Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2025-05-12 12:06:38 +03:00
Code Issues Projects Releases Packages Wiki Activity

apis

Browse source
This commit is contained in:
lalka2016 2023-08-31 15:45:55 +03:00
parent 08b30b445d
commit a91a79dc6f
15 changed files with 192 additions and 62 deletions

3
ServiceAPI/Notes.php
View file

@ -25,6 +25,9 @@ class Notes implements Handler
assert($noteOwner instanceof User);
if(!$noteOwner->getPrivacyPermission("notes.read", $this->user))
$reject(160, "You don't have permission to access this note");
if(!$note->canBeViewedBy($this->user))
$reject(15, "Happy new year");
$resolve([
"title" => $note->getName(),

2
ServiceAPI/Search.php
View file

@ -46,7 +46,7 @@ class Search implements Handler
break;
}
$res = $repo->find($query, ["doNotSearchMe" => $this->user->getId()], $sort);
$res = $repo->find($query, ["doNotSearchMe" => $this->user->getId(), "doNotSearchPrivate" => true,], $sort);
$results = array_slice(iterator_to_array($res), 0, 5);

3
ServiceAPI/Wall.php
View file

@ -23,6 +23,9 @@ class Wall implements Handler
if(!$post || $post->isDeleted())
$reject("No post with id=$id");
if(!$post->canBeViewedBy($this->user))
$reject(12, "Aces denid,");
$res = (object) [];
$res->id = $post->getId();
$res->wall = $post->getTargetWall();

11
VKAPI/Handlers/Friends.php
View file

@ -13,6 +13,17 @@ final class Friends extends VKAPIRequestHandler
$users = new UsersRepo;
$this->requireUser();
$user = $users->get($user_id);
if(!$user || $user->isDeleted())
$this->fail(100, "Invalid user");
if(!$user->getPrivacyPermission("friends.read", $this->getUser()))
$this->fail(15, "Access denied: this user chose to hide his friends.");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
foreach($users->get($user_id)->getFriends($offset, $count) as $friend) {
$friends[$i] = $friend->getId();

14
VKAPI/Handlers/Gifts.php
View file

@ -19,6 +19,17 @@ final class Gifts extends VKAPIRequestHandler
if(!$user || $user->isDeleted())
$this->fail(177, "Invalid user");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
/*
if(!$user->getPrivacyPermission('gifts.read', $this->getUser()))
$this->fail(15, "Access denied: this user chose to hide his gifts");*/
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$gift_item = [];
$userGifts = array_slice(iterator_to_array($user->getGifts(1, $count, false)), $offset);
@ -62,6 +73,9 @@ final class Gifts extends VKAPIRequestHandler
if(!$user || $user->isDeleted())
$this->fail(177, "Invalid user");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$gift = (new GiftsRepo)->get($gift_id);
if(!$gift)

8
VKAPI/Handlers/Groups.php
View file

@ -18,9 +18,15 @@ final class Groups extends VKAPIRequestHandler
$users = new UsersRepo;
$user = $users->get($user_id);
if(is_null($user))
if(is_null($user) || $user->isDeleted())
$this->fail(15, "Access denied");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
if(!$user->getPrivacyPermission('groups.read', $this->getUser()))
$this->fail(15, "Access denied: this user chose to hide his groups.");
foreach($user->getClubs($offset, false, $count, true) as $club)
$clbs[] = $club;

9
VKAPI/Handlers/Likes.php
View file

@ -16,6 +16,9 @@ final class Likes extends VKAPIRequestHandler
if(is_null($post))
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
if(!$post->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$post->setLike(true, $this->getUser());
return (object) [
@ -37,6 +40,9 @@ final class Likes extends VKAPIRequestHandler
if (is_null($post))
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
if(!$post->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$post->setLike(false, $this->getUser());
return (object) [
"likes" => $post->getLikesCount()
@ -60,6 +66,9 @@ final class Likes extends VKAPIRequestHandler
if (is_null($post))
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
if(!$post->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
return (object) [
"liked" => (int) $post->hasLikeFrom($user),
"copied" => 0 # TODO: handle this

