\Rbac;
+use ReflectionClass;
 
 class Roles extends Rbac
 {
- public const ROLE_LOGGED_OUT = 'logged_out';
- public const ROLE_BANNED = 'banned';
  public const ROLE_ADMIN = 'admin';
+ public const ROLE_BANNED = 'banned';
  public const ROLE_CHANNEL_ADMIN = 'channel_admin';
  public const ROLE_CHANNEL_MODERATOR = 'channel_moderator';
  public const ROLE_CHANNEL_OWNER = 'channel_owner';
- public const ROLE_CHANNEL_SUBSCRIBER = 'channel_subscriber';
- public const ROLE_CHANNEL_NON_SUBSCRIBER = 'channel_nonsubscriber';
+ public const ROLE_CLOSED_CHANNEL_SUBSCRIBER = 'closed_channel_subscriber';
+ public const ROLE_CLOSED_CHANNEL_NON_SUBSCRIBER = 'closed_channel_nonsubscriber';
+ public const ROLE_CLOSED_GROUP_SUBSCRIBER = 'closed_group_subscriber';
+ public const ROLE_CLOSED_GROUP_NON_SUBSCRIBER = 'closed_group_nonsubscriber';
+ public const ROLE_ENTITY_OWNER = 'entity_owner';
  public const ROLE_GROUP_ADMIN = 'group_admin';
  public const ROLE_GROUP_MODERATOR = 'group_moderator';
  public const ROLE_GROUP_OWNER = 'group_owner';
- public const ROLE_GROUP_SUBSCRIBER = 'group_subscriber';
- public const ROLE_GROUP_NON_SUBSCRIBER = 'group_nonsubscriber';
-
- public const FLAG_APPOINT_ADMIN = 'appoint_admin';
- public const FLAG_APPOINT_MODERATOR = 'appoint_moderator';
- public const FLAG_APPROVE_SUBSCRIBER = 'approve_subscriber';
- public const FLAG_CREATE_CHANNEL = 'create_channel';
- public const FLAG_CREATE_COMMENT = 'create_comment';
- public const FLAG_CREATE_GROUP = 'create_group';
- public const FLAG_CREATE_POST = 'create_post';
- public const FLAG_DELETE_CHANNEL = 'delete_channel';
- public const FLAG_DELETE_COMMENT = 'delete_comment';
- public const FLAG_DELETE_GROUP = 'delete_group';
- public const FLAG_DELETE_POST = 'delete_post';
- public const FLAG_EDIT_CHANNEL = 'edit_channel';
- public const FLAG_EDIT_COMMENT = 'edit_comment';
- public const FLAG_EDIT_GROUP = 'edit_group';
- public const FLAG_EDIT_POST = 'edit_post';
- public const FLAG_INVITE = 'invite';
- public const FLAG_JOIN = 'join';
- public const FLAG_JOIN_GATHERING = 'gathering';
- public const FLAG_MESSAGE = 'message';
- public const FLAG_SUBSCRIBE = 'subscribe';
- public const FLAG_TAG = 'tag';
- public const FLAG_REMIND = 'remind';
- public const FLAG_WIRE = 'wire';
- public const FLAG_VIEW = 'view';
- public const FLAG_VOTE = 'vote';
+ public const ROLE_LOGGED_OUT = 'logged_out';
+ public const ROLE_LOGGED_OUT_CLOSED = 'logged_out_closed';
+ public const ROLE_MODERATED_CHANNEL_SUBSCRIBER = 'moderated_channel_subscriber';
+ public const ROLE_MODERATED_CHANNEL_NON_SUBSCRIBER = 'moderated_channel_nonsubscriber';
+ public const ROLE_OPEN_CHANNEL_SUBSCRIBER = 'open_channel_subscriber';
+ public const ROLE_OPEN_CHANNEL_NON_SUBSCRIBER = 'open_channel_nonsubscriber';
+ public const ROLE_OPEN_GROUP_SUBSCRIBER = 'open_group_subscriber';
+ public const ROLE_OPEN_GROUP_NON_SUBSCRIBER = 'open_group_nonsubscriber';
 
