diff options
| -rw-r--r-- | mod/filestorage.php | 20 | ||||
| -rw-r--r-- | view/css/default.css | 1 | ||||
| -rwxr-xr-x | view/tpl/settings_features.tpl | 2 |
3 files changed, 23 insertions, 0 deletions
diff --git a/mod/filestorage.php b/mod/filestorage.php index 41055f98e..12b1db1d9 100644 --- a/mod/filestorage.php +++ b/mod/filestorage.php @@ -17,12 +17,32 @@ function filestorage_content(&$a) { $owner = intval($r[0]['channel_id']); } + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['view_storage']) { + notice( t('Permission denied.') . EOL); + return; + } + +// Since we have ACL'd files in the wild, but don't have ACL here yet, we +// need to return for anoyne other than the owner, despite the perms check for now. + $is_owner = (((local_user()) && ($owner == local_user())) ? true : false); if (! $is_owner) { info( t('Permission Denied.') . EOL ); return; } + +// TODO This will also need to check for files on disk and delete them from there as well as the DB. if ((argc() > 3 && argv(3) === 'delete') ? true : false);{ + if(! $perms['view_storage']) { + notice( t('Permission denied. VS.') . EOL); + return; + } + $file = argv(2); $r = q("delete from attach where id = '%s' and uid = '%s' limit 1", dbesc($file), diff --git a/view/css/default.css b/view/css/default.css index d39bcd394..9abb69588 100644 --- a/view/css/default.css +++ b/view/css/default.css @@ -5,6 +5,7 @@ nav { position: fixed; width: 100%; z-index: 100; + background-color: #ff0000; } aside { diff --git a/view/tpl/settings_features.tpl b/view/tpl/settings_features.tpl index 02e4f6159..a03817f82 100755 --- a/view/tpl/settings_features.tpl +++ b/view/tpl/settings_features.tpl @@ -1,3 +1,4 @@ +<div class="generic-content-wrapper"> <h1>{{$title}}</h1> @@ -17,3 +18,4 @@ </div> </form> +</div> |