backend work to allow admin to delete photos. Still requires frontend work to give admin access to either the photos and/or the delete link.
This commit is contained in:
zotlabs
parent
406ea67bbc
commit
9713436f49
@ -1084,6 +1084,8 @@ class Item extends \Zotlabs\Web\Controller {
|
||||
if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
|
||||
|
||||
require_once('include/items.php');
|
||||
|
||||
|
||||
$i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
|
||||
intval(argv(2))
|
||||
);
|
||||
@ -1091,9 +1093,16 @@ class Item extends \Zotlabs\Web\Controller {
|
||||
if($i) {
|
||||
$can_delete = false;
|
||||
$local_delete = false;
|
||||
if(local_channel() && local_channel() == $i[0]['uid'])
|
||||
|
||||
if(local_channel() && local_channel() == $i[0]['uid']) {
|
||||
$local_delete = true;
|
||||
}
|
||||
|
||||
$ob_hash = get_observer_hash();
|
||||
if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
|
||||
$can_delete = true;
|
||||
}
|
||||
|
||||
// The site admin can delete any post/item on the site.
|
||||
// If the item originated on this site+channel the deletion will propagate downstream.
|
||||
// Otherwise just the local copy is removed.
|
||||
@ -1104,10 +1113,6 @@ class Item extends \Zotlabs\Web\Controller {
|
||||
$can_delete = true;
|
||||
}
|
||||
|
||||
$ob_hash = get_observer_hash();
|
||||
if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
|
||||
$can_delete = true;
|
||||
}
|
||||
|
||||
if(! ($can_delete || $local_delete)) {
|
||||
notice( t('Permission denied.') . EOL);
|
||||
|
||||
@ -102,14 +102,7 @@ class Photos extends \Zotlabs\Web\Controller {
|
||||
|
||||
if($_REQUEST['dropalbum'] == t('Delete Album')) {
|
||||
|
||||
|
||||
// This is dangerous because we combined file storage and photos into one interface
|
||||
// This function will remove all photos from any directory with the same name since
|
||||
// we have not passed the path value.
|
||||
|
||||
// The correct solution would be to use a full pathname from your storage root for 'album'
|
||||
// We also need to prevent/block removing the storage root folder.
|
||||
|
||||
|
||||
$folder_hash = '';
|
||||
|
||||
$r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'",
|
||||
@ -124,7 +117,8 @@ class Photos extends \Zotlabs\Web\Controller {
|
||||
|
||||
|
||||
$res = array();
|
||||
|
||||
$admin_delete = false;
|
||||
|
||||
// get the list of photos we are about to delete
|
||||
|
||||
if(remote_channel() && (! local_channel())) {
|
||||
@ -133,6 +127,10 @@ class Photos extends \Zotlabs\Web\Controller {
|
||||
elseif(local_channel()) {
|
||||
$str = photos_album_get_db_idstr(local_channel(),$album);
|
||||
}
|
||||
elseif(is_site_admin()) {
|
||||
$str = photos_album_get_db_idstr_admin($page_owner_uid,$album);
|
||||
$admin_delete = true;
|
||||
}
|
||||
else {
|
||||
$str = null;
|
||||
}
|
||||
@ -145,7 +143,7 @@ class Photos extends \Zotlabs\Web\Controller {
|
||||
);
|
||||
if($r) {
|
||||
foreach($r as $i) {
|
||||
attach_delete($page_owner_uid, $i['resource_id'], 1 );
|
||||
attach_delete($page_owner_uid, $i['resource_id'], true );
|
||||
}
|
||||
}
|
||||
|
||||
@ -158,12 +156,14 @@ class Photos extends \Zotlabs\Web\Controller {
|
||||
// @FIXME do the same for the linked attach
|
||||
|
||||
if($folder_hash) {
|
||||
attach_delete($page_owner_uid,$folder_hash, 1);
|
||||
attach_delete($page_owner_uid, $folder_hash, true );
|
||||
|
||||
if(! $admin_delete) {
|
||||
$sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
|
||||
|
||||
$sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
|
||||
|
||||
if($sync)
|
||||
build_sync_packet($page_owner_uid,array('file' => array($sync)));
|
||||
if($sync)
|
||||
build_sync_packet($page_owner_uid,array('file' => array($sync)));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@ -181,17 +181,22 @@ class Photos extends \Zotlabs\Web\Controller {
|
||||
$r = q("SELECT id, resource_id FROM photo WHERE ( xchan = '%s' or uid = %d ) AND resource_id = '%s' LIMIT 1",
|
||||
dbesc($ob_hash),
|
||||
intval(local_channel()),
|
||||
dbesc(\App::$argv[2])
|
||||
dbesc(argv(2))
|
||||
);
|
||||
|
||||
if($r) {
|
||||
attach_delete($page_owner_uid, $r[0]['resource_id'], 1 );
|
||||
attach_delete($page_owner_uid, $r[0]['resource_id'], true );
|
||||
$sync = attach_export_data(\App::$data['channel'],$r[0]['resource_id'], true);
|
||||
|
||||
if($sync)
|
||||
build_sync_packet($page_owner_uid,array('file' => array($sync)));
|
||||
}
|
||||
|
||||
elseif(is_site_admin()) {
|
||||
// If the admin deletes a photo, don't sync
|
||||
attach_delete($page_owner_uid, argv(2), true);
|
||||
}
|
||||
|
||||
|
||||
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
|
||||
}
|
||||
|
||||
|
||||
@ -786,17 +786,31 @@ function photos_album_get_db_idstr($channel_id, $album, $remote_xchan = '') {
|
||||
);
|
||||
}
|
||||
if ($r) {
|
||||
$arr = array();
|
||||
foreach ($r as $rr) {
|
||||
$arr[] = "'" . dbesc($rr['hash']) . "'" ;
|
||||
}
|
||||
$str = implode(',',$arr);
|
||||
return $str;
|
||||
return ids_to_querystr($r,'hash',true);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function photos_album_get_db_idstr_admin($channel_id, $album) {
|
||||
|
||||
if(! is_site_admin())
|
||||
return false;
|
||||
|
||||
$r = q("SELECT hash from attach where uid = %d and folder = '%s' ",
|
||||
intval($channel_id),
|
||||
dbesc($album)
|
||||
);
|
||||
|
||||
if ($r) {
|
||||
return ids_to_querystr($r,'hash',true);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @brief Creates a new photo item.
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user