set visibility per journey (wip)

		}

	);

	$self->helper(

		'visibility_icon' => sub {

			my ( $self, $visibility ) = @_;

			if ( $visibility eq 'public' ) {

				return 'language';

			}

			if ( $visibility eq 'travelynx' ) {

				return 'lock_open';

			}

			if ( $visibility eq 'unlisted' ) {

				return 'lock_outline';

			}

			if ( $visibility eq 'private' ) {

				return 'lock';

			}

			return 'help_outline';

		}

	);

	$self->helper(

		'checkin' => sub {

			my ( $self, %opt ) = @_;

				uid             => $uid,

				db              => $db,

				with_data       => 1,

				with_timestamps => 1

				with_timestamps => 1,

				with_visibility => 1,

			);

			if ($in_transit) {

					messages      => $in_transit->{messages},

					extra_data    => $in_transit->{data},

					comment       => $in_transit->{user_data}{comment},

					visibility    => $in_transit->{visibility},

					visibility_str => $in_transit->{visibility_str},

				};

				my $traewelling = $self->traewelling->get(

	$authed_r->get('/history/:year/:month')->to('traveling#monthly_history');

	$authed_r->get('/journey/add')->to('traveling#add_journey_form');

	$authed_r->get('/journey/comment')->to('traveling#comment_form');

	$authed_r->get('/journey/visibility')->to('traveling#visibility_form');

	$authed_r->get('/journey/:id')->to('traveling#journey_details');

	$authed_r->get('/s/*station')->to('traveling#station');

	$authed_r->get('/confirm_mail/:token')->to('account#confirm_mail');

	$authed_r->post('/account/services')->to('account#services');

	$authed_r->post('/journey/add')->to('traveling#add_journey_form');

	$authed_r->post('/journey/comment')->to('traveling#comment_form');

	$authed_r->post('/journey/visibility')->to('traveling#visibility_form');

	$authed_r->post('/journey/edit')->to('traveling#edit_journey');

	$authed_r->post('/journey/passenger_rights/*filename')

	  ->to('passengerrights#generate');

			}

		);

	},

	# v32 -> v33

	# add optional per-status visibility that overrides global visibility

	sub {

		my ($db) = @_;

		$db->query(

			qq{

				alter table journeys add column visibility smallint;

				alter table in_transit add column visibility smallint;

				drop view journeys_str;

				drop view in_transit_str;

				create view journeys_str as select

					journeys.id as journey_id, user_id,

					train_type, train_line, train_no, train_id,

					extract(epoch from checkin_time) as checkin_ts,

					extract(epoch from sched_departure) as sched_dep_ts,

					extract(epoch from real_departure) as real_dep_ts,

					checkin_station_id as dep_eva,

					dep_station.ds100 as dep_ds100,

					dep_station.name as dep_name,

					dep_station.lat as dep_lat,

					dep_station.lon as dep_lon,

					extract(epoch from checkout_time) as checkout_ts,

					extract(epoch from sched_arrival) as sched_arr_ts,

					extract(epoch from real_arrival) as real_arr_ts,

					checkout_station_id as arr_eva,

					arr_station.ds100 as arr_ds100,

					arr_station.name as arr_name,

					arr_station.lat as arr_lat,

					arr_station.lon as arr_lon,

					polylines.polyline as polyline,

					visibility,

					cancelled, edited, route, messages, user_data,

					dep_platform, arr_platform

					from journeys

					left join polylines on polylines.id = polyline_id

					left join stations as dep_station on checkin_station_id = dep_station.eva

					left join stations as arr_station on checkout_station_id = arr_station.eva

					;

				create view in_transit_str as select

					user_id,

					train_type, train_line, train_no, train_id,

					extract(epoch from checkin_time) as checkin_ts,

					extract(epoch from sched_departure) as sched_dep_ts,

					extract(epoch from real_departure) as real_dep_ts,

					checkin_station_id as dep_eva,

					dep_station.ds100 as dep_ds100,

					dep_station.name as dep_name,

					dep_station.lat as dep_lat,

					dep_station.lon as dep_lon,

					extract(epoch from checkout_time) as checkout_ts,

					extract(epoch from sched_arrival) as sched_arr_ts,

					extract(epoch from real_arrival) as real_arr_ts,

					checkout_station_id as arr_eva,

					arr_station.ds100 as arr_ds100,

					arr_station.name as arr_name,

					arr_station.lat as arr_lat,

					arr_station.lon as arr_lon,

					polylines.polyline as polyline,

					visibility,

					cancelled, route, messages, user_data,

					dep_platform, arr_platform, data

					from in_transit

					left join polylines on polylines.id = polyline_id

					left join stations as dep_station on checkin_station_id = dep_station.eva

					left join stations as arr_station on checkout_station_id = arr_station.eva

					;

