aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-11-08 16:36:36 -0800
committerredmatrix <redmatrix@redmatrix.me>2015-11-08 16:36:36 -0800
commit5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6 (patch)
tree452f3d9b1a81b97b9ab17b6ec71c31c71303f170
parent2536dc39b5e49cf288883fd1f1b1a3fe8db3cbdb (diff)
downloadvolse-hubzilla-5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6.tar.gz
volse-hubzilla-5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6.tar.bz2
volse-hubzilla-5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6.zip
no comment permission bug, also implement delete() in RedDirectory per Waitman
-rw-r--r--include/RedDAV/RedDirectory.php21
-rw-r--r--mod/connedit.php21
2 files changed, 34 insertions, 8 deletions
diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php
index 87bdf8f13..8d8af5bd3 100644
--- a/include/RedDAV/RedDirectory.php
+++ b/include/RedDAV/RedDirectory.php
@@ -363,6 +363,27 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
}
/**
+ * @brief delete directory
+ */
+
+ public function delete() {
+ logger('delete file ' . basename($this->red_path), LOGGER_DEBUG);
+
+ if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) {
+ throw new DAV\Exception\Forbidden('Permission denied.');
+ }
+
+ if ($this->auth->owner_id !== $this->auth->channel_id) {
+ if (($this->auth->observer !== $this->data['creator']) || intval($this->data['is_dir'])) {
+ throw new DAV\Exception\Forbidden('Permission denied.');
+ }
+ }
+
+ attach_delete($this->auth->owner_id, $this->folder_hash);
+ }
+
+
+ /**
* @brief Checks if a child exists.
*
* @param string $name
diff --git a/mod/connedit.php b/mod/connedit.php
index 877c12dc7..ad311f9a4 100644
--- a/mod/connedit.php
+++ b/mod/connedit.php
@@ -177,16 +177,21 @@ function connedit_post(&$a) {
if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) {
$new_friend = true;
- if(! $abook_my_perms) {
- $abook_my_perms = get_channel_default_perms(local_channel());
+ // @fixme it won't be common, but when you accept a new connection request
+ // the permissions will now be that of your permissions role and ignore
+ // any you may have set manually on the form. We'll probably see a bug if somebody
+ // tries to set the permissions *and* approve the connection in the same
+ // request. The workaround is to approve the connection, then go back and
+ // adjust permissions as desired.
- $role = get_pconfig(local_channel(),'system','permissions_role');
- if($role) {
- $x = get_role_perms($role);
- if($x['perms_accept'])
- $abook_my_perms = $x['perms_accept'];
- }
+ $abook_my_perms = get_channel_default_perms(local_channel());
+
+ $role = get_pconfig(local_channel(),'system','permissions_role');
+ if($role) {
+ $x = get_role_perms($role);
+ if($x['perms_accept'])
+ $abook_my_perms = $x['perms_accept'];
}
}