From 981f81deae3a20799d8adb9658c4e0e587313156 Mon Sep 17 00:00:00 2001
From: csoler <csoler@users.sourceforge.net>
Date: Wed, 23 Mar 2016 20:54:45 -0400
Subject: [PATCH] added anon ids to offline vetting

---
 .../src/grouter/grouterclientservice.h        |  1 +
 libretroshare/src/gxs/rsgixs.h                |  1 +
 libretroshare/src/gxs/rsgxsnetservice.cc      | 65 ++++++++++++++++---
 libretroshare/src/gxs/rsgxsnetservice.h       |  2 +-
 libretroshare/src/gxs/rsgxsnetutils.cc        | 27 +++++++-
 libretroshare/src/gxs/rsgxsnetutils.h         |  2 -
 libretroshare/src/retroshare/rsgxscircles.h   |  2 +-
 libretroshare/src/services/p3gxscircles.cc    | 47 +++++++++++---
 libretroshare/src/services/p3gxscircles.h     | 12 ++--
 .../src/gui/Circles/CirclesDialog.cpp         |  3 +-
 .../src/gui/Circles/CreateCircleDialog.cpp    |  7 +-
 retroshare-gui/src/gui/Identity/IdDialog.cpp  |  4 +-
 .../src/gui/People/CircleWidget.cpp           | 11 ++--
 13 files changed, 138 insertions(+), 46 deletions(-)

diff --git a/libretroshare/src/grouter/grouterclientservice.h b/libretroshare/src/grouter/grouterclientservice.h
index 727d8ea82..a6bef29e1 100644
--- a/libretroshare/src/grouter/grouterclientservice.h
+++ b/libretroshare/src/grouter/grouterclientservice.h
@@ -66,6 +66,7 @@ public:
 	    std::cerr << "!!!!!! Received Data status from global router, but the client service is not handling it !!!!!!!!!!" << std::endl ;
 	    std::cerr << "   message ID  = " << received_id << std::endl;
 	    std::cerr << "   data status = " << data_status << std::endl;
+	    std::cerr << "   signer ID   = " << signer_id << std::endl;
     }
 
     // This function is mandatory. It should do two things:
diff --git a/libretroshare/src/gxs/rsgixs.h b/libretroshare/src/gxs/rsgixs.h
index 5d5867fe3..8969f947d 100644
--- a/libretroshare/src/gxs/rsgixs.h
+++ b/libretroshare/src/gxs/rsgixs.h
@@ -215,6 +215,7 @@ class RsGcxs
         virtual int  canReceive(const RsGxsCircleId &circleId, const RsPgpId &id) = 0;
         virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsPgpId>& friendlist) = 0;
         virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsGxsId>& idlist) = 0;
+        virtual bool isRecipient(const RsGxsCircleId &circleId, const RsGxsId& id) = 0;
         
 	virtual bool getLocalCircleServerUpdateTS(const RsGxsCircleId& gid,time_t& grp_server_update_TS,time_t& msg_server_update_TS) =0;
 };
diff --git a/libretroshare/src/gxs/rsgxsnetservice.cc b/libretroshare/src/gxs/rsgxsnetservice.cc
index 0cf47d448..9f834cda3 100644
--- a/libretroshare/src/gxs/rsgxsnetservice.cc
+++ b/libretroshare/src/gxs/rsgxsnetservice.cc
@@ -1998,17 +1998,23 @@ void RsGxsNetService::updateServerSyncTS()
                         
                         if(mCircles->getLocalCircleServerUpdateTS(mit->second->mCircleId,circle_group_server_ts,circle_msg_server_ts))
                         {
-                            std::cerr << "Group " << mit->first << " is conditionned to circle " << mit->second->mCircleId << ". local Grp TS=" << time(NULL) - mGrpServerUpdateItem->grpUpdateTS << " secs ago, circle grp server update TS=" << time(NULL) - circle_group_server_ts << " secs ago";
+#ifdef NXS_NET_DEBUG_0
+                            GXSNETDEBUG__G(mit->first) << "  Group " << mit->first << " is conditionned to circle " << mit->second->mCircleId << ". local Grp TS=" << time(NULL) - mGrpServerUpdateItem->grpUpdateTS << " secs ago, circle grp server update TS=" << time(NULL) - circle_group_server_ts << " secs ago";
+#endif
                             
