diff options
| author | Mario Vavti <mario@mariovavti.com> | 2018-07-25 10:19:19 +0200 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2018-07-25 10:19:19 +0200 |
| commit | 1b1d11dcf1091158232e98abad966d4900e2ccc9 (patch) | |
| tree | 380d5e04c73391089bf3d658ea4b27eecffa4916 /Zotlabs/Module/Filestorage.php | |
| parent | b655d04b3474893ee3dea99b77f2e7dd764729a0 (diff) | |
| parent | 35200e5f1b10cdd18af8f0ea646996e438b97011 (diff) | |
| download | volse-hubzilla-1b1d11dcf1091158232e98abad966d4900e2ccc9.tar.gz volse-hubzilla-1b1d11dcf1091158232e98abad966d4900e2ccc9.tar.bz2 volse-hubzilla-1b1d11dcf1091158232e98abad966d4900e2ccc9.zip | |
Merge branch '3.6RC'
Diffstat (limited to 'Zotlabs/Module/Filestorage.php')
| -rw-r--r-- | Zotlabs/Module/Filestorage.php | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 5c8557e5a..cd9ab601d 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -66,7 +66,7 @@ class Filestorage extends \Zotlabs\Web\Controller { $perms = get_all_perms($owner, $ob_hash); - if(! $perms['view_storage']) { + if(! ($perms['view_storage'] || is_site_admin())){ notice( t('Permission denied.') . EOL); return; } @@ -75,15 +75,29 @@ class Filestorage extends \Zotlabs\Web\Controller { // need to return for anyone other than the owner, despite the perms check for now. $is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false); - if(! $is_owner) { + if(! ($is_owner || is_site_admin())){ info( t('Permission Denied.') . EOL ); return; } if(argc() > 3 && argv(3) === 'delete') { + + if(argc() > 4 && argv(4) === 'json') + $json_return = true; + + + $admin_delete = false; + if(! $perms['write_storage']) { - notice( t('Permission denied.') . EOL); - return; + if(is_site_admin()) { + $admin_delete = true; + } + else { + notice( t('Permission denied.') . EOL); + if($json_return) + json_return_and_die([ 'success' => false ]); + return; + } } $file = intval(argv(2)); @@ -92,22 +106,31 @@ class Filestorage extends \Zotlabs\Web\Controller { intval($owner) ); if(! $r) { + if($json_return) + json_return_and_die([ 'success' => false ]); + notice( t('File not found.') . EOL); goaway(z_root() . '/cloud/' . $which); } $f = $r[0]; - $channel = \App::get_channel(); + + $channel = channelx_by_n($owner); $url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']); attach_delete($owner, $f['hash']); - $sync = attach_export_data($channel, $f['hash'], true); - if($sync) { - build_sync_packet($channel['channel_id'], array('file' => array($sync))); + if(! $admin_delete) { + $sync = attach_export_data($channel, $f['hash'], true); + if($sync) { + build_sync_packet($channel['channel_id'], array('file' => array($sync))); + } } + if(json_return) + json_return_and_die([ 'success' => true ]); + goaway(dirname($url)); } |