diff options
Diffstat (limited to 'mod/photos.php')
-rw-r--r-- | mod/photos.php | 53 |
1 files changed, 25 insertions, 28 deletions
diff --git a/mod/photos.php b/mod/photos.php index dc70e4f90..d06a8e69c 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -85,6 +85,7 @@ function photos_post(&$a) { $owner_record = $s[0]; + $acl = AccessList($a->data['channel']); if((argc() > 3) && (argv(2) === 'album')) { @@ -200,6 +201,7 @@ function photos_post(&$a) { goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); } + if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { @@ -208,10 +210,9 @@ function photos_post(&$a) { $item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0); $albname = ((x($_POST,'albname')) ? notags(trim($_POST['albname'])) : ''); $is_nsfw = ((x($_POST,'adult')) ? intval($_POST['adult']) : 0); - $str_group_allow = perms2str($_POST['group_allow']); - $str_contact_allow = perms2str($_POST['contact_allow']); - $str_group_deny = perms2str($_POST['group_deny']); - $str_contact_deny = perms2str($_POST['contact_deny']); + + $acl->set_from_array($_POST); + $perm = $acl->get(); $resource_id = $a->argv[2]; @@ -284,10 +285,10 @@ function photos_post(&$a) { $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid) ); @@ -331,20 +332,20 @@ function photos_post(&$a) { // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d", - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - intval($item_private), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), + intval($acl->is_private()), intval($item_id) ); // make sure the attach has the same permissions as the photo regardless of any other changes $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid) ); @@ -418,11 +419,11 @@ function photos_post(&$a) { $_REQUEST['source'] = 'photos'; require_once('include/attach.php'); - if(!local_channel()) { + if(! local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); - $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); - $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); - $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); + $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); + $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); + $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } $r = attach_store($a->channel,get_observer_hash(), '', $_REQUEST); @@ -557,14 +558,10 @@ function photos_content(&$a) { if($_is_owner) { $channel = $a->get_channel(); - $channel_acl = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] - ); + $acl = new AccessList($channel); + $channel_acl = $acl->get(); - $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); + $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); } $aclselect = (($_is_owner) ? populate_acl($channel_acl,false) : ''); |