                             if(circle_group_server_ts > mGrpServerUpdateItem->grpUpdateTS)
 			    {
-				    std::cerr << " - Updating local Grp Server update TS to follow changes in circles." << std::endl;
+#ifdef NXS_NET_DEBUG_0
+				    GXSNETDEBUG__G(mit->first) << " - Updating local Grp Server update TS to follow changes in circles." << std::endl;
+#endif
 
 				    RS_STACK_MUTEX(mNxsMutex) ;
 				    mGrpServerUpdateItem->grpUpdateTS = circle_group_server_ts ;
 			    }
+#ifdef NXS_NET_DEBUG_0
                             else
-                                std::cerr << " - Nothing to do." << std::endl;
+                                GXSNETDEBUG__G(mit->first) << " - Nothing to do." << std::endl;
+#endif
                         }
                         else
                             std::cerr << "(EE) Cannot retrieve attached circle TS" << std::endl;
@@ -3334,15 +3340,24 @@ void RsGxsNetService::runVetting()
 	std::vector<GrpCircleVetting*>::iterator vit2 = mPendingCircleVets.begin();
 	for(; vit2 != mPendingCircleVets.end(); )
 	{
+#ifdef NXS_NET_DEBUG_4
+		GXSNETDEBUG___ << "   Examining/clearing pending vetting of type " << (*vit2)->getType() << std::endl;
+#endif
 		GrpCircleVetting*& gcv = *vit2;
 		if(gcv->cleared() || gcv->expired())
 		{
 			if(gcv->getType() == GrpCircleVetting::GRP_ID_PEND)
 			{
 				GrpCircleIdRequestVetting* gcirv = static_cast<GrpCircleIdRequestVetting*>(gcv);
+#ifdef NXS_NET_DEBUG_4
+				GXSNETDEBUG_P_(gcirv->mPeerId) << "     vetting is a GRP ID PENDING Response" << std::endl;
+#endif
 
 				if(!locked_createTransactionFromPending(gcirv))
                     		{
+#ifdef NXS_NET_DEBUG_4
+		    			GXSNETDEBUG_P_(gcirv->mPeerId)  << "     Response sent!" << std::endl;
+#endif
                     			++vit2 ;
                     			continue ;
                 		}
@@ -3351,9 +3366,17 @@ void RsGxsNetService::runVetting()
 			{
 				MsgCircleIdsRequestVetting* mcirv = static_cast<MsgCircleIdsRequestVetting*>(gcv);
 
+#ifdef NXS_NET_DEBUG_4
+				GXSNETDEBUG_P_(mcirv->mPeerId) << "     vetting is a MSG ID PENDING Response" << std::endl;
+#endif
 				if(mcirv->cleared())
+                		{
+#ifdef NXS_NET_DEBUG_4
+		    			GXSNETDEBUG_P_(mcirv->mPeerId) << "     vetting cleared! Sending..." << std::endl;
+#endif
 					if(!locked_createTransactionFromPending(mcirv))
                         			continue ;					// keep it in the list for retry
+                    		}
 			}
 			else
 			{
@@ -3367,6 +3390,9 @@ void RsGxsNetService::runVetting()
 		}
 		else
 		{
+#ifdef NXS_NET_DEBUG_4
+			GXSNETDEBUG___ << "   ... not cleared yet." << std::endl;
+#endif
 			++vit2;
 		}
 	}
@@ -4462,7 +4488,7 @@ void RsGxsNetService::locked_pushMsgRespFromList(std::list<RsNxsItem*>& itemL, c
             