3
VKAPI/Handlers/Newsfeed.php
View file

@ -51,7 +51,8 @@ final class Newsfeed extends VKAPIRequestHandler
{
$this->requireUser();
$queryBase = "FROM `posts` LEFT JOIN `groups` ON GREATEST(`posts`.`wall`, 0) = 0 AND `groups`.`id` = ABS(`posts`.`wall`) WHERE (`groups`.`hide_from_global_feed` = 0 OR `groups`.`name` IS NULL) AND `posts`.`deleted` = 0";
$queryBase = "FROM `posts` LEFT JOIN `groups` ON GREATEST(`posts`.`wall`, 0) = 0 AND `groups`.`id` = ABS(`posts`.`wall`) LEFT JOIN `profiles` ON LEAST(`posts`.`wall`, 0) = 0 AND `profiles`.`id` = ABS(`posts`.`wall`)";
$queryBase .= "WHERE (`groups`.`hide_from_global_feed` = 0 OR `groups`.`name` IS NULL) AND (`profiles`.`profile_type` = 0 OR `profiles`.`first_name` IS NULL) AND `posts`.`deleted` = 0"; # AND `posts`.`suggested` = 0
if($this->getUser()->getNsfwTolerance() === User::NSFW_INTOLERANT)
$queryBase .= " AND `nsfw` = 0";

14
VKAPI/Handlers/Notes.php
View file

@ -40,6 +40,9 @@ final class Notes extends VKAPIRequestHandler
if($note->getOwner()->isDeleted())
$this->fail(403, "Owner is deleted");
if(!$note->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
$this->fail(43, "No access");
@ -187,7 +190,10 @@ final class Notes extends VKAPIRequestHandler
$this->fail(15, "Invalid user");
if(!$user->getPrivacyPermission('notes.read', $this->getUser()))
$this->fail(43, "Access denied: this user chose to hide his notes");
$this->fail(15, "Access denied: this user chose to hide his notes");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
if(empty($note_ids)) {
$notes = array_slice(iterator_to_array((new NotesRepo)->getUserNotes($user, 1, $count + $offset, $sort == 0 ? "ASC" : "DESC")), $offset);
@ -238,6 +244,9 @@ final class Notes extends VKAPIRequestHandler
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
$this->fail(40, "Access denied: this user chose to hide his notes");
if(!$note->canBeViewedBy($this->getUser()))
$this->fail(15, "Access to note denied");
return $note->toVkApiStruct();
}
@ -258,6 +267,9 @@ final class Notes extends VKAPIRequestHandler
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
$this->fail(14, "No access");
if(!$note->canBeViewedBy($this->getUser()))
$this->fail(15, "Access to note denied");
$arr = (object) [
"count" => $note->getCommentsCount(),

