photo permission inheritance. We want to use the folder permissions unless specific permissions have been set to over-ride them. If nothing is set, use the channel default. We may have to mess with his further in the case of somebody trying to create a public photo directory when their normal permissions are set to private. Kind of a chicken/egg problem because the folder permissions will be empty.
This commit is contained in:
		| @@ -214,6 +214,29 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { | |||||||
|  |  | ||||||
| 		$f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $hash; | 		$f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $hash; | ||||||
|  |  | ||||||
|  | 		$direct = null; | ||||||
|  |  | ||||||
|  | 		if($this->folder_hash) { | ||||||
|  | 			$r = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", | ||||||
|  | 				dbesc($this->folder_hash), | ||||||
|  | 				intval($c[0]['channel_id']) | ||||||
|  | 			); | ||||||
|  | 			if($r) | ||||||
|  | 				$direct = $r[0]; | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		if(($direct) && (($direct['allow_cid']) || ($direct['allow_gid']) || ($direct['deny_cid']) || ($direct['deny_gid']))) { | ||||||
|  | 			$allow_cid = $direct['allow_cid']; | ||||||
|  | 			$allow_gid = $direct['allow_gid']; | ||||||
|  | 			$deny_cid = $direct['deny_cid']; | ||||||
|  | 			$deny_gid = $direct['deny_gid']; | ||||||
|  | 		} | ||||||
|  | 		else {  | ||||||
|  | 			$allow_cid = $c[0]['channel_allow_cid']; | ||||||
|  | 			$allow_gid = $c[0]['channel_allow_gid']; | ||||||
|  | 			$deny_cid = $c[0]['channel_deny_cid']; | ||||||
|  | 			$deny_gid = $c[0]['channel_deny_gid']; | ||||||
|  | 		} | ||||||
|  |  | ||||||
| 		$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) | 		$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) | ||||||
| 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", | 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", | ||||||
| @@ -231,10 +254,10 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { | |||||||
| 			dbesc($this->os_path . '/' . $hash), | 			dbesc($this->os_path . '/' . $hash), | ||||||
| 			dbesc(datetime_convert()), | 			dbesc(datetime_convert()), | ||||||
| 			dbesc(datetime_convert()), | 			dbesc(datetime_convert()), | ||||||
| 			dbesc($c[0]['channel_allow_cid']), | 			dbesc($allow_cid), | ||||||
| 			dbesc($c[0]['channel_allow_gid']), | 			dbesc($allow_gid), | ||||||
| 			dbesc($c[0]['channel_deny_cid']), | 			dbesc($deny_cid), | ||||||
| 			dbesc($c[0]['channel_deny_gid']) | 			dbesc($deny_gid) | ||||||
| 		); | 		); | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -308,7 +331,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { | |||||||
| 			} | 			} | ||||||
|  |  | ||||||
| 			require_once('include/photos.php'); | 			require_once('include/photos.php'); | ||||||
| 			$args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x); | 			$args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct); | ||||||
| 			$p = photo_upload($c[0],get_app()->get_observer(),$args); | 			$p = photo_upload($c[0],get_app()->get_observer(),$args); | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
|   | |||||||
| @@ -116,12 +116,14 @@ class RedFile extends DAV\Node implements DAV\IFile { | |||||||
| 				); | 				); | ||||||
| 				if($d) { | 				if($d) { | ||||||
| 					if($d[0]['folder']) { | 					if($d[0]['folder']) { | ||||||
| 						$f1 = q("select filename from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", | 						$f1 = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", | ||||||
| 							dbesc($d[0]['folder']), | 							dbesc($d[0]['folder']), | ||||||
| 							intval($c[0]['channel_id']) | 							intval($c[0]['channel_id']) | ||||||
| 						); | 						); | ||||||
| 						if($f1) | 						if($f1) { | ||||||
| 							$album = $f1[0]['filename']; | 							$album = $f1[0]['filename']; | ||||||
|  | 							$direct = $f1[0]; | ||||||
|  | 						} | ||||||
| 					}	 | 					}	 | ||||||
| 					$fname = dbunescbin($d[0]['data']); | 					$fname = dbunescbin($d[0]['data']); | ||||||
| 					$f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : ''); | 					$f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : ''); | ||||||
| @@ -166,7 +168,7 @@ class RedFile extends DAV\Node implements DAV\IFile { | |||||||
|  |  | ||||||
| 		if($is_photo) { | 		if($is_photo) { | ||||||
| 			require_once('include/photos.php'); | 			require_once('include/photos.php'); | ||||||
| 			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis ); | 			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct ); | ||||||
| 			$p = photo_upload($c[0],get_app()->get_observer(),$args); | 			$p = photo_upload($c[0],get_app()->get_observer(),$args); | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
|   | |||||||
| @@ -490,6 +490,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { | |||||||
| 	if($pathname) { | 	if($pathname) { | ||||||
| 		$x = attach_mkdirp($channel, $observer_hash, $darr); | 		$x = attach_mkdirp($channel, $observer_hash, $darr); | ||||||
| 		$folder_hash = (($x['success']) ? $x['data']['hash'] : ''); | 		$folder_hash = (($x['success']) ? $x['data']['hash'] : ''); | ||||||
|  | 		if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) { | ||||||
|  | 			$str_contact_allow = $x['data']['allow_cid']; | ||||||
|  | 			$str_group_allow = $x['data']['allow_gid']; | ||||||