			}

		);

		my $res = $db->select( 'users', [ 'id', 'public_level' ] );

		while ( my $row = $res->hash ) {

			my $old_level = $row->{public_level};

			my $new_level = 0;

			if ( $old_level & 0x01 ) {

				# status: account required

				$new_level = 80;

			}

			if ( $old_level & 0x02 ) {

				# status: public

				$new_level = 100;

			}

			if ( $old_level & 0x04 ) {

				# comment public

				$new_level |= 0x80;

			}

			if ( $old_level & 0x10 ) {

				# past: account required

				$new_level |= 0x100;

			}

			if ( $old_level & 0x20 ) {

				# past: public

				$new_level |= 0x200;

			}

			if ( $old_level & 0x40 ) {

				# past: infinite (default is 4 weeks)

				$new_level |= 0x400;

			}

			my $r = $db->update(

				'users',

				{ public_level => $new_level },

				{ id           => $row->{id} }

			)->rows;

			if ( $r != 1 ) {

				die("oh no");

			}

		}

		$db->update( 'schema_version', { version => 33 } );

	},

);

sub sync_stations {

use JSON;

use UUID::Tiny qw(:std);

my %visibility_itoa = (

	100 => 'public',

	80  => 'travelynx',

	60  => 'followers',

	30  => 'unlisted',

	10  => 'private',

);

my %visibility_atoi = (

	public    => 100,

	travelynx => 80,

	followers => 60,

	unlisted  => 30,

	private   => 10,

);

# Internal Helpers

sub hash_password {

	my $public_level = $user->{is_public};

	if ( $self->param('action') and $self->param('action') eq 'save' ) {

		if ( $self->param('status_level') eq 'intern' ) {

			$public_level |= 0x01;

			$public_level &= ~0x02;

		}

		elsif ( $self->param('status_level') eq 'extern' ) {

			$public_level |= 0x02;

			$public_level &= ~0x01;

		}

		else {

			$public_level &= ~0x03;

		my %opt;

		my $default_visibility

		  = $visibility_atoi{ $self->param('status_level') };

		if ( defined $default_visibility ) {

			$opt{default_visibility} = $default_visibility;

		}

		# public comment with non-public status does not make sense

		if (    $self->param('public_comment')

			and $self->param('status_level') ne 'private' )

		{

			$public_level |= 0x04;

		}

		else {

			$public_level &= ~0x04;

		}

		$opt{comments_visible} = $self->param('public_comment') ? 1 : 0;

		$opt{past_all} = $self->param('history_age') eq 'infinite' ? 1 : 0;

		if ( $self->param('history_level') eq 'intern' ) {

			$public_level |= 0x10;

			$public_level &= ~0x20;

			$opt{past_visible} = 1;

		}

		elsif ( $self->param('history_level') eq 'extern' ) {

			$public_level |= 0x20;

			$public_level &= ~0x10;

			$opt{past_visible} = 2;

		}

		else {

			$public_level &= ~0x30;

		}

		if ( $self->param('history_age') eq 'infinite' ) {

			$public_level |= 0x40;

		}

		else {

			$public_level &= ~0x40;

			$opt{past_visible} = 0;

		}

		$self->users->set_privacy(

			uid => $user->{id},

			level => $public_level

			%opt

		);

		$self->flash( success => 'privacy' );

	}

	else {

		$self->param(

			  status_level => $public_level & 0x01 ? 'intern'

			: $public_level & 0x02 ? 'extern'

			:                        'private'

		);

		$self->param( public_comment => $public_level & 0x04 ? 1 : 0 );

			status_level => $visibility_itoa{ $user->{default_visibility} } );

		$self->param( public_comment => $user->{comments_visible} );

		$self->param(

			  history_level => $public_level & 0x10 ? 'intern'

			: $public_level & 0x20 ? 'extern'

			  history_level => $user->{past_visible} & 0x01 ? 'intern'

			: $user->{past_visible} & 0x02 ? 'extern'

			:                                'private'

		);

		$self->param(

			history_age => $public_level & 0x40 ? 'infinite' : 'month' );

		$self->param( history_age => $user->{past_all} ? 'infinite' : 'month' );

		$self->render( 'privacy', name => $user->{name} );

	}

}

	return $promise;

}

sub compute_effective_visibility {

	my ( $self, $default_visibility, $journey_visibility ) = @_;

	if ( $journey_visibility eq 'default' ) {

		return $default_visibility;

	}

	return $journey_visibility;

