diff options
Diffstat (limited to 'mod/photos.php')
-rw-r--r-- | mod/photos.php | 208 |
1 files changed, 119 insertions, 89 deletions
diff --git a/mod/photos.php b/mod/photos.php index 2af90610e..f48603d71 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -6,6 +6,7 @@ require_once('include/acl_selectors.php'); require_once('include/bbcode.php'); require_once('include/security.php'); require_once('include/Contact.php'); +require_once('include/attach.php'); require_once('include/text.php'); @@ -62,7 +63,7 @@ function photos_post(&$a) { $page_owner_uid = $a->data['channel']['channel_id']; - if(perm_is_allowed($page_owner_uid,get_observer_hash(),'post_photos')) + if(perm_is_allowed($page_owner_uid,get_observer_hash(),'write_storage')) $can_post = true; if(! $can_post) { @@ -84,6 +85,7 @@ function photos_post(&$a) { $owner_record = $s[0]; + $acl = new AccessList($a->data['channel']); if((argc() > 3) && (argv(2) === 'album')) { @@ -106,11 +108,16 @@ function photos_post(&$a) { $newalbum = notags(trim($_REQUEST['albumname'])); if($newalbum != $album) { - $x = photos_album_rename($page_owner_uid,$album,$newalbum); - if($x) { - $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']); - goaway($a->get_baseurl() . '/' . $newurl); - } + + // @fixme - syncronise with DAV or disallow completely + + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + +// $x = photos_album_rename($page_owner_uid,$album,$newalbum); +// if($x) { +// $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']); +// goaway($a->get_baseurl() . '/' . $newurl); +// } } /* @@ -136,14 +143,14 @@ function photos_post(&$a) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } - $r = q("select id, item_restrict from item where resource_id in ( $str ) and resource_type = 'photo' and uid = %d", + $r = q("select id from item where resource_id in ( $str ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid) ); if($r) { foreach($r as $i) { + attach_delete($page_owner_uid, $i['resource_id'], 1 ); drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */); - if(! $item_restrict) - proc_run('php','include/notifier.php','drop',$i['id']); + proc_run('php','include/notifier.php','drop',$i['id']); } } @@ -152,6 +159,9 @@ function photos_post(&$a) { q("delete from photo where resource_id in ( $str ) and uid = %d", intval($page_owner_uid) ); + + // @FIXME do the same for the linked attach + } goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); @@ -176,30 +186,22 @@ function photos_post(&$a) { intval($page_owner_uid), dbesc($r[0]['resource_id']) ); + attach_delete($page_owner_uid, $r[0]['resource_id'], 1 ); + $i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1", dbesc($r[0]['resource_id']), intval($page_owner_uid) ); if(count($i)) { - q("UPDATE `item` SET item_restrict = (item_restrict | %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d", - intval(ITEM_DELETED), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc($i[0]['mid']), - intval($page_owner_uid) - ); - + drop_item($i[0]['id'],true,DROPITEM_PHASE1); $url = $a->get_baseurl(); - $drop_id = intval($i[0]['id']); - - if($i[0]['visible']) - proc_run('php',"include/notifier.php","drop","$drop_id"); } } goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); } + if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { @@ -207,11 +209,10 @@ function photos_post(&$a) { $rawtags = ((x($_POST,'newtag')) ? notags(trim($_POST['newtag'])) : ''); $item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0); $albname = ((x($_POST,'albname')) ? notags(trim($_POST['albname'])) : ''); - $adult = ((x($_POST,'adult')) ? intval($_POST['adult']) : 0); - $str_group_allow = perms2str($_POST['group_allow']); - $str_contact_allow = perms2str($_POST['contact_allow']); - $str_group_deny = perms2str($_POST['group_deny']); - $str_contact_deny = perms2str($_POST['contact_deny']); + $is_nsfw = ((x($_POST,'adult')) ? intval($_POST['adult']) : 0); + + $acl->set_from_array($_POST); + $perm = $acl->get(); $resource_id = $a->argv[2]; @@ -282,13 +283,12 @@ function photos_post(&$a) { if($p) { $ext = $phototypes[$p[0]['type']]; - $r = q("UPDATE `photo` SET `description` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", + $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), - dbesc($albname), - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid) ); @@ -296,10 +296,10 @@ function photos_post(&$a) { $item_private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); - $old_adult = (($p[0]['photo_flags'] & PHOTO_ADULT) ? 