|  | 			$str_contact_deny = $x['data']['deny_cid']; | ||||||
|  | 			$str_group_deny = $x['data']['deny_gid']; | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 	else { | 	else { | ||||||
| 		$folder_hash = ''; | 		$folder_hash = ''; | ||||||
| @@ -886,7 +892,6 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { | |||||||
| 	if($r) { | 	if($r) { | ||||||
| 		if(os_mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) { | 		if(os_mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) { | ||||||
| 			$ret['success'] = true; | 			$ret['success'] = true; | ||||||
| 			$ret['data'] = $arr; |  | ||||||
|  |  | ||||||
| 			// update the parent folder's lastmodified timestamp | 			// update the parent folder's lastmodified timestamp | ||||||
| 			$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", | 			$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", | ||||||
| @@ -894,6 +899,13 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { | |||||||
| 				dbesc($arr['folder']), | 				dbesc($arr['folder']), | ||||||
| 				intval($channel_id) | 				intval($channel_id) | ||||||
| 			); | 			); | ||||||
|  |  | ||||||
|  | 			$z = q("select * from attach where hash = '%s' and uid = %d and is_dir = 1 limit 1", | ||||||
|  | 				dbesc($arr['hash']), | ||||||
|  | 				intval($channel_id) | ||||||
|  | 			); | ||||||
|  | 			if($z) | ||||||
|  | 				$ret['data'] = $z[0]; | ||||||
| 		} | 		} | ||||||
| 		else { | 		else { | ||||||
| 			logger('attach_mkdir: ' . mkdir . ' ' . $path . ' failed.'); | 			logger('attach_mkdir: ' . mkdir . ' ' . $path . ' failed.'); | ||||||
|   | |||||||
| @@ -1597,7 +1597,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ | |||||||
| 		); | 		); | ||||||
| 		$tabs[] = array( | 		$tabs[] = array( | ||||||
| 			'label' => t('Files'), | 			'label' => t('Files'), | ||||||
| 			'url'   => $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'), | 			'url'   => $a->get_baseurl() . '/cloud/' . $nickname, | ||||||
| 			'sel'   => ((argv(0) == 'cloud' || argv(0) == 'sharedwithme') ? 'active' : ''), | 			'sel'   => ((argv(0) == 'cloud' || argv(0) == 'sharedwithme') ? 'active' : ''), | ||||||
| 			'title' => t('Files and Storage'), | 			'title' => t('Files and Storage'), | ||||||
| 			'id'    => 'files-tab', | 			'id'    => 'files-tab', | ||||||
|   | |||||||
| @@ -50,20 +50,32 @@ function photo_upload($channel, $observer, $args) { | |||||||
| 	else | 	else | ||||||
| 		$visible = 0; | 		$visible = 0; | ||||||
|  |  | ||||||
| 	$str_group_allow   = perms2str(((is_array($args['group_allow']))   ? $args['group_allow']   : explode(',',$args['group_allow']))); | 	// Set to default channel permissions. If the parent directory (album) has permissions set,  | ||||||
| 	$str_contact_allow = perms2str(((is_array($args['contact_allow'])) ? $args['contact_allow'] : explode(',',$args['contact_allow']))); | 	// use those instead. If we have specific permissions supplied, they take precedence over | ||||||
| 	$str_group_deny    = perms2str(((is_array($args['group_deny']))    ? $args['group_deny']    : explode(',',$args['group_deny']))); | 	// all other settings.  | ||||||
| 	$str_contact_deny  = perms2str(((is_array($args['contact_deny']))  ? $args['contact_deny']  : explode(',',$args['contact_deny']))); |  | ||||||
|  |  | ||||||
|  | 	$str_group_allow = $channel['channel_allow_gid']; | ||||||
|  | 	$str_contact_allow = $channel['channel_allow_cid']; | ||||||
|  | 	$str_group_deny = $channel['channel_deny_gid']; | ||||||
|  | 	$str_contact_deny = $channel['channel_deny_cid']; | ||||||
|  |  | ||||||
|  | 	if($args['directory']) { | ||||||
|  | 		$str_group_allow = $args['directory']['allow_gid']; | ||||||
|  | 		$str_contact_allow = $args['directory']['allow_cid']; | ||||||
|  | 		$str_group_deny = $args['directory']['deny_gid']; | ||||||
|  | 		$str_contact_deny = $args['directory']['deny_cid']; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	if( (array_key_exists('group_allow',$args))  | ||||||
|  | 		|| (array_key_exists('contact_allow',$args))  | ||||||
|  | 		|| (array_key_exists('group_deny',$args))  | ||||||
|  | 		|| (array_key_exists('contact_deny',$args))) { | ||||||
|  |  | ||||||
|  | 			$str_group_allow   = perms2str(((is_array($args['group_allow']))   ? $args['group_allow']   : explode(',',$args['group_allow']))); | ||||||
|  | 			$str_contact_allow = perms2str(((is_array($args['contact_allow'])) ? $args['contact_allow'] : explode(',',$args['contact_allow']))); | ||||||
|  | 			$str_group_deny    = perms2str(((is_array($args['group_deny']))    ? $args['group_deny']    : explode(',',$args['group_deny']))); | ||||||
|  | 			$str_contact_deny  = perms2str(((is_array($args['contact_deny']))  ? $args['contact_deny']  : explode(',',$args['contact_deny']))); | ||||||
|  |  | ||||||
| 	if(    (! array_key_exists('group_allow',$args))  |  | ||||||
| 		&& (! array_key_exists('contact_allow',$args))  |  | ||||||
| 		&& (! array_key_exists('group_deny',$args))  |  | ||||||
| 		&& (! array_key_exists('contact_deny',$args))) { |  | ||||||
| 		$str_group_allow = $channel['channel_allow_gid']; |  | ||||||
| 		$str_contact_allow = $channel['channel_allow_cid']; |  | ||||||
| 		$str_group_deny = $channel['channel_deny_gid']; |  | ||||||
| 		$str_contact_deny = $channel['channel_deny_cid']; |  | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	$os_storage = 0; | 	$os_storage = 0; | ||||||
|   | |||||||
							