}

# Controllers

sub homepage {

		my $status = $self->get_user_status;

		my @recent_targets;

		if ( $status->{checked_in} ) {

			my $journey_visibility

			  = $self->compute_effective_visibility(

				$self->current_user->{default_visibility_str},

				$status->{visibility_str} );

			if ( defined $status->{arrival_countdown}

				and $status->{arrival_countdown} < ( 40 * 60 ) )

			{

							version => $self->app->config->{version}

							  // 'UNKNOWN',

							user_status        => $status,

							journey_visibility => $journey_visibility,

							connections        => $connecting_trains,

							transit_fyi        => $transit_fyi,

							with_autocomplete => 1,

							with_geolocation  => 1

						);

						$self->users->mark_seen(

							uid => $self->current_user->{id} );

							version => $self->app->config->{version}

							  // 'UNKNOWN',

							user_status        => $status,

							with_autocomplete => 1,

							with_geolocation  => 1

							journey_visibility => $journey_visibility,

						);

						$self->users->mark_seen(

							uid => $self->current_user->{id} );

				)->wait;

				return;

			}

			else {

				$self->render(

					'landingpage',

					version     => $self->app->config->{version} // 'UNKNOWN',

					user_status => $status,

					journey_visibility => $journey_visibility,

				);

				$self->users->mark_seen( uid => $self->current_user->{id} );

				return;

			}

		}

		else {

			@recent_targets = uniq_by { $_->{eva} }

	}

}

sub status_token_ok {

	my ( $self, $status, $ts2_ext ) = @_;

	my $token = $self->param('token') // q{};

	my ( $eva, $ts, $ts2 ) = split( qr{-}, $token );

	if ( not $ts ) {

		return;

	}

	$ts2 //= $ts2_ext;

	if (    $eva == $status->{dep_eva}

		and $ts == $status->{timestamp}->epoch

		and $ts2 == $status->{sched_departure}->epoch )

	{

		return 1;

	}

	return;

}

sub user_status {

	my ($self) = @_;

	my $ts   = $self->stash('ts') // 0;

	my $user = $self->users->get_privacy_by_name( name => $name );

	if ( not $user or not $user->{public_level} & 0x03 ) {

	if ( not $user ) {

		$self->render('not_found');

		return;

	}

	if ( $user->{public_level} & 0x01 and not $self->is_user_authenticated ) {

		$self->render( 'login', redirect_to => $self->req->url );

		return;

	}

	my $status = $self->get_user_status( $user->{id} );

	my $journey;

	if (

		$ts

		and ( not $status->{checked_in}

			or $status->{sched_departure}->epoch != $ts )

		and (

			$user->{public_level} & 0x20

			or (    $user->{public_level} & 0x10

				and $self->is_user_authenticated )

		)

	  )

	{

		for my $candidate (

			$self->journeys->get(

				uid   => $user->{id},

				limit => 10,

				limit => 20,

			)

		  )

		{

			if ( $candidate->{sched_dep_ts} eq $ts ) {

				$journey = $self->journeys->get_single(

					uid           => $user->{id},

					journey_id    => $candidate->{id},

					verbose       => 1,

					with_datetime => 1,

					with_polyline => 1,

				);

				$self->redirect_to("/p/${name}/j/$candidate->{id}");

				return;

			}

		}

		$self->render('not_found');

		return;

	}

	my %tw_data = (

		site_name => 'travelynx',

	);

	if ($journey) {

		$og_data{title} = $tw_data{title} = sprintf( 'Fahrt von %s nach %s',

			$journey->{from_name}, $journey->{to_name} );

		$og_data{description} = $tw_data{description}

		  = $journey->{rt_arrival}->strftime('Ankunft am %d.%m.%Y um %H:%M');

		$og_data{url} .= "/${ts}";

	}

	elsif (

		$ts

		and ( not $status->{checked_in}

			or $status->{sched_departure}->epoch != $ts )

	my $visibility;

	if ( $status->{checked_in} ) {

		$visibility

		  = $self->compute_effective_visibility(

			$user->{default_visibility_str},

			$status->{visibility_str} );

		if (

			not(

				$visibility eq 'public'

				or (    $visibility eq 'unlisted'

					and $self->status_token_ok( $status, $ts ) )

				or (

					$visibility eq 'travelynx'

					and (  $self->is_user_authenticated

						or $self->status_token_ok( $status, $ts ) )

				)

			)

		  )

		{

		$og_data{title}       = $tw_data{title} = "Bahnfahrt beendet";

		$og_data{description} = $tw_data{description}

		  = "${name} hat das Ziel erreicht";

			$status->{checked_in} = 0;

