photo permission inheritance. We want to use the folder permissions unless specific permissions have been set to over-ride them. If nothing is set, use the channel default. We may have to mess with his further in the case of somebody trying to create a public photo directory when their normal permissions are set to private. Kind of a chicken/egg problem because the folder permissions will be empty.

6 files changed, 90 insertions, 24 deletions

diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php
index c7921d96f..507fde46f 100644
--- a/include/RedDAV/RedDirectory.php
+++ b/include/RedDAV/RedDirectory.php
@@ -214,6 +214,29 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 		$f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $hash;
 
+		$direct = null;
+
+		if($this->folder_hash) {
+			$r = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1",
+				dbesc($this->folder_hash),
+				intval($c[0]['channel_id'])
+			);
+			if($r)
+				$direct = $r[0];
+		}
+
+		if(($direct) && (($direct['allow_cid']) || ($direct['allow_gid']) || ($direct['deny_cid']) || ($direct['deny_gid']))) {
+			$allow_cid = $direct['allow_cid'];
+			$allow_gid = $direct['allow_gid'];
+			$deny_cid = $direct['deny_cid'];
+			$deny_gid = $direct['deny_gid'];
+		}
+		else { 
+			$allow_cid = $c[0]['channel_allow_cid'];
+			$allow_gid = $c[0]['channel_allow_gid'];
+			$deny_cid = $c[0]['channel_deny_cid'];
+			$deny_gid = $c[0]['channel_deny_gid'];
+		}
 
 		$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
@@ -231,10 +254,10 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			dbesc($this->os_path . '/' . $hash),
 			dbesc(datetime_convert()),
 			dbesc(datetime_convert()),
-			dbesc($c[0]['channel_allow_cid']),
-			dbesc($c[0]['channel_allow_gid']),
-			dbesc($c[0]['channel_deny_cid']),
-			dbesc($c[0]['channel_deny_gid'])
+			dbesc($allow_cid),
+			dbesc($allow_gid),
+			dbesc($deny_cid),
+			dbesc($deny_gid)
 		);
 
 
@@ -308,7 +331,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			}
 
 			require_once('include/photos.php');
-			$args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x);
+			$args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct);
 			$p = photo_upload($c[0],get_app()->get_observer(),$args);
 		}
 
diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php
index d4eb6812a..ec6871a69 100644
--- a/include/RedDAV/RedFile.php
+++ b/include/RedDAV/RedFile.php
@@ -116,12 +116,14 @@ class RedFile extends DAV\Node implements DAV\IFile {
 				);
 				if($d) {
 					if($d[0]['folder']) {
-						$f1 = q("select filename from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1",
+						$f1 = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1",
 							dbesc($d[0]['folder']),
 							intval($c[0]['channel_id'])
 						);
-						if($f1)
+						if($f1) {
 							$album = $f1[0]['filename'];
+							$direct = $f1[0];
+						}
 					}	
 					$fname = dbunescbin($d[0]['data']);
 					$f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : '');
@@ -166,7 +168,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
 
 		if($is_photo) {
 			require_once('include/photos.php');
-			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis );
+			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct );
 			$p = photo_upload($c[0],get_app()->get_observer(),$args);
 		}
 
diff --git a/include/attach.php b/include/attach.php
index 417032a4b..1e8091b9d 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -490,6 +490,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 	if($pathname) {
 		$x = attach_mkdirp($channel, $observer_hash, $darr);
 		$folder_hash = (($x['success']) ? $x['data']['hash'] : '');
+		if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) {
+			$str_contact_allow = $x['data']['allow_cid'];
+			$str_group_allow = $x['data']['allow_gid'];
+			$str_contact_deny = $x['data']['deny_cid'];
+			$str_group_deny = $x['data']['deny_gid'];
+		}
 	}
 	else {
 		$folder_hash = '';
@@ -886,7 +892,6 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
 	if($r) {
 		if(os_mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) {
 			$ret['success'] = true;
-			$ret['data'] = $arr;
 
