diff options
-rw-r--r-- | Zotlabs/Module/Filestorage.php | 39 | ||||
-rw-r--r-- | Zotlabs/Storage/Browser.php | 4 | ||||
-rw-r--r-- | include/attach.php | 2 | ||||
-rw-r--r-- | view/js/main.js | 2 | ||||
-rw-r--r-- | view/tpl/cloud_directory.tpl | 4 |
5 files changed, 39 insertions, 12 deletions
diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 5c8557e5a..cd9ab601d 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -66,7 +66,7 @@ class Filestorage extends \Zotlabs\Web\Controller { $perms = get_all_perms($owner, $ob_hash); - if(! $perms['view_storage']) { + if(! ($perms['view_storage'] || is_site_admin())){ notice( t('Permission denied.') . EOL); return; } @@ -75,15 +75,29 @@ class Filestorage extends \Zotlabs\Web\Controller { // need to return for anyone other than the owner, despite the perms check for now. $is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false); - if(! $is_owner) { + if(! ($is_owner || is_site_admin())){ info( t('Permission Denied.') . EOL ); return; } if(argc() > 3 && argv(3) === 'delete') { + + if(argc() > 4 && argv(4) === 'json') + $json_return = true; + + + $admin_delete = false; + if(! $perms['write_storage']) { - notice( t('Permission denied.') . EOL); - return; + if(is_site_admin()) { + $admin_delete = true; + } + else { + notice( t('Permission denied.') . EOL); + if($json_return) + json_return_and_die([ 'success' => false ]); + return; + } } $file = intval(argv(2)); @@ -92,22 +106,31 @@ class Filestorage extends \Zotlabs\Web\Controller { intval($owner) ); if(! $r) { + if($json_return) + json_return_and_die([ 'success' => false ]); + notice( t('File not found.') . EOL); goaway(z_root() . '/cloud/' . $which); } $f = $r[0]; - $channel = \App::get_channel(); + + $channel = channelx_by_n($owner); $url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']); attach_delete($owner, $f['hash']); - $sync = attach_export_data($channel, $f['hash'], true); - if($sync) { - build_sync_packet($channel['channel_id'], array('file' => array($sync))); + if(! $admin_delete) { + $sync = attach_export_data($channel, $f['hash'], true); + if($sync) { + build_sync_packet($channel['channel_id'], array('file' => array($sync))); + } } + if(json_return) + json_return_and_die([ 'success' => true ]); + goaway(dirname($url)); } diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index 508c39d22..f4f906ad1 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -241,7 +241,7 @@ class Browser extends DAV\Browser\Plugin { // put the array for this file together $ft['attachId'] = $this->findAttachIdByHash($attachHash); - $ft['fileStorageUrl'] = substr($fullPath, 0, strpos($fullPath, "cloud/")) . "filestorage/" . $this->auth->getCurrentUser(); + $ft['fileStorageUrl'] = substr($fullPath, 0, strpos($fullPath, "cloud/")) . "filestorage/" . $this->auth->owner_nick; $ft['icon'] = $icon; $ft['photo_icon'] = $photo_icon; $ft['attachIcon'] = (($size) ? $attachIcon : ''); @@ -276,6 +276,8 @@ class Browser extends DAV\Browser\Plugin { '$create' => t('Create'), '$upload' => t('Add Files'), '$is_owner' => $is_owner, + '$is_admin' => is_site_admin(), + '$admin_delete' => t('Admin Delete'), '$parentpath' => $parentpath, '$cpath' => bin2hex(\App::$query_string), '$tiles' => intval($_SESSION['cloud_tiles']), diff --git a/include/attach.php b/include/attach.php index 0d2b43b58..2a9badaac 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1585,8 +1585,8 @@ function get_cloud_url($channel_id, $channel_name, $attachHash) { } } while ($parentHash); - $url = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath . find_filename_by_hash($channel_id, $attachHash); + $url = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath . find_filename_by_hash($channel_id, $attachHash); return $url; } diff --git a/view/js/main.js b/view/js/main.js index acb9b462f..3e24e8177 100644 --- a/view/js/main.js +++ b/view/js/main.js @@ -1057,7 +1057,9 @@ function doprofilelike(ident, verb) { $.get('like/' + ident + '?verb=' + verb, function() { window.location.href=window.location.href; }); } + function dropItem(url, object) { + var confirm = confirmDelete(); if(confirm) { $('body').css('cursor', 'wait'); diff --git a/view/tpl/cloud_directory.tpl b/view/tpl/cloud_directory.tpl index 1f0addc95..51178a9ba 100644 --- a/view/tpl/cloud_directory.tpl +++ b/view/tpl/cloud_directory.tpl @@ -65,10 +65,10 @@ <td class="cloud-index-tool">{{$item.attachIcon}}</td> <td class="cloud-index-tool"><div id="file-edit-{{$item.attachId}}" class="spinner-wrapper"><div class="spinner s"></div></div></td> <td class="cloud-index-tool"><i class="fakelink fa fa-pencil" onclick="filestorage(event, '{{$nick}}', {{$item.attachId}});"></i></td> - <td class="cloud-index-tool"><a href="#" title="{{$delete}}" onclick="dropItem('{{$item.fileStorageUrl}}/{{$item.attachId}}/delete', '#cloud-index-{{$item.attachId}},#cloud-tools-{{$item.attachId}}'); return false;"><i class="fa fa-trash-o drop-icons"></i></a></td> + <td class="cloud-index-tool"><a href="#" title="{{$delete}}" onclick="dropItem('{{$item.fileStorageUrl}}/{{$item.attachId}}/delete/json', '#cloud-index-{{$item.attachId}},#cloud-tools-{{$item.attachId}}'); return false;"><i class="fa fa-trash-o drop-icons"></i></a></td> {{else}} - <td></td><td></td><td></td><td></td> + <td></td><td></td><td></td>{{if $is_admin}}<td class="cloud-index-tool"><a href="#" title="{{$admin_delete}}" onclick="dropItem('{{$item.fileStorageUrl}}/{{$item.attachId}}/delete/json', '#cloud-index-{{$item.attachId}},#cloud-tools-{{$item.attachId}}'); return false;"><i class="fa fa-trash-o drop-icons"></i></a>{{else}}<td>{{/if}}</td> {{/if}} <td>{{*{{$item.type}}*}}</td> <td class="d-none d-md-table-cell">{{$item.sizeFormatted}}</td> |