Filestorage perms (no ACL), fix nav for browsers that can't handle PCSS, put content wrapper back now JS is fixed for features page.

mod/filestorage.php

@@ -17,12 +17,32 @@ function filestorage_content(&$a) {
                 $owner = intval($r[0]['channel_id']);
 	}
 
+        $observer = $a->get_observer();
+        $ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
+        $perms = get_all_perms($owner,$ob_hash);
+
+        if(! $perms['view_storage']) {
+                notice( t('Permission denied.') . EOL);
+                return;
+        }
+
+//	Since we have ACL'd files in the wild, but don't have ACL here yet, we 
+//	need to return for anoyne other than the owner, despite the perms check for now.
+
 	$is_owner = (((local_user()) && ($owner  == local_user())) ? true : false);
 	if (! $is_owner) {
 		 info( t('Permission Denied.') . EOL );
 	return;
 	}
+
+// 	TODO This will also need to check for files on disk and delete them from there as well as the DB.
 	if ((argc() > 3 && argv(3) === 'delete') ? true : false);{
+	        if(! $perms['view_storage']) {
+        	        notice( t('Permission denied.  VS.') . EOL);
+                return;
+		}
+
 		 $file = argv(2);
 		 $r = q("delete from attach where id = '%s' and uid = '%s' limit 1",
 			dbesc($file),

view/css/default.css

@@ -5,6 +5,7 @@ nav {
 	position: fixed;
 	width: 100%;
 	z-index: 100;
+	background-color: #ff0000;
 }
 
 aside {

view/tpl/settings_features.tpl

@@ -1,3 +1,4 @@
+<div class="generic-content-wrapper">
 <h1>{{$title}}</h1>
 
 
@@ -17,3 +18,4 @@
 </div>
 
 </form>
+</div>