  public function __construct()
  {
@@ -52,13 +35,27 @@ class Roles extends Rbac
  $this->addRole(new BannedRole());
  $this->addRole(new ChannelAdminRole());
  $this->addRole(new ChannelModeratorRole());
- $this->addRole(new ChannelNonSubscriberRole());
  $this->addRole(new ChannelOwnerRole());
- $this->addRole(new ChannelSubscriberRole());
+ $this->addRole(new ClosedChannelNonSubscriberRole());
+ $this->addRole(new ClosedChannelSubscriberRole());
+ $this->addRole(new ClosedGroupNonSubscriberRole());
+ $this->addRole(new ClosedGroupSubscriberRole());
+ $this->addRole(new EntityOwnerRole());
  $this->addRole(new GroupAdminRole());
  $this->addRole(new GroupModeratorRole());
- $this->addRole(new GroupNonSubscriberRole());
  $this->addRole(new GroupOwnerRole());
- $this->addRole(new GroupSubscriberRole());
+ $this->addRole(new LoggedOutRole());
+ $this->addRole(new LoggedOutClosedRole());
+ $this->addRole(new ModeratedChannelNonSubscriberRole());
+ $this->addRole(new ModeratedChannelSubscriberRole());
+ $this->addRole(new OpenChannelNonSubscriberRole());
+ $this->addRole(new OpenChannelSubscriberRole());
+ $this->addRole(new OpenGroupNonSubscriberRole());
+ $this->addRole(new OpenGroupSubscriberRole());
+ }
+
+ final public static function toArray() : array
+ {
+ return (new ReflectionClass('Minds\Core\Permissions\Roles\Roles'))->getConstants();
  }
 }

Core/Security/RateLimits/Manager.php

@@ -101,9 +101,10 @@ class Manager
  * Impose the rate limit
  * @return void
  */
- public function impose()
+ public function impose($time = null)
  {
- $this->user->set($this->key, time() + $this->limitLength);
+ $time = $time ?: time();
+ $this->user->set($this->key, $time + $this->limitLength);
  $this->user->save(); //TODO: update to new repo system soon
 
  //Send a notification

Entities/User.php

@@ -8,7 +8,6 @@ use Minds\Common\ChannelMode;
 
 /**
  * User Entity.
- *
  * @todo Do not inherit from ElggUser
  */
 class User extends \ElggUser

Spec/Core/Feeds/Top/ManagerSpec.php

@@ -12,6 +12,7 @@ use Minds\Entities\Entity;
 use PhpSpec\Exception\Example\FailureException;
 use PhpSpec\ObjectBehavior;
 use Prophecy\Argument;
+use Minds\Common\Access;
 
 class ManagerSpec extends ObjectBehavior
 {
@@ -50,6 +51,10 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5000);
 
+ $scoredGuid1->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
  $scoredGuid1->getScore()
  ->shouldBeCalled()
  ->willReturn(500);
@@ -70,6 +75,14 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5000);
 
+ $entity1->getType()
+ ->shouldBeCalled()
+ ->willReturn('object:image');
+
+ $entity1->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
  $entity1->getOwnerGUID()
  ->shouldBeCalled()
  ->willReturn(1000);
@@ -82,6 +95,10 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5001);
 
+ $scoredGuid2->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
  $scoredGuid2->getScore()
  ->shouldBeCalled()
  ->willReturn(800);
@@ -102,6 +119,14 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5001);
 
+ $entity2->getType()
+ ->shouldBeCalled()
+ ->willReturn('activity');
+
+ $entity2->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
  $entity2->getOwnerGUID()
  ->shouldBeCalled()
  ->willReturn(1001);
@@ -138,6 +163,10 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5000);
 
+ $scoredGuid1->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
  $scoredGuid1->getScore()
  ->shouldBeCalled()
  ->willReturn(500);
@@ -158,6 +187,14 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5000);
 
+ $entity1->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
+ $entity1->getType()
+ ->shouldBeCalled()
+ ->willReturn('activity');
+
  $entity1->getOwnerGUID()
  ->shouldBeCalled()
  ->willReturn(1000);
@@ -170,6 +207,11 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5001);
 
+ 
+ $scoredGuid2->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
  $scoredGuid2->getScore()
  ->shouldBeCalled()
  ->willReturn(800);
@@ -190,6 +232,14 @@ class ManagerSpec extends ObjectBehavior
  ->shouldBeCalled()
  ->willReturn(5001);
 
+ $entity2->getType()
+ ->shouldBeCalled()
+ ->willReturn('activity');
+ 
+ $entity2->getAccessId()
+ ->shouldBeCalled()
+ ->willReturn(Access::PUBLIC);
+
  $entity2->getOwnerGUID()
  ->shouldBeCalled()
  ->willReturn(1001);

