Privacy: Fix a lot of issues with user's privacy

And fixes #36

Web/Presenters/NotesPresenter.php

@@ -19,6 +19,8 @@ final class NotesPresenter extends OpenVKPresenter
     {
         $user = (new Users)->get($owner);
         if(!$user) $this->notFound();
+        if(!$user->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
+            $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
         
         $this->template->notes = $this->notes->getUserNotes($user, (int)($this->queryParam("p") ?? 1));
         $this->template->count = $this->notes->getUserNotesCount($user);
@@ -36,6 +38,8 @@ final class NotesPresenter extends OpenVKPresenter
         $note = $this->notes->getNoteById($owner, $note_id);
         if(!$note || $note->getOwner()->getId() !== $owner || $note->isDeleted())
             $this->notFound();
+        if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
+            $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
         
         $this->template->cCount   = $note->getCommentsCount();
         $this->template->cPage    = (int) ($this->queryParam("p") ?? 1);

Web/Presenters/PhotosPresenter.php

@@ -29,6 +29,8 @@ final class PhotosPresenter extends OpenVKPresenter
         if($owner > 0) {
             $user = $this->users->get($owner);
             if(!$user) $this->notFound();
+            if (!$user->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
+                $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
             $this->template->albums  = $this->albums->getUserAlbums($user, $this->queryParam("p") ?? 1);
             $this->template->count   = $this->albums->getUserAlbumsCount($user);
             $this->template->owner   = $user;
@@ -129,6 +131,10 @@ final class PhotosPresenter extends OpenVKPresenter
         if($album->getPrettyId() !== $owner . "_" . $id || $album->isDeleted())
             $this->notFound();
         
+        if($owner > 0 /* bc we currently don't have perms for clubs */) $ownerObject = (new Users)->get($owner);
+        if(!$ownerObject->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
+            $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
+        
         $this->template->album  = $album;
         $this->template->photos = iterator_to_array( $album->getPhotos( (int) ($this->queryParam("p") ?? 1) ) );
         $this->template->paginatorConf = (object) [

Web/Presenters/UserPresenter.php

@@ -54,6 +54,8 @@ final class UserPresenter extends OpenVKPresenter
         $page = abs($this->queryParam("p") ?? 1);
         if(!$user)
             $this->notFound();
+        elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL))
+            $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
         else
             $this->template->user = $user;
         
@@ -78,9 +80,11 @@ final class UserPresenter extends OpenVKPresenter
         $this->assertUserLoggedIn();
         
         $user = $this->users->get($id);
-        if(!$user) {
+        if(!$user)
             $this->notFound();
-        } else {
+        elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL))
+            $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
+        else {
             $this->template->user = $user;
             $this->template->page = $this->queryParam("p") ?? 1;
             $this->template->admin = $this->queryParam("act") == "managed";

Web/Presenters/VideosPresenter.php

@@ -22,6 +22,8 @@ final class VideosPresenter extends OpenVKPresenter
     {
         $user = $this->users->get($id);
         if(!$user) $this->notFound();
+        if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
+            $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
         
         $this->template->user   = $user;
         $this->template->videos = $this->videos->getByUser($user, (int) ($this->queryParam("p") ?? 1));
@@ -38,6 +40,8 @@ final class VideosPresenter extends OpenVKPresenter
     {
         $user = $this->users->get($owner);
         if(!$user) $this->notFound();
+        if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
+            $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
 
         if($this->videos->getByOwnerAndVID($owner, $vId)->isDeleted()) $this->notFound();
         

Web/Presenters/templates/User/View.xml

@@ -3,6 +3,7 @@
 {block title}{$user->getCanonicalName()}{/block} 
 
 {block headIncludes}
+    {if $user->getPrivacyPermission('page.read', $thisUser ?? NULL)}
     <!-- openGraph -->
     <meta property="og:title" content="{$user->getCanonicalName()}" />
     <meta property="og:url" content="http://{$_SERVER['HTTP_HOST']}{$user->getURL()}" />
@@ -22,6 +23,9 @@
             "url": {('http://') . $_SERVER['HTTP_HOST'] . $user->getURL()}
         }
     </script>
+    {else} 
+    <meta name="robots" content="noindex, noarchive">
+    {/if}
 {/block}
 
 {block header}