 }
 
-bool RsGxsNetService::canSendMsgIds(const std::vector<RsGxsMsgMetaData*>& msgMetas, const RsGxsGrpMetaData& grpMeta, const RsPeerId& sslId,RsGxsCircleId& should_encrypt_id)
+bool RsGxsNetService::canSendMsgIds(std::vector<RsGxsMsgMetaData*>& msgMetas, const RsGxsGrpMetaData& grpMeta, const RsPeerId& sslId,RsGxsCircleId& should_encrypt_id)
 {
 #ifdef NXS_NET_DEBUG_4
 	GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "RsGxsNetService::canSendMsgIds() CIRCLE VETTING" << std::endl;
@@ -4494,9 +4520,29 @@ bool RsGxsNetService::canSendMsgIds(const std::vector<RsGxsMsgMetaData*>& msgMet
 #ifdef NXS_NET_DEBUG_4
 	    GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "   Circle type: EXTERNAL => returning true. Msgs ids list will be encrypted." << std::endl;
 #endif
-	should_encrypt_id = circleId ;
-        	return true ;
-            
+	    should_encrypt_id = circleId ;
+        
+        	// For each message ID, check that the author is in the circle. If not, do not send the message, which means, remove it from the list.
+        
+		if(mCircles->isLoaded(circleId))
+		{
+			for(uint32_t i=0;i<msgMetas.size();)
+				if(!mCircles->isRecipient(circleId, msgMetas[i]->mAuthorId))
+				{
+#ifdef NXS_NET_DEBUG_4
+					GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "   deleting MsgMeta entry for msg ID " << msgMetas[i]->mMsgId << " signed by " << msgMetas[i]->mAuthorId << " who is not in group circle " << circleId << std::endl;
+#endif
+
+					delete msgMetas[i] ;
+					msgMetas[i] = msgMetas[msgMetas.size()-1] ;
+					msgMetas.pop_back() ;
+				}
+				else
+					++i ;
+                        
+			return true ;
+		}
+
 #ifdef TO_BE_REMOVED_OLD_VETTING_FOR_EXTERNAL_CIRCLES
 #ifdef NXS_NET_DEBUG_4
 		GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "   Circle type: EXTERNAL. Circle Id: " << circleId << std::endl;
@@ -4510,6 +4556,7 @@ bool RsGxsNetService::canSendMsgIds(const std::vector<RsGxsMsgMetaData*>& msgMet
 #endif
             		return res ;
 		}
+#endif
 
 #ifdef NXS_NET_DEBUG_4
 		GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "   Circle info not loaded. Putting in vetting list and returning false." << std::endl;
@@ -4526,11 +4573,9 @@ bool RsGxsNetService::canSendMsgIds(const std::vector<RsGxsMsgMetaData*>& msgMet
 		}
 
 		if(!toVet.empty())
-			mPendingCircleVets.push_back(new MsgCircleIdsRequestVetting(mCircles, mPgpUtils, toVet, grpMeta.mGroupId,
-					sslId, grpMeta.mCircleId));
+			mPendingCircleVets.push_back(new MsgCircleIdsRequestVetting(mCircles, mPgpUtils, toVet, grpMeta.mGroupId, sslId, grpMeta.mCircleId));
 
 		return false;
-#endif
 	}
 
 	if(circleType == GXS_CIRCLE_TYPE_YOUREYESONLY)
diff --git a/libretroshare/src/gxs/rsgxsnetservice.h b/libretroshare/src/gxs/rsgxsnetservice.h
index be1e3c16c..136d9cbea 100644
--- a/libretroshare/src/gxs/rsgxsnetservice.h
+++ b/libretroshare/src/gxs/rsgxsnetservice.h
@@ -352,7 +352,7 @@ private:
      * @return false, if you cannot send to this peer, true otherwise
      */
     bool canSendGrpId(const RsPeerId& sslId, RsGxsGrpMetaData& grpMeta, std::vector<GrpIdCircleVet>& toVet, bool &should_encrypt);
-    bool canSendMsgIds(const std::vector<RsGxsMsgMetaData*>& msgMetas, const RsGxsGrpMetaData&, const RsPeerId& sslId, RsGxsCircleId &should_encrypt_id);
+    bool canSendMsgIds(std::vector<RsGxsMsgMetaData*>& msgMetas, const RsGxsGrpMetaData&, const RsPeerId& sslId, RsGxsCircleId &should_encrypt_id);
 
     bool checkCanRecvMsgFromPeer(const RsPeerId& sslId, const RsGxsGrpMetaData& meta);
 