 			// update the parent folder's lastmodified timestamp
 			$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
@@ -894,6 +899,13 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
 				dbesc($arr['folder']),
 				intval($channel_id)
 			);
+
+			$z = q("select * from attach where hash = '%s' and uid = %d and is_dir = 1 limit 1",
+				dbesc($arr['hash']),
+				intval($channel_id)
+			);
+			if($z)
+				$ret['data'] = $z[0];
 		}
 		else {
 			logger('attach_mkdir: ' . mkdir . ' ' . $path . ' failed.');
diff --git a/include/conversation.php b/include/conversation.php
index 645994035..e58429255 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1597,7 +1597,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){
 		);
 		$tabs[] = array(
 			'label' => t('Files'),
-			'url'   => $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'),
+			'url'   => $a->get_baseurl() . '/cloud/' . $nickname,
 			'sel'   => ((argv(0) == 'cloud' || argv(0) == 'sharedwithme') ? 'active' : ''),
 			'title' => t('Files and Storage'),
 			'id'    => 'files-tab',
diff --git a/include/photos.php b/include/photos.php
index 46d4b810c..7437d6aa9 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -50,20 +50,32 @@ function photo_upload($channel, $observer, $args) {
 	else
 		$visible = 0;
 
-	$str_group_allow   = perms2str(((is_array($args['group_allow']))   ? $args['group_allow']   : explode(',',$args['group_allow'])));
-	$str_contact_allow = perms2str(((is_array($args['contact_allow'])) ? $args['contact_allow'] : explode(',',$args['contact_allow'])));
-	$str_group_deny    = perms2str(((is_array($args['group_deny']))    ? $args['group_deny']    : explode(',',$args['group_deny'])));
-	$str_contact_deny  = perms2str(((is_array($args['contact_deny']))  ? $args['contact_deny']  : explode(',',$args['contact_deny'])));
-
-
-	if(    (! array_key_exists('group_allow',$args)) 
-		&& (! array_key_exists('contact_allow',$args)) 
-		&& (! array_key_exists('group_deny',$args)) 
-		&& (! array_key_exists('contact_deny',$args))) {
-		$str_group_allow = $channel['channel_allow_gid'];
-		$str_contact_allow = $channel['channel_allow_cid'];
-		$str_group_deny = $channel['channel_deny_gid'];
-		$str_contact_deny = $channel['channel_deny_cid'];
+	// Set to default channel permissions. If the parent directory (album) has permissions set, 
+	// use those instead. If we have specific permissions supplied, they take precedence over
+	// all other settings. 
+
+	$str_group_allow = $channel['channel_allow_gid'];
+	$str_contact_allow = $channel['channel_allow_cid'];
+	$str_group_deny = $channel['channel_deny_gid'];
+	$str_contact_deny = $channel['channel_deny_cid'];
+
+	if($args['directory']) {
+		$str_group_allow = $args['directory']['allow_gid'];
+		$str_contact_allow = $args['directory']['allow_cid'];
+		$str_group_deny = $args['directory']['deny_gid'];
+		$str_contact_deny = $args['directory']['deny_cid'];
+	}
+
+	if( (array_key_exists('group_allow',$args)) 
+		|| (array_key_exists('contact_allow',$args)) 
+		|| (array_key_exists('group_deny',$args)) 
+		|| (array_key_exists('contact_deny',$args))) {
+
+			$str_group_allow   = perms2str(((is_array($args['group_allow']))   ? $args['group_allow']   : explode(',',$args['group_allow'])));
+			$str_contact_allow = perms2str(((is_array($args['contact_allow'])) ? $args['contact_allow'] : explode(',',$args['contact_allow'])));
+			$str_group_deny    = perms2str(((is_array($args['group_deny']))    ? $args['group_deny']    : explode(',',$args['group_deny'])));
+			$str_contact_deny  = perms2str(((is_array($args['contact_deny']))  ? $args['contact_deny']  : explode(',',$args['contact_deny'])));
+
 	}
 
 	$os_storage = 0;
diff --git a/mod/item.php b/mod/item.php
index 57a905395..ff6a834e6 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1050,6 +1050,23 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body,
 				if(! strlen($image_uri))
 					continue;
 				$srch = '<' . $xchan_hash . '>';
+					
+				$r = q("select folder from attach where hash = '%s' and uid = %d limit 1",
+					dbesc($image_uri),
+					intval($uid)
+				);
+				if($r && $r[0]['folder']) {
+					$f = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1",
+						dbesc($r[0]['folder']),
+						intval($uid)
+					);
+					if(($f) && (($f[0]['allow_cid']) || ($f[0]['allow_gid']) || ($f[0]['deny_cid']) || ($f[0]['deny_gid']))) {
+						$str_contact_allow = $f[0]['allow_cid'];
+						$str_group_allow = $f[0]['allow_gid'];
+						$str_contact_deny = $f[0]['deny_cid'];
+						$str_group_deny = $f[0]['deny_gid'];
+					}
+				}
 
 				$r = q("SELECT id FROM photo 
 					WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = ''