diff options
| author | Thomas Willingham <founder@kakste.com> | 2013-09-18 02:45:49 +0100 |
|---|---|---|
| committer | Thomas Willingham <founder@kakste.com> | 2013-09-18 02:45:49 +0100 |
| commit | 8542127274f7a856a9733254889c4e1a24903324 (patch) | |
| tree | fdf0f374bdc30c170969f9f6bbf82ff88cbde441 /mod/filestorage.php | |
| parent | 4fa68c7f3de68dda519f12719c552df7b62bf17f (diff) | |
| download | volse-hubzilla-8542127274f7a856a9733254889c4e1a24903324.tar.gz volse-hubzilla-8542127274f7a856a9733254889c4e1a24903324.tar.bz2 volse-hubzilla-8542127274f7a856a9733254889c4e1a24903324.zip | |
Filestorage perms (no ACL), fix nav for browsers that can't handle PCSS, put content wrapper back now JS is fixed for features page.
Diffstat (limited to 'mod/filestorage.php')
| -rw-r--r-- | mod/filestorage.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/mod/filestorage.php b/mod/filestorage.php index 41055f98e..12b1db1d9 100644 --- a/mod/filestorage.php +++ b/mod/filestorage.php @@ -17,12 +17,32 @@ function filestorage_content(&$a) { $owner = intval($r[0]['channel_id']); } + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['view_storage']) { + notice( t('Permission denied.') . EOL); + return; + } + +// Since we have ACL'd files in the wild, but don't have ACL here yet, we +// need to return for anoyne other than the owner, despite the perms check for now. + $is_owner = (((local_user()) && ($owner == local_user())) ? true : false); if (! $is_owner) { info( t('Permission Denied.') . EOL ); return; } + +// TODO This will also need to check for files on disk and delete them from there as well as the DB. if ((argc() > 3 && argv(3) === 'delete') ? true : false);{ + if(! $perms['view_storage']) { + notice( t('Permission denied. VS.') . EOL); + return; + } + $file = argv(2); $r = q("delete from attach where id = '%s' and uid = '%s' limit 1", dbesc($file), |