		}

	elsif ( $status->{checked_in} ) {

	}

	if ( $status->{checked_in} ) {

		$og_data{url} .= '/' . $status->{sched_departure}->epoch;

		$og_data{title}       = $tw_data{title}       = "${name} ist unterwegs";

		$og_data{description} = $tw_data{description} = sprintf(

	else {

		$og_data{title} = $tw_data{title}

		  = "${name} ist gerade nicht eingecheckt";

		$og_data{description} = $tw_data{description}

		  = "Letztes Fahrtziel: $status->{arr_name}";

		$og_data{description} = $tw_data{description} = q{};

	}

	if ($journey) {

		if ( not $user->{public_level} & 0x04 ) {

			delete $journey->{user_data}{comment};

		}

		my $map_data = $self->journeys_to_map_data(

			journeys       => [$journey],

			include_manual => 1,

		);

		$self->render(

			'journey',

			error     => undef,

			with_map  => 1,

			readonly  => 1,

			journey   => $journey,

			twitter   => \%tw_data,

			opengraph => \%og_data,

			%{$map_data},

		);

	}

	else {

	$self->render(

		'user_status',

		name               => $name,

		public_level       => $user->{public_level},

		journey            => $status,

		journey_visibility => $visibility,

		twitter            => \%tw_data,

		opengraph          => \%og_data,

	);

}

}

sub public_profile {

	my ($self) = @_;

	my $name = $self->stash('name');

	my $user = $self->users->get_privacy_by_name( name => $name );

	if ( not $user ) {

		$self->render('not_found');

	}

	my $status = $self->get_user_status( $user->{id} );

	my $visibility;

	if ( $status->{checked_in} ) {

		$visibility

		  = $self->compute_effective_visibility(

			$user->{default_visibility_str},

			$status->{visibility_str} );

		if (

		$user

		and (

			$user->{public_level} & 0x22

			or (    $user->{public_level} & 0x11

				and $self->is_user_authenticated )

			not(

				$visibility eq 'public'

				or (    $visibility eq 'unlisted'

					and $self->status_token_ok($status) )

				or (

					$visibility eq 'travelynx'

					and (  $self->is_user_authenticated

						or $self->status_token_ok($status) )

				)

			)

		  )

		{

		my $status = $self->get_user_status( $user->{id} );

		my @journeys;

		if ( $user->{public_level} & 0x40 ) {

			@journeys = $self->journeys->get(

			$status->{checked_in} = 0;

		}

	}

	my %opt = (

		uid           => $user->{id},

		limit         => 10,

		with_datetime => 1

	);

	if ( not $user->{past_all} ) {

		my $now = DateTime->now( time_zone => 'Europe/Berlin' );

		$opt{before} = DateTime->now( time_zone => 'Europe/Berlin' );

		$opt{after}  = $now->clone->subtract( weeks => 4 );

	}

	if (

		$user->{default_visibility_str} eq 'public'

		or (    $user->{default_visibility_str} eq 'travelynx'

			and $self->is_user_authenticated )

	  )

	{

		$opt{with_default_visibility} = 1;

	}

	else {

			my $now       = DateTime->now( time_zone => 'Europe/Berlin' );

			my $month_ago = $now->clone->subtract( weeks => 4 );

			@journeys = $self->journeys->get(

				uid           => $user->{id},

				limit         => 10,

				with_datetime => 1,

				after         => $month_ago,

				before        => $now

			);

		$opt{with_default_visibility} = 0;

	}

	if ( $self->is_user_authenticated ) {

		$opt{min_visibility} = 'travelynx';

	}

	else {

		$opt{min_visibility} = 'public';

	}

	my @journeys = $self->journeys->get(%opt);

	$self->render(

		'profile',

		name               => $name,

		uid                => $user->{id},

		public_level       => $user->{public_level},

		journey            => $status,

		journey_visibility => $visibility,

		journeys           => [@journeys],

		version            => $self->app->config->{version} // 'UNKNOWN',

	);

}

	else {

		$self->render('not_found');

	}

}

sub public_journey_details {

	my ($self)     = @_;

	$self->param( journey_id => $journey_id );

	if ( not( $journey_id and $journey_id =~ m{ ^ \d+ $ }x ) ) {

	if ( not( $user and $journey_id and $journey_id =~ m{ ^ \d+ $ }x ) ) {

		$self->render(

			'journey',

			status  => 404,

		return;

	}

	if (

		$user

		and (

			$user->{public_level} & 0x20

			or (    $user->{public_level} & 0x10

				and $self->is_user_authenticated )

		)

	  )

	{

	my $journey = $self->journeys->get_single(

		uid             => $user->{id},

		journey_id      => $journey_id,