diff --git a/libretroshare/src/gxs/rsgxsnetutils.cc b/libretroshare/src/gxs/rsgxsnetutils.cc
index a00820e49..1de8ec9a4 100644
--- a/libretroshare/src/gxs/rsgxsnetutils.cc
+++ b/libretroshare/src/gxs/rsgxsnetutils.cc
@@ -284,9 +284,30 @@ MsgCircleIdsRequestVetting::MsgCircleIdsRequestVetting(RsGcxs* const circles,
 
 bool MsgCircleIdsRequestVetting::cleared()
 {
-
-	return canSend(mPeerId, mCircleId, mShouldEncrypt);
-
+    if(!mCircles->isLoaded(mCircleId))
+    {
+	    mCircles->loadCircle(mCircleId);
+	    return false ;
+    }
+    
+    for(uint32_t i=0;i<mMsgs.size();)
+        if(!mCircles->isRecipient(mCircleId,mMsgs[i].mAuthorId))
+        {
+            std::cerr << "(WW) MsgCircleIdsRequestVetting::cleared() filtering out message " << mMsgs[i].mMsgId << " because it's signed by author " << mMsgs[i].mAuthorId << " which is not in circle " << mCircleId << std::endl;
+            
+            mMsgs[i] = mMsgs[mMsgs.size()-1] ;
+            mMsgs.pop_back();
+        }
+        else
+            ++i ;
+    
+    RsPgpId pgpId = mPgpUtils->getPGPId(mPeerId);
+    bool can_send_res = mCircles->canSend(mCircleId, pgpId,mShouldEncrypt);
+    
+    if(mShouldEncrypt)		// that means the circle is external
+        return true ;
+    else
+        return can_send_res ;
 }
 
 int MsgCircleIdsRequestVetting::getType() const
diff --git a/libretroshare/src/gxs/rsgxsnetutils.h b/libretroshare/src/gxs/rsgxsnetutils.h
index 8cf7889bc..df82cb2b3 100644
--- a/libretroshare/src/gxs/rsgxsnetutils.h
+++ b/libretroshare/src/gxs/rsgxsnetutils.h
@@ -256,8 +256,6 @@ public:
 protected:
 	bool canSend(const RsPeerId& peerId, const RsGxsCircleId& circleId, bool& should_encrypt);
 
-private:
-
 	RsGcxs* const mCircles;
 	PgpAuxUtils *mPgpUtils;
 	time_t mTimeStamp;
diff --git a/libretroshare/src/retroshare/rsgxscircles.h b/libretroshare/src/retroshare/rsgxscircles.h
index 1cc263726..5f6dcd7c3 100644
--- a/libretroshare/src/retroshare/rsgxscircles.h
+++ b/libretroshare/src/retroshare/rsgxscircles.h
@@ -127,7 +127,7 @@ class RsGxsCircleDetails
 	}
 
         std::set<RsGxsId> mAllowedAnonPeers;
-        std::map<RsPgpId, std::list<RsGxsId> > mAllowedSignedPeers;
+        std::map<RsPgpId, std::set<RsGxsId> > mAllowedSignedPeers;
 };
 
 class RsGxsCircles: public RsGxsIfaceHelper
diff --git a/libretroshare/src/services/p3gxscircles.cc b/libretroshare/src/services/p3gxscircles.cc
index fafe04c1a..2588bbb25 100644
--- a/libretroshare/src/services/p3gxscircles.cc
+++ b/libretroshare/src/services/p3gxscircles.cc
@@ -391,8 +391,21 @@ bool p3GxsCircles::recipients(const RsGxsCircleId &circleId, std::list<RsPgpId>&
 	return false;
 }
 
+bool p3GxsCircles::isRecipient(const RsGxsCircleId &circleId, const RsGxsId& id) 
+{
+	RsStackMutex stack(mCircleMtx); /********** STACK LOCKED MTX ******/
+	if (mCircleCache.is_cached(circleId))
+	{
+		const RsGxsCircleCache &data = mCircleCache.ref(circleId);
+		return data.isAllowedPeer(id);
+	}
+	return false;
+}
+
 bool p3GxsCircles::recipients(const RsGxsCircleId& circleId, std::list<RsGxsId>& gxs_ids)
 {
+    RsStackMutex stack(mCircleMtx); /********** STACK LOCKED MTX ******/
+    
     RsGxsCircleDetails details ;
 
     if(!getCircleDetails(circleId, details))
@@ -401,8 +414,8 @@ bool p3GxsCircles::recipients(const RsGxsCircleId& circleId, std::list<RsGxsId>&
     for(std::set<RsGxsId>::const_iterator it(details.mAllowedAnonPeers.begin());it!=details.mAllowedAnonPeers.end();++it)
 	    gxs_ids.push_back(*it) ;
     