Spec/Core/Feeds/Top/RepositorySpec.php

@@ -9,6 +9,7 @@ use Minds\Core\Feeds\Top\MetricsSync;
 use Minds\Core\Feeds\Top\Repository;
 use PhpSpec\ObjectBehavior;
 use Prophecy\Argument;
+use Minds\Common\Access;
 
 class RepositorySpec extends ObjectBehavior
 {
@@ -52,6 +53,7 @@ class RepositorySpec extends ObjectBehavior
  [
  '_source' => [
  'guid' => '1',
+ 'access_id' => Access::PUBLIC,
  'owner_guid' => '1000',
  'time_created' => 1,
  '@timestamp' => 1000,
@@ -62,6 +64,7 @@ class RepositorySpec extends ObjectBehavior
  [
  '_source' => [
  'guid' => '2',
+ 'access_id' => Access::PUBLIC,
  'owner_guid' => '1000',
  'time_created' => 1,
  '@timestamp' => 1000,
@@ -102,6 +105,7 @@ class RepositorySpec extends ObjectBehavior
  [
  '_source' => [
  'guid' => '1',
+ 'access_id' => Access::PUBLIC,
  'owner_guid' => '1',
  'time_created' => 1,
  '@timestamp' => 1000,
@@ -112,6 +116,7 @@ class RepositorySpec extends ObjectBehavior
  [
  '_source' => [
  'guid' => '2',
+ 'access_id' => Access::PUBLIC,
  'owner_guid' => '2',
  'time_created' => 2,
  '@timestamp' => 2000,
@@ -152,6 +157,7 @@ class RepositorySpec extends ObjectBehavior
  [
  '_source' => [
  'guid' => '1',
+ 'access_id' => Access::PUBLIC,
  'owner_guid' => '1000',
  'time_created' => 1,
  '@timestamp' => 1000,
@@ -163,6 +169,7 @@ class RepositorySpec extends ObjectBehavior
  [
  '_source' => [
  'guid' => '2',
+ 'access_id' => Access::PUBLIC,
  'owner_guid' => '1001',
  'time_created' => 2,
  '@timestamp' => 2000,

