diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-07-18 16:39:12 -0700 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-07-18 16:39:12 -0700 |
commit | ed3d9d1f80773417b0fba491ed762b90be340863 (patch) | |
tree | e59b3475b0ef7dbc141c56271aaf87f6cd2dd8c8 | |
parent | 22c1737fc9b348229acc385bc8cb6c76a76cbbfb (diff) | |
download | volse-hubzilla-ed3d9d1f80773417b0fba491ed762b90be340863.tar.gz volse-hubzilla-ed3d9d1f80773417b0fba491ed762b90be340863.tar.bz2 volse-hubzilla-ed3d9d1f80773417b0fba491ed762b90be340863.zip |
some photo/attach permissions issues
-rw-r--r-- | include/attach.php | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/include/attach.php b/include/attach.php index 812090d5c..e89ca7cb2 100644 --- a/include/attach.php +++ b/include/attach.php @@ -391,13 +391,18 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $hash = (($arr && $arr['hash']) ? $arr['hash'] : null); $upload_path = (($arr && $arr['directory']) ? $arr['directory'] : ''); - // logger('arr: ' . print_r($arr,true)); + logger('arr: ' . print_r($arr,true)); if(! perm_is_allowed($channel_id,get_observer_hash(), 'write_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } + $str_group_allow = perms2str($arr['group_allow']); + $str_contact_allow = perms2str($arr['contact_allow']); + $str_group_deny = perms2str($arr['group_deny']); + $str_contact_deny = perms2str($arr['contact_deny']); + // The 'update' option sets db values without uploading a new attachment // 'replace' replaces the existing uploaded data @@ -473,14 +478,13 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { } $darr = array('pathname' => $pathname); - if($arr && array_key_exists('allow_cid',$arr)) - $darr['allow_cid'] = $arr['allow_cid']; - if($arr && array_key_exists('allow_gid',$arr)) - $darr['allow_gid'] = $arr['allow_gid']; - if($arr && array_key_exists('deny_cid',$arr)) - $darr['deny_cid'] = $arr['deny_cid']; - if($arr && array_key_exists('deny_gid',$arr)) - $darr['deny_gid'] = $arr['deny_gid']; + + // if we need to create a directory, use the channel default permissions. + + $darr['allow_cid'] = $channel['allow_cid']; + $darr['allow_gid'] = $channel['allow_gid']; + $darr['deny_cid'] = $channel['deny_cid']; + $darr['deny_gid'] = $channel['deny_gid']; if($pathname) { @@ -652,9 +656,9 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { dbesc($created), dbesc($created), dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : $str_contact_allow), - dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : ''), - dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : ''), - dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : '') + dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : $str_group_allow), + dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : $str_contact_deny), + dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : $str_group_deny) ); } @@ -662,6 +666,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $args = array( 'source' => $source, 'visible' => 0, 'resource_id' => $hash, 'album' => basename($pathname), 'os_path' => $os_basepath . $os_relpath, 'filename' => $filename, 'getimagesize' => $gis); if($arr['contact_allow']) $args['contact_allow'] = $arr['contact_allow']; + if($arr['group_allow']) + $args['group_allow'] = $arr['group_allow']; + if($arr['contact_deny']) + $args['contact_deny'] = $arr['contact_deny']; + if($arr['group_deny']) + $args['group_deny'] = $arr['group_deny']; $p = photo_upload($channel,get_app()->get_observer(),$args); if($p['success']) { $ret['body'] = $p['body']; |