<?php
namespace Zotlabs\Module;
/**
* @file Zotlabs/Module/Attach_edit.php
*
*/
use App;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Libsync;
use Zotlabs\Access\AccessList;
class Attach_edit extends Controller {
function post() {
if (!local_channel() && !remote_channel()) {
return;
}
$attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []);
$attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0);
$channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0);
$dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0);
$permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0);
$return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud');
$delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0);
$newfolder = ((x($_POST, 'newfolder_' . $attach_id)) ? notags($_POST['newfolder_' . $attach_id]) : '');
if(! $newfolder)
$newfolder = ((x($_POST, 'newfolder')) ? notags($_POST['newfolder']) : '');
$newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : '');
$recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0);
if(! $recurse)
$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
$notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0);
$copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0);
if(! $copy)
$copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0);
$categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : '');
if(! $categories)
$categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : '');
if($attach_id)
$attach_ids[] = $attach_id;
$single = ((count($attach_ids) === 1) ? true : false);
$channel = channelx_by_n($channel_id);
if (! $channel) {
notice(t('Channel not found.') . EOL);
return;
}
$nick = $channel['channel_address'];
$observer = App::get_observer();
$observer_hash = (($observer) ? $observer['xchan_hash'] : '');
$is_owner = ((local_channel() == $channel_id) ? true : false);
$ids_str = implode(',', $attach_ids);
$r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d",
dbesc($ids_str),
intval($channel_id)
);
if (! $r) {
notice(t('File not found.') . EOL);
return;
}
foreach ($r as $rr) {
$actions_done = '';
$attach_id = $rr['id'];
$resource = $rr['hash'];
$creator = $rr['creator'];
$folder = $rr['folder'];
$filename = $rr['filename'];
$is_photo = intval($rr['is_photo']);
$is_dir = intval($rr['is_dir']);
$admin_delete = false;
$is_creator = (($creator == $observer_hash) ? true : false);
$move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);
$perms = get_all_perms($channel_id, $observer_hash);
if (! ($perms['view_storage'] || is_site_admin())) {
notice( t('Permission denied.') . EOL);
continue;
}
if (! $perms['write_storage']) {
if (is_site_admin()) {
$admin_delete = true;
}
else {
notice( t('Permission denied.') . EOL);
continue;
}
}
if (!$is_owner && !$admin_delete) {
if(! $is_creator) {
notice( t('Permission denied.') . EOL);
continue;
}
}
if ($delete) {
attach_delete($channel_id, $resource, $is_photo);
$actions_done .= 'delete,';
}
if ($copy) {
if($is_dir && $resource == $newfolder) {
notice( t('Can not copy folder into itself.') . EOL);
continue;
}
$x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
if ($x['success'])
$resource = $x['resource_id'];
$actions_done .= 'copy,';
}
if ($move) {
if($is_dir && $resource == $newfolder) {
notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL);
continue;
}
$x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
$actions_done .= 'move,';
}
if(! $delete && ! $dnd) {
if ($single || (! $single && $categories)) {
q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
intval($channel_id),
intval($attach_id),
intval(TERM_OBJ_FILE)
);
$cat = explode(',', $categories);
if ($cat) {
foreach($cat as $term) {
$term = trim(escape_tags($term));
if ($term) {
$term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term;
store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link);
}
}
$actions_done .= 'cat_add,';
}
}
else {
q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
intval($channel_id),
intval($attach_id),
intval(TERM_OBJ_FILE)
);
$actions_done .= 'cat_remove,';
}
if ($is_owner && ($single || (! $single && $permissions))) {
$acl = new AccessList($channel);
$acl->set_from_array($_REQUEST);
$x = $acl->get();
attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
$actions_done .= 'permissions,';
if ($notify) {
attach_store_item($channel, $observer, $resource);
$actions_done .= 'notify,';
}
}
}
if (! $admin_delete && $actions_done) {
$sync = attach_export_data($channel, $resource, (($delete) ? true : false));
if ($sync) {
Libsync::build_sync_packet($channel_id, ['file' => [$sync]]);
}
}
logger('attach_edit: ' . $actions_done);
}
if($dnd || $delete) {
json_return_and_die([ 'success' => true ]);
}
goaway($return_path);
}
}