1 : 0); - if($old_adult != $adult) { - $r = q("update photo set photo_flags = ( photo_flags ^ %d) where resource_id = '%s' and uid = %d", - intval(PHOTO_ADULT), + $old_is_nsfw = $p[0]['is_nsfw']; + if($old_is_nsfw != $is_nsfw) { + $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", + intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid) ); @@ -332,14 +332,25 @@ function photos_post(&$a) { // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d", - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - intval($item_private), + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), + intval($acl->is_private()), intval($item_id) ); + // make sure the attach has the same permissions as the photo regardless of any other changes + $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", + dbesc($perm['allow_cid']), + dbesc($perm['allow_gid']), + dbesc($perm['deny_cid']), + dbesc($perm['deny_gid']), + dbesc($resource_id), + intval($page_owner_uid) + ); + + if(strlen($rawtags)) { @@ -406,15 +417,16 @@ function photos_post(&$a) { $observer = $a->data['observer']; $_REQUEST['source'] = 'photos'; + require_once('include/attach.php'); - if(!local_channel()) { + if(! local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); - $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); - $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); - $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); + $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); + $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); + $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } - $r = photo_upload($channel, $observer, $_REQUEST); + $r = attach_store($a->channel,get_observer_hash(), '', $_REQUEST); if(! $r['success']) { notice($r['message'] . EOL); @@ -468,7 +480,12 @@ function photos_content(&$a) { $datatype = argv(2); $datum = argv(3); } else { - $datatype = 'summary'; + if(argc() > 2) { + $datatype = argv(2); + $datum = ''; + } + else + $datatype = 'summary'; } if(argc() > 4) @@ -489,8 +506,8 @@ function photos_content(&$a) { $observer = $a->get_observer(); - $can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_photos'); - $can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_photos'); + $can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'write_storage'); + $can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_storage'); if(! $can_view) { notice( t('Access to this item is restricted.') . EOL); @@ -541,14 +558,10 @@ function photos_content(&$a) { if($_is_owner) { $channel = $a->get_channel(); - $channel_acl = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] - ); + $acl = new AccessList($channel); + $channel_acl = $acl->get(); - $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); + $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); } $aclselect = (($_is_owner) ? populate_acl($channel_acl,false) : ''); @@ -557,14 +570,22 @@ function photos_content(&$a) { $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); + if(! $selname) { + $def_album = get_pconfig($a->data['channel']['channel_id'],'system','photo_path'); + if($def_album) { + $selname = filepath_macro($def_album); + $albums['album'][] = array('text' => $selname); + } + } + $tpl = get_markup_template('photos_upload.tpl'); $upload_form = replace_macros($tpl,array( '$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], - '$newalbum_label' => t('Enter a new album name'), - '$newalbum_placeholder' => t('or select an existing one (doubleclick)'), + '$newalbum_label' => t('Enter an album name'), + '$newalbum_placeholder' => t('or select an existing album (doubleclick)'), '$visible' => array('visible', t('Create a status post for this upload'), 0, '', array(t('No'), t('Yes'))), '$albums' => $albums['albums'], '$selname' => $selname, @@ -590,22 +611,23 @@ function photos_content(&$a) { if($datatype === 'album') { - - - if((strlen($datum) & 1) || (! ctype_xdigit($datum))) { - notice( t('Album name could not be decoded') . EOL); - logger('mod_photos: illegal album encoding: ' . $datum); - $datum = ''; + if(strlen($datum)) { + if((strlen($datum) & 1) || (! ctype_xdigit($datum))) { + notice( t('Album name could not be decoded') . EOL); + logger('mod_photos: illegal album encoding: ' . $datum); + $datum = ''; + } } - $album = hex2bin($datum); + $album = (($datum) ? hex2bin($datum) : ''); $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' - AND `scale` <= 4 and ((photo_flags = %d) or (photo_flags & %d ) > 0) $sql_extra GROUP