diff options
author | zotlabs <mike@macgirvin.com> | 2017-08-10 21:08:07 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-08-10 21:08:07 -0700 |
commit | 1408e3da3bcb818134b76db338fb913ae0b54aa1 (patch) | |
tree | e9c6722cec7f308e5960622f022d0f28d056b171 | |
parent | 5f6eedcc1a6e719c2ac6fa93219f700e0d430b59 (diff) | |
download | volse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.tar.gz volse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.tar.bz2 volse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.zip |
prevent uploads to comments if the channel has a default private ACL.
-rw-r--r-- | Zotlabs/Lib/ThreadItem.php | 2 | ||||
-rw-r--r-- | Zotlabs/Lib/ThreadStream.php | 9 | ||||
-rw-r--r-- | include/conversation.php | 15 |
3 files changed, 23 insertions, 3 deletions
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index 4a66c84bc..2a9a7e779 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -739,7 +739,7 @@ class ThreadItem { '$edvideo' => t('Video'), '$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''), '$indent' => $indent, - '$can_upload' => perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage'), + '$can_upload' => (perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage') && $conv->is_uploadable()), '$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false), '$encrypt' => t('Encrypt text'), '$cipher' => $conv->get_cipher(), diff --git a/Zotlabs/Lib/ThreadStream.php b/Zotlabs/Lib/ThreadStream.php index 35ccf4fdb..0465b20ef 100644 --- a/Zotlabs/Lib/ThreadStream.php +++ b/Zotlabs/Lib/ThreadStream.php @@ -28,9 +28,10 @@ class ThreadStream { // wherein we've already prepared a top level item which doesn't look anything like // a normal "post" item - public function __construct($mode, $preview, $prepared_item = '') { + public function __construct($mode, $preview, $uploadable, $prepared_item = '') { $this->set_mode($mode); $this->preview = $preview; + $this->uploadable = $uploadable; $this->prepared_item = $prepared_item; $c = ((local_channel()) ? get_pconfig(local_channel(),'system','default_cipher') : ''); if($c) @@ -61,6 +62,7 @@ class ThreadStream { // pull some trickery which allows us to re-invoke this function afterward // it's an ugly hack so @FIXME $this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'); + $this->uploadable = false; break; case 'page': $this->profile_owner = \App::$profile['uid']; @@ -92,6 +94,11 @@ class ThreadStream { return $this->commentable; } + public function is_uploadable() { + return $this->uploadable; + } + + /** * Check if page is a preview */ diff --git a/include/conversation.php b/include/conversation.php index f15077e76..30ba4d812 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -550,6 +550,19 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa if (! feature_enabled($profile_owner,'multi_delete')) $page_dropping = false; + $uploading = true; + + if($profile_owner > 0) { + $owner_channel = channelx_by_n($profile_owner); + if($owner_channel['channel_allow_cid'] || $owner_channel['channel_allow_gid'] + || $owner_channel['channel_deny_cid'] || $owner_channel['channel_deny_gid']) { + $uploading = false; + } + } + else { + $uploading = false; + } + $channel = App::get_channel(); $observer = App::get_observer(); @@ -753,7 +766,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa // Normal View // logger('conv: items: ' . print_r($items,true)); - $conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $prepared_item); + $conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $uploading, $prepared_item); // In the display mode we don't have a profile owner. |