-    for(std::map<RsPgpId,std::list<RsGxsId> >::const_iterator it(details.mAllowedSignedPeers.begin());it!=details.mAllowedSignedPeers.end();++it)
-        for(std::list<RsGxsId>::const_iterator it2(it->second.begin());it2!=it->second.end();++it2)
+    for(std::map<RsPgpId,std::set<RsGxsId> >::const_iterator it(details.mAllowedSignedPeers.begin());it!=details.mAllowedSignedPeers.end();++it)
+        for(std::set<RsGxsId>::const_iterator it2(it->second.begin());it2!=it->second.end();++it2)
             gxs_ids.push_back(*it2) ;
             
     return true;
@@ -561,9 +574,9 @@ bool RsGxsCircleCache::loadSubCircle(const RsGxsCircleCache &subcircle)
 	return true;
 }
 
-bool RsGxsCircleCache::getAllowedPeersList(std::list<RsPgpId> &friendlist)
+bool RsGxsCircleCache::getAllowedPeersList(std::list<RsPgpId> &friendlist) const
 {
-	std::map<RsPgpId, std::list<RsGxsId> >::iterator it;
+	std::map<RsPgpId, std::set<RsGxsId> >::const_iterator it;
 	for(it = mAllowedSignedPeers.begin(); it != mAllowedSignedPeers.end(); ++it)
 	{
 		friendlist.push_back(it->first);
@@ -571,9 +584,24 @@ bool RsGxsCircleCache::getAllowedPeersList(std::list<RsPgpId> &friendlist)
 	return true;
 }
 
-bool RsGxsCircleCache::isAllowedPeer(const RsPgpId &id)
+bool RsGxsCircleCache::isAllowedPeer(const RsGxsId &id) const
 {
-	std::map<RsPgpId, std::list<RsGxsId> >::iterator it = mAllowedSignedPeers.find(id);
+    if(mUnprocessedPeers.find(id) != mUnprocessedPeers.end())
+        return true ;
+    
+    if(mAllowedAnonPeers.find(id) != mAllowedAnonPeers.end())
+        return true ;
+    
+    for(std::map<RsPgpId,std::set<RsGxsId> >::const_iterator it = mAllowedSignedPeers.begin();it!=mAllowedSignedPeers.end();++it)
+        if(it->second.find(id) != it->second.end())
+            return true ;
+    
+    return false ;
+}
+
+bool RsGxsCircleCache::isAllowedPeer(const RsPgpId &id) const
+{
+	std::map<RsPgpId, std::set<RsGxsId> >::const_iterator it = mAllowedSignedPeers.find(id);
 	if (it != mAllowedSignedPeers.end())
 	{
 		return true;
@@ -584,8 +612,7 @@ bool RsGxsCircleCache::isAllowedPeer(const RsPgpId &id)
 bool RsGxsCircleCache::addAllowedPeer(const RsPgpId &pgpId, const RsGxsId &gxsId)
 {
 	/* created if doesn't exist */
-	std::list<RsGxsId> &gxsList = mAllowedSignedPeers[pgpId];
-	gxsList.push_back(gxsId);
+	mAllowedSignedPeers[pgpId].insert(gxsId);
 	return true;
 }
 
@@ -593,7 +620,7 @@ bool RsGxsCircleCache::addAllowedPeer(const RsPgpId &pgpId, const RsGxsId &gxsId
 bool RsGxsCircleCache::addLocalFriend(const RsPgpId &pgpId)
 {
 	/* empty list as no GxsID associated */
-	std::list<RsGxsId> &gxsList = mAllowedSignedPeers[pgpId];
+            mAllowedSignedPeers.insert(std::make_pair(pgpId,std::set<RsGxsId>()));
 	return true;
 }
 