97
VKAPI/Handlers/Photos.php
View file

@ -304,10 +304,12 @@ final class Photos extends VKAPIRequestHandler
if(!$user || $user->isDeleted())
$this->fail(2, "Invalid user");
if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his albums.");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$albums = array_slice(iterator_to_array((new Albums)->getUserAlbums($user, 1, $count + $offset)), $offset);
foreach($albums as $album) {
@ -368,15 +370,15 @@ final class Photos extends VKAPIRequestHandler
}
if($user_id > 0) {
$us = (new UsersRepo)->get($user_id);
if(!$us || $us->isDeleted()) {
if(!$us || $us->isDeleted())
$this->fail(21, "Invalid user");
}
if(!$us->getPrivacyPermission('photos.read', $this->getUser())) {
if(!$us->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his albums.");
}
if(!$us->canBeViewedBy($this->getUser()))
$this->fail(15, "Access dennieeeddd");
return (new Albums)->getUserAlbumsCount($us);
}
@ -404,17 +406,17 @@ final class Photos extends VKAPIRequestHandler
$ph = explode("_", $phota);
$photo = (new PhotosRepo)->getByOwnerAndVID((int)$ph[0], (int)$ph[1]);
if(!$photo || $photo->isDeleted()) {
if(!$photo || $photo->isDeleted())
$this->fail(21, "Invalid photo");
}
if($photo->getOwner()->isDeleted()) {
if($photo->getOwner()->isDeleted())
$this->fail(21, "Owner of this photo is deleted");
}
if(!$photo->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
if(!$photo->getOwner()->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his photos.");
}
if(!$photo->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied...");
$res[] = $photo->toVkApiStruct($photo_sizes, $extended);
}
@ -432,13 +434,11 @@ final class Photos extends VKAPIRequestHandler
if(empty($photo_ids)) {
$album = (new Albums)->getAlbumByOwnerAndId($owner_id, $album_id);
if(!$album->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
$this->fail(21, "This user chose to hide his albums.");
}
if(!$album || $album->isDeleted()) {
if(!$album || $album->isDeleted())
$this->fail(21, "Invalid album");
}
if(!$album->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$photos = array_slice(iterator_to_array($album->getPhotos(1, $count + $offset)), $offset);
$res["count"] = sizeof($photos);
@ -456,12 +456,11 @@ final class Photos extends VKAPIRequestHandler
"items" => []
];
foreach($photos as $photo)
{
foreach($photos as $photo) {
$id = explode("_", $photo);
$phot = (new PhotosRepo)->getByOwnerAndVID((int)$id[0], (int)$id[1]);
if($phot && !$phot->isDeleted()) {
if($phot && !$phot->isDeleted() && $phot->canBeViewedBy($this->getUser())) {
$res["items"][] = $phot->toVkApiStruct($photo_sizes, $extended);
}
}
@ -477,13 +476,11 @@ final class Photos extends VKAPIRequestHandler
$album = (new Albums)->get($album_id);
if(!$album || $album->canBeModifiedBy($this->getUser())) {
if(!$album || $album->canBeModifiedBy($this->getUser()))
$this->fail(21, "Invalid album");
}
if($album->isDeleted()) {
if($album->isDeleted())
$this->fail(22, "Album already deleted");
}
$album->delete();
@ -497,13 +494,11 @@ final class Photos extends VKAPIRequestHandler
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
if(!$photo) {
if(!$photo)
$this->fail(21, "Invalid photo");
}
if($photo->isDeleted()) {
if($photo->isDeleted())
$this->fail(21, "Photo is deleted");
}
if(!empty($caption)) {
$photo->setDescription($caption);
@ -521,17 +516,14 @@ final class Photos extends VKAPIRequestHandler
if(empty($photos)) {
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
if($this->getUser()->getId() !== $photo->getOwner()->getId()) {
if($this->getUser()->getId() !== $photo->getOwner()->getId())
$this->fail(21, "You can't delete another's photo");
}
if(!$photo) {
if(!$photo)
$this->fail(21, "Invalid photo");
}
if($photo->isDeleted()) {
if($photo->isDeleted())
$this->fail(21, "Photo already deleted");
}
$photo->delete();
} else {
@ -595,21 +587,20 @@ final class Photos extends VKAPIRequestHandler
$this->requireUser();
$this->willExecuteWriteAction();
if(empty($message) && empty($attachments)) {
if(empty($message) && empty($attachments))
$this->fail(100, "Required parameter 'message' missing.");
}
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
if(!$photo->getAlbum()->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
$this->fail(21, "This user chose to hide his albums.");
}
if(!$photo)
$this->fail(180, "Photo not found");
if($photo->isDeleted())
$this->fail(189, "Photo is deleted");
if(!$photo->canBeViewedBy($this->getUser()))
$this->fail(15, "Access to photo denied.");
$comment = new Comment;
$comment->setOwner($this->getUser()->getId());
$comment->setModel(get_class($photo));
@ -669,19 +660,19 @@ final class Photos extends VKAPIRequestHandler
$this->requireUser();
$this->willExecuteWriteAction();
if($owner_id < 0) {
if($owner_id < 0)
$this->fail(4, "This method doesn't works with clubs");
}
$user = (new UsersRepo)->get($owner_id);
if(!$user) {
if(!$user)
$this->fail(4, "Invalid user");
}
if(!$user->getPrivacyPermission('photos.read', $this->getUser())) {
if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his albums.");
}
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$photos = array_slice(iterator_to_array((new PhotosRepo)->getEveryUserPhoto($user, 1, $count + $offset)), $offset);
$res = [];
@ -702,17 +693,11 @@ final class Photos extends VKAPIRequestHandler
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
$comms = array_slice(iterator_to_array($photo->getComments(1, $offset + $count)), $offset);
if(!$photo) {
if(!$photo || $photo->isDeleted())
$this->fail(4, "Invalid photo");
}
if(!$photo->getAlbum()->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
$this->fail(21, "This user chose to hide his photos.");
}
if($photo->isDeleted()) {
$this->fail(4, "Photo is deleted");
}
if(!$photo->canBeViewedBy($this->getUser()))
$this->fail(21, "Access denied");
$res = [
"count" => sizeof($comms),

