Merge branch 'master' of https://github.com/friendica/red

include/conversation.php

@@ -1481,7 +1481,7 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){
 	if($p['view_storage']) {
 		$tabs[] = array(
 			'label' => t('Files'),
-			'url'	=> $a->get_baseurl() . '/cloud/' . $nickname,
+			'url'	=> $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'),
 			'sel'	=> ((argv(0) == 'cloud') ? 'active' : ''),
 			'title' => t('Files and Storage'),
 			'id'    => 'files-tab',

mod/cloud.php

@@ -67,12 +67,18 @@ function cloud_init(&$a) {
 		$auth->observer = $ob_hash;
 	}	
 
+	if($_GET['davguest'])
+		$_SESSION['davguest'] = true;
+
+
 
 	$_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']);
 	$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']);
+	$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']);
 
 	$_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']);
 	$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
+	$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
 
 	$rootDirectory = new RedDirectory('/',$auth);
 	$server = new DAV\Server($rootDirectory);
@@ -85,12 +91,10 @@ function cloud_init(&$a) {
 	// allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login.
 	// If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot, 
 	// prompt for HTTP-auth. This will be the default case for mounting a DAV directory. 
-
-	// FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from 
-	// the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be 
-	// able to do this with a special $_GET request var and a cookie.  
+	// In order to avoid prompting for passwords for viewing a DIRECTORY, add the URL query parameter 'davguest=1'
 
 	$isapublic_file = false;
+	$davguest = ((x($_SESSION,'davguest')) ? true : false);
 
 	if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
 		try { 
@@ -103,7 +107,7 @@ function cloud_init(&$a) {
 		}
 	}
 
-	if((! $auth->observer) && (! $isapublic_file)) {
+	if((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
 		try {
 			$auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++'));
 		}

mod/filestorage.php

@@ -69,7 +69,6 @@ function filestorage_content(&$a) {
 		return;
 	}
 
-	// 	TODO This will also need to check for files on disk and delete them from there as well as the DB.
 
 	if(argc() > 3 && argv(3) === 'delete') {
 		if(! $perms['write_storage']) {
@@ -110,7 +109,7 @@ function filestorage_content(&$a) {
 
 		$channel = $a->get_channel();
 
-		$cloudpath = get_cloudpath($f);
+		$cloudpath = get_cloudpath($f) . (($f['flags'] & ATTACH_FLAG_DIR) ? '?f=&davguest=1' : '');
 
 		$aclselect_e = populate_acl($f);
 		$is_a_dir = (($f['flags'] & ATTACH_FLAG_DIR) ? true : false);

view/tpl/attach_edit.tpl

@@ -23,12 +23,11 @@
 {{else}}
 <div class="cut-paste-desc">{{$cpdesc}}</div>
 <input type="text" id="cutpasteinput" name="cutpastelink" value="[attachment]{{$file.hash}},{{$file.revision}}[/attachment]" onclick="this.select();" /><br />
+{{/if}}
 
 <div class="cut-paste-desc">{{$cpldesc}}</div>
 <input type="text" id="linkpasteinput" name="cutpasteextlink" value="{{$cloudpath}}" onclick="this.select();"/><br />
 
-{{/if}}
-
 <div id="attach-edit-perms" >
 {{$aclselect}}
 </div>