@@ -1272,7 +1299,7 @@ bool p3GxsCircles::checkCircleCacheForAutoSubscribe(RsGxsCircleCache &cache)
         
 	const RsPgpId& ownId = mPgpUtils->getPGPOwnId();
     
-	std::map<RsPgpId, std::list<RsGxsId> >::iterator it = cache.mAllowedSignedPeers.find(ownId);
+	std::map<RsPgpId, std::set<RsGxsId> >::iterator it = cache.mAllowedSignedPeers.find(ownId);
     	bool am_I_allowed =  it != cache.mAllowedSignedPeers.end() ;
         
         if(!am_I_allowed)
diff --git a/libretroshare/src/services/p3gxscircles.h b/libretroshare/src/services/p3gxscircles.h
index 4084b72cf..2ad9934b6 100644
--- a/libretroshare/src/services/p3gxscircles.h
+++ b/libretroshare/src/services/p3gxscircles.h
@@ -132,8 +132,9 @@ class RsGxsCircleCache
 	bool loadBaseCircle(const RsGxsCircleGroup &circle);
 	bool loadSubCircle(const RsGxsCircleCache &subcircle);
 
-	bool getAllowedPeersList(std::list<RsPgpId> &friendlist);
-	bool isAllowedPeer(const RsPgpId &id);
+	bool getAllowedPeersList(std::list<RsPgpId> &friendlist) const;
+	bool isAllowedPeer(const RsPgpId &id) const;
+	bool isAllowedPeer(const RsGxsId &id) const;
 	bool addAllowedPeer(const RsPgpId &pgpid, const RsGxsId &gxsId);
 	bool addLocalFriend(const RsPgpId &pgpid);
 
@@ -154,7 +155,7 @@ class RsGxsCircleCache
 	std::set<RsGxsId> mUnprocessedPeers;
     
 	std::set<RsGxsId> mAllowedAnonPeers;
-	std::map<RsPgpId, std::list<RsGxsId> > mAllowedSignedPeers;
+	std::map<RsPgpId, std::set<RsGxsId> > mAllowedSignedPeers;
 };
 
 
@@ -180,8 +181,9 @@ virtual RsServiceInfo getServiceInfo();
 
 	virtual int canSend(const RsGxsCircleId &circleId, const RsPgpId &id, bool &should_encrypt);
 	virtual int canReceive(const RsGxsCircleId &circleId, const RsPgpId &id);
-	virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsPgpId> &friendlist);
-	virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsGxsId> &gxs_ids);
+	virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsPgpId> &friendlist) ;
+	virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsGxsId> &gxs_ids) ;
+	virtual bool isRecipient(const RsGxsCircleId &circleId, const RsGxsId& id) ;
 
 
 	virtual bool getGroupData(const uint32_t &token, std::vector<RsGxsCircleGroup> &groups);
diff --git a/retroshare-gui/src/gui/Circles/CirclesDialog.cpp b/retroshare-gui/src/gui/Circles/CirclesDialog.cpp
index 642cf71bd..6e2a7766b 100644
--- a/retroshare-gui/src/gui/Circles/CirclesDialog.cpp
+++ b/retroshare-gui/src/gui/Circles/CirclesDialog.cpp
@@ -388,8 +388,7 @@ void CirclesDialog::circle_selected()
 	{
 		/* now mark all the members */
         std::set<RsPgpId> members;
-		std::map<RsPgpId, std::list<RsGxsId> >::iterator it;
-		for(it = details.mAllowedSignedPeers.begin(); it != details.mAllowedSignedPeers.end(); ++it)
+		for( std::map<RsPgpId, std::set<RsGxsId> >::iterator it = details.mAllowedSignedPeers.begin(); it != details.mAllowedSignedPeers.end(); ++it)
 		{
 			members.insert(it->first);
 			std::cerr << "Circle member: " << it->first;
diff --git a/retroshare-gui/src/gui/Circles/CreateCircleDialog.cpp b/retroshare-gui/src/gui/Circles/CreateCircleDialog.cpp
index f1fa5456e..f414d40a2 100644
--- a/retroshare-gui/src/gui/Circles/CreateCircleDialog.cpp
+++ b/retroshare-gui/src/gui/Circles/CreateCircleDialog.cpp
@@ -297,10 +297,9 @@ void CreateCircleDialog::addCircle(const RsGxsCircleDetails &cirDetails)
 		}//if(!gxs_id.isNull() && rsIdentity->getIdDetails(gxs_id,gxs_details))
 	}//for (itUnknownPeers it = cirDetails.mUnknownPeers.begin()
 
