aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-08-10 21:08:07 -0700
committerzotlabs <mike@macgirvin.com>2017-08-10 21:08:07 -0700
commit1408e3da3bcb818134b76db338fb913ae0b54aa1 (patch)
treee9c6722cec7f308e5960622f022d0f28d056b171
parent5f6eedcc1a6e719c2ac6fa93219f700e0d430b59 (diff)
downloadvolse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.tar.gz
volse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.tar.bz2
volse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.zip
prevent uploads to comments if the channel has a default private ACL.
-rw-r--r--Zotlabs/Lib/ThreadItem.php2
-rw-r--r--Zotlabs/Lib/ThreadStream.php9
-rw-r--r--include/conversation.php15
3 files changed, 23 insertions, 3 deletions
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index 4a66c84bc..2a9a7e779 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -739,7 +739,7 @@ class ThreadItem {
'$edvideo' => t('Video'),
'$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''),
'$indent' => $indent,
- '$can_upload' => perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage'),
+ '$can_upload' => (perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage') && $conv->is_uploadable()),
'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
'$encrypt' => t('Encrypt text'),
'$cipher' => $conv->get_cipher(),
diff --git a/Zotlabs/Lib/ThreadStream.php b/Zotlabs/Lib/ThreadStream.php
index 35ccf4fdb..0465b20ef 100644
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -28,9 +28,10 @@ class ThreadStream {
// wherein we've already prepared a top level item which doesn't look anything like
// a normal "post" item
- public function __construct($mode, $preview, $prepared_item = '') {
+ public function __construct($mode, $preview, $uploadable, $prepared_item = '') {
$this->set_mode($mode);
$this->preview = $preview;
+ $this->uploadable = $uploadable;
$this->prepared_item = $prepared_item;
$c = ((local_channel()) ? get_pconfig(local_channel(),'system','default_cipher') : '');
if($c)
@@ -61,6 +62,7 @@ class ThreadStream {
// pull some trickery which allows us to re-invoke this function afterward
// it's an ugly hack so @FIXME
$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
+ $this->uploadable = false;
break;
case 'page':
$this->profile_owner = \App::$profile['uid'];
@@ -92,6 +94,11 @@ class ThreadStream {
return $this->commentable;
}
+ public function is_uploadable() {
+ return $this->uploadable;
+ }
+
+
/**
* Check if page is a preview
*/
diff --git a/include/conversation.php b/include/conversation.php
index f15077e76..30ba4d812 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -550,6 +550,19 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
if (! feature_enabled($profile_owner,'multi_delete'))
$page_dropping = false;
+ $uploading = true;
+
+ if($profile_owner > 0) {
+ $owner_channel = channelx_by_n($profile_owner);
+ if($owner_channel['channel_allow_cid'] || $owner_channel['channel_allow_gid']
+ || $owner_channel['channel_deny_cid'] || $owner_channel['channel_deny_gid']) {
+ $uploading = false;
+ }
+ }
+ else {
+ $uploading = false;
+ }
+
$channel = App::get_channel();
$observer = App::get_observer();
@@ -753,7 +766,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
// Normal View
// logger('conv: items: ' . print_r($items,true));
- $conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $prepared_item);
+ $conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $uploading, $prepared_item);
// In the display mode we don't have a profile owner.