39
VKAPI/Handlers/Users.php
View file

@ -142,21 +142,51 @@ final class Users extends VKAPIRequestHandler
];
}
case "music":
if(!$usr->canBeViewedBy($this->getUser())) {
$response[$i]->music = "secret";
break;
}
$response[$i]->music = $usr->getFavoriteMusic();
break;
case "movies":
if(!$usr->canBeViewedBy($this->getUser())) {
$response[$i]->movies = "secret";
break;
}
$response[$i]->movies = $usr->getFavoriteFilms();
break;
case "tv":
if(!$usr->canBeViewedBy($this->getUser())) {
$response[$i]->tv = "secret";
break;
}
$response[$i]->tv = $usr->getFavoriteShows();
break;
case "books":
if(!$usr->canBeViewedBy($this->getUser())) {
$response[$i]->books = "secret";
break;
}
$response[$i]->books = $usr->getFavoriteBooks();
break;
case "city":
if(!$usr->canBeViewedBy($this->getUser())) {
$response[$i]->city = "Воскресенск";
break;
}
$response[$i]->city = $usr->getCity();
break;
case "interests":
if(!$usr->canBeViewedBy($this->getUser())) {
$response[$i]->interests = "secret";
break;
}
$response[$i]->interests = $usr->getInterests();
break;
case "rating":
@ -185,6 +215,14 @@ final class Users extends VKAPIRequestHandler
$this->requireUser();
$user = $users->get($user_id);
if(!$user || $user->isDeleted())
$this->fail(14, "Invalid user");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
foreach($users->get($user_id)->getFollowers($offset, $count) as $follower)
$followers[] = $follower->getId();
@ -277,6 +315,7 @@ final class Users extends VKAPIRequestHandler
"fav_shows" => !empty($fav_shows) ? $fav_shows : NULL,
"fav_books" => !empty($fav_books) ? $fav_books : NULL,
"fav_quotes" => !empty($fav_quotes) ? $fav_quotes : NULL,
"doNotSearchPrivate" => true,
];
$find = $users->find($q, $parameters, $sortg);

9
VKAPI/Handlers/Video.php
View file

@ -40,6 +40,15 @@ final class Video extends VKAPIRequestHandler
else
$this->fail(1, "Not implemented");
if(!$user || $user->isDeleted())
$this->fail(14, "Invalid user");
if(!$user->getPrivacyPermission('videos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his videos.");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$videos = (new VideosRepo)->getByUser($user, $offset + 1, $count);
$videosCount = (new VideosRepo)->getUserVideosCount($user);

