diff options
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Daemon/Onepoll.php | 9 | ||||
| -rw-r--r-- | Zotlabs/Lib/Api_router.php | 24 | ||||
| -rw-r--r-- | Zotlabs/Module/Api.php | 57 | ||||
| -rw-r--r-- | Zotlabs/Module/File_upload.php | 23 | ||||
| -rw-r--r-- | Zotlabs/Storage/Browser.php | 5 |
5 files changed, 75 insertions, 43 deletions
diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php index 21c46cec5..bebf8bf17 100644 --- a/Zotlabs/Daemon/Onepoll.php +++ b/Zotlabs/Daemon/Onepoll.php @@ -102,11 +102,20 @@ class Onepoll { $fetch_feed = true; $x = null; + // They haven't given us permission to see their stream + $can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream')); if(! $can_view_stream) $fetch_feed = false; + // we haven't given them permission to send us their stream + + $can_send_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'my_perms','send_stream')); + + if(! $can_send_stream) + $fetch_feed = false; + if($fetch_feed) { $feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']); diff --git a/Zotlabs/Lib/Api_router.php b/Zotlabs/Lib/Api_router.php new file mode 100644 index 000000000..404678bd9 --- /dev/null +++ b/Zotlabs/Lib/Api_router.php @@ -0,0 +1,24 @@ +<?php + +namespace Zotlabs\Lib; + + +class Api_router { + + static private $routes = array(); + + static function register($path,$fn,$auth_required) { + self::$routes[$path] = [ 'func' => $fn, 'auth' => $auth_required ]; + } + + static function find($path) { + if(array_key_exists($path,self::$routes)) + return self::$routes[$path]; + return null; + } + + static function dbg() { + return self::$routes; + } + +}
\ No newline at end of file diff --git a/Zotlabs/Module/Api.php b/Zotlabs/Module/Api.php index e4744c29f..71c8dc865 100644 --- a/Zotlabs/Module/Api.php +++ b/Zotlabs/Module/Api.php @@ -8,20 +8,15 @@ require_once('include/api.php'); class Api extends \Zotlabs\Web\Controller { function post() { - if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - if(count(\App::$user) && x(\App::$user,'uid') && \App::$user['uid'] != local_channel()) { - notice( t('Permission denied.') . EOL); - return; - } - } - function get() { + function get() { + if(\App::$cmd=='api/oauth/authorize'){ /* @@ -33,7 +28,8 @@ class Api extends \Zotlabs\Web\Controller { // get consumer/client from request token try { $request = OAuth1Request::from_request(); - } catch(Exception $e) { + } + catch(Exception $e) { echo "<pre>"; var_dump($e); killme(); } @@ -41,17 +37,20 @@ class Api extends \Zotlabs\Web\Controller { if(x($_POST,'oauth_yes')){ $app = $this->oauth_get_client($request); - if (is_null($app)) return "Invalid request. Unknown token."; + if (is_null($app)) + return "Invalid request. Unknown token."; + $consumer = new OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']); $verifier = md5($app['secret'].local_channel()); set_config("oauth", $verifier, local_channel()); - if($consumer->callback_url!=null) { + if($consumer->callback_url != null) { $params = $request->get_parameters(); - $glue="?"; - if (strstr($consumer->callback_url,$glue)) $glue="?"; + $glue = '?'; + if(strstr($consumer->callback_url,$glue)) + $glue = '?'; goaway($consumer->callback_url . $glue . "oauth_token=" . OAuth1Util::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuth1Util::urlencode_rfc3986($verifier)); killme(); } @@ -59,7 +58,7 @@ class Api extends \Zotlabs\Web\Controller { $tpl = get_markup_template("oauth_authorize_done.tpl"); $o = replace_macros($tpl, array( '$title' => t('Authorize application connection'), - '$info' => t('Return to your app and insert this Securty Code:'), + '$info' => t('Return to your app and insert this Security Code:'), '$code' => $verifier, )); @@ -72,14 +71,11 @@ class Api extends \Zotlabs\Web\Controller { notice( t('Please login to continue.') . EOL ); return login(false,'api-login',$request->get_parameters()); } - //FKOAuth1::loginUser(4); $app = $this->oauth_get_client($request); - if (is_null($app)) return "Invalid request. Unknown token."; - - - - + if (is_null($app)) + return "Invalid request. Unknown token."; + $tpl = get_markup_template('oauth_authorize.tpl'); $o = replace_macros($tpl, array( '$title' => t('Authorize application connection'), @@ -94,29 +90,24 @@ class Api extends \Zotlabs\Web\Controller { return $o; } - echo api_call($a); + echo api_call(); killme(); } function oauth_get_client($request){ - $params = $request->get_parameters(); - $token = $params['oauth_token']; + $token = $params['oauth_token']; - $r = q("SELECT `clients`.* - FROM `clients`, `tokens` - WHERE `clients`.`client_id`=`tokens`.`client_id` - AND `tokens`.`id`='%s' AND `tokens`.`auth_scope`='request'", - dbesc($token)); + $r = q("SELECT clients.* FROM clients, tokens WHERE clients.client_id = tokens.client_id + AND tokens.id = '%s' AND tokens.auth_scope = 'request' ", + dbesc($token) + ); + if($r) + return $r[0]; - if (!count($r)) - return null; + return null; - return $r[0]; } - - - } diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php index 999b241f1..d5c0c7e05 100644 --- a/Zotlabs/Module/File_upload.php +++ b/Zotlabs/Module/File_upload.php @@ -21,18 +21,23 @@ class File_upload extends \Zotlabs\Web\Controller { $_REQUEST['source'] = 'file_upload'; - if($channel['channel_id'] != local_channel()) { - $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); - $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); - $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); - $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); - } + if($channel['channel_id'] != local_channel()) { + $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); + $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); + $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); + $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); + } - if($_REQUEST['directory_name']) + if($_REQUEST['filename']) { + $_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']); + $_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']); + $_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']); + $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']); $r = attach_mkdir($channel,get_observer_hash(),$_REQUEST); - else + } + else { $r = attach_store($channel,get_observer_hash(), '', $_REQUEST); - + } goaway(z_root() . '/' . $_REQUEST['return_url']); } diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index e72c4fb62..948f7c733 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -316,6 +316,8 @@ class Browser extends DAV\Browser\Plugin { $quota['desc'] = $quotaDesc; $quota['warning'] = ((($limit) && ((round($used / $limit, 1) * 100) >= 90)) ? t('WARNING:') : ''); // 10485760 bytes = 100MB + $path = trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path),'/'); + $output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array( '$folder_header' => t('Create new folder'), '$folder_submit' => t('Create'), @@ -330,7 +332,8 @@ class Browser extends DAV\Browser\Plugin { '$deny_gid' => acl2json($channel_acl['deny_gid']), '$lockstate' => $lockstate, '$return_url' => \App::$cmd, - '$path' => trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path),'/'), + '$path' => $path, + '$folder' => find_folder_hash_by_path($this->auth->owner_id, $path), '$dragdroptext' => t('Drop files here to immediately upload') )); } |