changelog_bot ([info]changelog_bot) wrote in [info]changelog,
@ 2008-05-07 14:15:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
[livejournal] r13850: LJSUP-2131
Committer: sup
LJSUP-2131
Remote user in calendar view will see the number of post accessible to him (security permissions are respected now)

U   trunk/cgi-bin/LJ/User.pm

Modified: trunk/cgi-bin/LJ/User.pm
===================================================================
--- trunk/cgi-bin/LJ/User.pm	2008-05-07 14:00:22 UTC (rev 13849)
+++ trunk/cgi-bin/LJ/User.pm	2008-05-07 14:15:39 UTC (rev 13850)
@@ -6141,8 +6141,29 @@
 
     my $uid = LJ::want_userid($u) or return undef;
 
+    my $memkind = 'p'; # public only, changed below
+    my $secwhere = "AND security='public'";
+    my $viewall = 0;
+    if ($remote) {
+        # do they have the viewall priv?
+        if (LJ::check_priv($remote, "canview", "suspended")) {
+            $viewall = LJ::check_priv($remote, 'canview', '*');
+        }
+
+        if ($remote->{'userid'} == $uid || $viewall) {
+            $secwhere = "";   # see everything
+            $memkind = 'a'; # all
+        } elsif ($remote->{'journaltype'} eq 'P') {
+            my $gmask = LJ::get_groupmask($u, $remote);
+            if ($gmask) {
+                $secwhere = "AND (security='public' OR (security='usemask' AND allowmask & $gmask))";
+                $memkind = 'g' . $gmask; # friends case: allowmask == gmask == 1
+            }
+        }
+    }
+
     my @days;
-    my $memkey = [$uid,"dayct:$uid"];
+    my $memkey = [$uid, "dayct:$uid:$memkind"];
     unless ($not_memcache) {
         my $list = LJ::MemCache::get($memkey);
         return $list if $list;
@@ -6150,14 +6171,14 @@
 
     my $dbcr = LJ::get_cluster_def_reader($u) or return undef;
     my $sth = $dbcr->prepare("SELECT year, month, day, COUNT(*) ".
-                             "FROM log2 WHERE journalid=? GROUP BY 1, 2, 3");
+                             "FROM log2 WHERE journalid=? $secwhere GROUP BY 1, 2, 3");
     $sth->execute($uid);
     while (my ($y, $m, $d, $c) = $sth->fetchrow_array) {
         # we force each number from string scalars (from DBI) to int scalars,
         # so they store smaller in memcache
         push @days, [ int($y), int($m), int($d), int($c) ];
     }
-    LJ::MemCache::add($memkey, \@days);
+    LJ::MemCache::add($memkey, \@days, 3600);
     return \@days;
 }

(Post a new comment)


[info]xb95
2008-05-07 09:34 pm UTC (link) 
+        # do they have the viewall priv?
+        if (LJ::check_priv($remote, "canview", "suspended")) {
+            $viewall = LJ::check_priv($remote, 'canview', '*');
+        }


Two points:

1) LJ traditionally requires you to specify "viewall=1" in the URL before showing administrators information that they shouldn't see. Additionally, usage of this functionality should be logged, to protect user privacy.

2) You require the admin to have canview:suspended AND canview:*? Why not just key on canview:*? Kinda odd.

(Reply to this) (Thread)

[info]marta
2008-05-08 07:59 pm UTC (link)
If I'm understanding this correctly (and you would know more than I would, so correct me if I'm wrong), on your point #1, this actually makes sense to me.

While viewall=1 is rightly a manual URL appendage and rightfully well-logged for privacy concerns, on the two rare occasions where I was dealing with a life-threatening emergency, I've gone to the calendar to see if there was an entry that pre-dated the date of journal creation, in case the user had participated in the informal emergency-contact post. In those situations, it saved a lot of time being able to see if that was present or not. That said, I suppose I wouldn't mind entering the viewall URL on the calendar view if needed as well.

(Reply to this) (Parent)(Thread)

[info]xb95
2008-05-08 08:05 pm UTC (link)
Yeah, I can certainly see the point about it being useful in that case. I also don't think people would be too concerned about privacy in this case because this information has been public for so long. It doesn't really expose anything.

But if you're going to make it protected information, then I do feel the right call is to make admins have to request it. That feels right to me. But I don't think you'd get much of an argument either way, really.

(And as a suggestion, the best thing to do if you're trying to Hurry the Fuck Up and Save Someone's Life is to just use impersonate on them. Then you don't have to dick with viewall everywhere and you can just start at one entry and start clicking Next, Next, Next, Next, etc.)

(Reply to this) (Parent)

Create an Account
Forgot your login or password?
Login w/ OpenID
English • Español • Deutsch • Русский…