24
VKAPI/Handlers/Wall.php
View file

@ -37,6 +37,9 @@ final class Wall extends VKAPIRequestHandler
if ($owner_id > 0)
if(!$wallOnwer || $wallOnwer->isDeleted())
$this->fail(18, "User was deleted or banned");
if(!$wallOnwer->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
else
if(!$wallOnwer)
$this->fail(15, "Access denied: wall is disabled"); // Don't search for logic here pls
@ -220,7 +223,11 @@ final class Wall extends VKAPIRequestHandler
foreach($psts as $pst) {
$id = explode("_", $pst);
$post = (new PostsRepo)->getPostById(intval($id[0]), intval($id[1]));
if($post && !$post->isDeleted()) {
if(!$post->canBeViewedBy($this->getUser()))
continue;
$from_id = get_class($post->getOwner()) == "openvk\Web\Models\Entities\Club" ? $post->getOwner()->getId() * (-1) : $post->getOwner()->getId();
$attachments = [];
$repost = []; // чел высрал семь сигарет 😳 помянем 🕯
@ -389,7 +396,7 @@ final class Wall extends VKAPIRequestHandler
$wallOwner = ($owner_id > 0 ? (new UsersRepo)->get($owner_id) : (new ClubsRepo)->get($owner_id * -1))
?? $this->fail(18, "User was deleted or banned");
if($owner_id > 0)
$canPost = $wallOwner->getPrivacyPermission("wall.write", $this->getUser());
$canPost = $wallOwner->getPrivacyPermission("wall.write", $this->getUser()) && $wallOwner->canBeViewedBy($this->getUser());
else if($owner_id < 0)
if($wallOwner->canBeModifiedBy($this->getUser()))
$canPost = true;
@ -508,6 +515,9 @@ final class Wall extends VKAPIRequestHandler
$post = (new PostsRepo)->getPostById((int) $postArray[1], (int) $postArray[2]);
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
if(!$post->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$nPost = new Post;
$nPost->setOwner($this->user->getId());
@ -546,6 +556,9 @@ final class Wall extends VKAPIRequestHandler
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
if(!$post->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$comments = (new CommentsRepo)->getCommentsByTarget($post, $offset+1, $count, $sort == "desc" ? "DESC" : "ASC");
@ -624,6 +637,12 @@ final class Wall extends VKAPIRequestHandler
$comment = (new CommentsRepo)->get($comment_id); # один хуй айди всех комментов общий
if(!$comment || $comment->isDeleted())
$this->fail(100, "Invalid comment");
if(!$comment->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$profiles = [];
$attachments = [];
@ -685,6 +704,9 @@ final class Wall extends VKAPIRequestHandler
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
if(!$post || $post->isDeleted()) $this->fail(100, "Invalid post");
if(!$post->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
if($post->getTargetWall() < 0)
$club = (new ClubsRepo)->get(abs($post->getTargetWall()));

2
Web/Presenters/templates/Search/Index.xml
View file

@ -188,7 +188,7 @@
</div>
{elseif $type == "posts"}
<div n:foreach="$data as $dat" class="content">
{if !$dat || $dat->getTargetWall() < 0 && $dat->getWallOwner()->isHideFromGlobalFeedEnabled()}
{if !$dat || $dat->getTargetWall() < 0 && $dat->getWallOwner()->isHideFromGlobalFeedEnabled() || !$dat->canBeViewedBy($thisUser)}
{_closed_group_post}.
{else}
{include "../components/post.xml", post => $dat, commentSection => true, onWallOf => true}

16
locales/en.strings
View file

@ -150,6 +150,18 @@
"user_banned" = "Unfortunately, we had to block the <b>$1</b> user page.";
"user_banned_comment" = "Moderator's comment:";
"closed_page" = "Closed page";
"limited_access_to_page_m" = "$1 limited access to his page.";
"limited_access_to_page_f" = "$1 limited access to her page.";
"you_can_add" = "You can";
"add_to_friends_m" = "add him to friends.";
"add_to_friends_f" = "add her to friends.";
"register_to_access_page_m" = "Sign up to get access to his page.";
"register_to_access_page_f" = "Sign up to get access to her page.";
/* Wall */
"feed" = "News";
@ -528,6 +540,10 @@
"privacy_value_only_me_dative" = "Only me";
"privacy_value_nobody" = "Nobody";
"profile_type" = "Profile type";
"profile_type_open" = "Open";
"profile_type_closed" = "Closed";
"your_email_address" = "Your Email address";
"your_page_address" = "Your address page";
"page_address" = "Address page";