BY `resource_id`", + AND `scale` <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), - intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE) + intval(PHOTO_PROFILE), + intval($unsafe) ); if(count($r)) { $a->set_pager_total(count($r)); @@ -621,13 +643,14 @@ function photos_content(&$a) { $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN - (SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY resource_id) ph + (SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph ON (p.resource_id = ph.resource_id AND p.scale = ph.scale) ORDER BY created $order LIMIT %d OFFSET %d", intval($owner_uid), dbesc($album), - intvaL(PHOTO_NORMAL), - intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE), + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start']) ); @@ -643,17 +666,21 @@ function photos_content(&$a) { $album_e = $album; } $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); - $edit_tpl = get_markup_template('album_edit.tpl'); - $album_edit = replace_macros($edit_tpl,array( - '$nametext' => t('Enter a new album name'), - '$name_placeholder' => t('or select an existing one (doubleclick)'), - '$nickname' => $a->data['channel']['channel_address'], - '$album' => $album_e, - '$albums' => $albums['albums'], - '$hexalbum' => bin2hex($album), - '$submit' => t('Submit'), - '$dropsubmit' => t('Delete Album') - )); + + // @fixme - syncronise actions with DAV + +// $edit_tpl = get_markup_template('album_edit.tpl'); +// $album_edit = replace_macros($edit_tpl,array( +// '$nametext' => t('Enter a new album name'), +// '$name_placeholder' => t('or select an existing one (doubleclick)'), +// '$nickname' => $a->data['channel']['channel_address'], +// '$album' => $album_e, +// '$albums' => $albums['albums'], +// '$hexalbum' => bin2hex($album), +// '$submit' => t('Submit'), +// '$dropsubmit' => t('Delete Album') +// )); + } } @@ -743,7 +770,7 @@ function photos_content(&$a) { // fetch image, item containing image, then comments - $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' + $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' $sql_extra ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum) @@ -863,9 +890,10 @@ function photos_content(&$a) { $linked_items = fetch_post_tags($linked_items,true); $link_item = $linked_items[0]; + $item_normal = item_normal(); $r = q("select * from item where parent_mid = '%s' - and item_restrict = 0 and uid = %d $sql_extra ", + $item_normal and uid = %d $sql_extra ", dbesc($link_item['mid']), intval($link_item['uid']) @@ -891,7 +919,7 @@ function photos_content(&$a) { } if((local_channel()) && (local_channel() == $link_item['uid'])) { - q("UPDATE `item` SET item_unseen = 0 WHERE item_unseen = 1 AND parent = %d AND uid = %d ", + q("UPDATE `item` SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1", intval($link_item['parent']), intval(local_channel()) ); @@ -937,7 +965,7 @@ function photos_content(&$a) { 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), 'item_id' => ((count($linked_items)) ? $link_item['id'] : 0), 'adult_enabled' => feature_enabled($owner_uid,'adult_photo_flagging'), - 'adult' => array('adult',t('Flag as adult in album view'), (($ph[0]['photo_flags'] & PHOTO_ADULT) ? 1 : 0),''), + 'adult' => array('adult',t('Flag as adult in album view'), intval($ph[0]['is_nsfw']),''), 'submit' => t('Submit'), 'delete' => t('Delete Photo') ); @@ -1163,12 +1191,13 @@ function photos_content(&$a) { //$o = ''; $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' - and ((photo_flags = %d) or (photo_flags & %d) > 0) $sql_extra GROUP BY `resource_id`", + and photo_usage in ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc( t('Contact Photos')), intval(PHOTO_NORMAL), - intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE) + intval(PHOTO_PROFILE), + intval($unsafe) ); if(count($r)) { $a->set_pager_total(count($r)); @@ -1178,13 +1207,14 @@ function photos_content(&$a) { $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN (SELECT resource_id, max(scale) scale FROM photo WHERE uid=%d AND album != '%s' AND album != '%s' - AND (photo_flags = %d or ( photo_flags & %d ) > 0 ) $sql_extra group by resource_id) ph + AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra group by resource_id) ph ON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc( t('Contact Photos')), intval(PHOTO_NORMAL), - intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE), + intval(PHOTO_PROFILE), + intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start']) ); |