aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-08-10 21:08:07 -0700
committerzotlabs <mike@macgirvin.com>2017-08-10 21:08:07 -0700
commit1408e3da3bcb818134b76db338fb913ae0b54aa1 (patch)
treee9c6722cec7f308e5960622f022d0f28d056b171 /Zotlabs
parent5f6eedcc1a6e719c2ac6fa93219f700e0d430b59 (diff)
downloadvolse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.tar.gz
volse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.tar.bz2
volse-hubzilla-1408e3da3bcb818134b76db338fb913ae0b54aa1.zip
prevent uploads to comments if the channel has a default private ACL.
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Lib/ThreadItem.php2
-rw-r--r--Zotlabs/Lib/ThreadStream.php9
2 files changed, 9 insertions, 2 deletions
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index 4a66c84bc..2a9a7e779 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -739,7 +739,7 @@ class ThreadItem {
'$edvideo' => t('Video'),
'$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''),
'$indent' => $indent,
- '$can_upload' => perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage'),
+ '$can_upload' => (perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage') && $conv->is_uploadable()),
'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
'$encrypt' => t('Encrypt text'),
'$cipher' => $conv->get_cipher(),
diff --git a/Zotlabs/Lib/ThreadStream.php b/Zotlabs/Lib/ThreadStream.php
index 35ccf4fdb..0465b20ef 100644
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -28,9 +28,10 @@ class ThreadStream {
// wherein we've already prepared a top level item which doesn't look anything like
// a normal "post" item
- public function __construct($mode, $preview, $prepared_item = '') {
+ public function __construct($mode, $preview, $uploadable, $prepared_item = '') {
$this->set_mode($mode);
$this->preview = $preview;
+ $this->uploadable = $uploadable;
$this->prepared_item = $prepared_item;
$c = ((local_channel()) ? get_pconfig(local_channel(),'system','default_cipher') : '');
if($c)
@@ -61,6 +62,7 @@ class ThreadStream {
// pull some trickery which allows us to re-invoke this function afterward
// it's an ugly hack so @FIXME
$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
+ $this->uploadable = false;
break;
case 'page':
$this->profile_owner = \App::$profile['uid'];
@@ -92,6 +94,11 @@ class ThreadStream {
return $this->commentable;
}
+ public function is_uploadable() {
+ return $this->uploadable;
+ }
+
+
/**
* Check if page is a preview
*/