-	typedef std::map<RsPgpId, std::list<RsGxsId> >::const_iterator itAllowedPeers;
-	for (itAllowedPeers it = cirDetails.mAllowedSignedPeers.begin()
-	     ; it != cirDetails.mAllowedSignedPeers.end()
-	     ; ++it ) {
+	typedef std::map<RsPgpId, std::set<RsGxsId> >::const_iterator itAllowedPeers;
+	for (itAllowedPeers it = cirDetails.mAllowedSignedPeers.begin() ; it != cirDetails.mAllowedSignedPeers.end() ; ++it ) 
+    {
 		RsPgpId gpg_id = it->first;
 		RsPeerDetails details ;
 		if(!gpg_id.isNull() && rsPeers->getGPGDetails(gpg_id,details)) {
diff --git a/retroshare-gui/src/gui/Identity/IdDialog.cpp b/retroshare-gui/src/gui/Identity/IdDialog.cpp
index b83fbbfa9..4d5691529 100644
--- a/retroshare-gui/src/gui/Identity/IdDialog.cpp
+++ b/retroshare-gui/src/gui/Identity/IdDialog.cpp
@@ -612,8 +612,8 @@ void IdDialog::circle_selected()
         
 	std::set<RsGxsId> members = details.mAllowedAnonPeers;
 
-	for(std::map<RsPgpId, std::list<RsGxsId> >::iterator it = details.mAllowedSignedPeers.begin(); it != details.mAllowedSignedPeers.end(); ++it)
-		for(std::list<RsGxsId>::const_iterator it2=it->second.begin();it2!=it->second.end();++it2)
+	for(std::map<RsPgpId, std::set<RsGxsId> >::iterator it = details.mAllowedSignedPeers.begin(); it != details.mAllowedSignedPeers.end(); ++it)
+		for(std::set<RsGxsId>::const_iterator it2=it->second.begin();it2!=it->second.end();++it2)
 		{
 			members.insert( (*it2) ) ;
 			std::cerr << "Circle member: " << it->first;
diff --git a/retroshare-gui/src/gui/People/CircleWidget.cpp b/retroshare-gui/src/gui/People/CircleWidget.cpp
index 8f29b6863..7a4058da0 100644
--- a/retroshare-gui/src/gui/People/CircleWidget.cpp
+++ b/retroshare-gui/src/gui/People/CircleWidget.cpp
@@ -63,15 +63,14 @@ void CircleWidget::updateData(const RsGroupMetaData& gxs_group_info
 			}//if(!gxs_id.isNull())
 		}//for (itUnknownPeers it = _circle_details.mUnknownPeers.begin()
 
-		typedef std::map<RsPgpId, std::list<RsGxsId> >::const_iterator itAllowedPeers;
-		for (itAllowedPeers it = _circle_details.mAllowedSignedPeers.begin()
-		     ; it != _circle_details.mAllowedSignedPeers.end()
-		     ; ++it ) {
+		typedef std::map<RsPgpId, std::set<RsGxsId> >::const_iterator itAllowedPeers;
+		for (itAllowedPeers it = _circle_details.mAllowedSignedPeers.begin() ; it != _circle_details.mAllowedSignedPeers.end() ; ++it ) 
+        {
 			RsPgpId pgp_id = it->first;
 			emit askForPGPIdentityWidget(pgp_id);
 
-			std::list<RsGxsId> gxs_id_list = it->second;
-			typedef std::list<RsGxsId>::const_iterator itGxsId;
+			std::set<RsGxsId> gxs_id_list = it->second;
+			typedef std::set<RsGxsId>::const_iterator itGxsId;
 			for (itGxsId curs=gxs_id_list.begin()
 			     ; curs != gxs_id_list.end()
 			     ; ++curs) {