aboutsummaryrefslogblamecommitdiffstats
path: root/Zotlabs/Module/Attach_edit.php
blob: 5880d8f1354e119cb624b73ef7a9422f04afc50f (plain) (tree)














































































































                                                                                                                                           
                                                           








































                                                                                                                                                         
                                                                            
                                         
























                                                                                                                                                                            
                                                                                                            

















                                                                                                     
<?php
namespace Zotlabs\Module;
/**
 * @file Zotlabs/Module/Attach_edit.php
 *
 */

use App;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Libsync;
use Zotlabs\Access\AccessList;

class Attach_edit extends Controller {

	function post() {

		if (!local_channel() && !remote_channel()) {
			return;
		}

		$attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []);
		$attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0);
		$channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0);
		$dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0);
		$permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0);
		$return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud');
		$delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0);
		$newfolder  = ((x($_POST, 'newfolder_' . $attach_id))  ? notags($_POST['newfolder_' . $attach_id])  : '');
		if(! $newfolder)
			$newfolder = ((x($_POST, 'newfolder'))  ? notags($_POST['newfolder'])  : '');
		$newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : '');
		$recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0);
		if(! $recurse)
			$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
		$notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0);
		$copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0);
		if(! $copy)
			$copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0);

		$categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : '');
		if(! $categories)
			$categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : '');

		if($attach_id)
			$attach_ids[] = $attach_id;

		$single = ((count($attach_ids) === 1) ? true : false);

		$channel = channelx_by_n($channel_id);

		if (! $channel) {
			notice(t('Channel not found.') . EOL);
			return;
		}

		$nick = $channel['channel_address'];
		$observer = App::get_observer();
		$observer_hash = (($observer) ? $observer['xchan_hash'] : '');
		$is_owner = ((local_channel() == $channel_id) ? true : false);

		$ids_str = implode(',', $attach_ids);

		$r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d",
			dbesc($ids_str),
			intval($channel_id)
		);

		if (! $r) {
			notice(t('File not found.') . EOL);
			return;
		}

		foreach ($r as $rr) {
			$actions_done = '';
			$attach_id = $rr['id'];
			$resource = $rr['hash'];
			$creator = $rr['creator'];
			$folder = $rr['folder'];
			$filename = $rr['filename'];
			$is_photo = intval($rr['is_photo']);
			$is_dir = intval($rr['is_dir']);
			$admin_delete = false;

			$is_creator = (($creator == $observer_hash) ? true : false);
			$move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);

			$perms = get_all_perms($channel_id, $observer_hash);

			if (! ($perms['view_storage'] || is_site_admin())) {
				notice( t('Permission denied.') . EOL);
				continue;
			}

			if (! $perms['write_storage']) {
				if (is_site_admin()) {
					$admin_delete = true;
				}
				else {
					notice( t('Permission denied.') . EOL);
					continue;
				}
			}

			if (!$is_owner && !$admin_delete) {
				if(! $is_creator) {
					notice( t('Permission denied.') . EOL);
					continue;
				}
			}

			if ($delete) {
				attach_delete($channel_id, $resource, $is_photo);
				$actions_done .= 'delete,';
			}

			if ($copy) {
				if($is_dir && $resource == $newfolder) {
					notice( t('Can not copy folder into itself.') . EOL);
					continue;
				}
				$x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
				if ($x['success'])
					$resource = $x['resource_id'];

				$actions_done .= 'copy,';

			}

			if ($move) {
				if($is_dir && $resource == $newfolder) {
					notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL);
					continue;
				}
				$x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));

				$actions_done .= 'move,';

			}

			if(! $delete && ! $dnd) {
				if ($single || (! $single && $categories)) {
					q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
						intval($channel_id),
						intval($attach_id),
						intval(TERM_OBJ_FILE)
					);
					$cat = explode(',', $categories);
					if ($cat) {
						foreach($cat as $term) {
							$term = trim(escape_tags($term));
							if ($term) {
								$term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term;
								store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link);
							}
						}
						$actions_done .= 'cat_add,';
					}
				}
				else {
					q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
						intval($channel_id),
						intval($attach_id),
						intval(TERM_OBJ_FILE)
					);
					$actions_done .= 'cat_remove,';
				}

				if ($is_owner && ($single || (! $single && $permissions))) {
					$acl = new AccessList($channel);
					$acl->set_from_array($_REQUEST);
					$x = $acl->get();

					attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
					$actions_done .= 'permissions,';

					if ($notify) {
						attach_store_item($channel, $observer, $resource);
						$actions_done .= 'notify,';
					}
				}
			}

			if (! $admin_delete && $actions_done) {
				$sync = attach_export_data($channel, $resource, (($delete) ? true : false));

				if ($sync) {
					Libsync::build_sync_packet($channel_id, ['file' => [$sync]]);
				}
			}

			logger('attach_edit: ' . $actions_done);

		}

		if($dnd || $delete) {
			json_return_and_die([ 'success' => true ]);
		}

		goaway($return_path);

	}

}