Spec/Core/Permissions/ManagerSpec.php

+<?php
+
+namespace Spec\Minds\Core\Permissions;
+
+use Minds\Core\Permissions\Manager;
+use Minds\Entities\User;
+use Minds\Entities\Activity;
+use Minds\Entities\Group;
+use Minds\Core\EntitiesBuilder;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Prophet;
+use Prophecy\Argument;
+use Minds\Common\ChannelMode;
+use Minds\Common\Access;
+
+class ManagerSpec extends ObjectBehavior
+{
+ /** @var User */
+ private $user;
+ /** @var User */
+ private $subscribedChannel;
+ /** @var User */
+ private $unsubscribedChannel;
+ /** @var Group */
+ private $group;
+ /** @var EntitiesBuilder */
+ private $entitiesBuilder;
+
+ public function let(
+ User $user,
+ User $subscribedChannel,
+ User $unsubscribedChannel,
+ Group $group,
+ EntitiesBuilder $entitiesBuilder
+ ) {
+ $this->user = $user;
+ $this->group = $group;
+ $this->subscribedChannel = $subscribedChannel;
+ $this->unsubscribedChannel = $unsubscribedChannel;
+ $this->entitiesBuilder = $entitiesBuilder;
+ $this->user->getType()->willReturn('user');
+ $this->user->isAdmin()->willReturn(false);
+ $this->user->isBanned()->willReturn(false);
+ $this->user->getGuid()->willReturn(1);
+ $this->user->getGUID()->willReturn(1);
+ $this->user->getMode()->willReturn(ChannelMode::OPEN);
+ $this->user->isSubscribed(1)->willReturn(false);
+ $this->user->isSubscribed(2)->willReturn(true);
+ $this->user->isSubscribed(3)->willReturn(false);
+ $this->subscribedChannel->getGuid()->willReturn(2);
+ $this->subscribedChannel->getGUID()->willReturn(2);
+ $this->subscribedChannel->getMode()->willReturn(ChannelMode::MODERATED);
+ $this->unsubscribedChannel->getGuid()->willReturn(3);
+ $this->unsubscribedChannel->getGUID()->willReturn(3);
+ $this->unsubscribedChannel->getMode()->willReturn(ChannelMode::CLOSED);
+ $this->group->getGuid()->willReturn(100);
+ $this->group->isCreator($this->user)->willReturn(true);
+ $this->group->isPublic()->willReturn(true);
+ $this->entitiesBuilder->single(100)->willReturn($this->group);
+ $this->entitiesBuilder->single(1)->willReturn($this->user);
+ $this->entitiesBuilder->single(2)->willReturn($this->subscribedChannel);
+ $this->entitiesBuilder->single(3)->willReturn($this->unsubscribedChannel);
+ $this->entitiesBuilder->build($this->user)->willReturn($this->user);
+ $this->entitiesBuilder->build($this->subscribedChannel)->willReturn($this->subscribedChannel);
+ $this->entitiesBuilder->build($this->unsubscribedChannel)->willReturn($this->unsubscribedChannel);
+ $this->entitiesBuilder->get([
+ "user_guid" => 1,
+ "guids" => [10, 11, 12, 13],
+ "entities" => [],
+ ])->willReturn($this->mockEntities());
+ $this->entitiesBuilder->get([
+ "guids" => [10, 11, 12, 13]
+ ])->willReturn($this->mockEntities());
+ $this->beConstructedWith($this->entitiesBuilder);
+ }
+
+ public function it_is_initializable()
+ {
+ $this->shouldHaveType(Manager::class);
+ }
+
+ public function it_should_get_permissions()
+ {
+ $permissions = $this->getList([
+ 'user_guid' => 1,
+ 'guids'=> [10, 11, 12, 13],
+ 'entities' => []
+ ]);
+ $entities = $permissions->getEntities();
+ $entities->shouldHaveKey(10);
+ $entities->shouldHaveKey(11);
+ $entities->shouldHaveKey(12);
+ $entities->shouldHaveKey(13);
+ }
+
+ private function mockEntities()
+ {
+ $prophet = new Prophet();
+ $entities = [];
+ //Mock user's own activity
+ $activity = $prophet->prophesize(Activity::class);
+ $activity->getGUID()->willReturn(10);
+ $activity->getType()->willReturn('activity');
+ $activity->getOwnerGUID()->willReturn(1);
+ $activity->getOwnerObj()->willReturn($this->user->getWrappedObject());
+ $activity->getAccessId()->willReturn(Access::PUBLIC);
+ $entities[] = $activity;
+
+ //Mock subscriber channel activity
+ $activity = $prophet->prophesize(Activity::class);
+ $activity->getGUID()->willReturn(11);
+ $activity->getType()->willReturn('activity');
+ $activity->getOwnerGUID()->willReturn(2);
+ $activity->getOwnerObj()->willReturn($this->subscribedChannel->getWrappedObject());
+ $activity->getAccessId()->willReturn(Access::PUBLIC);
+ $entities[] = $activity;
+
+ //Mock non-subscriber channel activity
+ $activity = $prophet->prophesize(Activity::class);
+ $activity->getGUID()->willReturn(12);
+ $activity->getType()->willReturn('activity');
+ $activity->getOwnerGUID()->willReturn(3);
+ $activity->getOwnerObj()->willReturn($this->unsubscribedChannel->getWrappedObject());
+ $activity->getAccessId()->willReturn(Access::PUBLIC);
+ $entities[] = $activity;
+
+ //Mock group activity
+ $activity = $prophet->prophesize(Activity::class);
+ $activity->getGUID()->willReturn(13);
+ $activity->getType()->willReturn('activity');
+ $activity->getOwnerGUID()->willReturn(1);
+ $activity->getAccessId()->willReturn(100);
+ $entities[] = $activity;
+
+ return $entities;
+ }
+}

Spec/Core/Security/RateLimits/ManagerSpec.php

@@ -53,7 +53,8 @@ class ManagerSpec extends ObjectBehavior
 
  public function it_should_impose_a_rate_limit_with_a_custom_limit_period(User $user)
  {
- $user->set('ratelimited_interaction:subscribe', time() + 600)
+ $time = time();
+ $user->set('ratelimited_interaction:subscribe', $time + 600)
  ->shouldBeCalled();
 
  $user->save()
@@ -68,7 +69,7 @@ class ManagerSpec extends ObjectBehavior
  $this->setUser($user)
  ->setInteraction('subscribe')
  ->setLimitLength(600)//10 minutes
- ->impose();
+ ->impose($time);
  }
 
  public function it_should_return_false_if_no_rate_limit(User $user)