backend work to allow admin to delete photos. Still requires frontend work to give admin access to either the photos and/or the delete link.
This commit is contained in:
zotlabs
parent
406ea67bbc
commit
9713436f49
@ -1084,6 +1084,8 @@ class Item extends \Zotlabs\Web\Controller {
|
|||||||
if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
|
if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
|
||||||
|
|
||||||
require_once('include/items.php');
|
require_once('include/items.php');
|
||||||
|
|
||||||
|
|
||||||
$i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
|
$i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
|
||||||
intval(argv(2))
|
intval(argv(2))
|
||||||
);
|
);
|
||||||
@ -1091,8 +1093,15 @@ class Item extends \Zotlabs\Web\Controller {
|
|||||||
if($i) {
|
if($i) {
|
||||||
$can_delete = false;
|
$can_delete = false;
|
||||||
$local_delete = false;
|
$local_delete = false;
|
||||||
if(local_channel() && local_channel() == $i[0]['uid'])
|
|
||||||
|
if(local_channel() && local_channel() == $i[0]['uid']) {
|
||||||
$local_delete = true;
|
$local_delete = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$ob_hash = get_observer_hash();
|
||||||
|
if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
|
||||||
|
$can_delete = true;
|
||||||
|
}
|
||||||
|
|
||||||
// The site admin can delete any post/item on the site.
|
// The site admin can delete any post/item on the site.
|
||||||
// If the item originated on this site+channel the deletion will propagate downstream.
|
// If the item originated on this site+channel the deletion will propagate downstream.
|
||||||
@ -1104,10 +1113,6 @@ class Item extends \Zotlabs\Web\Controller {
|
|||||||
$can_delete = true;
|
$can_delete = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$ob_hash = get_observer_hash();
|
|
||||||
if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
|
|
||||||
$can_delete = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(! ($can_delete || $local_delete)) {
|
if(! ($can_delete || $local_delete)) {
|
||||||
notice( t('Permission denied.') . EOL);
|
notice( t('Permission denied.') . EOL);
|
||||||
|
|||||||
@ -103,13 +103,6 @@ class Photos extends \Zotlabs\Web\Controller {
|
|||||||
if($_REQUEST['dropalbum'] == t('Delete Album')) {
|
if($_REQUEST['dropalbum'] == t('Delete Album')) {
|
||||||
|
|
||||||
|
|
||||||
// This is dangerous because we combined file storage and photos into one interface
|
|
||||||
// This function will remove all photos from any directory with the same name since
|
|
||||||
// we have not passed the path value.
|
|
||||||
|
|
||||||
// The correct solution would be to use a full pathname from your storage root for 'album'
|
|
||||||
// We also need to prevent/block removing the storage root folder.
|
|
||||||
|
|
||||||
$folder_hash = '';
|
$folder_hash = '';
|
||||||
|
|
||||||
$r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'",
|
$r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'",
|
||||||
@ -124,6 +117,7 @@ class Photos extends \Zotlabs\Web\Controller {
|
|||||||
|
|
||||||
|
|
||||||
$res = array();
|
$res = array();
|
||||||
|
$admin_delete = false;
|
||||||
|
|
||||||
// get the list of photos we are about to delete
|
// get the list of photos we are about to delete
|
||||||
|
|
||||||
@ -133,6 +127,10 @@ class Photos extends \Zotlabs\Web\Controller {
|
|||||||
elseif(local_channel()) {
|
elseif(local_channel()) {
|
||||||
$str = photos_album_get_db_idstr(local_channel(),$album);
|
$str = photos_album_get_db_idstr(local_channel(),$album);
|
||||||
}
|
}
|
||||||
|