								
								
									
										17
									
								
								mod/item.php
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								mod/item.php
									
									
									
									
									
								
							| @@ -1051,6 +1051,23 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, | |||||||
| 					continue; | 					continue; | ||||||
| 				$srch = '<' . $xchan_hash . '>'; | 				$srch = '<' . $xchan_hash . '>'; | ||||||
| 					 | 					 | ||||||
|  | 				$r = q("select folder from attach where hash = '%s' and uid = %d limit 1", | ||||||
|  | 					dbesc($image_uri), | ||||||
|  | 					intval($uid) | ||||||
|  | 				); | ||||||
|  | 				if($r && $r[0]['folder']) { | ||||||
|  | 					$f = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", | ||||||
|  | 						dbesc($r[0]['folder']), | ||||||
|  | 						intval($uid) | ||||||
|  | 					); | ||||||
|  | 					if(($f) && (($f[0]['allow_cid']) || ($f[0]['allow_gid']) || ($f[0]['deny_cid']) || ($f[0]['deny_gid']))) { | ||||||
|  | 						$str_contact_allow = $f[0]['allow_cid']; | ||||||
|  | 						$str_group_allow = $f[0]['allow_gid']; | ||||||
|  | 						$str_contact_deny = $f[0]['deny_cid']; | ||||||
|  | 						$str_group_deny = $f[0]['deny_gid']; | ||||||
|  | 					} | ||||||
|  | 				} | ||||||
|  |  | ||||||
| 				$r = q("SELECT id FROM photo  | 				$r = q("SELECT id FROM photo  | ||||||
| 					WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' | 					WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' | ||||||
| 					AND resource_id = '%s' AND uid = %d LIMIT 1", | 					AND resource_id = '%s' AND uid = %d LIMIT 1", | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user