aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Attach_edit.php
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module/Attach_edit.php')
-rw-r--r--Zotlabs/Module/Attach_edit.php203
1 files changed, 203 insertions, 0 deletions
diff --git a/Zotlabs/Module/Attach_edit.php b/Zotlabs/Module/Attach_edit.php
new file mode 100644
index 000000000..5880d8f13
--- /dev/null
+++ b/Zotlabs/Module/Attach_edit.php
@@ -0,0 +1,203 @@
+<?php
+namespace Zotlabs\Module;
+/**
+ * @file Zotlabs/Module/Attach_edit.php
+ *
+ */
+
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Libsync;
+use Zotlabs\Access\AccessList;
+
+class Attach_edit extends Controller {
+
+ function post() {
+
+ if (!local_channel() && !remote_channel()) {
+ return;
+ }
+
+ $attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []);
+ $attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0);
+ $channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0);
+ $dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0);
+ $permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0);
+ $return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud');
+ $delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0);
+ $newfolder = ((x($_POST, 'newfolder_' . $attach_id)) ? notags($_POST['newfolder_' . $attach_id]) : '');
+ if(! $newfolder)
+ $newfolder = ((x($_POST, 'newfolder')) ? notags($_POST['newfolder']) : '');
+ $newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : '');
+ $recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0);
+ if(! $recurse)
+ $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
+ $notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0);
+ $copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0);
+ if(! $copy)
+ $copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0);
+
+ $categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : '');
+ if(! $categories)
+ $categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : '');
+
+ if($attach_id)
+ $attach_ids[] = $attach_id;
+
+ $single = ((count($attach_ids) === 1) ? true : false);
+
+ $channel = channelx_by_n($channel_id);
+
+ if (! $channel) {
+ notice(t('Channel not found.') . EOL);
+ return;
+ }
+
+ $nick = $channel['channel_address'];
+ $observer = App::get_observer();
+ $observer_hash = (($observer) ? $observer['xchan_hash'] : '');
+ $is_owner = ((local_channel() == $channel_id) ? true : false);
+
+ $ids_str = implode(',', $attach_ids);
+
+ $r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d",
+ dbesc($ids_str),
+ intval($channel_id)
+ );
+
+ if (! $r) {
+ notice(t('File not found.') . EOL);
+ return;
+ }
+
+ foreach ($r as $rr) {
+ $actions_done = '';
+ $attach_id = $rr['id'];
+ $resource = $rr['hash'];
+ $creator = $rr['creator'];
+ $folder = $rr['folder'];
+ $filename = $rr['filename'];
+ $is_photo = intval($rr['is_photo']);
+ $is_dir = intval($rr['is_dir']);
+ $admin_delete = false;
+
+ $is_creator = (($creator == $observer_hash) ? true : false);
+ $move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);
+
+ $perms = get_all_perms($channel_id, $observer_hash);
+
+ if (! ($perms['view_storage'] || is_site_admin())) {
+ notice( t('Permission denied.') . EOL);
+ continue;
+ }
+
+ if (! $perms['write_storage']) {
+ if (is_site_admin()) {
+ $admin_delete = true;
+ }
+ else {
+ notice( t('Permission denied.') . EOL);
+ continue;
+ }
+ }
+
+ if (!$is_owner && !$admin_delete) {
+ if(! $is_creator) {
+ notice( t('Permission denied.') . EOL);
+ continue;
+ }
+ }
+
+ if ($delete) {
+ attach_delete($channel_id, $resource, $is_photo);
+ $actions_done .= 'delete,';
+ }
+
+ if ($copy) {
+ if($is_dir && $resource == $newfolder) {
+ notice( t('Can not copy folder into itself.') . EOL);
+ continue;
+ }
+ $x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+ if ($x['success'])
+ $resource = $x['resource_id'];
+
+ $actions_done .= 'copy,';
+
+ }
+
+ if ($move) {
+ if($is_dir && $resource == $newfolder) {
+ notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL);
+ continue;
+ }
+ $x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+
+ $actions_done .= 'move,';
+
+ }
+
+ if(! $delete && ! $dnd) {
+ if ($single || (! $single && $categories)) {
+ q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+ intval($channel_id),
+ intval($attach_id),
+ intval(TERM_OBJ_FILE)
+ );
+ $cat = explode(',', $categories);
+ if ($cat) {
+ foreach($cat as $term) {
+ $term = trim(escape_tags($term));
+ if ($term) {
+ $term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term;
+ store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link);
+ }
+ }
+ $actions_done .= 'cat_add,';
+ }
+ }
+ else {
+ q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+ intval($channel_id),
+ intval($attach_id),
+ intval(TERM_OBJ_FILE)
+ );
+ $actions_done .= 'cat_remove,';
+ }
+
+ if ($is_owner && ($single || (! $single && $permissions))) {
+ $acl = new AccessList($channel);
+ $acl->set_from_array($_REQUEST);
+ $x = $acl->get();
+
+ attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
+ $actions_done .= 'permissions,';
+
+ if ($notify) {
+ attach_store_item($channel, $observer, $resource);
+ $actions_done .= 'notify,';
+ }
+ }
+ }
+
+ if (! $admin_delete && $actions_done) {
+ $sync = attach_export_data($channel, $resource, (($delete) ? true : false));
+
+ if ($sync) {
+ Libsync::build_sync_packet($channel_id, ['file' => [$sync]]);
+ }
+ }
+
+ logger('attach_edit: ' . $actions_done);
+
+ }
+
+ if($dnd || $delete) {
+ json_return_and_die([ 'success' => true ]);
+ }
+
+ goaway($return_path);
+
+ }
+
+}