elseif(is_site_admin()) {
|
||||||
|
$str = photos_album_get_db_idstr_admin($page_owner_uid,$album);
|
||||||
|
$admin_delete = true;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
$str = null;
|
$str = null;
|
||||||
}
|
}
|
||||||
@ -145,7 +143,7 @@ class Photos extends \Zotlabs\Web\Controller {
|
|||||||
);
|
);
|
||||||
if($r) {
|
if($r) {
|
||||||
foreach($r as $i) {
|
foreach($r as $i) {
|
||||||
attach_delete($page_owner_uid, $i['resource_id'], 1 );
|
attach_delete($page_owner_uid, $i['resource_id'], true );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -158,13 +156,15 @@ class Photos extends \Zotlabs\Web\Controller {
|
|||||||
// @FIXME do the same for the linked attach
|
// @FIXME do the same for the linked attach
|
||||||
|
|
||||||
if($folder_hash) {
|
if($folder_hash) {
|
||||||
attach_delete($page_owner_uid,$folder_hash, 1);
|
attach_delete($page_owner_uid, $folder_hash, true );
|
||||||
|
|
||||||
|
if(! $admin_delete) {
|
||||||
$sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
|
$sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
|
||||||
|
|
||||||
if($sync)
|
if($sync)
|
||||||
build_sync_packet($page_owner_uid,array('file' => array($sync)));
|
build_sync_packet($page_owner_uid,array('file' => array($sync)));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -181,16 +181,21 @@ class Photos extends \Zotlabs\Web\Controller {
|
|||||||
$r = q("SELECT id, resource_id FROM photo WHERE ( xchan = '%s' or uid = %d ) AND resource_id = '%s' LIMIT 1",
|
$r = q("SELECT id, resource_id FROM photo WHERE ( xchan = '%s' or uid = %d ) AND resource_id = '%s' LIMIT 1",
|
||||||
dbesc($ob_hash),
|
dbesc($ob_hash),
|
||||||
intval(local_channel()),
|
intval(local_channel()),
|
||||||
dbesc(\App::$argv[2])
|
dbesc(argv(2))
|
||||||
);
|
);
|
||||||
|
|
||||||
if($r) {
|
if($r) {
|
||||||
attach_delete($page_owner_uid, $r[0]['resource_id'], 1 );
|
attach_delete($page_owner_uid, $r[0]['resource_id'], true );
|
||||||
$sync = attach_export_data(\App::$data['channel'],$r[0]['resource_id'], true);
|
$sync = attach_export_data(\App::$data['channel'],$r[0]['resource_id'], true);
|
||||||
|
|
||||||
if($sync)
|
if($sync)
|
||||||
build_sync_packet($page_owner_uid,array('file' => array($sync)));
|
build_sync_packet($page_owner_uid,array('file' => array($sync)));
|
||||||
}
|
}
|
||||||
|
elseif(is_site_admin()) {
|
||||||
|
// If the admin deletes a photo, don't sync
|
||||||
|
attach_delete($page_owner_uid, argv(2), true);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
|
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -786,17 +786,31 @@ function photos_album_get_db_idstr($channel_id, $album, $remote_xchan = '') {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($r) {
|
if ($r) {
|
||||||
$arr = array();
|
return ids_to_querystr($r,'hash',true);
|
||||||
foreach ($r as $rr) {
|
|
||||||
$arr[] = "'" . dbesc($rr['hash']) . "'" ;
|
|
||||||
}
|
|
||||||
$str = implode(',',$arr);
|
|
||||||
return $str;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function photos_album_get_db_idstr_admin($channel_id, $album) {
|
||||||
|
|
||||||
|
if(! is_site_admin())
|
||||||
|
return false;
|
||||||
|
|
||||||
|
$r = q("SELECT hash from attach where uid = %d and folder = '%s' ",
|
||||||
|
intval($channel_id),
|
||||||
|
dbesc($album)
|
||||||
|
);
|
||||||
|
|
||||||
|
if ($r) {
|
||||||
|
return ids_to_querystr($r,'hash',true);
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Creates a new photo item.
|
* @brief Creates a new photo item.
|
||||||
*
|
*
|
||||||
|
|||||||
Reference in New Issue
Block a user