aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Item.php15
-rw-r--r--Zotlabs/Module/Photos.php41
-rw-r--r--include/photos.php26
3 files changed, 53 insertions, 29 deletions
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 87f83e877..fd99c4a64 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -1084,6 +1084,8 @@ class Item extends \Zotlabs\Web\Controller {
if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
require_once('include/items.php');
+
+
$i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
intval(argv(2))
);
@@ -1091,9 +1093,16 @@ class Item extends \Zotlabs\Web\Controller {
if($i) {
$can_delete = false;
$local_delete = false;
- if(local_channel() && local_channel() == $i[0]['uid'])
+
+ if(local_channel() && local_channel() == $i[0]['uid']) {
$local_delete = true;
+ }
+ $ob_hash = get_observer_hash();
+ if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
+ $can_delete = true;
+ }
+
// The site admin can delete any post/item on the site.
// If the item originated on this site+channel the deletion will propagate downstream.
// Otherwise just the local copy is removed.
@@ -1104,10 +1113,6 @@ class Item extends \Zotlabs\Web\Controller {
$can_delete = true;
}
- $ob_hash = get_observer_hash();
- if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
- $can_delete = true;
- }
if(! ($can_delete || $local_delete)) {
notice( t('Permission denied.') . EOL);
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index a143c4d4c..e21f3025c 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -102,14 +102,7 @@ class Photos extends \Zotlabs\Web\Controller {
if($_REQUEST['dropalbum'] == t('Delete Album')) {
-
- // This is dangerous because we combined file storage and photos into one interface
- // This function will remove all photos from any directory with the same name since
- // we have not passed the path value.
-
- // The correct solution would be to use a full pathname from your storage root for 'album'
- // We also need to prevent/block removing the storage root folder.
-
+
$folder_hash = '';
$r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'",
@@ -124,7 +117,8 @@ class Photos extends \Zotlabs\Web\Controller {
$res = array();
-
+ $admin_delete = false;
+
// get the list of photos we are about to delete
if(remote_channel() && (! local_channel())) {
@@ -133,6 +127,10 @@ class Photos extends \Zotlabs\Web\Controller {
elseif(local_channel()) {
$str = photos_album_get_db_idstr(local_channel(),$album);
}
+ elseif(is_site_admin()) {
+ $str = photos_album_get_db_idstr_admin($page_owner_uid,$album);
+ $admin_delete = true;
+ }
else {
$str = null;
}
@@ -145,7 +143,7 @@ class Photos extends \Zotlabs\Web\Controller {
);
if($r) {
foreach($r as $i) {
- attach_delete($page_owner_uid, $i['resource_id'], 1 );
+ attach_delete($page_owner_uid, $i['resource_id'], true );
}
}
@@ -158,12 +156,14 @@ class Photos extends \Zotlabs\Web\Controller {
// @FIXME do the same for the linked attach
if($folder_hash) {
- attach_delete($page_owner_uid,$folder_hash, 1);
-
- $sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
+ attach_delete($page_owner_uid, $folder_hash, true );
+
+ if(! $admin_delete) {
+ $sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
- if($sync)
- build_sync_packet($page_owner_uid,array('file' => array($sync)));
+ if($sync)
+ build_sync_packet($page_owner_uid,array('file' => array($sync)));
+ }
}
}
@@ -181,17 +181,22 @@ class Photos extends \Zotlabs\Web\Controller {
$r = q("SELECT id, resource_id FROM photo WHERE ( xchan = '%s' or uid = %d ) AND resource_id = '%s' LIMIT 1",
dbesc($ob_hash),
intval(local_channel()),
- dbesc(\App::$argv[2])
+ dbesc(argv(2))
);
if($r) {
- attach_delete($page_owner_uid, $r[0]['resource_id'], 1 );
+ attach_delete($page_owner_uid, $r[0]['resource_id'], true );
$sync = attach_export_data(\App::$data['channel'],$r[0]['resource_id'], true);
if($sync)
build_sync_packet($page_owner_uid,array('file' => array($sync)));
}
-
+ elseif(is_site_admin()) {
+ // If the admin deletes a photo, don't sync
+ attach_delete($page_owner_uid, argv(2), true);
+ }
+
+
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
}
diff --git a/include/photos.php b/include/photos.php
index 9ae0e6874..495043bbf 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -786,17 +786,31 @@ function photos_album_get_db_idstr($channel_id, $album, $remote_xchan = '') {
);
}
if ($r) {
- $arr = array();
- foreach ($r as $rr) {
- $arr[] = "'" . dbesc($rr['hash']) . "'" ;
- }
- $str = implode(',',$arr);
- return $str;
+ return ids_to_querystr($r,'hash',true);
}
return false;
}
+function photos_album_get_db_idstr_admin($channel_id, $album) {
+
+ if(! is_site_admin())
+ return false;
+
+ $r = q("SELECT hash from attach where uid = %d and folder = '%s' ",
+ intval($channel_id),
+ dbesc($album)
+ );
+
+ if ($r) {
+ return ids_to_querystr($r,'hash',true);
+ }
+
+ return false;
+}
+
+
+
/**
* @brief Creates a new photo item.
*