diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-11-08 16:36:36 -0800 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-11-08 16:36:36 -0800 |
commit | 5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6 (patch) | |
tree | 452f3d9b1a81b97b9ab17b6ec71c31c71303f170 | |
parent | 2536dc39b5e49cf288883fd1f1b1a3fe8db3cbdb (diff) | |
download | volse-hubzilla-5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6.tar.gz volse-hubzilla-5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6.tar.bz2 volse-hubzilla-5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6.zip |
no comment permission bug, also implement delete() in RedDirectory per Waitman
-rw-r--r-- | include/RedDAV/RedDirectory.php | 21 | ||||
-rw-r--r-- | mod/connedit.php | 21 |
2 files changed, 34 insertions, 8 deletions
diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index 87bdf8f13..8d8af5bd3 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -363,6 +363,27 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { } /** + * @brief delete directory + */ + + public function delete() { + logger('delete file ' . basename($this->red_path), LOGGER_DEBUG); + + if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) { + throw new DAV\Exception\Forbidden('Permission denied.'); + } + + if ($this->auth->owner_id !== $this->auth->channel_id) { + if (($this->auth->observer !== $this->data['creator']) || intval($this->data['is_dir'])) { + throw new DAV\Exception\Forbidden('Permission denied.'); + } + } + + attach_delete($this->auth->owner_id, $this->folder_hash); + } + + + /** * @brief Checks if a child exists. * * @param string $name diff --git a/mod/connedit.php b/mod/connedit.php index 877c12dc7..ad311f9a4 100644 --- a/mod/connedit.php +++ b/mod/connedit.php @@ -177,16 +177,21 @@ function connedit_post(&$a) { if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) { $new_friend = true; - if(! $abook_my_perms) { - $abook_my_perms = get_channel_default_perms(local_channel()); + // @fixme it won't be common, but when you accept a new connection request + // the permissions will now be that of your permissions role and ignore + // any you may have set manually on the form. We'll probably see a bug if somebody + // tries to set the permissions *and* approve the connection in the same + // request. The workaround is to approve the connection, then go back and + // adjust permissions as desired. - $role = get_pconfig(local_channel(),'system','permissions_role'); - if($role) { - $x = get_role_perms($role); - if($x['perms_accept']) - $abook_my_perms = $x['perms_accept']; - } + $abook_my_perms = get_channel_default_perms(local_channel()); + + $role = get_pconfig(local_channel(),'system','permissions_role'); + if($role) { + $x = get_role_perms($role); + if($x['perms_accept']) + $abook_my_perms = $x['perms_accept']; } } |